The protection of your privacy is important to us. That is why we are committed to providing you with disclosures about how we collect, store, use, and disclose (processing) your personal information when providing our Services (as defined below).
Our services include collecting on receivables or other amounts you may owe, providing a platform to manage payment of receivables and other similar amounts and providing services and assistance to help manage your ability to pay your debts and other liabilities (Services).
- AKCP LLC;
- ArborKnot Management Inc;
- Arbor Knot Inc;
- AKCS Inc;
- Arbor Knot Gmbh;
- AKCP Management Pty Ltd;
- AKCP Nominees Pty Ltd;
- AKCP Holdings Pty Ltd;
- AKCP Investments Pty Ltd;
- AKCP Nominees 2 Pty Ltd;
- LC Lite Management S.à.r.l., and
- LC Lite Investment Fund SCSp,
to be referred to as Arbor Knot, the Arbor Knot Group, we, and/or us in this Policy has put in place to comply with its legal and regulatory privacy obligations in Australia, the United States of America and Europe.
This Policy also outlines other important details regarding your right to access, correct, and restrict the way that we use your personal information that we hold about you.
2. Privacy Laws
- Arbor Knot complies with the Privacy Laws that apply to us when we process or otherwise deal with your personal information.
- In this Policy, “Privacy Laws” means all applicable and binding privacy and data protection laws and regulations that apply to and regulate us, including such laws and regulations of the European Union, the European Economic Area and their Member States, Switzerland, the United Kingdom, Canada, Israel, the United States of America and Australia, as applicable to the processing of personal information including (without limitation) the GDPR, any laws or regulations ratifying, implementing, adopting, supplementing or replacing the GDPR; any laws implementing or made pursuant to EU Directive 2002/58/EC -as amended by 2009/136/EC-, the UK GDPR, the FADP, the CCPA, the Privacy Act 1988 (Cth), the Australian Privacy Principles, and any guidance or statutory codes of practice issued by the relevant supervisory authority, as applicable to the processing of personal information by us as contemplated in this Policy and, in each case, as updated, amended or replaced from time to time.
- The Privacy Laws cover:
- how we can collect, use, and disclose personal information;
- internal governance and accountability;
- our obligations to seek to preserve the integrity of your personal information; and
- the rights individuals have regarding the personal information that we hold about them.
- This Policy will apply when we collect personal information about you, including:
- when you visit or use our website, mobile applications, APIs;
- when we are providing our Services to you (including our Services involving debt collection and account recovery services); and
- if you become an employee, contractor, agent, vendor or service provider to us; or
- where you otherwise interact or deal with us, including by contacting us, communicating with us or submitting information to us.
3. You Agree and Acknowledge
- agree to the terms of this Policy and that you consent, where applicable, to us processing and otherwise dealing with your personal information as set out in this Policy, including if you use any of our Services, if you use any other facility or instrument that we use to provide our Services or when we engage with you by providing our Services to you;
- acknowledge that you are informed, in these cases where consent is not required for the processing of your personal information, about, among others, the processing activities, the legal basis and the purposes applicable to the processing of your personal information;
- acknowledge that while we take measures to safeguard against unauthorised disclosures of personal information, the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent to us by you over the internet and you do so at your own risk; and
4. Types of Personal Information
Personal Information has the meaning given under the Privacy Laws and includes information or an opinion about an identified, or reasonably identifiable, individual. Personal information can include (but is not limited to):
- individual’s name;
- phone number;
- date of birth;
- credit information;
- employee record information;
- internet protocol addresses;
- voiceprint and facial recognition biometrics; and
- location information from a mobile device (collectively, personal information)
We will not collect and use any of your sensitive personal information unless it is necessary for us to provide our Services to you and with your prior consent or where we are permitted or required to do so by law. Sensitive personal information includes information relating to your health, sexual orientation, biometric data, criminal history, racial or ethnic origin as well as membership of any trade or professional associations.
The kinds of personal information that we collect about you will vary depending on our particular interaction or dealing with you. However, generally speaking, the kinds of personal information we collect may include:
- contact information such as your name and email address;
- information we may require to verify your identity such as your physical current address, date of birth, mobile phone number, government identification information and other personal information that we may require for identity verification purposes;
- information about any debts or other liabilities of you that we provide our Services in respect of;
- payment or other similar information where you pay amounts to us or otherwise transact with us;
- other transaction information relating to your use of our Services or information relating to your correspondence or dealings with us; and
- information you disclose to our customer support team.
5. Your Privacy Rights
You have rights and choices when it comes to your Personal Information. Some of these rights apply generally, while others will only apply in certain circumstances.
Without limiting your other rights under the Privacy Laws, you have the following rights regarding the personal information about you that we hold:
- the right to request access to Personal Information that we hold about you by contacting us at [email protected] or by the means described in section 17;
- the right to rectification or correction of the Personal Information that we hold about you;
- the right to erase (where we have no legitimate right or business requirements to retain your personal information);
- the right to restrict or object to processing (where we have no legitimate right or business requirements to process your personal information);
- the right to lodge a complaint;
- the right to port your information; and
- the right to withdraw your consent (where we have no legitimate right or business requirements to retain or process your personal information).
We may refuse to grant you access to your personal information, if we are allowed to do so by virtue of the Privacy Laws, if we reasonably believe that providing you access:
- would pose a serious threat to an individual or the public health, or safety;
- where providing access would be unlawful; and/or
- where providing access would have an unreasonable impact on the privacy of other individuals, if legal proceedings are pending.
Except where it would be unfair or unlawful to do so, if we decline to provide you access to or to rectify or correct your personal information, we will issue you a notice explaining why. We will endeavour to respond to your request to access or to correct/rectify your personal information within 30 days from your request.
You may make a request to us regarding your privacy rights on the contact details provided in section 20. We will respond as soon as reasonably possible.
6. You Can Remain Anonymous
If you are making a generic enquiry, you may remain anonymous when communicating with us. However, for us to deliver our Services to you and effectively and efficiently deal with your enquiries related to our Services, we will need you to provide your personal information.
7. How We Collect and Use Your Personal Information
We may collect personal information about you as follows:
- where you provide the information to us;
- where you provide or have provided the information to other organisations that have a client relationship with you (for example a lender where we acquire an interest in the debt or liability that you owe to that lender);
- where you provide the information to us in other forms;
- where you have provided the information to third parties and it would not be practicable for us to obtain the relevant information directly from you;
- where you have provided the information to our related organisations (including our related bodies corporate);
- where the information is available from publicly available sources of information (i.e., such as public registers);
- where your approved representatives disclose the information to us;
- where you have provided the information to other organisations, who jointly with us, provide products or services to you;
- where you have provided the information to third party websites and authorised the transfer to us (including where it would not be practicable for us to obtain the relevant information directly from you);
- where you submit the information to applications or platforms containing interactive AKCP content or that interface with our own websites and applications;
- through social media platforms (for example if you publicly comment or send us a private message);
- through digital tracking tools such as cookies;
- through CCTV footage when you visit our offices;
- in a resume that you send to us relating to an employment opportunity that we have advertised or if you otherwise submit information to us regarding potential employment opportunities;
- from credit-related bodies that provide credit information about you; and
- other third-party providers, where it is lawful for us to do so under this Policy and Privacy Laws.
We may also collect your personal information at other times and in other circumstances (including but not limited to) when:
- you interact with us;
- either you or us are managing our customer, client and service provider relationships;
- you provide feedback to us;
- you make a complaint to us;
- you provide us with information about your personal or business affairs;
- you change your content or email preference;
- you provide financial or credit information to us; or
- you communicate with our customer support teams or interact with us through our website, Services applications or digital communication channels.
If we determine that your personal information is unlawfully held by us, we will take the appropriate measures to destroy or delete that information.
We generally collect personal information about you directly from you. However we may collect your personal information from a third party if it is unreasonable or impractical to collect it from you. For example, where we provide our Services in respect of a loan or other credit product provided to you by a third party lender, we may collect personal information about you from that third party lender.
8. Purpose for Collecting Your Personal Information
We will only use or disclose your personal information when permitted to do so under the Privacy Laws.
We will collect your personal information from you to the extent that it is reasonably necessary to provide you with our Services or otherwise deal or interact with you for another purpose (Primary Purpose). We may also use your personal information for purposes related to the Primary Purpose, including the purposes detailed below and elsewhere in this Policy.
It’s important for you to understand how collecting your personal information will assist us in providing you with our Services. Although not exhaustive, your personal information will allow us to provide our Services to you and we will collect, use, disclose and otherwise deal with your personal information for the following purposes:
- to help us manage our client and customer relationships
- to help you repay your debts and/or manage your financial well being;
- to assist us in processing any relevant applications relating to our Services;
- to comply with our ‘Know Your Customer’ obligations to fulfil our Anti-Money Laundering and Counter-Terrorism Financing obligations;
- to enable the provision of our Services, including administration of our Services and notifications about changes to our Services;
- to verify your identity and to authenticate you when you contact us;
- when we communicate with you including by sending you messages by mail, email, telephone, SMS, mobile applications and social media platforms,
- to seek to ensure workplace health and safety of our employees or enforcing our rights, making legal enquiries, or taking legal action;
- for obtaining or maintaining insurance coverage,
- for managing risks or obtaining professional advice;
- to comply with legislative or regulatory requirements in any jurisdiction, for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure;
- to seek to prevent fraud, crime or other activity that may cause harm in relation to our Services and help us run our business and maintain corporate integrity;
- to provide us with the ability to effectively and efficiently handle any complaints made;
- to allow us to respond to account enquires;
- to enforce our rights;
- to make legal enquiries and take appropriate legal action where necessary;
- for technical maintenance and record-keeping purposes;
- to help us develop and create new improved Services; and
- to tell you about other services that we think you may be interested in.
We will not use or disclose your personal information for a purpose that is incompatible with its Primary Purpose of providing the Services (Secondary Purpose) unless:
- you have provided us with consent (including where the Secondary Purpose is detailed in this Policy); or
- you reasonably expect us to use or disclose your personal information because it is related to the Primary Purpose of collection; or
- using or disclosing is required or permitted by law or by order of a court or tribunal or
- using or disclosing is reasonably necessary for enforcement conduct by, or on behalf of an enforcement body.
9. Information to residents in the European Economic Area
This section 9 applies to residents of the European Economic Area, i.e. the European Union plus Iceland, Norway and Liechtenstein.
The data controller pursuant to Art.4 No.7 General Data Protection Regulation (Regulation (EU) 2016/679 “GDPR”) is LC Lite Investment Fund SCSp, a company with its principal place of business at 1B, rue Jean Piret, L-2350 Luxembourg, Grand Duchy of Luxembourg and which can be contacted at the following e-mail address: [email protected].
We only process this kind of cookie data if you have given us your prior consent (Art. 6 (1) (a) GDPR)
These data are processed on the basis of statutory regulations, which allow us to process the personal information to the extent necessary for the use of the Services (Art. 6 (1) (b) GDPR) or because we have a predominant legitimate interest in making the use of our platform as easy and efficient as possible (Art. 6 (1) (f) GDPR)
This data is processed on the basis of statutory provisions which allow us to process the personal information to the extent necessary for the use of the Services (Art. 6 (1) (b) GDPR), any processing for these purposes that is not necessary for the use of our platform and the functions provided on the platform is necessary for pursuing our or a third party’s legitimate interests which are not overridden by the interest or fundamental rights and freedoms of the users which require the protection of personal data (Art. 6 (1) (f) GDPR). Insofar as the processing is based on legitimate interests, such interests are running a stable and efficient platform, having good Services, employing people, making our business processes more efficient and improving our business and Services.
The personal data is processed for pursuing our or third party’s legitimate interests which are not overridden by the interests or fundamental rights and freedoms of the users which require the protection of personal data (Art. 6 (1) (f) GDPR). The legitimate interests are running a user-friendly platform, improving our offers by tailoring our offers to the individual user, running a secure and stable platform, making our business processes more efficient and pursuing our legal rights.
Depending on the individual case such communication can be based on different legal bases. We might provide you with certain information based on a declaration of consent (Art. 6 (1) (a) GDPR), we might also provide you the information because you subscribed to a specific Service in which case the processing is necessary for the performance of a contract with you (Art. 6 (1) (b) GDPR). Certain communication might also be based on our legitimate interest to provide tailored marketing information to the users of the platform (Art. 6 (1) (f) GDPR).
The legal basis will depend on the individual case.
The personal data is processed for pursuing our or third party’s legitimate interests which are not overridden by the interests or fundamental rights and freedoms of the users which require the protection of personal data (Art. 6 (1) (f) GDPR). The legitimate interests are improving our Services by tailoring options to assist with financial wellbeing of the individual user
This data is processed for the fulfilment of legal obligations applicable to us (Art. 6 (1) (c) GDPR).
10. Direct Marketing
We may send you direct marketing communications and information about:
- our other products, services, offers and opportunities that we consider may be of interest to you;
- third party products and services (including offers and discounts we may have negotiated for our customers) we think may interest you, for example, third-party debt consolidation or other financial products or services.
These communications may be sent in various forms, including by telephone, post, fax, email, SMS or any other form of electronic communication. By providing your information to us or using our Services, you consent to us sending you such direct marketing communications if they are related to products and/or services provided by us and similar to those you contracted in first instance. If you do not wish to receive such direct marketing communications, you can opt-out at any time by contacting us via the contact details set out in paragraph 17 of this Policy or through the opt-out mechanism contained in a direct marketing communication sent to you.
We will get your express opt-in consent before we share your personal information with any company outside our group of companies for marketing purposes or in those cases where we will be sending you marketing communications containing products and/or services from business partners / third parties.
Where you opt-out of receiving these marketing messages, this will not apply to personal information provided to us as a result of product/service contracted or other transactions. Therefore, you will continue to receive essential messages about the functionality and/or administration of our Services (for example, where we need to send you a password reminder, to notify you about Services updates or amendments to legal terms).
11. How We Disclose Your Personal Information
We will only disclose your personal information to third parties as set out or contemplated in this Policy, as permitted or required by the Privacy Laws or with your consent.
You acknowledge and agree that we may disclose your personal information to:
- any member of the Arbor Knot Group of companies (this means our subsidiaries, our ultimate holding company and all of its subsidiaries) insofar as reasonably necessary for the purposes of providing our Services and managing our business (including as allowed or required under the Privacy Laws and pursuant to our internal data sharing agreements);
- to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure;
- our suppliers or subcontractors insofar as reasonably necessary for providing our Services and managing our business (which may include helping you pay your debt);
- third parties where such disclosure is necessary for compliance with a legal or regulatory obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person; and
- for other purposes that we have obtained your consent.
12. Overseas Disclosures
Prior to disclosing your personal information to an overseas recipient, unless a permitted general situation applies, we will take all reasonable steps to ensure that such overseas recipients do not hold, use or disclose your personal information in a way that is inconsistent with the obligations imposed under the Privacy Laws in relation to that personal information.
Acceptance of any of our Services via an application in writing, orally or electronic means will be deemed as giving consent, where necessary, to the disclosures detailed herein.
Currently we are handling, storing, and processing personal information in the following locations where Arbor Knot provides services including in Australia, Europe, Israel, United Kingdom and the United States of America. The locations where we handle, store and process your personal information may change as our business needs change and we appoint other service providers from time to time. We will update this Policy to reflect any material changes to the jurisdictions in which we handle, store and process your personal information.
When we make onwards transfers of your personal information outside the European Economic Area, we ensure it benefits from an adequate level of data protection by:
- relying on European Commission adequacy decisions under Article 45 of the GDPR, finding that the third country to which the information is being transferred offers an adequate level of protection; or
- using European Commission approved standard contractual clauses under Article 46(2) of the GDPR for the information to all other third countries. You can request a copy of this by contacting us at [email protected].
For further information on international data transfer and the mechanisms we adopted to safeguard your personal information, please contact us by using the details disclosed in section 17.
13. How We Hold Personal Information
The security of your personal information is important to us. We will take appropriate technical and organisational precautions to secure your personal information and to prevent the loss, misuse, unauthorised access, disclosure or alteration of your personal information. Details regarding the security measures we have in place are located at https://www.ArborKnot.com/Security-Measures/
We will not delete, destroy, desensitise, or anonymise your personal information if:
- the personal information is part of a Commonwealth record;
- there is a legal obligation to retain the personal information; or
- a court or tribunal order requires us to keep it.
We will keep your personal information secured in either physical or electronic form. Most of the personal information that we hold will be stored electronically.
We may store all your personal information electronically on:
- secure data centres via our cloud data storage service provider Google Cloud Platform.
- secure servers; and
We use a range of physical, electronic and other security measures to protect the security, confidentiality and integrity of the personal information we hold and protect it from misuse, interference, loss and unauthorised access, modification and disclosure. For example:
- access to our information systems is controlled through identity and access management controls;
- all of our employees are required to comply with our privacy framework and information security policies;
- all of our employees complete training about privacy and information security;
- we regularly monitor and review our security measures and compliance with internal policies and industry best practices; and
- our contracted service providers are contractually bound to comply with Privacy Laws and have appropriate information security measures and are obligated to keep the information secure.
Our employees are forbidden from using or disclosing client or customer data without authorisation. Client and customer data must be kept confidential at all times by all employees, and failure to do so will result in appropriate disciplinary action, which may include dismissal.
14. Cookies & Pop-Ups
When using our website, we may use either persistent cookies or session cookies. Cookies contain a sequence of numbers that our web server transmits to your web browser, for which it is then stored. Cookies don’t typically contain any personal information about you – however, the personal information we hold about you may be linked to the information stored in and retrieved from cookies. Please refer to our Cookies Policy on our website for more information.
In addition to cookies, we may also store information about your session, device and geolocation using a pop-up notice. This provides a ‘content drip workflow‘ where useful articles and information about our services appear as links in your browser while you browse other sites.
Strictly Necessary/Essential Cookies
These cookies are strictly necessary to provide you with services available through our Website and to use some of its features, such as access to secure areas.
These cookies collect information that is used either in aggregate form to help us understand how our Website is being used or how effective our marketing campaigns are, or to help us customize our Website for you.
|_fs_uid||Full Story||1 year|
15. Data Breaches
If the personal information we hold about you is subject to a data breach or other similar incident, we will comply with our obligations under the applicable Privacy Laws regarding that Data Breach, including but not limited to, a notification to the relevant data protection authority or a notification to you, where applicable.
If you suspect that the personal information that we hold about you is subject to a data breach, contact us immediately on the details provided in section 17.
16. Making a Complaint to Us
By contacting us, you can exercise any of your rights in connection to your personal information. If you have a concern or a problem about how we, our subsidiaries, related companies or contracted service providers handle your personal information, please contact us first on the email address that we have provided in section 17.
Once we receive your complaint, we will communicate to you that we have received it.
We aim to have your complaint resolved within five (5) business days. If the nature of your complaint is complex or if we require additional information, it could delay the complaint resolution process. If this is the case, we will aim to have your complaint resolved within thirty (30) business days.
If you are unsatisfied with the outcome of your compliant, you can refer the complaint to your relevant government authority/regulator for privacy complaints, being:
For Australia, the Office of the Australian Information Commissioner (OAIC). The OIAC’s contact details are:
Name: Office of the Australian Information Commissioner
Address: GPO Box 5218, Sydney NSW 2001
Phone: 1300 363 992
Email: [email protected]
For residents in the European Economic Area, you can lodge your complaint to your relevant data protection supervisory authority. Please find the most updated details in the Website of the European Data Protection Board ttps://edpb.europa.eu/about-edpb/about-edpb/members_en of the relevant supervisory authority depending on your location.
For residents in the UK, you can lodge your complaint at https://ico.org.uk/make-a-complaint
17. Our Contact Details
You may contact us about this Policy or to exercise any of Your Privacy Rights provided by contacting us on the following details:
Attn To: Privacy Officer
Address: Level 13, Yigal Alon St 114, Tel Aviv-Yafo, 6744320, Israel
Attn To: Privacy Officer
Address: Level 12, 167 Macquarie Street SYDNEY NSW 2000
Email: [email protected]
Attn To: Privacy Officer
Address: 1B, rue Jean Piret, L-2350 Luxembourg, Grand Duchy of Luxembourg
Email: [email protected]
Attn To: Privacy Officer
Address: 16192 Coastal Highway Lewes Delaware USA 19958 County of Sussex
Email: [email protected]
18. Retention and Deletion of Personal Information
We store your personal information for as long as necessary to provide our Services to you, or once the Services are terminated, if you consented expressly to such processing, to enable you to use our platform, to comply with applicable laws (including those regarding document retention), to resolve disputes with any parties and otherwise as necessary to allow us to conduct our business. As a consequence, we delete personal information as soon as it is no longer necessary for the aforementioned purposes.
In case the processing is based on consent and you withdraw your consent, we will delete or anonymise your personal information without undue delay after the withdrawal, unless there is a legal basis to retain the personal information.
If we store personal information for the only purpose of compliance with laws on document retention, we will store this personal information in archive mode. This means that the access to this personal information is strictly limited to those persons who might have access in order to comply with the aforementioned laws.
The criteria we use to determine the periods for retaining your personal data include the retention requirements under applicable laws, regulations and our operational requirements, such as account maintenance, enabling customer relationship management and responding to legal claims, complaints and regulatory and law enforcement requests. If you have a question about a specific retention period for certain types of personal data we process, please contact us through the contact information provided above in section 17.
This Policy is Version 1.0 dated 13 September 2022.
We regularly review our practices and procedures regarding personal information and therefore we may update this Policy from time to time. Where we make a change to this Policy that has a material impact on how your personal information will be processed or otherwise dealt with, we will notify you of the relevant change and (where possible) provide you with the opportunity to opt-out if you do not agree to the relevant change.