Privacy and Data Protection Policy (GDPR)
The Platform means, together and separately, the internet page of www.leno.com, the "Leno" mobile application, and any other platform through which Leno is presented, offered and / or provides services.
Leno means Leno JSC, a company registered in Bulgaria under number 203217465 with registered address 96 Tsarigradsko Shose Blvd., Level 7, Sofia 1784, Bulgaria.
Who processes your personal information and who is liable for it
Leno means Leno JSC a joint stock company, incorporated in accordance with the Bulgarian legislation and registered with the Commercial register and register of NPLE with UIC 203217465, registered as a financial institution with the Register under art. 3a, para. 1 of the Credit Institutions Act, having registered number BGR00341 kept by the Bulgarian National Bank. Registered office at 96 Tsarigradsko Shose Blvd., Level 7, Sofia 1784, Bulgaria; Phone number: 0700 42 442.
You can contact us at any of the following coordinates:
At the shown above registered offices; e-mail: ; Personal data officer’s coordinates: .
Categories of personal data, processed by Leno
In the course of providing the requested services, Leno may process the publicly available personal data, personal data available to Leno in the exercise of its legal rights and obligations and / or personal data provided by you. The main types of personal data processed are:
In the course of services provision Leno may process:
• Personal identification information: first name, middle name and surname, personal identification number, date of birth, place of birth, citizenship, sex, identification document number;
• Contact details: including domiciling address, address for correspondence, different from the domiciling address, your phone number or a number of a contact person, email address and others);
• Data on employment, occupation / position, work experience, education, previous employment, skills, qualifications and others;
• Marital status information (children not of age; spouse’s names and PIN);
• Financial information (bank accounts, sources and amount of income, usual expenses (i.e. rent, utility, property tax and other expenses);
• Data on real rights status (tangibles and real estate);
• Information about a representative (legal representative or a proxy) of a client;
• Data on indebtedness to natural or legal persons (such as names, PIN, etc.) and details of liabilities of the same (size, currency, repayment term, overdue, etc.);
• Data on collateral of liabilities (including foreign ones) to banks and other persons (type, secured receivable, debt arrears);
• Data on initiated enforcement proceedings and insolvency or liquidation procedures;
• Your health data.
In order to ensure a good-quality performance of the services and the obligations arising from the agreements thereof, Leno shall be entitled to process any information which is publicly available or available in registers accessible to Leno.
Sources through which Leno collects information
• Registration, application, inquiry and contact forms and any other form on the Platform with an option for filling in personal data;
• Documents provided for clients’ identification; documents submitted for examination of the client's marital status, estate or health status for the purpose of taking out property insurance or for the purpose of life insurance;
• Documents provided for research of the client’s creditworthiness and properties, subject to collateral;
• Transactions related to the services provided by Leno;
• Statement for the purposes of the automatic exchange of financial information pursuant to Art. 142t, Para. 1 of the Tax-Insurance Procedure Code (TIPC);
• Statement under Art. 4, Para. 7 and Para. 6, Art. 5, item 3 of the Law on Measures against Money Laundering (LMML);
• Statement about the Beneficial owner under Art. 6, Para. 2 of the LMML;
• Statement under Art. 42, Para. 2, item 2 of the LМML for a politically exposed person;
• Online form for a job application;
• Email and chat communication, as well as telephone conversations incoming or outcoming from Leno;
• Visiting the Platform;
• Power of attorney to a representative of a client (if there is a representative elected or appointed);
• And all other sources, which help generate the legal minimum of information, which Leno is required to collect.
Purposes and legal basis for personal data processing
Leno processes personal data for the following purposes:
1. Processing of personal data that is required for creditworthiness, signing and execution of agreements, or related to preparation of agreements’ documents, or upon job application:
• Creditworthiness and risk assessment upon loan agreement, collaterals assessment and other preparative actions for the purpose of concluding a loan agreement;
• Determination of loan parameters according to customer request and risk assessment;
• Providing specific parameters for a loan;
• Identifying a client upon: signing of a new or an amendment of an existing agreement; detailing of the services provided thereto; execution of an agreement;
• Preparation of contractual offers, sending pre-contractual information and contract draft;
• Data received from the client in the course of performing contractual obligations, exercise of rights and assurance of performance of contracts;
• Up-to-date identification of users of the Platform as clients;
• Processing job applications;
• Accepting and answering clients’ complaints and/or requests;
• Debt payments, rescheduling of due amounts; management of receivables collection;
• Sharing important information regarding changes herein and other relevant information.
2. For the execution of its legal duties, Leno processes your data for the following purposes:
• Issuing invoices;
• For performing tax-insurance control of the competent authorities and determining the tax in the tax area;
• Providing information to the Commission for Personal Data Protection in relation to the obligations laid down in the regulation for personal data protection – the General Data Protection Regulation (EU) 2016/679 from 27 April 2016, etc.;
• Obligations provided for in the Tax-Insurance Procedure Code and other related statutory instruments in relation to the keeping of proper and lawful accounting;
• Prevention of fraud, money laundering and terrorist financing.
3. Leno processes personal data obtained with the explicit consent of the client for the following purposes:
• Direct marketing of products and services.
4. The processing is required for the purposes of the legitimate interests of Leno:
• For the purpose of ensuring security and protection of Leno’s visitors’ and employees’ property, interests and safety, Leno maintains video surveillance equipment;
• Assessing the level of clients’ satisfaction, as well as the efficiency of the advertising target;
• Ensuring the quality of clients’ service (video recording and audio recording).
Categories of third parties that may access and process your personal data
Leno does not disclose collected and stored non-public information and the client’s personal data before any unrelated third party.
Depending on the product or service, as well as certain restrictions regarding confidential information, personal data of clients and information may be disclosed to:
1. Persons who are assigned by Leno to maintain the equipment and software used for the processing of your personal data;
2. Debt collection services providers, notary public persons, lawyers, bailiffs or any other third party provided that the client has non-performed a contractual obligation;
3. Banks servicing the payments made by and to you;
4. Persons to whom Leno has provided the execution of part of the activities or obligations associated with a specific service provided to you; personal data processors who, on the basis of a contract with Leno, process your personal data on behalf of Leno as well as other companies of the holding structure of Leno in the course of provision of related services or activities;
5. Natural persons providing services related to contracts signing: notary public persons; lawyers; proxies;
6. Natural persons or legal entities providing consultancy services in different areas - lawyers, accountants, marketing agencies, etc.;
7. Insurance intermediaries with whom agreements have been concluded;
8. Courts and other competent authorities, institutions, and persons to whom Leno is obliged to provide personal data under current legislation;
9. Security companies holding a license to perform private security activities processing the video recordings on the territory of Leno offices and / or maintaining other registers in the course of ensuring the access regime in the same sites;
10. Other third parties which provide services to Leno.
How long does Leno keep your personal data
The time period for keeping your personal data depends on the processing purposes for which they were collected:
1. Personal data processed for the purpose of concluding/amending and executing contracts between Leno and you or a company represented by you- within the contract period and as of the definitive settlement of all financial relations between the parties. Leno may keep part of your personal data for a longer period of time until the expiration of the applicable limitation period in order to be protected from any client’s claims regarding performance / termination of contracts as well as in case of a legal disputes that has been already arisen until its final settlement by a court / arbitration adjudication that has entered into force.
2. Personal data processed for the purpose of issuing accounting / financial documents for the implementation of tax and social security regulations including, but not limited to - invoices, debit notes, credit notes, handover protocols, contracts for provision of service/goods, shall be kept not less than 11 years as from expiry of the limitation period for extinguishment of the respective public claim, unless the applicable law provides for a longer period.
3. Personal data processed for the purpose of direct marketing - to the explicit withdrawal of the given direct marketing consent or receipt of an objection to the processing of personal data for the purpose of direct marketing.
4. Video surveillance data from security cameras - up to 200 days as from the recording creation. Phone calls shall be kept for up to 5 years from the call.
5. Personal data processed for the purpose of preventing fraud and money laundering shall be kept for a period of 5 years after the final settlement of all financial relations between the parties under Art. 67 of the LMML.
6. Personal data processed for the purpose of analysing and evaluating job applications shall be kept for a period of 1 year after application or until the consent is explicitly withdrawn by the applicant.
Your rights in relation to the processing of your personal data
1. General rights
You have the following rights described below, related to the processing of personal data, which you may exercise at any time while Leno keeps or processes your personal data by sending a request to the address of the Leno referred to above or electronically by e-mail: .
Any client is entitled to access his/her personal data collected by Leno upon written request. Leno shall be obliged to grant access solely to the data concerning the respective client, where personal data of third persons may be disclosed in the course of exercising the rights described above. Upon exercising his/her right of access, any Leno client shall be entitled at any time to request:
• confirmation of whether his/her personal data are being processed, information for the purposes of such processing, categories of personal data, and recipients or categories of recipients to whom personal data are disclosed;
• to be notified in writing in a plain form and the notification shall contain his or her personal data that are being processed, as well as any available information about their source;
• information about the logic of any automated processing of personal data.
Any client shall be entitled, at any time, to request from Leno to:
• erase, rectify or block his/her personal data, the processing of which does not comply with the applicable legislation;
• notify any third persons to whom personal data have been disclosed of any erasure, rectification or blocking carried out in accordance with the preceding paragraph unless notification is impossible or involves excessive effort.
Any client in relation to his/her personal data, shall be entitled to:
• object before Leno the processing of his or her personal data in the presence of a legal basis for this; where the objection is justified, the personal data of the client concerned can no longer be processed;
• object the processing of his or her personal data for the purpose of direct marketing;
• be notified prior to the first disclosure of his or her personal data to third persons or prior to their use for the purpose of direct marketing, as the respective client shall be entitled to object such personal data disclosure or use.
2. Complaint before a supervisory authority
You have the right to submit a complaint directly to the supervisory authority, i.e. the:
Leno JSC - Commission of Personal Data Protection, having its seat address at 2 Prof. Tsvetan Lazarov, 1592 Sofia, Bulgaria (www.cpdp.bg).
In case you have any questions and / or complaints about the processing of your personal data and/or the exercise of the above rights, you can contact the Data Protection Officer (on the contacts detailed above).
Upon assessing your creditworthiness, Leno DOES NOT perform profiling as the processing of your personal data is not automated. The preparation of the assessment is strictly individual for each client and is done in accordance with the requirements of the law by certain employees to whom the Leno has commissioned this assessment.
4. Objection against the direct marketing
You have the right to object to the future processing of your personal data for the purposes of direct marketing and advertising as well as to disclosure to third persons and personal data use on their behalf for the purposes of direct marketing and advertising by withdrawing your consent at any time. For this purpose, you can send an electronic message requesting the respective suspension of the use of your personal data for the purpose of direct marketing at: .
5. Can you refuse to provide personal data to Lenо and what are the consequences of it?
Non-provision of such data may impede the ability to assess the appropriateness and expedience of personal data processing and lead to obstruction for providing you with the type of service you have requested and / or to conclude a contract under the terms and conditions you require.
6. Portability of personal data.
You have the right to request that your personal data be transmitted or transferred to another data controller in a structured, widely used and machine readable format. If it is technically feasible, Lenо shall transfer the data directly.
How does Leno protect your data
Leno applies organizational, physical, IT and other required measures to ensure the security and protection of your personal data and the monitoring of the processing of personal data.
These security measures include, but not limited to, the following activities:
• Leno has established the requirements for processing, registering and keeping personal data by implementing internal procedures, the observance of which is constantly supervised;
• The access of Leno employees to personal data and permission to process personal data in the Leno database is limited, depending on their duties;
• Leno has established confidentiality obligations for its employees;
• Access to the office equipment of Leno and the computers of each employee is limited;
• For maximum security when processing, transferring and keeping your personal data, Leno may use additional protection means such as encryption, pseudonymization, etc.;
The security measures applied are subject to constant improvement and adaptation to state-of-the-art technologies.