Which personal details are necessary to make a Lendahand account?
Written by Peter Stolze on 4 September 2018
Are you creating a Lendahand account and wondering why we ask for a copy of your identity card? We are happy to explain why this is necessary.
Can Lendahand ask for a copy of your ID?
Yes. Lendahand may (and must) request personal information from investors because of the Money Laundering and Terrorist Financing Prevention Act (WWFT in Dutch).
As a financial institution, Lendahand has a legal basis to make a complete copy or scan of someone's identity card, on which all personal data is visible. This is also the case for the payment service provider we work with. Lendahand needs your proof of identity to be able to comply with the WWFT.
How does Lendahand check my identity?
To invest via Lendahand, our payment service provider, Intersolve Payments BV, must be able to identify you in order to validate your (new) account.
You must upload a valid proof of identity on which all personal data is fully readable and visible (including the citizen service number). The photo must also be visible enough to identify you.
When opening a business account, we need additional documents:
- In the case of a BV, a passport or identity card for every person with more than 25% interest.
- In the case of an association or foundation, a passport or identity card from all Directors.
- A Chamber of Commerce extract (not older than three months)
Our payment service provider Intersolve works together with Onfido to verify your identity. During the identification process, you will be redirected to their website where your ID is checked in real-time with a photo you take of yourself (also known as a selfie).
With Onfido, your identity can be verified within 10 minutes. If everything checks out during the assessment, your account will be validated. In some cases, you will receive an error message via email, for example in the event of an incorrect type of file, or one that is too large, and you will have to identify yourself again.
What does Lendahand do with my identity data?
Good to know: when you upload your proof of identity, your BSN number (citizen service number) is never saved or stored. After uploading, the citizen service number is automatically covered. The collection and further use ('processing') of personal data for identification are subject to rules. These rules are among others included in the General Data Protection Regulation (GDPR) and the AVG Implementation Act (UAVG). The ID itself is stored in a digital safe at Amazon Web Services (AWS).
Why does Lendahand work with a payment service provider?
Operational activities by Lendahand must be strictly separated from financial transactions (payments made via the website) according to the WWFT. That is why we use a payment service provider. They handle the payment transactions and carry out the Know-Your-Customer procedure (KYC).
By working with a payment service provider, we protect our investors. After payment, the money is immediately put into a protected bank account, and if the investment in question does not get fully funded the investor will simply receive their money back into their bank account.
In short: the WWFT ensures that you as an investor are protected and that financial institutions handle the funds and consumer confidence with care.
How safe is my personal data at Lendahand?
At Lendahand we take the protection of your personal data very seriously and take appropriate technical and organizational measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized modification of your personal data.
All traffic between your computer and our servers is over HTTPS. This means that the data that is sent is encrypted. You can check this by clicking the lock in the address bar.
The technical infrastructure for Lendahand's services is provided by Amazon Web Services (AWS). AWS is a world-renowned, first-class party for hosting services. We were guided by an AWS specialist in setting up our environment.
Lendahand's back office system uses strict rights management so that customer data is only accessible via personal accounts, with a secure connection and multi-factor authentication. Personal data is only viewed when you contact us and access is necessary to help you.
Your data is stored in a secure environment by means of a derived key. Your password is never saved. It is not possible to retrieve your password, even if the key were discovered.
Both the application server and the databases of Lendahand are located in a VPC (Virtual Private Cloud). Only normal website traffic can access these application servers. These are the standard ports 80 for HTTP (which are not used in principle) and 443 for HTTPS.
All computers of the staff at Lendahand are fully encrypted, which means that if someone is not logged in, no data can be retrieved from the computer.
Intersolve in turn has an Electronic Money Institution license, issued by De Nederlandsche Bank, which includes strict security requirements. Intersolve also undergoes an annual ISAE3402 type II audit to check compliance with IT security standards in accordance with ISO27001. In addition, Intersolve complies with the General Data Protection Regulation (GDPR) and they only use personal data that is necessary for the performance of the service in question. The data is not stored longer than necessary.
What happens to my data if I ever want to cancel my account?
The WWFT stipulates that personal data must be stored in an accessible manner by the (financial) institution for five years after the termination of the business relationship or for five years after the execution of the relevant transaction.
End at the beginning:
Now that you know why we need your personal data, what we do with it and how we store it, there is only one thing left for you to do: create your account and earn interest (and karma points) as an impact investor!
Are you still running into something along the way or do you have any questions? Take a look at our FAQ page or ask your question via [email protected].