Privacy Policy

iLEX PRIVACY NOTICE
Last updated on July 22, 2025

This Privacy Notice (the “Notice”) applies to all services we provide and to the platforms, websites (including our public website www.ilex.sg) or apps we own and operate (including the Platform as defined below).

iLex, “we”, “us”, “our” and “ours” when used in this Notice includes Institutional Lending Exchange Pte. Ltd., our subsidiaries, divisions, branches, affiliates or companies under the control of Institutional Lending Exchange Pte. Ltd.

iLex offers via the Internet various services, data, content, online applications and websites (the “Services”) for the purpose of performing a range of business activities in connection to the analysis, buying and selling of syndicated and private credit loans in the primary and secondary markets, including counterparty matching, loan syndication and trading workflows, data analytics, communication tools and online document storage. iLex is not involved in the actual loan transaction between the users of its Services and does not render any investment or legal advice in connection therewith. “Platform” shall refer to the internet-based platform owned and operated by iLex through which the Services are available.

Certain terms used in this Notice may have slightly different wording or definitions depending on the applicable state, country, or region. This Notice uses the following definitions:

  • “Controller” means a natural or legal person who, alone or jointly with others, determines the purposes and means of Processing your Personal Information.
  • “Personal Information” means any information directly or indirectly linked or associated to a particular identified or identifiable natural person.
  • “Processing” includes, but is not limited to, collection, use, transmission, transfer, storage, erasure, and/or destruction of Personal Information.
  • “Processor” means a natural or legal person who Processes Personal Information on a Controller’s behalf.

These definitions are intended to cover substantially similar terms under applicable global privacy and data protection laws, including the European General Data Protection Regulation (“EU GDPR”) which generally applies to the Processing of Personal Information in European Union (EU) member states and the European Economic Area (EEA) and the similar law in the United Kingdom (“UK GDPR”). For the purposes of this Notice, the EU GDPR and the UK GDPR are referred to as the “GDPR”, collectively.

Under the EU GDPR and the UK GDPR, and the Swiss Data Protection Act (collectively, “European Data Protection Laws”), iLex may be considered either a Controller (i.e., is the party responsible for, and controlling the Processing of, your Personal Information) or a Processor (i.e., the party Processing your Personal Information on behalf of a Controller). iLex may also be considered both a Controller and a Processor depending on the nature of the transaction.

If the European Data Protection Laws, including individual EU member state laws supplementing the GDPR, or other country laws outside of the United States apply to you, please see the “12. YOUR RIGHTS UNDER EUROPEAN DATA PROTECTION LAWS” or “13. OTHER GLOBAL PRIVACY LAWS” sections below for further information about your rights.

1. WHAT DOES THIS PRIVACY NOTICE COVER?

This Notice applies when iLex is the Controller of your Personal Information. This includes your use of our websites and branded social media pages, our customer support platforms as well as when you receive emails, texts, faxes or have other communications with us (collectively, our “Sites”).

iLex acts in different roles with respect to your Personal Information depending on the nature of the Processing. This Notice does not apply:

  • Where iLex Processes your Personal Information as a Processor on behalf of our clients, the client’s privacy notice (not this Notice) applies when we Process your Personal Information as a Processor on their behalf. Please contact the client directly if you have concerns about this Processing or which to exercise related privacy rights.
  • To any Personal Information you post to the public areas of our Sites. This includes, but is not limited to, comments to social media platforms and other public forums. Comments posted to public areas may be viewed, accessed, and used by third parties subject to the privacy practices and policies of the platform and/or forum.

There may be certain circumstances where more than one Controller Processes your Personal Information (sometimes called Joint Controllers or Co-Controllers). In these situations, we act as an independent Controller over our Processing activities. This means we determine the purposes and means of Processing your Personal Information independently from the other Controllers. Each Controller is responsible for meeting their own obligations under applicable global privacy and data protection laws. iLex is not responsible for other Controllers’ Processing activities, including our clients and other Joint Controllers.

2. WHAT PERSONAL INFORMATION DO WE PROCESS?

‍The types of Personal Information we Process depends on (a) how you access or use our Sites and (b) how you and our clients use our Services.

PERSONAL INFORMATION WE PROCESS THROUGH OUR SITES

Our Sites and/or Services may have Processed the following Personal Information about you within the last twelve (12) months:

  • Identity Data – e.g. first name, last name, username or similar identifier, title;
  • Contact Data – e.g. billing address, email address and telephone numbers;
  • Technical Data – e.g. IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Platform;
  • Profile Data – e.g. your username and password, preferences, feedback and survey responses;
  • Usage Data – e.g. information about how you use our Platform and services; and
  • Marketing and Communications Data – e.g. your preferences in receiving marketing from us and, as the case maybe, our third parties and your communication preferences.

PERSONAL INFORMATION WE PROCESS AUTOMATICALLY VIA TRACKING TECHNOLOGIES (E.G., COOKIES)

When you interact with our Sites, iLex or iLex’s third-parties may automatically Process your Personal Information through a variety of commonly used tracking technologies, such as cookies, web beacons, pixels, tags, file information, geolocation, and similar technology (collectively, “Cookie Information”).

‍For more information on how iLex uses Cookie Information, please see our Cookie Policy available at https://ilex.sg/privacy-policy.‍3.

3. HOW DO WE PROCESS PERSONAL INFORMATION?

iLex may Process your Personal Information to:

  • Operate, maintain, improve, and provide to you the features and functionality of our Sites and/or Services.
  • Enhance our Sites, as your information helps us to more effectively respond to your customer service requests and support needs.
  • Contact you, including about the information you have provided through our Sites.
  • Evaluate you for employment opportunities at iLex.
  • Set up and administer accounts for our Sites and/or Services.
  • Process transactions for our Sites and/or Services.
  • Deliver marketing and events communication.
  • Prevent fraud and abuse using our Services.
  • Enable identity authentication and otherwise operate, maintain, and provide our Sites and/or Services.
  • Perform any other action we may describe when you provide the information.

‍ In cases where our legal basis to Process your Personal Information is based on your consent, that consent may be revoked at any time by contacting us (see the “15. CONTACTING US” section of this Notice). Please note that if you withdraw your consent, we may not be able to provide you with an optimal user experience with our Sites and/or Services. We will explain the impact to you at the time to help you with your decision.

4. WHEN DO WE SHARE YOUR PERSONAL INFORMATION?

iLex may share your Personal Information under the following circumstances:

With Vendors and Trusted Sources

We may share your Personal Information with vendors, service providers, and other trusted third parties to support the provision, operation, maintenance, and enhancement of our Services. This includes, where applicable, the storage, processing, and secure transfer of data such as described in our General Terms and Conditions. These parties are contractually obligated to protect your Personal Information and only use it for purposes we authorize.

With Other Participants

To enable key features of the Services – including but not limited to counterparty interaction, transaction workflows, contact management and secure document sharing – we may share relevant Personal Information with other users of the Platform or parties such as recipients of your workflow invitations where necessary. This use is governed by the General Terms and Conditions, and your use of the Platform.

For Service Improvement and Operations

We may use and share Personal Information for the ongoing monitoring, analytics, development, and improvement of our Services. This includes technical analysis, platform stability assessments, and feature optimization activities, as permitted by our General Terms and Conditions.

To Meet Legal Requirements

We may disclose Personal Information to law enforcement, regulators, courts, or other authorities if required to comply with legal obligations or in good faith to:

  • Fulfill applicable laws, regulations, subpoenas, or legal processes
  • Enforce our agreements and terms
  • Detect, prevent, or investigate fraud or security issues
  • Protect the rights, property, or safety of iLex, its users, or the public

In Anonymized or Aggregated Format We may also share Personal Information that has been aggregated or anonymized so that it cannot reasonably be used to identify you, for purposes such as analytics, benchmarking, or reporting.

5. HOW DO WE RESPOND TO “DO NOT TRACK” SIGNALS?

iLex may, and iLex may allow our vendors and other third-parties to, use cookies or other technologies on our Sites or in our Services that collect information about your browsing activities over time and across different websites following your use of the Sites or Services.  We currently do not respond to “Do Not Track” (DNT) signals and operate as described in this Notice when a DNT signal is received.‍

6. ONLINE ADVERTISING

iLex may permit third party online advertising networks, social media companies, and other third party services to collect Personal Information through cookies and similar tracking technologies related to your visit to our Sites so that they may play or display ads that may be relevant to your interests on our Sites as well as on other websites or apps, or on other devices you may use. This information may also be used to make the advertisements you see online more relevant to your interests. For example, iLex or a third party may utilize certain forms of display advertising and other advanced features through Google Analytics, such as Remarketing with Google Analytics, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. These features enable us to use first-party cookies (e.g., Google Analytics cookie) and third-party cookies (e.g., DoubleClick advertising cookie) or other third-party cookies together to inform, optimize, and display ads based on your past visits to the Sites.

7. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

  • Keeping information safe. iLex maintains reasonable administrative, technical, and physical security measures to protect your Personal Information, including unauthorized access and use. However, no security system is impenetrable. In the event that any Personal Information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised, and take other steps, in accordance with any applicable laws and regulations. In the event Personal Information in our possession is affected by a security event, we will notify our clients (and where appropriate, users directly) in accordance with our contractual obligations and applicable law.
  • Data retention. We may retain your Personal Information as long as appropriate for business purposes, unless we are required by law, regulation or for litigation and regulatory investigations to keep it for longer periods of time. Any Personal Information that we have acquired, either directly or from third parties, and that is no longer needed for any business or record-keeping purposes, is disposed of securely and in compliance with established best practices for secure data destruction and/or de-identification. Personal Information that we have Processed on behalf of our clients may be retained, stored, and deleted but only in accordance with our contractual obligations and in compliance with applicable law.‍

8. LINKS TO OTHER WEBSITES

Our Sites may contain links to other websites not operated or controlled by us (“Third Party Sites”), including social media websites which are not iLex-branded and other services. Personal Information that you share with Third Party Sites will be governed by the specific privacy policies and terms of service of the Third Party Sites and not by this Notice. By providing Third Party Site links on our Sites, iLex does not imply that we endorse or have reviewed the privacy policies of these sites. Please contact the Third Party Sites directly for information on their privacy policies and practices.

9. CHILDREN

iLex does not knowingly collect Personal Information from children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to ILex through the Sites or Services, please contact us at and we will endeavor to delete that information from our databases.

10. INTERNATIONAL TRANSFERS

Personal Information received on behalf of clients for the United States market is Processed on servers located in Europe. Personal information received on behalf of clients based or servicing primarily the European Economic Area countries are Processed on servers based in Europe. Your Personal Information, if stored, may also be transferred to locations outside Europe from vendors or trusted sources we use.

Where we transfer your Personal Information outside Europe, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:

  • The country to which we send the Personal Information may be approved by the European Commission; or
  • The recipient may have signed a contract based on “standard contractual clauses” approved by the European Commission, obliging them to protect your personal information.

‍In other circumstances, the law may permit us to otherwise transfer your Personal Information outside Europe. In all cases, however, any transfer of your Personal Information will be compliant with applicable data protection law.

‍ You can request more details of the protection given to your Personal Information when it is transferred outside Europe (including a sample copy of the model contractual clauses) by using the details set out below in the “15. CONTACTING US” section. ‍If you are an EU, UK or Swiss individual, please see the “12. YOUR RIGHTS UNDER EUROPEAN DATA PROTECTION LAWS” section below for more information about the rights available to you.

11. YOUR US STATE PRIVACY RIGHTS

Several US states have enacted comprehensive privacy laws that grant you certain rights in relation to our Processing of your Personal Information. These laws include:

  • The California Consumer Privacy Act (effective January 1, 2020), as amended by the California Privacy Rights Act (effective January 1, 2023).
  • The Colorado Privacy Act (effective July 1, 2023).
  • The Connecticut Personal Data Privacy and Online Monitoring Act (effective July 1, 2023).
  • The Indiana Consumer Data Protection Act (effective January 1, 2026).
  • The Iowa Consumer Data Protection Act (effective January 1, 2025).
  • The Montana Consumer Data Privacy Act (effective October 1, 2024).
  • The Oregon Consumer Privacy Act (effective July 1, 2024).
  • The Tennessee Information Protection Act (effective July 1, 2025).
  • The Texas Data Privacy and Security Act (effective July 1, 2024).
  • The Utah Consumer Privacy Act (effective December 31, 2023).
  • The Virginia Consumer Data Protection Act (effective January 1, 2023).

‍iLex complies with all US state privacy laws currently in effect and continually monitors ongoing developments. ‍If you wish to exercise any of these rights, please contact us as set out in the “15. CONTACTING US” section of this Notice.


12. YOUR RIGHTS UNDER EUROPEAN DATA PROTECTION LAWS

Under European Data Protection Laws, iLex may be considered a Controller and/or a Processor depending on the nature of the transaction.

Legal Basis for Processing under GDPR: Under European Data Protection Laws, iLex may Process your Personal Information (as defined under applicable laws) if necessary:

  • For the performance of any contractual relationship we have with you;
  • For compliance with any legal obligation; and
  • For the purposes of iLex’s, our client’s, or trusted sources’ legitimate interests in connection with providing our Services or with respect to our Sites, including:
  • user registration/authentication and providing client services;
  • to contact you and respond to your requests and enquiries;
  • for business administration, including statistical analysis;
  • to provide the Sites as well as our Services;
  • for fraud prevention and detection; and
  • to comply with applicable laws, regulations, or codes of practices.

iLex may also Process Personal Information based on your freely given, specific, informed, and unambiguous consent. You are legally entitled to withdraw your consent at any time. If you do this and we have no alternative legal basis for Processing your Personal Information, this may affect our ability to provide you with rights to use the Sites as well as our Services.

We may store Personal Information for as long as necessary to fulfill the purposes for which we Process the data, except if required otherwise by law.

iLex does not directly or intentionally collect, store, Process, and transmit any of the other following special categories of Personal Information as defined by European Data Protection Laws:

  • Racial or ethnic origin
  • Political opinions
  • Religious, philosophical beliefs, or other beliefs of a similar nature
  • Trade union membership
  • Physical or mental health or condition
  • Sex life and sexual orientation
  • Genetic data
  • Data on criminal convictions

Specific Rights under European Data Protection Laws: If European Data Protection Laws, including but not limited to the UK GDPR, the EU GDPR and the Swiss Data Protection Act, are applicable to you, you may have the following rights in respect of your Personal Information that we hold:

  • Right to object. You have a right to object to any Processing based on our legitimate interests where there are grounds relating to your particular situation. You can object to marketing activities for any reason whatsoever.
  • Right of access. The right to obtain access to your Personal Information in a common machine-readable format. Please note that the request for additional copies of Personal Information may result in reasonable fees based on administrative costs.
  • Right to rectification. The right to obtain rectification of your Personal Information without undue delay where that Personal Information is inaccurate or incomplete.
  • Right to erasure. The right to obtain the erasure of your Personal Information without undue delay in certain circumstances, such as where the Personal Information is no longer necessary in relation to the purposes for which it was collected or Processed.
  • Right to restriction. The right to obtain the restriction of the Processing undertaken by us on your Personal Information in certain circumstances, such as where the accuracy of the Personal Information is contested by you, for a period enabling us to verify the accuracy of that Personal Information.
  • Right to portability. The right to portability allows you to move, copy or transfer Personal Information easily from one organization to another.

Additionally, you have the right not to be subject to a decision based solely on automated processing, including profiling.

In the instances where we control your data and you wish to exercise any of these rights, you may contact us as set out in the “15. CONTACTING US” section of this Notice. We will comply with applicable laws, but may not be able to honor your request in all circumstances. You also have the right to lodge a complaint to your local data protection authority.

13. OTHER GLOBAL PRIVACY LAWS

Many other countries have enacted comprehensive privacy laws that grant you similar rights in relation to how we Process your Personal Information.

iLex complies with all applicable legal requirements in a similar manner as required by local law (e.g., data processing agreements, transfer mechanisms, data protection officer requirements, etc.). If you wish to exercise any of these rights, please contact us as set out in the “15. CONTACTING US” section of this Notice.

14. CHANGES TO OUR PRIVACY NOTICE

We reserve the right to change this Notice from time to time in our sole discretion. Since we may modify this Notice from time to time, we recommend that you check the current version of this Notice periodically. If we make any modifications to this Notice, we will update the “Effective Date” at the top.  By continuing to use the Sites and Services or providing us with information after we have posted any updates to this Notice, you consent to the revised Notice and practices described in it.  

15. CONTACTING US

We reserve the right to change this Notice from time to time in our sole discretion. Since we may modify this Notice from time to time, we recommend that you check the current version of this Notice periodically. If we make any modifications to this Notice, we will update the “Effective Date” at the top.  By continuing to use the Sites and Services or providing us with information after we have posted any updates to this Notice, you consent to the revised Notice and practices described in it.