Privacy Policy - API and Exaport


The use of the application programming interfaces (“API”) and of the web-based application Exaport (“Exaport”), together the “Data Transfer Interfaces” or “DTI” provided by Exaloan AG (the “DTI Provider”) by the user (the “DTI User”) is subject to the below terms and conditions (the “DTI Terms and Conditions”). Exaloan AG may at any time alter these terms and conditions without prior notice by publishing new or amended Terms and Conditions under exaloan.com. 

The API and Exaport are discretionary offers provided to DTI Users in connection with Services rendered by the DTI Provider to the DTI User (the “DTI Provider’s Services”). The DTI Provider and the DTI User are referred to each as a “Party” and together the “Parties.”


Status: April 20, 2023


“Applicable Data Protection Law” means Applicable Law relating to privacy and the processing of personal data, as applicable to the Parties.


“Applicable Law” means any of the following, to the extent that it applies to any person:

(a) any and all applicable laws, enactments, statutes, orders, rules, regulations, directives, ordinance or subordinate legislation, any exercise of prerogative and codes of conduct or regulatory policy, whether local, national, international or otherwise existing from time to time, together with any other similar instrument having legal effect in the relevant circumstances;

(b) decisions, orders, judgments and decrees of any relevant court, tribunal, Supervisory Authority or ombudsman; and

(c) any applicable direction, policy, rule or order that is given by a Supervisory Authority;


in each case as amended, supplemented, superseded or replaced from time to time


“Confidential Information” means in relation to either the DTI Provider or the DTI User, all information used in or otherwise related to that disclosing Party’s business, customers or financial or other affairs, in each case whether or not marked “Confidential”, and any and all other information clearly designated as “Confidential” by the disclosing person, in each case existing in any form;


“DTI Provider’s Services” means the services provided by the DTI Provider to the DTI User, including but not limited to the listing of loans on its platform Loansweeper®, the Analytics and/or the ECS Toolbox, as the case may be;


“Malware” means any software program or code intended to destroy, interfere with, corrupt, or cause undesired effects on program files, data or other information, executable code or application software macros, whether or not its operation is immediate or delayed, and whether the malicious software is introduced wilfully, negligently or without knowledge of its existence;


“Security Breach” means any unauthorised access, attempted unauthorised access or indication that there is a risk of unauthorised access to or interference with the systems or data owned, held or managed by either the DTI Provider or the DTI User by any Third Party or by a Party in breach of the terms of the DTI Terms and Conditions;


“Security Requirements” means those requirements listed at Schedule 1;


“Supervisory Authority” means any local, national or multinational agency, department, official, parliament, public or statutory person or any government or professional body, regulatory or supervisory authority (including a supervisory authority under Applicable Data Protection Law), board or other body responsible (in the context in which such term is used) for regulating a Party and/or any matters relating to the performance by any Party of its obligations under this Agreement or for collecting, assessing or administrating tax;


“Third Party” means any person other than a Party to the DTI Terms and Conditions, an employee, director, officer or agent of a Party to the DTI Terms and Conditions or any tax authority;


The DTI Provider will provide access to the DTI on an ‘as is’ and zero-fee basis. The DTI Provider provides the DTI on a discretionary basis and does not warrant that the DTI will be uninterrupted, timely, error-free or virus-free, nor does it make any warranty as to the results that may be obtained from using the DTI. Subject to the foregoing, the DTI Provider will use its reasonable endeavours to prevent interruption to the access to the DTI as is reasonably practicable for it to do so. The DTI Provider reserves the right to limit access to and/or use any DTI by various means and using various criteria.


3.1 The DTI User will use reasonable endeavours to ensure that the data provided will be as far as possible without material error. 


3.2 The DTI User will only provide data in compliance with Applicable Data Protection Law.

  • (a) The DTI User will use the DTI in compliance with the Security Requirements.
  • (b) The DTI User will only provide data that it is permitted to use.
  • (c) The DTI User will be responsible for providing data in accordance with the scope of its customer’s consent.  

3.3. The DTI User will comply with all legal requirements and refrain from creating content that is unlawful or otherwise objectionable, or any content that may be construed as such.


4.1 The DTI are and remain the property of the DTI Provider and are protected by applicable intellectual property laws. Upon successful registration, the DTI Provider grants the DTI User a non-exclusive, non-transferable, revocable and non-sublicensable right to use the DTI to the extent required for the DTI Provider to provide the relevant Services to the DTI User.


5.1 Both Parties will use at least the same degree of care, to safeguard the Confidential Information of the other Party as it employs with respect to its own Confidential Information of a similar nature. 

5.2 Neither Party will disclose or use any such Confidential Information other than in connection with, and only to the extent necessary for the performance of its obligations under, or to exercise any rights of licences granted by, the Services. 


 5.3 Both Parties may disclose Confidential Information: 

  • (a) if and to the extent required by Applicable Law or for the purpose of any judicial proceedings; 
  • (b) to its professional advisers, auditors (and their advisers) and lawyers; and 
  • (c) if and to the extent the information has come into the public domain through no fault of that Party. 

5.4 Notwithstanding the expiry or early termination of the DTI Terms and Conditions, the provisions of this Clause 5 will continue to apply to each Party without limit in time. 


5.5 The text of any press release or other communication made by either Party to be published by or in the media concerning the subject matter of these Terms will require the approval of both Parties.


6.1 Both parties will:

    • (a)be responsible for the security of its own system;
    • (b) not knowingly transmit any Malware through the use of the DTI or introduce Malware into any data or message sent to the other Party or into the other Party’s system;
    • (c) use commercially available and current scanning tools (in line with good industry practice) to scan for Malware.

    6.2 On the occurrence of a Security Breach, the DTI User must notify the DTI Provider as soon as reasonably practicable and in any case within forty-eight (48) hours of the DTI User becoming aware of the Security Breach and provide the DTI Provider with all the information it has available to it regarding the data affected by the Security Breach. 


    6.3 The DTI User is prohibited from, and will not engage, in any of the following activities: 

      • (a) reverse engineer, disassemble, reconstruct, or decompile any object code of the DTI, any Exaloan AG test data, the Exaloan AG DTI or any other data provided by the DTI Provider in connection with the DTI (the “Exaloan Content”); 
      • (b) attempt unauthorized access to, or use of, the DTI Provider’s services or systems; 
      • (c) damage, disrupt, or otherwise negatively affect the operation of the DTI Provider’s services or systems; 
      • (d) use any robot, spider, site search or other application to retrieve or index Exaloan Content; 
      • (e) collect information about other DTI Users.


      The DTI Provider may terminate the DTI User’s access to the DTI without prior notice.


      No Party other than the DTI Provider may assign, novate or transfer in any way, or charge the benefit of, any of its rights, liabilities or obligations under the DTI Terms and Conditions on a temporary or permanent basis to any Third Party. 


      Each Party agrees that the DTI Terms and Conditions and relationship between the Parties will be exclusively governed by and interpreted in accordance with German law and that all disputes arising out of or in connection with the DTI Terms and Conditions will be exclusively governed by and determined in accordance with German law and (subject to the dispute resolution procedure) each Party expressly and irrevocably submits to the exclusive jurisdiction of the Frankfurt am Main, Germany Courts in relation to all such disputes and any other claim or matter arising under or in connection with the DTI Terms and Conditions.

      Schedule 1
      Security Requirements

      • a secure connection must be established before data is transferred;
      • each Party will be responsible for the security of its own system; 
      • each Party will agree not to transmit any Malware through use of the DTI or introduce Malware into any data or transmission sent to the other Party or introduced into the other Party’s system, and will notify the other immediately after becoming aware that there might have been Malware in any transmission;
      •  each Party will use commercially available and current scanning tools (in line with good industry practice) to scan for Malware; 
      • the DTI User must conduct regular risk analysis and take steps to update any security measures as needed to remedy any security incidents or identified vulnerabilities and ensure such an incident does not re-occur; and 

      the DTI User will notify the DTI Provider within any specified timescale (or, as a default, as soon as possible after becoming aware) of any actual or suspected security breach of the DTI User’s System.

      This website uses cookies to ensure you get the best experience on our website.

      This website uses cookies to ensure you get the best experience on our website.

      This website uses cookies to ensure you get the best experience on our website.