Privacy Policy
Credit Canary Limited is committed to protecting and respecting both your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act (2018), as well as all other mandatory laws and regulations of the United Kingdom.
This Privacy Policy explains how Credit Canary collects, processes, and keeps your data safe. The Privacy Policy will tell you about:
- your privacy rights;
- how the law protects you;
- how Credit Canary informs its employees of their obligations when processing data at any time.
This Privacy Policy explains what data Credit Canary collects, where it's collected and how it is used, covering:
(i) individuals visiting the Credit Canary website;
(ii) entities contracting for Credit Canary’s products and services (“Clients”);
(iii) individuals engaging with Credit Canary’s products and services through Customers (“End Users”).
Throughout this Privacy Policy, when Credit Canary uses terms such as "you" or "your," it is referring collectively to Website Visitors, Clients, and End Users unless specifically stated otherwise.
For any specific questions or queries arising following a review of this Privacy, please contact our nominated Data Protection Officer at dpo@creditcanary.co.uk.
1. About Credit Canary
Credit Canary is a limited company registered in England and Wales under company number 14117508 and whose registered office is Unit D, Pendyris Street, Cardiff, Wales, CF11 6BH.
Credit Canary acts as both a data controller and a data processor concerning personal information.
As a data controller, Credit Canary is responsible for managing and protecting the personal data collected through our direct interactions with you, as outlined in this Privacy Policy.
Credit Canary serves as a data processor when providing services to clients. In these instances, our responsibilities and the specifics of data handling are outlined in the individual contracts with each client.
Our Data Protection Officer (“DPO”) is responsible for overseeing questions concerning this Privacy Policy, contactable using the details set out below:
- Name: James Fell, Chief Executive Officer
- Email: dpo@creditcanary.co.uk
- Postal Address: Unit D, Pendyris Street, Cardiff, Wales, CF11 6BH
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) to which it is registered under ZB437267. Credit Canary would, however, appreciate the chance to deal with your concerns before you approach the ICO.
2. Information that Credit Canary collects
To deliver its products and services, Credit Canary acquiresinformation about you through various channels, including:
2.1. Client-Provided Data
Credit Canary processes information that our clients, acting as data controllers, collect about you, including: (a) personal details (e.g. name, date of birth), (b) contact information (e.g. email, address, phone), (c) identification numbers (e.g. a customer ID), (d) fraud-related information, (e) other relevant data collected during service provision.
2.2. External Sources
Credit Canary supplement client-provided data with information from: (a) public records and online sources, including social media, (b) third-party data providers to enhance our services, (c) internally built databases e.g. enrichment and categorisation.
2.3. Financial and Credit Data
To provide our clients with services, such as credit decisioning, Credit Canary collects financial and credit information with the explicit consent of the end user.
This data is sourced from:
2.3.1. Banks and Financial Institutions:
- Bank account and associated transactional data are acquired via Open Banking protocols;
- An End User’s explicit consent is required before Credit Canary can access this information and for how long access can be maintained;
- Credit Canary operates as a PSD agent of obconnect Limited (FRN: 935017);
- The information obtained may include (a) Account information e.g. name, sort code, account number, (b) Account balances and transaction records.
2.3.2. Credit Reference Agencies
- Credit Canary partners with TransUnion International UK Limited (Company Number: 03961870) to obtain credit-related information on behalf of our clients.
- This data is used to help our clients determine creditworthiness, product suitability, and to verify identity, as well as to prevent fraud and money laundering. The information obtained may include (a) Credit history and scores, (b) Current account turnover (CATO) data, (c) Identity verification details, and/or (d) Fraud prevention indicators.
- For more details on how TransUnion handles your data, please refer to their privacy notice;
- TransUnion International UK Limited may use your information for its services and share it with other clients;
Credit Canary only accesses this data with either explicit consent and/or legitimate interest. Credit Canary uses this financial and credit data solely to provide our services to our customers and to ensure compliance with regulatory requirements. Your privacy and data security remain our top priority throughout this process.
2.4. Service User Information
When clients subscribe to Credit Canary’s services, Credit Canary may also process: (a) Contact details of service users, and/or (b) Financial information for billing purposes.
2.5. Website Visitor Data
Credit Canary's website automatically collects (a) Device information (browser type, operating system, IP address) and (b) Usage data (pages visited, time spent, access date and time).
Credit Canary uses cookies and similar technologies for this purpose. Individuals using Credit Canary’s website can manage cookie preferences in their browser settings, though this may limit site functionality.
2.6. Direct Submissions
Information provided directly to the Credit Canary website, such as (a) Name and contact details and (b) Nature of your inquiry.
2.7. Important Notes
Credit Canary regularly reviews and updates its cookie consent practices. Credit Canary does not intentionally collect 'Special Category' data from site visitors. If you believe Credit Canary has unintentionally gathered sensitive information, Credit Canary urges you to contact our Data Protection Officer without delay to help us address any potential data privacy concerns swiftly and effectively.
3. How Credit Canary may use your information
Credit Canary utilises your information to enhance, support, and develop its products and services. Specifically, Credit Canary may use data for the following purposes:
3.1. Client Service Delivery
To provide our clients with high-quality services.
3.2. Service Operation & Improvement
To either (a) analyse service usage patterns, (b) enhance content, functionality, and usability, (c) strengthen security measures, (d) investigate and prevent fraudulent activities and (e) resolve technical issues and service disruptions.
3.3. Legal Compliance and Rights Protection
To either (a) comply with applicable laws and regulations, (b) protect our legitimate interests and those of others, (c) establish, exercise, or defend our legal rights, (d) enforce our Business Agreements and usage policies.
3.4. Consent-Based Usage
With explicit consent, Credit Canary may use data to improve its platform's effectiveness for both clients and their end-users.
3.5. Data Triangulation
Credit Canary combines information collected through our services for the basis of categorisation, enrichment and validation.
3.6. Aggregate Data
Credit Canary reserves the right to either (a) aggregate, categorise, enrich and/or validate collected information, (b) use aggregate data for research, marketing, or other purposes, (c) share aggregate data with third parties at our discretion.
Credit Canary transforms data into fully anonymised aggregate information. This process ensures that the resulting data cannot be traced back to any specific individual, customer, or end user.
By employing this approach, Credit Canary maintains robust privacy standards while simultaneously enhancing our products and services through meaningful research and analysis.
4. Legal Basis for Data Collection and Use
Credit Canary collects and processes personal data following the General Data Protection Regulation (GDPR) and other applicable data protection laws.
Credit Canary relies on the following legal bases to justify its data processing activities:
4.1. Consent
Credit Canary collects and processes certain personal data when either the individual or end user provides explicit consent within scenarios such as (a) opting in to receive email newsletters and/or (b) agreeing to participate in specific services or features.
4.2. Contractual Obligations
To fulfil its contractual commitments and provide clients with promised services, Credit Canary may need to collect and process certain information.
4.3. Legal Compliance
Credit Canary are obligated by law to collect and process specific types of data, including information related to (a) fraudulent activities, (b) other illegal actions, (c) regulatory requirements.
4.4. Legitimate Interests
Credit Canary may process either individual, client or end-user data to meet our legitimate business interests, which include (a) delivering products or services to you, (b) improving our offerings, (c) maintaining business records, (d) ensuring the security and proper functioning of our services.
This processing is conducted in a way that does not override your fundamental rights and freedoms related to data privacy.
4.5. Performance of Agreement
Credit Canary processes data as necessary to perform our agreement to provide products and services to both clients and their end users.
In all cases, Credit Canary strives to ensure that its data collection and processing activities are proportionate, necessary, and respectful of your privacy rights.
Credit Canary continuously assesses the balance between our legitimate interests and your privacy rights to ensure fair and lawful data processing.
To ensure compliance with various privacy regulations, Credit Canary will only use sensitive personal data where Credit Canary has a lawful basis to do so.
By using Credit Canary services, you acknowledge these legal bases for data processing.
5. Information Sharing Practices
Credit Canary understands the sensitivity of your data and is committed to protecting your privacy. However, there are certain circumstances under which Credit Canary may need to disclose your information, such as:
5.1. Client Service Delivery
When legally permissible, Credit Canary may share your data with its clients to facilitate the provision of our services.
5.2. Business Transitions
In the event of significant corporate changes such as (a) mergers or acquisitions, (b) investments or reorganisations, (c) bankruptcy proceedings, (d) asset sales.
Credit Canary may transfer your information as part of the transaction or due diligence process.
5.3. Partnerships with Service Providers
Credit Canary collaborates with carefully selected third parties who assist them in various aspects of their operations, including (a) website hosting and maintenance, (b) customer surveys and feedback collection, (c) marketing and advertising initiatives (d) payment processing and billing services, (e) data analytics, (e) security and fraud prevention measures and/or (f) legal consultations.
These partners may receive access to your information to perform their specific functions.
5.4. Legal and Regulatory Compliance
Credit Canary may, in certain circumstances, share your information when Credit Canary has a reasonable and good faith belief that such disclosure is required to: (a) comply with applicable laws, regulations, or official requests, (b) enforce our business agreements and usage policies, (c) address technical issues or security threats, (d) respond to user support inquiries, (e) protect the rights, property, or safety of Credit Canary, its clients, and the public.
5.5. User-Directed Sharing
Credit Canary will share your information with third parties when you explicitly instruct us to do so.
In all cases, Credit Canary strives to limit the scope of shared information to what is necessary for the specific purpose at hand. Credit Canary is committed to protecting your privacy and will always handle your data with the utmost care and respect.
6. Website Tracking and Marketing
To optimise the experiences for individuals, customers and end customers, Credit Canary employs several digital tools to collect analytics and usage insights.
This comprises (a) Activity Logs: These digital records capture online interactions, helping us troubleshoot technical issues and analyse traffic patterns, (b) Embedded Solutions: These integrated tools enable us to monitor how you engage with our applications and services, (c) Digital Identifiers: Small text files stored on your device that help us recognize your preferences, understand your browsing history, and enhance your user experience, (d) Web Beacons: Tiny code snippets embedded in our online content that assist in various functions, including cookie management and user behaviour analysis to (i) collect usage information through cookies and similar technologies, (ii) conduct audits and research, (iii) assist in preventing fraudulent activities, (iv) help us provide specific features to our customers.
When you interact with Credit Canary’s products and services, or visit our website, Credit Canary may display targeted advertisements.
Its advertising approach includes showcasing its products and services, and related features that may interest you based on factors such as: (a) the features you use (b) demographic and geographic data (c) other information Credit Canary collects about you.
To deliver personalised ads, Credit Canary may collaborate with third-party providers who (a) may place cookies or use other tracking technologies on your device (b) collect information about your use of our services (c) use this data to show you interest-based ads on other websites.
It's important to note that (a) Credit Canary does not have access to the cookies or tracking technologies used by these third-party providers and (b) this Privacy Policy does not govern the use of such technologies by non-affiliated, third-party providers.
As technology evolves, Credit Canary may adopt additional methods to gather and process information, to improve its services. Our use of these technologies is designed to provide you with a more personalised and efficient experience on our platform.
Please be aware that restricting these technologies may limit your access to certain features or functionalities of Credit Canary’s website and/or products and services.
By continuing to use our services, you acknowledge and accept our use of these tracking technologies. However, you always retain the right to modify your preferences with the option to (a) adjust your browser settings to control cookie storage, (b) use third-party tools to manage your online tracking preferences.
7. Safeguarding Your Data
Credit Canary prioritises the security and confidentiality of your information. Credit Canary’s robust data protection measures include:
7.1. Advanced Security Standards
Credit Canary adheres to ISO27001 standards, implementing rigorous information security protocols across our operations. While Credit Canary is in the process of obtaining official certification, best practices are already in place.
Credit Canary is dedicated to proactively safeguarding your data by continuously evolving our security protocols to address emerging threats and uphold the highest standards of information protection.
7.2. Robust Storage Solutions
Your data resides on encrypted Azure storage servers within the United Kingdom, ensuring compliance with UK data regulations and providing strong protection against unauthorised access.
7.3. Strict Access Controls
Credit Canary utilises a comprehensive system of predetermined access privileges. This ensures that only authorised personnel can access specific data sets, and only when necessary for their roles.
7.4. Confidentiality Agreements
All employees of Credit Canary (including contractors and vendors) with data access are bound by strict confidentiality agreements, adding an extra layer of protection for your information.
7.5. Two-factor authentication (2FA)
All vendors used by Credit Canary have, where available, 2FA or MFA setup for all active users, enhancing security and reducing the risk of unauthorised access.
7.6. Limited Data Exports
Credit Canary restricts data exports to company administrators only, minimising the risk of data leaks.
7.7. Reporting Security Concerns
If you believe your interaction with us is no longer secure, please contact Credit Canary immediately at dpo@creditcanary.co.uk.
By implementing these comprehensive security measures, Credit Canary strives to provide you with peace of mind regarding the safety and integrity of your data.
8. Transfer of Data
While Credit Canary strives to maintain your personal information within your local geographic area, there may be instances where your data is transferred, stored, or processed in other locations.
Credit Canary has implemented robust safeguards to protect your information, including:
8.1. Stringent Data Protection Standards
Credit Canary will only transfer your data to jurisdictions that have been recognised as providing adequate levels of data protection. This ensures that your information receives comparable safeguards regardless of its physical location.
8.2. Contractual Safeguards
In cases where Credit Canary engages service providers in regions with different data protection laws, Credit Canary employs specially designed contracts. These agreements incorporate clauses and transfer mechanisms that have been officially approved to maintain the same level of protection your data enjoys in its country of origin.
8.3. Global Service Accessibility
If you access our services from outside the UK, it may be necessary to transfer your data across borders to maintain service quality. In such instances, Credit Canary will implement appropriate protective measures to ensure the security and integrity of your information.
Our commitment to data protection extends beyond borders. Credit Canary continuously monitors and adapts its practices to comply with evolving international data protection regulations, ensuring that your personal information remains secure, regardless of its physical location. By using our services, you consent to these data transfer practices.
9. Retention of Data
Credit Canary is committed to responsible data management. Credit Canary’s approach to retaining your personal information is guided by the following principles:
9.1. Purpose-Driven Retention
Credit Canary keeps your data for only as long as it serves the specific purposes for which it was collected. This includes (a) delivering our core services, (b) meeting legal and regulatory obligations, (c) fulfilling tax and accounting requirements, (d) satisfying reporting necessities.
9.2. Tailored Retention Periods
To determine how long Credit Canary should retain your information, it carefully considers several factors such as (a) the volume and type of personal data it holds, (b) the sensitivity of the information, (c) the potential risks associated with unauthorised use or disclosure, (d) the specific objectives of our data processing activities (e) whether these objectives can be achieved through alternative means.
9.3. Minimisation and Necessity
Credit Canary is committed to retaining your data for the shortest time necessary.
Once your personal information is no longer required for our stated purposes or to meet legal obligations, Credit Canary will securely delete or anonymise it.
9.4. Regular Reviews
Credit Canary’s data retention practices are subject to annual reviews to ensure they remain appropriate and compliant with current data protection standards.
9.5. Your Right to Be Forgotten
You have the right to request the deletion of your data. If you wish to exercise this right, please email dpo@creditcanary.co.uk.
By implementing these data retention practices, Credit Canary aims to balance our need to provide high-quality services with our commitment to protecting your privacy and respecting your data rights.
10. Your legal rights
Under certain circumstances, you have the following rights under relevant data protection laws concerning your data:
(a) Right to be informed. You have a right to be informed about our purposes for processing your data, how long Credit Canary stores it, and who it will be shared with.
(a) Right of access. You have the right to receive a copy of the personal data Credit Canary holds about you and to check that Credit Canary is lawfully processing it (also known as a "data subject access request"). To make a data subject access request, please email dpo@creditcanary.co.uk.
(a) Right to rectification. You have a right to request correction of the personal data that Credit Canary holds about you. This enables you to have any incomplete or inaccurate data Credit Canary holds about you corrected. This process will require Credit Canary to verify the accuracy of the new data you provide.
(d) Right to erasure. You have the right to ask Credit Canary to delete or remove personal data where there is no good reason for us to continue to process it, where you have successfully exercised your right to object to processing (see below), where Credit Canary has processed your information unlawfully or where Credit Canary is required to erase your data to comply with local law. Please be aware that Credit Canary might not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
(e) Right to object. You have the right to object to the processing of personal data Credit Canary holds about you. This effectively allows you to stop or prevent Credit Canary from processing your data. Please be aware that this is not an absolute right, and it only applies in certain circumstances, for example: (a) where Credit Canary is processing your data for direct marketing purposes, (b) where Credit Canary are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms and (c) in some cases, Credit Canary may continue processing your data if it can demonstrate that it has compelling legitimate grounds to process your information which overrides your rights and freedoms.
(f) Right to restrict processing. You have the right to request the restriction or suppression of your data. Please be aware that this is not an absolute right, and it only applies in certain circumstances: (a) if you want Credit Canary to establish the data's accuracy, (b) where Credit Canary’s use of the data is unlawful, but you do not want Credit Canary to erase it (c) where you need Credit Canary to hold the data even if Credit Canary no longer requires it as you need it to establish, exercise or defend legal claims (d) you have objected to Credit Canary’s use of your data, but Credit Canary needs to verify whether Credit Canary has overriding legitimate grounds to use it.
(g) Right to data portability. You have the right to request the transfer of your data to you or a third party. If you make such a request, Credit Canary will provide to you, or a third party you have chosen, your data in a structured, commonly used, machine-readable format. Please be aware that this right only applies to automated information which you initially provided consent for Credit Canary to use or where Credit Canary used the information to perform a contract with you. If you wish to request any of these rights, please contact us at dpo@creditcanary.co.uk.
11. Notification of changes and acceptance of policy
Credit Canary keeps this Privacy Policy under review and will place any updates herein.
By using Credit Canary, you consent to the collection anduse of data by us as set out in this Privacy Policy. Continued access or use of Credit Canary will constitute your express acceptance of any modifications to this Privacy Policy.
12. Interpretation
All uses of the word "including" mean "including but not limited to" and the enumerated examples are not intended to in any way limit the term which they serve to illustrate.
Any email addresses set out in this policy may be used solely for the purpose for which they are stated to be provided, and any unrelated correspondence will be ignored.
Unless otherwise required by law, Credit Canary reserves the right to not respond to emails, even if they relate to a legitimate subject matter for which Credit Canary has provided an email address.
You are more likely to get a reply if your request or question is polite, and reasonable and there is no relatively obvious other way to deal with or answer your concern or question (e.g. FAQs, other areas of our website, etc.).
Our staff are not authorised to contract on behalf of Credit Canary, waive rights or make representations (whether contractual or otherwise). If anything contained in an email from a Credit Canary address contradicts anything in this policy, our terms or any official public announcement on our website or is inconsistent with or amounts to a waiver of any Credit Canary rights, the email content will be read down to grant precedence to the latter. The only exception to this is genuine correspondenc eexpressed to be from the Credit Canary Limited legal department.
Last Update: 4th November 2024
