Skip to main content

Services Privacy Policy

Last Updated

6 October 2021

Credit Kudos Services Privacy Policy

Credit Kudos is a Credit Reference Agency ("CRA") and Account Information Services Provider ("AISP") that provides services that help consumer credit firms, identity verification companies, banks, and financial institutions (“Institutions”) to conduct income verification, identity verification and credit checks. The controller for personal data involved when you register to use Credit Kudos, visit your account or communicate with us is:

Credit Kudos Limited, WeWork, 1, Poultry, London EC2R 8EJ (“Credit Kudos”/“we”/“us”/”our”).

Institutions who use our credit checking services are also data controllers. If you have questions about how an Institution handles your personal data, or if you wish to exercise your rights over the personal data they hold, please contact them directly.

We provide the website at www.creditkudos.com (the “Website”), the Platform and the Services accessible from that Website and Platform (both as defined in the Credit Kudos Website Terms of Use (“Credit Kudos Terms of Use”).

When you start using our Platform and Services, you will be asked to consent to us processing your personal information in accordance with this Credit Kudos Services Privacy and Cookie Policy (the “Policy”) and the Credit Kudos Services Terms of Use. We access and retrieve personal information from your financial accounts to fulfill this contract. We cannot provide the Services to you without collecting account information from your financial accounts.

We want you to obtain personalised experiences anytime, anywhere, on any device. This requires us to collect personal information from you. However, we want to put you in control of that personal information. We want you to be aware at all times where and how your personal information is being used. This is of paramount importance to us.

So, let’s describe what this Policy tells you. It explains:

  • what information we may collect about you;
  • what we may do with the information we collect about you and our legal basis for doing so;
  • whether we share your information with anyone else;
  • the types of cookies we use and how you can reject these cookies;
  • where we store your information;
  • how we keep your information secure; and
  • your rights in relation to your information.

At Credit Kudos we take your privacy seriously. We operate on the principle that your personal information belongs to you and only you can decide who you want to share it with and why. This is fundamental to the way we work and we’re committed to providing a secure environment for you to store your personal information and share it with others when you want to.

When does this policy apply

This Policy and the Credit Kudos Services Terms of Use apply to your use of the Platform and the Services once you register to access the Platform and use the Services.

Here is the information we may collect about you

Information you voluntarily provide:

  1. If you contact us (by phone, email, web chat or through the Platform), we may keep a record of that correspondence for two years in case we need to contact you in relation to the issue for which you contacted us, for operational performance improvement and/or nuisance caller management. We will not use it for marketing purposes.
  2. If you report a problem with the Platform and/or the Services, we may keep that information for two years in case we need to contact you in relation to the issue you for which you contacted us, for operational performance improvement and/or nuisance caller management. We will not use it for marketing purposes.
  3. As part of providing our Services, we retrieve account information contained within your financial accounts. Once we've retrieved your account information, we store and process this as a CRA as part of our credit reference and credit information services activities, as detailed in the below section "Credit Reference Agency Processing". Credit Kudos keeps account information and credit information for up to six years. We will not use it for marketing purposes.

The information you give may include your name, address, telephone number, email address, and financial account details.

Information we collect about you and your device

As part of this contract for our services, we may ask for ongoing access to your account information for up to 90 days. You will be informed before you complete the authorisation process of exactly how long this ongoing access will continue. You may withdraw consent for Credit Kudos to have ongoing access to your account information at any time through our consent management dashboard, managing consents through your financial institutions, letting us know through our web chat or by emailing support@creditkudos.com. In order to manage your consent, we will ask that you either create a password while using our platform, or we will email you a personalised link to access the service.

If you are prompted to set a password and do not do so, or are unable to find your consent management link, you can manage your consent by contacting us directly through our web chat or by email. We will need to collect two forms of identification to verify you are the same individual for which we collected consent in the first place.

Your withdrawal of consent for Credit Kudos to have ongoing access to your account information will not affect the lawfulness of any data processing carried out by us using data accessed prior to the revocation of ongoing consent. At that time, you may also want to remove any cookies which have been placed on any device used to access the Website, Platform and/or Services.

We are authorised and regulated by the Financial Conduct Authority as a CRA (reference number 770345). As such, when you use the Platform and interact and with our Services, we may receive outcome data from third parties related to your financial standing. This means we will collect information about any applications you make to financial services companies via the Platform. When you use the Platform and interact and with our Services, we may use technology such as that provided by Google Analytics to collect information. You can find more information about Google Analytics here. Google Analytics enables us to analyse how you and others interact with our Platform. The information we collect may include:

  • your IP address;
  • the type of browser you use (e.g. are you using the Chrome or Safari browser?); and
  • the number of sessions per browser on each device;
  • the type of device (eg Samsung) and operating system (eg Android) you are using;
  • referrer information;
  • time zone;
  • user preferences; and
  • which pages you visited.
  • whether or not a credit product was granted;
  • whether you repaid that credit product or not; and
  • whether you are in arrears or default.

Credit reference agency processing

Credit Kudos is authorised by the Financial Conduct Authority to provide services as a CRA. CRAs receive personal data about individuals that’s part of, derived from or used in credit activity. The ways in which CRAs use this personal data include:

Credit reporting and affordability checks

  • Credit Kudos uses data it gathers to provide credit reporting services to its clients.
  • Institutions use credit reporting services to see the financial position of people and businesses. For example, a lender or creditor may check with a CRA when an individual or business applies for credit and the lender or creditor needs to make a credit decision taking into account that person or business’s credit history.
  • Affordability checks help Institutions understand whether people applying for credit or financial products (like loans) are likely to afford the repayments.
  • These activities help promote responsible lending, prevent people and businesses from getting into more debt than they can afford, and reduce the amount of unrecoverable debt and insolvencies.

Verifying identity, and preventing and detecting criminal activity, fraud and money laundering

CRAs also use data to provide verification, crime prevention and detection services to Institutions, as well as fraud and anti-money-laundering services. For example:

  • When a person applies to an organisation for a product or service, the organisation might ask them to answer questions about themselves, and then check the answers against the data held by the CRA to see if they’re correct. This helps confirm the person they are dealing with is not trying to commit identity theft or any other kind of fraud.
  • If a person applies for credit the lender or creditor might check the personal data that person gives them against the personal data held by CRAs to try and prevent fraud.

Account management

CRAs supply information including personal data to their clients for account management, which is the ongoing maintenance of the client organisation’s relationship with its customers. This could include activities designed to support:

  • data accuracy (such as data cleansing - where bureau data can be used to clean or update lender data. This might involve checks that data is in the right format or fields, or to correct spelling errors);
  • clients’ ongoing account management activities. (For example, data sharing with lenders and creditors so clients can make decisions relating to credit limit adjustments, transaction authorisations, and to identify and manage the accounts of customers at risk, in early stress, in arrears, or going through a debt collection process, or to confirm that assets are connected to the right person).

Tracing and debt recovery

CRAs may also use personal data to support debt recovery and debtor tracing.

Statistical analysis, analytics and profiling

CRAs can use and allow the use of personal data for statistical analysis and analytics purposes, for example, to create scorecards, models and variables in connection with the assessment of credit, fraud, risk or to verify identities, to monitor and predict market trends, to allow use by lenders for refining lending and fraud strategies, and for analysis such as loss forecasting.

Database activities

CRAs carry out certain processing activities internally which support databases effectiveness and efficiencies. For example:

  • Data loading: where data supplied to CRAs is checked for integrity, validity, consistency, quality and age help make sure it’s fit for purpose.
  • Data matching: where data supplied to CRAs is matched to their existing databases to help make sure it’s assigned to the right person, even when there are discrepancies like spelling mistakes or different versions of a person’s name. CRAs use the personal data people give lenders together with data from other sources to create and confirm identities, which they use to underpin the services they provide.
  • Data linking: as CRAs compile data into their databases, they create links between different pieces of data. For example, people who appear financially associated with each other may be linked together, and addresses where someone has previously lived can be linked to each other and to that person’s current address.
  • Systems and product testing: data may be used to help support the development and testing of new products and technologies.

Other uses with an individual’s permission

From time to time Credit Kudos may use the personal data they hold or receive about individuals for other purposes where the individual has given consent.

Uses as required by or permitted by law

Personal data may also be used for other purposes where required or permitted by law.

Our use of aggregated or anonymised information

We may provide aggregate user statistics and other usage data which does not identify you specifically with third parties. We may combine your data with those of other users of our Platform and share or provide this information in aggregated and anonymised form with third parties. For example, if we establish that users who obtain their gas and electricity from the same energy retailer are less likely to default on a loan then we may share such information with loan providers, but we would only ever do this with anonymised and aggregated data from which it would be impossible to identify an individual.

We may also use information collected from you and combine it with information provided by other users of our Platform to help us improve the design and delivery of our software tools, increasing the effectiveness for all users.

This is who we share your information with

We will only share information with other organisations where we have your permission to do so in accordance with this Policy or where we believe it is necessary for a legitimate reason connected with the Platform or our Services.

As a Credit Reference Agency (“CRA”), Credit Kudos shares data with certain third party organisations. Before Credit Kudos shares data with any other organisation, we have processes in place to check that organisation’s identity, data protection and security policies, and, where applicable, to confirm where it is registered with regulators.

Clients

Credit Reference Agencies supply their products and services to clients in various sectors, such as banks, building societies, other credit providers, utility companies, mobile phone companies, insurance companies, credit report providers, retailers, gaming organisations, tenant and employee vetting firms, professional services organisations (such as firms of solicitors and accountants), estate agents, landlords, marketing companies, charities and public bodies such as the police, central and local government and regulators.

Certain organisations that share financial data with the credit reference agencies are members of closed user groups which entitle them to receive similar kinds of financial data contributed by other organisations in the group. These organisations are typically banks, building societies, and other lenders, as well as other credit providers like utilities companies and mobile phone networks.

Credit Brokers

Depending on the service, there may be times where we share your data, with your consent, with credit brokers. In such instances, credit brokers may share your data with third party lenders. You should check the Privacy Notice of the credit broker concerned for a full list of the lenders the data may be shared with. This will also explain the basis on which a credit broker or lender may use your personal data. Credit Kudos has no oversight or responsibility for third party Privacy Notices.

Resellers, distributors and agents

CRAs sometimes use other organisations to help provide their services to clients and may provide personal data to them in connection with that purpose.

Other organisations

Some data, where permitted in accordance with industry rules or where it is public information, can be shared with other organisations that have a legitimate use for it - ID verification services, for example.

Public bodies, law enforcement and regulators

The police and other law enforcement agencies, as well as public bodies like local and central authorities and the CRAs’ regulators, can sometimes request the credit reference agencies to supply them with personal data. This can be for a range of purposes such as preventing or detecting crime, fraud, apprehending or prosecuting offenders, assessing or collecting tax, investigating complaints or assessing how well a particular industry sector is working.

Processors

The CRAs may use other organisations to perform tasks on their own behalf (for example, IT service providers and call centre providers). 

In addition, we may disclose your personal information to third parties:

  • if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request;
  • to enforce or apply our Credit Kudos Services Terms of Use and other agreements or to investigate potential breaches; or
  • to protect the rights, property or safety of our Platform or our users.

Depending on the service, there may be times where we share your data, with your consent, with credit brokers. In such instances, credit brokers may share your data with third party lenders. You should check the Privacy Notice of the credit broker concerned for a full list of the lenders the data may be shared with. This will also explain the basis on which a credit broker or lender may use your personal data. Credit Kudos has no oversight or responsibility for third party Privacy Notices.

Our use of cookies, pixels and local storage

Cookies are small pieces of data that are stored on your computer, mobile phone or other device. Pixels are small blocks of code on web pages that do things like allow another server to measure viewing of a Web page and are often used in connection with cookies. HTML5 Local Storage is a small database located inside your browser which web pages can use to store data to speed up their processing. We may use all three technologies from time to time, to help improve your browsing experience.

Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of our Platform and Services. Cookies make the interaction between you and our Platform and Services faster and easier.

How and why we use Cookies

We use cookies to distinguish you from other users of our Platform and Services. This helps us to provide you with a good experience when you use the Platform and also allows us to improve the Platform and Services. Cookies and other things like local storage also help us authenticate you to deliver personalised content.

We use cookies and other similar technologies to:

  • Provide the Services that you request and to provide a secure online environment
  • Give you a better online experience and track our Platform and Services' performance
  • Help us make our Website and Platform more relevant to you.

The different types of cookies we use:

Strictly Necessary Cookies

These are cookies that are essential for the safe operation of our website and services and for us to provide a product or service you have requested. Without these cookies we are unable to provide some products or services that you might request. This category of cookies cannot be disabled.

These cookies are used to:

  • enable you to log into the secure areas of our website and services
  • track errors on our website and services
  • deliver interactive services, including webchat
  • keep our website and Platform secure and protect against online fraud

Customer Experience & Performance Cookies

These cookies are set by us or our third-party analytics providers and allow us to record certain information about you, such as the pages you visit on our web site; how many times you visit our website or Platform; and links you might click on. The third party analytics providers may also collect other information about you such as your IP address, your geographical location, what type of device you are using and information about the device. We use this type of cookie to understand and analyse how visitors use our online services and look for ways to improve them.

How to control and delete cookies

Many of the cookies used on our website and services can be enabled or disabled through your browser settings. Please refer to your browser's help material to learn what controls you can use to remove or block cookies. Please remember that if you do this, it may affect your ability to use the Platform and/or the Services. As you use your device, you will encounter third parties that make use of cookies and similar technologies. We are not responsible for those third parties or what they may place on your device or in your browser.

This is where we store your information

The data that we collect from you may be processed outside the European Economic Area (EEA) (for example if a bank from which you are applying for a loan needs to seek authorisation from one of its subsidiaries overseas). Some of our service providers are located in the United States or other countries that do not provide the same standard of data protection as the EU. Where we work with a service provider, we look for a legal mechanism that requires them to protect data to EU standards. For example, the service provider has signed on to the EU-US Privacy Shield, operates under EU-approved binding corporate rules, or is in a country the EU recognises as having adequate data protection laws. Where no other legal mechanism exists, we enact the EU-approved standard contractual data protection clauses in our contracts.

Keeping your information secure

All information you provide to us is stored on servers owned and operated by Amazon Web Services, Inc. More information on this provider is available at https://aws.amazon.com.

Here are your rights

Most of the data we collect and the purposes we use it for are necessary for us to operate and improve our services or comply with our obligations as a CRA. We tell you in the service where you can make a choice or grant consent regarding your data. When you grant consent, you may withdraw it at any time to stop any further data collection. You can also ask us at any time not to send or to carry out profiling for direct marketing, or to stop using certain kinds of cookies.

If you have unresolved concerns, you have the right to complain to an EU data protection authority where you live or work, or where you believe a breach may have occurred.

If you want to stop using the Platform and the Services, you may do so. If you do, you may also want to remove any cookies that we have placed on any device used to access the Platform and the Services.

Credit Kudos has additional legitimate interests as a Credit Reference Agency that affect your rights:

Lending decisions

CRAs don’t tell a lender if it should offer an individual credit – this is for the lender to decide. CRA provide data and analytics that help lenders make decisions about lending. The scoring tools and data CRAs provide may profile individuals, and are often a valuable tool in the lender’s overall processes and with the criteria they use to make their decisions. A lender’s own data, knowledge, processes and practices will also generally play a significant role in that lender’s business decisions - and lender decisions will always remain for lenders to make.

The same analytics from a CRA may lead to different decisions from different lenders, as they can place differing importance on some factors than others. That’s why an individual may receive a “yes” from one lender but a “no” from another.

The data CRAs provide is just one of the things that a lender might take into account when they make a lending decision. The lender might also take into account data provided by the person applying for credit, as well as any other data available to the lender from other sources. Each lender will have its own criteria for deciding whether or not to lend.

Scores and ratings

When requested, CRAs do use the data they obtain to produce credit, risk, fraud, identity, affordability, screening, collection and/or insolvency scores and credit ratings. CRAs don’t tell a lender if it should offer an individual credit – this is for the lender to decide. Each CRA and each lender will have its own criteria for how to calculate a credit score. CRAs may provide or make available further information on profiling where necessary from time to time.

Data Rights and Responsibilities

You may have certain rights under data protection law. These include the right to ask us for a copy of your personal data, to correct, delete or restrict processing of it, and to obtain personal data in a format you can share with a new provider. You may have the right to object to processing. These rights may be limited in some situations - for example, where we can demonstrate that we have a legal requirement to process your data. You can exercise your data protection rights by contacting us at support@creditkudos.com. We will require you to prove your identity with 2 pieces of approved identification.

Data Access Right

Individuals have a right to find out what personal data the Credit Reference Agencies hold about them.

To get online information: https://www.creditkudos.com/

To make a request by post: Credit Kudos, Data Access Team, 4 Bath Place, London EC2A 3DR

Data Portability Right

Data protection legislation (the GDPR) also contains a right to data portability that may give consumers a right in some data processing contexts, to receive their personal data in a portable format when it’s processed on certain grounds, such as consent. This is not a right that will apply to bureau data because this data is processed on the grounds of legitimate interests.

Incorrect Data and Rectification

When the CRAs receive personal data, they perform lots of checks on it to try and detect any defects or mistakes. Ultimately, though, the CRAs rely on the suppliers to provide accurate data.

If an individual thinks that any personal data a CRA holds about them is wrong or incomplete, individuals have the right to challenge it. It’s worth knowing that the CRA won’t have the right to change the data without permission from the organisation that supplied it, so the CRA will need to take reasonable steps to check the data first, such as asking the organisation that supplied it to check and confirm its accuracy.

If the data does turn out to be wrong, the CRA will update its records accordingly. If the CRA still believes the data is correct after completing their checks, they’ll continue to hold and keep it - although an individual can ask them to add a note to their file (a notice of correction) indicating that they disagree or providing an explanation of the circumstances.

Objections and Data Deletion

To understand data protection rights to object to personal data being used and how to ask for it to be deleted, and how they apply to the processing of bureau data, it’s important to know that the CRAs hold and process personal information in bureau data under the Legitimate Interests ground for processing (see above for more information about this), and don’t rely on consent for this processing. Individuals have the right to lodge an objection about the processing of personal data to a CRA by contacting the CRA directly.

Whilst everyone has complete freedom to contact a CRA with an objection at any time, under the General Data Protection Regulation, the right to object doesn’t automatically lead to a requirement for processing to stop, or for personal data to be deleted, in all cases.

Please note that, because of the importance of the credit referencing industry to the UK’s financial system, and the important purposes the personal data is needed for (like supporting responsible lending, and preventing over indebtedness, fraud and money laundering) it will be very rare that the CRAs do not have compelling, overriding grounds to carry on using the personal data following an objection. In many cases, it won’t be appropriate for the CRAs to restrict or to stop processing or delete bureau data, for example, where the result would be to hide a poor credit history that could enable a person or organisation to get credit they otherwise wouldn’t be eligible for.

Restrictions on Processing

In some circumstances, individuals can ask CRAs to restrict how they use personal data as set out in Article 18 of the GDPR.

This is not an absolute right, and personal data may still be processed where certain grounds exist. This is:

  • With an individual’s consent;
  • For the establishment, exercise, or defence of legal claims;
  • For the protection of the rights of another natural or legal person;
  • For reasons of important public interest.

Only one of these grounds needs to be demonstrated to continue data processing. Credit Kudos will consider and respond to requests we receive, including assessing the applicability of these exemptions.

Please note that given the importance of complete and accurate credit records, for purposes including for responsible lending, it will usually be appropriate to continue processing credit report data - in particular, to protect the rights of another natural or legal person, or because it’s an important public interest of the union or member state.

International regulations

Credit Kudos is authorised and regulated in the United Kingdom by the Financial Conduct Authority for Account Information Services provided within the United Kingdom.

Third party properties accessed from the platform

Our Platform and Services may contain links to and from the online properties of third parties. If you follow a link to any of these online properties, please note that these online properties have their own privacy policies which will govern use of any personal data that they process. Please check these policies carefully before you click on any links and/or submit any personal data to these online properties.

Change of control

If the ownership of our business changes, we may transfer your information to the new owner so they can continue to operate the Platform and provide the Services. The new owner will be obliged to comply with this Policy.

Changes to our policy

Any changes we may make to this Policy in the future will be posted on this page. Where it makes sense because the changes are material, we will notify you of the changes by e-mail or in another appropriate manner such as when you next interact with the Platform.

Contacting us is easy and we want to hear from you

We really do welcome any questions, comments and requests you may have regarding this Policy. You can contact us by emailing us at support@creditkudos.com.

We would like to collect data from your device while you use this website. We do this using cookies. You can find out more in our Cookie Policy. We use cookies to provide you with a good experience when you use our website, and for us to continue to improve that experience. Please select 'Accept all' to consent to us collecting your data in this way.