Privacy policy

You provide us with personal data when you register to use our services on our website. This includes your name, current and previous addresses, date of birth, email address, payment/card details and your password. We use this information in order to manage, provide and administer our credit reporting services to you. We may also keep information contained in any correspondence you may have with us by post, email, or message through the Help Centre. We may also record telephone calls, but only if we tell you at the start of the call and not otherwise. If we do not record a telephone conversation with you, we may keep brief details of the contents of your call on our files. Each time you visit our website we obtain information about the device you use to access our services, your location and your IP address.

When you register to use our services, you agree to our Terms of Use. In agreeing to our Terms of Use, you agree to appoint us (Credit Reporting Agency Limited) as your attorney for the specific purposes of the exercising of your statutory rights to obtain details of all information held about you at any or all UK credit reference agencies and, when requested by you to act on your behalf, to dispute items at any or all UK credit reference agencies.

The UK credit reference agencies are Experian, Equifax and TransUnion.

We supplement the information that you provide with information received from third parties, such as the Royal Mail Postcode Address File, which helps confirm your address and to put it into a format that helps us to retrieve your credit report more easily from the credit reference agencies.

To obtain your credit report we need to supply the credit reference agencies with your name, current and previous addresses and date of birth. In return, the credit reference agencies provide us with information that they hold about you, which would be routinely provided to a lender if they searched you. That information has been provided to the credit reference agencies from a combination of public sources (such as Electoral Roll information and Court Information about judgments and insolvencies) and private sources (such as your account payment history from lenders or others, which they have in turn obtained with your consent). We pass information to Experian to provide you with your credit report and quotes tailored to your needs should you elect to utilise either the 'Compare Credit Cards' or 'Compare Loans' sections of our website when logged in.

The credit reference agencies are reputable companies that operate in accordance with the General Data Protection Regulation (UK GDPR), but we can take no responsibility for the accuracy or completeness of the information that each provides on your credit report, nor for the data processing activities of the credit reference agencies, over which we have no influence or control.

The Personal Data that each credit reference agency holds about you is subject to an independent Privacy Policy published by that credit reference agency.

We have a legitimate interest to process your personal data. By signing up to use our services, you appoint us as your attorney for the specific purposes of exercising your statutory rights to obtain details held about you from the Credit Reference Agencies. Processing this data is necessary to enable us to provide credit reporting services to you and, when requested by you, to act on your behalf to dispute items on your credit reports. Personal data will also be processed in the best interests of individuals to prevent and reduce the risk of fraud.

You may consent to us processing your data for marketing purposes; this may be via email communications or through the use of tracking technology such as cookies. You have the option to remove your consent for this processing at any time through your account settings or at the bottom of any marketing email communication. We may ask if you’d like to take part in market research, but your information will only be processed with your permission.

To facilitate the use of our services and to take payments, we'll be required to process your information in line with the Terms of Use you agreed to at registration or reactivation.

Your Personal Data is used to administer and manage your account with us. Your IP address, details of the device you use and your location are used to help identify you, to prevent fraudulent use of our services, to diagnose problems with our servers, and to administer our website.

We do not share your Personal Data with any third party, other than for necessary purposes and for the purposes of fraud prevention. For instance, we need to give your name, address and date of birth to the credit reference agencies when we search you. We also need to give your email address and/or phone number to trusted service providers to enable us to contact you, or to confirm the deliverability of your contact details from time to time. We stress that we will never sell your Personal Data, or your contact details to anyone for marketing purposes, at any time.

To help prevent abuse of our services and fraud, we share information about you and the use of our services (but not your credit report data) with trusted service providers and fraud prevention agencies strictly to enable them and us to detect, prevent and otherwise address unlawful or suspected fraudulent internet activity on our own websites and on websites owned and operated by others. We have security measures in place to take reasonable precautions to protect the loss, misuse and alteration of the information under our control. These include the issue and use of passwords, powerful encryption and computer firewalls to guard against hacking. No data transmission over the internet can be entirely secure, so we cannot guarantee the security of your Personal Data when in transit between you and us. From time to time we may have to suspend services whilst we investigate any attempted breach of security. You are obligated, under the Terms of Use you agree to abide by when you use our services, to report any suspected breach to us immediately. We also take reasonable security measures to protect your Personal Data in storage.

Your Payment/Card details are used to enable us to manage your subscription with us. We act as controller and data processor in regard to the processing of your subscriptions either by continuous credit card authority, by PayPal or by Direct Debit.

We undertake at all times to protect your Personal Data in accordance with our Terms of Use and in a manner that is consistent with the requirements of the General Data Protection Regulation (UK GDPR) concerning data protection.

Any information that you choose to give us will not be used for marketing purposes by any third party. Only if you consent to us doing so when you register to use our services. If you wish to opt out of receiving such communications or offers from us, you can do so at any time by clicking on the appropriate link at the foot of each email or when logged in to your account.

If you use our instant, online authentication system, amongst other things we will ask you questions based on your Credit Report. The responses you give are stored and used for the processing of the authentication, for monitoring purposes and for fraud prevention.

We may also use the authentication services provided by a Credit Reference Agency to complement our own authentication processes. In such cases:

• A search will be carried out with a Credit Reference Agency for the specific purposes of verifying your identity.

• The Credit Reference Agency may check the details that it supplies against any particulars on any database (public or otherwise) to which the Credit Reference Agency has access in order to verify your identity.

• The Credit Reference Agency will retain a record of the search.

• We will advise you which Credit Reference Agency we have used for this purpose.

From time to time we may need to take further steps to confirm your identity. The reason is always to try to ensure that we are releasing your credit report only to you. The information we require will vary depending on the depth of our investigation.

Demographic and profile data are also collected at our website. This information is not held on an individual basis. We use this data to tailor your experience at our site, showing content that we think you might be interested in, and displaying the content according to your preferences. We may also use your Personal Data for credit scoring and other statistical analysis, but only on an aggregated basis with the personal data of many other customers, and in such a way that your Personal Data can never be identified from the outcome of our analysis.

We do not pass your personal information to any third party except when under compulsion of law or with your consent to do so.

Our website contains links to other websites. Credit Reporting Agency Limited is not responsible for the privacy practices or the content of such websites.

We will keep information about you confidential. We will only disclose your information with other third parties as explained in this Privacy Policy, or with your authority or your express consent, with the exception of the following:

• Regulatory authorities to comply with any legal and regulatory issues and disclosures.

• Fraud prevention agencies for the purposes of investigating suspected fraud and fraud prevention.

• Email or mail service providers who provide a fulfilment service for us, on the understanding that they will keep information confidential.

• Anyone to whom we may transfer our rights and duties under any agreement we may have with you.

• Legal or crime prevention agencies and/or to satisfy any regulatory request if we are under a legal duty to do so.

• If you have been referred to our service via an affiliate link, your data will be used for transactional purposes to facilitate the partner relationship.

If we transfer your personal data outside of the EEA then, in accordance with the terms of this Privacy Policy, we will make sure that the receiver agrees to provide the same or similar protection as we do and that they only use your personal data in accordance with our instructions.

We keep information in line with our Data Retention Policy. The retention periods are in line with the length of time we need to keep your personal data in order to manage and administer our services to you. The retention periods vary to take into account our need to meet any legal, statutory and regulatory obligations and can vary for individual customers and for different reasons. In general, we do not keep information for longer than we deem necessary. Your credit report is constantly changing so we consider it to be out of date when one month old, at which time, in the absence of any dispute or legal challenge, we will erase it. In the absence of any compelling reason not to do so, your personal data will be removed from our databases within seven years after the date of your last payment plus one month or, if no payment is made, seven years and one month of setting up your account.

We may, from time to time, expand or reduce our business activities and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us.

In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will not, however, be given the choice to have your data deleted or withheld from the new owner or controller.

The General Data Protection Regulation (UK GDPR) grants you the right to access particular Personal Data that we hold about you. This is referred to as a Subject Access Request. We shall respond promptly to any Subject Access Request received, and always within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data that we hold about you, including the following:

• Sources from which we acquired the information.

• The purposes for processing the information.

• Persons or entities with whom we are sharing the information.

Please note that unless you are a registered customer of ours, we are unlikely to hold any personal data for you. If you wish to exercise your Subject Access Rights, please log in to our website and send us a message through the Help Centre and tell us you wish to exercise your access rights under the General Data Protection Regulation (UK GDPR). If you have lost your login details, please click on Log In and follow the on-screen instructions for reissue.

If you can't log in for any reason, you may still exercise your Subject Access Rights by emailing us at help@checkmyfile.com with your name, postcode and date of birth.

In any case, to enable us to reveal your data only to you, we will request that you complete an online verification process.

You have the right to obtain from us, without undue delay, the rectification of inaccurate data we hold concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If the inaccurate data is contained on your credit report, invoking your right to rectification is not an appropriate way of achieving this. This is because any request to rectify credit report data we hold:

• Will not amend the data at source (i.e. at the credit reference agencies or at the companies or at those that in turn supply them).

• Would be inappropriate as the credit report data we hold is an accurate snapshot of the data held at the various credit reference agencies as at the date of the search.

We set up our services to help consumers to identify and correct errors on their credit report. Please log in and send us a message through the Help Centre and we will advise you of the quickest and most efficient way of putting errors right using your statutory rights under other laws.

You have the right to obtain from us the erasure of personal data concerning you without delay. To invoke your right please log in and send us a message through the Help Centre and ask us to erase your personal data. You should note that erasure of data held by us will not remove your credit report data at the credit reference agencies. It is likely that if you invoke your right to erasure directly to a credit reference agency, you are likely to be advised that your right to erasure does not generally apply to credit report data, as there may continue to be an overriding legitimate ground for this data to be maintained by the agency, which may be claimed by the agency to be in the public interest.

If you have made a recent payment to us, we will routinely erase your data on your request but not earlier than 120 days after the date of your last payment. This is because your data may be required by us for the defence of any potential claim relating to that payment.

If you have any history of a dispute with us on any matter, including any payment dispute, we will routinely refuse to erase your data on the basis that it is required by us for the establishment, exercise or defence of legal claims.

Subject to certain exemptions, you have the right to obtain from us restriction of processing where one of the following applies:

• The accuracy of the personal data is contested by you and is restricted until the accuracy of the data has been verified.

• The processing is unlawful and you oppose the erasure of the personal data and instead request the restriction in its use.

• We no longer need the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims.

• You have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.

We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.

You have the right to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us.

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, or the establishment, exercise or defence of legal claims.

Other than our online authentication process, which is an essential part of our fraud prevention procedures, we do not carry out any automated processing which may lead to an automated decision based on your personal data.

If you would like to invoke any of the above Data Subject Rights with us, please contact our Data Protection Officer at the address at the bottom of the page.

In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information such as name or address changes, and you can help us by informing us of these changes when they occur.

This Privacy Policy is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right, at all times, to update, modify or amend this Policy. We suggest that you review this Privacy Policy from time to time to ensure you are aware of any changes we may have made. We will not significantly change how we use information that you have already given to us without either your prior agreement or as otherwise permitted under the General Data Protection Regulation (UK GDPR).

Our general Complaints Policy can be found at the foot of our Terms of Use but if you have a complaint which specifically relates to the use of your Personal Data or sensitive information then please write to the Data Protection Officer, using the contact details found at the end of this Privacy Policy.

If your complaint is not resolved to your satisfaction and if you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under the General Data Protection Regulation (UK GDPR) have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and to exercise your right to seek compensation.

You have the following options if you do not wish to receive future marketing communications from us. Please note that we may still be required to notify you from time to time of any significant changes to our Terms of Use, even after you express a preference not to receive marketing communications.

• You can log in to your account and send a message to our customer care team through the Help Centre.

• You can email help@checkmyfile.com

• You can opt out using the unsubscribe link which is contained at the foot of each email.

• You can opt out by updating the Marketing Preferences in the Notifications settings through your account.

This site gives you the following options for changing and modifying information previously provided.

• You can log in to your account and send a message to our customer care team through the Help Centre.

• You can send an email to help@checkmyfile.com

A cookie is a small text file stored on your browser, for example Internet Explorer or Chrome. We use a minimal number of cookies to support your use of our website. More information is available below - you can change your settings anytime by clicking the link below: Customise Cookie Preferences

If you have any questions or queries which are not answered by this Privacy Policy, or have any potential concerns about how we may use the Personal Data we hold, please write to:

Data Protection Officer Credit Reporting Agency Limited 20-21 Lemon Street
 Truro
 TR1 2LS Or email dpo@checkmyfile.com