Last Modified: June of 2023
I. Categories of Personal Information We Collect
We are dedicated to respecting and protecting Your privacy rights. Within this Policy, “Personal Information” means any information that identifies, relates to, describes, is capable of being associated with, or reasonably could be linked, directly or indirectly, to a particular individual or household. Such can include, but is not limited to, real name, postal address, Internet Protocol Address, email address, account names, or other similar identifiers, or information generated from electronic network activity, including browsing history, search history and any information concerning an individual’s interaction with an internet website. “Sensitive Personal Information” can include government identification numbers, financial account numbers, geolocation data, genetic, medical information or other similar identifiers. Personal Information does not include certain forms of publicly available information, deidentified information, or aggregated information that is not capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular individual or household.
In providing services to our clients or business partners, we may collect the following categories of Personal Information:
i. Transactional Data and Information. This includes Personal Information related to consumers or households who purchase products or services through our campaigns, each of which may encompass first and last name, address, contact information (such as phone number and email) and details of a particular transaction as well as information generated from a person’s engagement with any of our clients; in some instances this may include an audio recording of the transaction. This information can also result in us collecting aggregated data that identifies trends and facilitates ongoing analysis of the services we perform. In some instances, we may receive “lead lists” from our clients, which contain Personal Information of prospective customers.
ii. Compliance and Operational Information. This includes Personal Information related to our subcontractors (and their employees, commonly known as “Agents”), which can encompass information such as first and last name, product and compliance training data generated from those individuals, and information in what is commonly known as a “background check”, as provided by a consumer reporting agency and as authorized pursuant to applicable law. Compliance and Operational Information shall also include facial photographs which are required on tablets used by our subcontractors (the “Technology”) to protect the integrity of the services we perform.
iii. Information Generated from Our Website. This includes “Cookies”, web beacons, and other tracking technologies. “Cookies” are text files that websites store on a visitor’s device to identify the visitor’s browser or to store information or settings in the browser to track activity and patterns. Web beacons are pixel tags or clear GIVs demonstrate that a user has accessed or opened certain content or that the content was viewed or clicked. We only track cookies that are from Google Analytics and Google Tag Manager.
For more information about cookies, including how to see what cookies have been set on your browser and how to manage and delete cookies, please visit: www.allaboutcookies.org. Some browsers may be configured to send “do not track” signals to the online services that you visit. To find out more about “do not track” please visit: www.allaboutdnt.com.
You can learn more about Google Analytics cookies here, and how Google uses data here. You can prevent the use of Google Analytics relating to your use of our webpage by downloading and installing a browser plugin available here.
iv. Information You Provided to Us. Personal Information you submit to us, such as information submitted to us in any request or provided to us when you communicate with us or use our website.
II. How We Collect and Use Your Personal Information
Personal Information is collected by us in a variety of ways and used to support our business operations. We will not retain or use any Personal Information for any purpose other than: (i) providing services to our business partners; and (ii) using the Personal Information internally to verify sales completed by our subcontractors, maintain the quality of our services, comply with legal requirements, and improve the services for our business partners.
i. Transactional Data and Information. This data is provided to us by our clients through reoccurring reporting and is delivered electronically or accessed through secured portals. Third party vendors may also facilitate our collection of this data at the direction of our clients. Certain categories of de-identified transactional data are shared with our subcontractors or other third party business partners to validate the services performed and otherwise oversee campaign performance. Transactional data also is used to ensure compliance through independent third-party verification tools and to protect against improper practices. We may use this data to validate sales, process payments to our subcontractors and otherwise ensure we are performing in accordance with our clients’ expectations. Personal Information in lead lists is used with our Subcontractors to facilitate and target sales and marketing activities.
ii. Compliance and Operational Information.
a. This Personal Information is collected from our subcontractors and is provided to ensure subcontractors and their employees are eligible to perform services on our campaigns. Sensitive Personal Information may be delivered to us in a consumer report (also known as a “background check”) through a consumer reporting agency at the direction of a subcontractor. We access this information through a portal that is used to transmit the Personal Information in a secure and protected environment.
b. Compliance and Operational Information in the form of facial photographs will be obtained from individuals processing transactions on our campaigns while in possession of a tablet. Such facial photographs will be used to confirm whether the person processing transactions while possessing a tablet on our campaigns also is an individual who is a duly authorized subcontractor employee on a particular campaign (“Authorized Agent”). A tablet can only be used to process transactions when it is unlocked by a valid access code that corresponds to an Authorized Agent (“Access Code”). While in use, the Technology will prompt the individual possessing the tablet to consent to the use of the Technology and submit a facial photograph, with said photograph being transmitted through the Technology to us. Our employees will then manually compare the submitted photographs to the facial photograph corresponding to the Access Code used on the subject tablet. Facial photographs of Authorized Agents will be used to confirm the identities of individuals possessing the tablets, including instances where Authorized Agents’ Access Codes are used by unauthorized individuals.
iii. Information Generated from Our Website. Cookies, web beacons, and tracking technologies may be used for various purposes, such as fraud prevention, monitoring our websites, and assessing our marketing campaign performance. This information is gathered by and through a visitor to our website and interactions generated from that visit. Some of these tracking tools may detect characteristics or settings of the specific device you use to access our online services.
iv. Information provided to us. This Personal Information is provided to us by you and is used to provide services to you or to verify, process or respond to any request to submit to us.
III. Sharing of Personal Information
We never sell your Personal Information. We share information provided to us with various trusted business partners or other third parties for the purpose of facilitating our business objectives.
i. Our Subcontractors. We share Personal Information with our subcontractors to process payments and otherwise oversee campaign operations. This data often is de-identified and does not contain information that would be capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular individual or household. We also may share information in lead lists for the purpose of targeting sales and marketing efforts.
ii. Our Clients. We share Personal Information with our clients for the purpose of overseeing our performance on a campaign, as well as to improve the quality and integrity of services delivered and to otherwise ensure we effectively perform.
iii. Third Party Service Providers. We share Personal Information with third party service providers that provide essential services on our behalf or on behalf of our clients to operate and support our business objectives. These third parties may use your Personal Information only to help us operate and deliver services on our business as authorized in our contracts with our clients. These may include third parties providing transactional support, software to process or verify transactions, third party verification services, call center transaction processing, software development and other forms of support services necessary to operate our business.
iv. Affiliates and Related Companies. We also may disclose Personal Information: to our subsidiaries, affiliates, and other third parties we use to support our business; to fulfill the purpose for which you provide it; to comply with any court order, law, regulation, or legal process, including responding to any government or regulatory request; to carry out our obligations and enforce our rights arising from any contracts entered into between you and our business partners; if we believe disclosure is necessary or appropriate to protect the rights, property or safety of us, our business partners or others; or to any other party with your consent.
IV. Data Residency and Retention
Any data we collect will reside within the United States in our secure server and network. In limited circumstances, we may have a third-party service provider that resides and retains data overseas, in which case our practice is to disclose that to any data subject whose data would be subject to this arrangement.
Transactional Data containing Personal Information will be retained for sixty (60) days. We may retain other de-identified information for seven years, however this information will not be information that is capable of being associated with, or reasonably could be linked, directly or indirectly, to a particular individual or household.
Compliance and Operational Data will be retained for as long as a subcontractor and its respective employees work on our campaigns, and three (3) years thereafter. In the event we receive Sensitive Personal Information pertaining to an employee of one of our subcontractors, that information is retained for fourteen (14) days. Compliance and Operational Data in the form of facial photographs will be retained for no longer than ninety (90) days from the date of submission. At no point will any biometric identifiers, biometric geometry, or other biometric data be generated or accessed from any photograph. At no time will we access, possess, transfer or sell, lease, trade or otherwise distribute any biometric information of any sort.
Information generated from the use of our website is retained for no longer than thirteen (13) months.
V. Your Data Rights
This portion of our Policy details your rights and how we strive to respect the data privacy rights that may apply in our business. Within this Policy, we also provide you information on how you may exercise these rights. Assuming we are able to verify your identity and the request you submit to us, you have the following rights:
i. Right to know. You have a right to know what Personal Information we may have collected and retained pertaining to you in the twelve (12) months prior to the date of your requests. If requested and if verified (as discussed below), we will provide you the categories, specific pieces and sources of your Personal Information we have collected, the business purpose for which we gathered the information, and the categories of any third parties with whom we have shared the Personal Information.
ii. Access and Correction. You can request a copy of the categories and specific pieces of Your Personal Information collected by us in the twelve (12) months prior to the date of your requests, and to correct inaccuracies therein, if any.
iii. Deletion. You can request that we delete your Personal Information, provided that no exemption to the deletion exists (discussed below).
iv. Opt-Out of the Selling or Sharing. You can request to opt out of our ability to sell or share your Personal Information.
v. Non-Discrimination. You are entitled to exercise the rights in this Policy free from discrimination as prohibited under applicable privacy laws.
VI. Exercising Your Data Rights.
If you have a question as to how you can exercise your data rights under this policy, please contact us through our website, by calling our toll free number at 1-888-457-0688, or by emailing us at email@example.com. The requests herein are subject to certain exemptions and limitations that may limit our ability to process or grant the request. For example, we reserve the right to deny a request if the information is necessary to comply with a legal requirement or to provide you services, of if we have a legal obligation that requires us to maintain the requested information.
i. Submitting a Data Request to us. You may submit a request to us to identify the categories and specific pieces of your Personal Information we have gathered in the twelve (12) months prior to your request. You may submit a data request to us by contacting our Data Manager, through any of the following methods:
ii. DO NOT SELL OR SHARE MY PERSONAL INFORMATION. While it is not our practice to sell any Personal Information, you may request that we not sell or share your Personal Information by contacting our Data Manager, through any of the following methods:
iii. LIMIT THE USE OF MY SENSITIVE PERSONAL INFORMATION. Certain data privacy laws provide you the right to request that we limit the use of any of your Sensitive Personal Information we may hold (if any). You may request that we limit the use of your Sensitive Personal Information by contacting our Data Manager through any of the following methods:
iv. Processing Requests.
a. Agents: Only you, or a person that you authorize to act on your behalf, may submit a request related to your Personal Information. If an agent submits a request on your behalf, we will require that you: (1) provide the authorized agent written permission to do so; and (2) verify your own identity directly with us. We may deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf. If the agent demonstrates authorization through power of attorney, we will not require written permission to make a request on your behalf.
b. Timing and Process: We will acknowledge receipt of your request within ten (10) days of its receipt. We endeavor to respond to a verifiable request within forty-five (45) days of its receipt. If we require more time (up to ninety (90) days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable Consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
c. Cost: We do not charge a fee to process or respond to your verifiable Consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
v. Exemptions. We may not process a request if a legal exemption applies or if we have a legal reason to not process the request. We specifically reserve the right to not process a request if: your Personal Information is necessary to exercise or defend any actual or potential legal claims; your Personal Information is necessary to comply with any court order, law, or legal process, including responding to any government or regulatory request; your Personal Information is necessary to complete the transaction for which the Personal Information was collected; you previously made two (2) requests within a twelve (12) month time period; as well as any other reason allowed under applicable laws.
vi. Verification. We can only process those requests that have sufficient information for us to verify the identity of the person submitting the request in relation to the information that we possess. A requestor’s failure to provide us complete or accurate information may prevent or delay our ability to verify a request. To verify a request, we reserve the right to request government identification, personal identifiers that allow us to match information and a declaration from the requestor under penalty of perjury. To properly verify a request, we must be provided sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative, and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We use technical, physical and organizational security measures designed to protect your Personal Information from accidental loss and from unauthorized access and disclosure. The use of, and access to, your Personal Information by us is restricted to employees, subcontractors, clients, and authorized third party service providers who need to know that information to provide services to our business partners. We maintain physical, electronic and procedural safeguards to limit access to your Personal Information. Notwithstanding, security risk is inherent in all internet and information technology platforms and no part of this Policy should be interpreted as a guarantee or other legal obligation in relation to preventing all threats to networks, systems or other repositories of information.
Our services and this website are not intended for children or anyone under the age of eighteen (18). In the event we learn that we inadvertently collect any Personal Information of a minor, without the required consent by law, we will delete said information immediately. If you believe that we have collected information of a minor, please contact our Data Manager through any of the following methods:
We reserve the right to amend this Policy at our discretion and at any time. When we make changes to this Policy, we will post the updated notice on the Website and update the effective date. Your use of our Website following the posting of changes constitutes your acceptance of such changes.
X. Contact Us
If you have any questions or comments about this notice, the ways in which Credico collects and uses your information, your choices and rights regarding such use, or wish to exercise your rights please do not hesitate to contact us at:
Last Modified: July 2, 2020
Credico Holdings Ltd. and our subsidiaries and affiliates (”COMPANY” or “We”) respect your privacy and commit to protecting it through our compliance with the practices described in this notice.
This notice describes our practices for collecting, using, maintaining, protecting, and disclosing the personal data we may collect from you or that you may provide when you visit our website or other digital properties, communications, or forms that link or refer to this notice (our “Website”). This notice applies to the personal data collected through our Website, regardless of the country where you are located.
Please read this notice carefully to understand our policies and practices for processing and storing your personal data. By engaging with our Website, you accept and consent to the practices described in this notice. This notice may change from time to time (see Changes to Our Privacy Notice). Your continued engagement with our Website after any such revisions indicates that you accept and consent to them, so please check the notice periodically for updates.
Data We May Collect About You
We collect and use different types of data from and about you including:
If we combine or connect non-personal, technical, or demographic data with personal data so that it directly or indirectly identifies an individual, we treat the combined information as personal data.
How We Collect Data About You
We use different methods to collect data from and about you including through:
Cookies and Automatic Data Collection Technologies
How We Use Your Personal Data
We use your personal data to provide you with services, communicate with you, or to conduct other business operations. Examples of how we may use the personal data we collect include to:
Disclosure of Your Personal Data
We may share your personal data with:
We may also disclose your personal data to third parties:
We may share non-personal data without restriction.
Consent to Personal Data Transfer
We are based in the United Kingdom and may process, store, and transfer the personal data we collect, in and to a country outside your own, with different privacy laws that may or may not be as comprehensive as your own.
By submitting your personal data or engaging with the Website, you consent to this transfer, storing, or processing.
Your Personal Data Use Choices
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. If you do not want us to use your contact information to promote our services or third parties’ products or services, you can opt-out by emailing firstname.lastname@example.org or mailing a written request to the following address:
Suite D2, First Floor,
The Quadrant, Mercury Court,
Chester, CH1 4QR
Our Website may, from time to time, contain links to and from the websites of our partner networks, advertisers, and affiliates, or include plug-ins enabling third-party features. If you follow a link to any third-party website or engage a third-party plug-in, please note that these third parties have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third parties.
Accessing and Correcting Your Personal Data
You can access, review, and change your personal data by sending us an email at email@example.com to request access to, correct, or delete personal data that you have provided to us. We may not be able to accommodate a request to change or delete information if we believe the change or deletion would violate any law or legal requirement or negatively affect the information’s accuracy.
The security of your personal data is very important to us. We use physical, electronic, and administrative safeguards designed to protect your personal data from loss, misuse, and unauthorized access, use, alteration, or disclosure.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Children’s Online Privacy
We do not direct our Website to minors and we do not knowingly collect personal data from children under 18 years of age or as defined by local legal requirements. If we learn we have mistakenly or unintentionally collected or received personal data from a child without appropriate consent, we will delete it. If you believe we mistakenly or unintentionally collected any information from or about a child, please contact us at firstname.lastname@example.org.
Changes to Our Privacy Notice
We will post any changes we may make to our privacy notice on this page. If the changes materially alter how we use or treat your personal data we will notify you through a notice on the Website home page. Please check back frequently to see any updates or changes to our privacy notice.
Please address questions, comments, and requests regarding this privacy notice and our privacy practices to email@example.com or alternatively:
Suite D2, First Floor,
The Quadrant, Mercury Court,
Chester, CH1 4QR