Privacy Policy

Introduction:

 

We are Creditinfo UK Limited t/a Coremetrix (Company registration number 10299796) with registered office at 30 Moorgate, London, United Kingdom, EC2R 6PJ

 

We produce image-based Quizzes for our Clients and use the data produced when completing these Quizzes to provide statistical propensity models to our Client base.

 

Our Quizzes only appear on third party websites and we provide these services on behalf of our Clients (unless otherwise expressly indicated) any personal information collected therefore is provided to the owner of the website and its use governed by the website’s terms and conditions and privacy policy.  Please review all third-party websites’ privacy policies carefully as we are not responsible for the practices of such parties.

 

If you have any queries in respect of Coremetrix’ Privacy Policy please do not hesitate to contact privacy@coremetrix.com for further details.

 

We undertake to guard your personal data with the utmost care and we undertake to preserve the confidentiality of all data provided to us when completing the Quizzes outlined above.

 

We do not share, sell or disclose any data provided to us when completing the Quiz. We retain all data provided to us by you and do not share with any third-party, with the exception of the processors and sub-processors outlined below.

 

The legal bases on which we process information about you:

 

Coremetrix process data about individuals completing our Quizzes in strict accordance with Article 6 of the European Union General Data Protection Regulation.

 

Project type Data obtained Legal basis for processing Consent Required? Where the data is stored:
PROOF OF CONCEPT – Non Scoring Quiz answer data Legitimate business purposes of the data controller

 

No

 

 

AWS S3
PROOF OF CONCEPT – Non Scoring Credit product performance data Legitimate business purposes of the data controller

 

No AWS S3, Google Cloud
PROOF OF CONCEPT – Scoring Quiz answer data Legitimate business purposes of the data controller

 

No AWS S3
PROOF OF CONCEPT – Scoring Processed Quiz model scores Legitimate business purposes of the data controller No AWS S3
PROOF OF CONCEPT – Scoring Credit product performance data Legitimate business purposes of the data controller No AWS S3, Google Cloud
PROOF OF CONCEPT – Scoring / Offline Quiz answer data Legitimate business purposes of the data controller

 

No AWS S3
PROOF OF CONCEPT – Scoring / Offline Processed Quiz model scores Legitimate business purposes of the data controller

 

No AWS S3
PROOF OF CONCEPT – Scoring / Offline Credit product performance data Legitimate business purposes of the data controller No AWS S3, Google Cloud
Live Production Quiz answer data Performance of a contract

 

Legitimate business purposes of the data controller

No AWS S3
Live Production Processed Quiz model scores Performance of a contract

 

Legitimate business purposes of the data controller

No AWS S3
Live Production Credit product performance data Legitimate business purposes of the data controller No AWS S3, Google Cloud

 

If a basis on which we process your data is no longer relevant then all personal data will be anonymised or securely deleted to ensure the privacy of all data subjects.

 

Any data being processed under the basis of the Legitimate business purposes of the data controller is done so as the data controller (our Client) has a legitimate interest in using the processed data for either risk assessment or to evaluate a new method of risk assessment.

 

Critically due to the protection measures outlined below, and that the Coremetrix product is one designed to improve financial inclusion by overturning previous declines and improving access to credit the rights of the data controller do not override the rights of the data subject when processing this data.

 

If you disagree with this assessment please contact the Data Protection Officer of the relevant Data Controller (outlined in Section X of this document) and refer to your Rights under Article 12.

 

Data protection by design and default

 

Coremetrix employ several measures to protect the personal data of those individuals who complete our Quizzes.

 

When a Client directs one of their Customers to take one of our Quizzes they assign a unique and randomised ID referred to as a PUID.

The PUID is the sole piece of data transferred to Coremetrix when an individual is directed to our Quiz.

 

The PUID is a pseudonymised ID and is used in place of other personal data.

 

All Quiz attempts are logged against the PUID. The Data Controller retrains all other personal data.

 

Coremetrix store and process all Quiz attempts against the PUID. Scores produced by the statistical propensity models are returned to our Clients via a secure API connection against the PUID.

 

What Personal Data we collect from you:

 

We collect the minimal possible amount of Personal Data from you in order to provide our Quiz service and to provide a psychometric driven risk score to our Customers, who have requested that you take one of our Quizzes as a part of their credit assessment processes:

 

The data we collect is as follows:

 

Quiz answer data: The Quiz is an interactive online platform which is designed to collect psychometric data in the form of your answers to the questions that we ask in the Quiz. All answers are collected and stored in our database and are used to calculate risk scores and to build new statistical propensity models.

 

Cookies: Cookies are small text files which are downloaded to your computer or mobile device when you visit a website. Coremetrix employs 2 primary types of cookies:

First party cookies: these are served directly by Coremetrix to your computer/mobile device

Third party cookies: these are served by a third party (Google Analytics) on Coremetrix’ behalf. We use third-party cookies for web analytics to optimise our website performance and to provide insights into Quiz usage.

For further information on Cookies see our Cookie Policy.

 

What personal data is provided to us about you:

 

Some personal data is provided to us about you by another party, our Client. Our Clients are Banks, Lenders and Insurance companies who use our Quiz assessment tool and statistical propensity models to assist in their credit decisioning/insurance decisioning processes.

 

The data provided to us is as follows:

 

PUID (Persistent Unique Identifier): This is a unique alphanumeric string created by our clients in order to identify you in place of other personal data. This is a type of pseudonymous data which is an excellent way of protecting your personal data, which remains held by the Bank/Lender/Insurer who you use. Coremetrix cannot trace this PUID to you or any other individual but use the PUID as a way of tracking the answers to our Quiz and to provide a score to our Clients.

 

Credit Product Performance data: When a Client engages our services to develop a custom risk assessment tool they will ask us to carry out a validation against their known credit performance. To carry out this activity our Clients will share with us pseudonymised and simplified Credit Product Performance data using the PUID outlined above and a simplified measurement of how any credit products have performed.

 

This data is used to both validate existing models and to develop new statistical propensity models.

 

Credit Bureau data: Some Clients are Credit Bureaux operating in many countries around the world. Coremetrix develop customised credit assessment tools for these bureaus in order to enhance financial inclusion and enable access to credit.

 

In order to develop these tools Credit Bureau data is shared with Coremetrix using the same psuedonymisation method outlined above to protect individual’s personal data.

 

Data controllers

 

Coremetrix operates as a Data Processor under the instructions of our Clients who are the Data Controller of their Customer’s data.

 

These Data Controllers are listed below:

 

Data controller Data controller address
ING Bank A.S. (Turkey) Büyükdere Avenue, 80670, Istanbul, Republic of Turkey

 

Mozipo Holding Ltd 182 Arch. Makarios Avenue III 182, Euripides Business Centre, 2nd floor, Office 02, 3027, Limassol, Cyprus
Alfa-Bank (Ukraine) Alfa-Bank Ukraine, 4/6 Desyatinnaya
Kiev 01001
Ukraine 
Koç Finansman A.S. (Turkey) KOÇ FİNANSMAN A.Ş.
Ünalan Mahallesi Ayazma Cd.
Koç Çamlıca İş Merkezi
A Blok 34700
Üsküdar / İSTANBUL 
Auxmoney Auxmoney GmbH, Königsallee 60F, 40212 Düsseldorf, Germany.
Compuscan Compuscan Holdings (CSH), Compuscan House, 3 Neutron Avenue, Techno Park, Stellenbosch, South Africa 7600
Marsh Finance Ltd Marsh Finance Limited, Crossfield Mill, Crawford Street, Rochdale, OL16 5RS, UK
Trezeo Ltd Trezeo Ltd,
NDRC,
Digital Exchange,
Crane Street,
Dublin 8, D08 HKR9, Republic of Ireland
International Bureau of Credit Histories Victory Avenue 65, Kiev, Ukraine
Creditinfo CRB Kenya Limited Park Suites, Office 12, Second Floor, Parklands Road, PO Box 38941-00623 Parklands, Nairobi, Kenya
Všeobecná úverová banka a.s Mlynske Nivy 1, Bratislava, Slovakia

 

Due to the use of pseudonymisation to protect the personal data of the individuals who we process data on behalf of the data controllers, any queries regarding data processed by Coremetrix should be directed to the relevant data controller.

 

Data retention period:

 

The data collected by our Quizzes is retained for a maximum period of 18 calendar months from the date that the data is collected. The data is retained for this period in order to provide scoring services to our Clients and to facilitate the data subject’s rights.

 

Third party websites:

 

Our Quizzes only appear on third party websites and we provide these services on behalf of our Clients (unless otherwise expressly indicated) any personal information collected therefore is provided to the owner of the website and its use governed by the website’s terms and conditions and privacy policy.  Please review all third party websites’ privacy policies carefully as we are not responsible for the practices of such parties.

 

Exercising Data Subjects’ rights:

 

You have a number of rights as regards how companies process your data, Coremetrix are committed to ensuring that you may exercise your rights when you are asked to use our Product by your bank/lender/insurance company.

 

However, due to the advanced privacy settings and pseudonymisation built into our product, we cannot trace individual users through normal search characteristics (name, address, date of birth, etc) that may apply to other companies. In order for Coremetrix to process any requests, we require the unique identifier / PUID assigned prior to you taking our Quiz.

 

Your bank/lender/insurance company are the Data Controller for the data processed by Coremetrix and will have a record of the unique PUID they assigned prior to directing that the data subject should take a Coremetrix Quiz.

 

If a Data Subject wishes to exercise their rights they should contact the bank/lender/insurance company that requested they complete a Coremetrix Quiz. Coremetrix will fully comply with these requests and supply any data required to the Data Controller in order to be delivered to the Data Subject.

 

 

Security:

 

We value your trust in providing us your Personal Information, thus we are striving to use commercially acceptable means of protecting it.

 

We employ SSL encryption for our Quiz tool to protect the data as it is collected and store all Quiz answer and Credit Product Performance data in secure datastores in Amazon Web Services.

 

Our processed scores are returned to our Clients over a secure API connection using a cryptographically generated API key.

 

But remember that no method of transmission over the internet, or method of electronic storage is 100% secure and reliable, and we cannot guarantee its absolute security.

 

Children’s privacy:

 

Our Services do not address anyone under the age of 16. Our Product is designed to assist our Clients to assess individuals for credit products, which have a normal minimum age of 18, or for motor insurance which has a minimum age to drive a vehicle of 17.

 

We do not knowingly collect or process information from children under the age of 16. In the case that we discover any personal information has been obtained from any individual under the age of 16 we will immediately delete the data from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal information please contact us immediately so that we will be able to take the necessary actions.

 

 

Changes to This Privacy Policy

 

We may update our Privacy Policy from time to time. Thus, you are advised to review this page periodically for any changes. WE will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately after they are posted on this page.

 

Comments or concerns about Privacy and the Coremetrix Product

 

We put the privacy of data subjects at the heart of our business and will treat all comments or concerns about Privacy with the respect and seriousness that they deserve and that we believe in.

 

If you have any concerns about how data is processed or have any comments or questions, please do not hesitate to contact us at privacy@coremetrix.com.

 

We will respond to all requests within 72 hours.