Privacy Notice

Date: 09 March 2024

Introduction - Welcome to Crediflow AI’s privacy policy.

Crediflow AI respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

Crediflow AI takes your data privacy seriously. That is why we will only use your personal information to provide you with the products and services you have requested, as well as to administer your account. We will not sell or share your information with third-parties you grant us explicit permission to do so, and we will never use your personal data for any reason other than the reasons described within this policy.

About our privacy policy

Our privacy policy outlines your relationship with our company and explains in detail how we use the information that you provide us with.

This privacy policy aims to give you information on how Crediflow AI collects and processes your personal data through your use of this website, including any data you may provide through this website when you utilise our solutions including our Credit underwriting platform.

This website is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

About Crediflow AI.

Crediflow AI is the trading name of Generative Technology Ltd, which is registered in the United Kingdom. At Crediflow AI, we follow and implement regulatory requirements under the California Consumers Protection Act 2018 (CPRA), UK General Data Protection Regulation (UK GDPR), UK DPA 2018, UK PECR and EU General Data Protection Regulation (EU GDPR).

You can reach us by:

Post: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Email: privacy@crediflow.ai
Website: https://www.crediflow.ai/

Changing your preferences

If you’d like to change your web, contact or marketing preferences, you can do so at any time. Simply contact us at privacy@crediflow.ai to request the necessary amendments.

This Privacy Notice relates to your use of our website, see https://www.crediflow.ai/ and support channels, such as our open Slack channel, Notion and our platform.

Throughout our website we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you. These other third-party websites may also gather information about you in accordance with their own separate privacy notices. For privacy information relating to these other third-party websites, please consult their privacy notices.

How we do business

Crediflow AI is committed to upholding and maintaining your personal rights. We operate our business in-line with the European Union’s General Data Protection Regulation and observe your rights to change or withdraw your opt-in options at any time. As part of our ongoing commitment to uphold your rights, Crediflow AI will also extend advice on how you can issue formal complaints to relevant authorities, such as the Information Commissioner’s Office.

Sensitive data

Crediflow AI does not collect any sensitive data about you. Sensitive data refers to (but is not limited to) information about your race or ethnic background, religious or political affiliations, trade union affiliations, sexual orientation, criminal background or health background.

Who our privacy policy applies to

This privacy policy has been developed to inform users of Crediflow AI how we use their data. Crediflow AI is an AI-powered platform providing credit software solutions to lenders, and we need to process the data of individuals and companies to offer our products and/or services. Bearing that in mind, our privacy policy applies to any and all individuals and companies registered with us as a user, customer, administrator or in any other capacity.

What information this policy applies to

There is a lawful basis for processing your data, and this section of our privacy policy outlines how this applies to the personal information you provide us with or allow us to collect.

The information this policy applies to includes information that you:

Provide as part of any registration process
Provide as part of any campaign creation activity
Provide in the form of numerical data, metadata or communications
Give us as part of our ongoing relationship

This policy also applies to information that we:

Collect relating to how you interact with our website
Must process to complete purchases and other transactions

We may collect your personal data when you access our website, register with us, contact us or send us feedback.

We collect this personal data from you either directly, such as when you register with us, or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below). The personal data we collect about you depends on the activities carried out through our website. This information includes:

Your name, email, and phone number
Details of any feedback you give us by phone, email, post or via social media
Chat history if you contact us on Slack or social media We use this personal data to:
Customise our website and its content to your preferences
Notify you of any changes to our website or to our services that may affect you
Improve our services

We may also collect your personal data when you access our platform, register with us, contact us or send us feedback.

We collect this personal data from you either directly, such as when you register with us, or indirectly, such as your user activity when using our platform.

The personal data we collect and process about you depends on the activities carried out:

Registration: full name, email address and username.
Client onboarding: during our automated client onboarding process, we may process your full name, email address and time of use.
Account management: full name, email address, financial data and place of work.
Product development: full name, email address, place of work, IP address, time and duration of use of the platform and user behaviour.
Sales: full name, email address, place of work, user behaviour.

We use this personal data to:

Register your account
Communicate with you
Provide services for you
Process your payment transactions
Customise our platform and its contents according to your preferences
Notify you of any changes to our products or to our services that may affect you
Help you fix any inconveniences, such as unpredicted bugs
Improve our services

The Crediflow AI’s platform does not store any bank or card payment details.

Consent

Please note that when you submit personal data on our website, you are giving Crediflow AI your explicit consent that we can use that data in line with our privacy policy.

When we use your personal data, we are required to have a legal basis for doing so. There are various legal bases on which we may rely on, depending on what personal data we process and why. The legal bases we may rely on include:

Consent: where you have given us clear consent for us to process your personal data for a specific purpose
Contract: where our use of your personal data is necessary for a contract we have with you (read our Terms and Conditions here), or because you have asked us to take specific steps before entering a contract
Legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations)
Legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests)

Opting-out

After giving Crediflow AI your consent, you are free to amend your consent or withdraw your consent at any time. You have the right to object to the processing of your data. To opt-out, change your preferences or revoke your consent, simply contact us by emailing privacy@crediflow.ai

Data processing and storage

Crediflow AI collects and stores data in the UK. We will store your data for a period of 5 years after your last recorded login attempt unless otherwise noted and explicitly stated.

Crediflow AI stores data relating to transactions, and orders for a period of up to 5 years. This period may be extended under certain circumstances as part of our ongoing commitment to comply with UK and international law.

We use carefully selected and recognised third-parties to help us take payments, provide commercial services and manage company accounts. Some of these third-parties may operate outside the European Union.

Crediflow AI may process your data based on more than one legal ground. Circumstances under which we may be required to process your data under more than one legal ground may include:

Marketing and communications

Crediflow AI may send you marketing communications if you have given us your contact details and opted-in to marketing communications.

You can opt-out of these marketing communications and manage your preferences at any time.

Our company obligations

As a data controller, Crediflow AI is legally responsible for the data you provide us with. In honouring that responsibility, we pledge to uphold our commitments under GDPR and the Data Protection Act 2018.

We will only ever use your data:

In ways that are both fair and legal
As described within this policy
In ways that are necessary for the purposes described

In addition, Crediflow AI processes the personal data you submit to us or we collect as a data processor. As part of this role, Crediflow AI takes all necessary precautions to secure the personal data we collect, process and store.

We may occasionally use the data you provide us with for marketing, relationship management or account management activities. These activities are designed to ensure you have adequate information about other products and/or services we offer, that we have reason to believe you may be interested in. You have the right to opt-out of these activities at any time.

Third-Parties

We share your personal data with third parties outside Crediflow AI under the very limited circumstances and specific purposes below:

Vendors: We may share personal data with third-party vendors, such as cloud providers (e.g.: AWS, Azure, Open AI and Google Drive), communication tools (e.g.: Slack, Notion), and management tools (e.g.: HubSpot, Microsoft, and Google Workspace).
National Security Authorities or Law Enforcement: Crediflow AI may share personal data to comply with laws and protect our rights and the rights of others. We may disclose your information when we, in good faith, believe disclosure is appropriate to comply with the law, a court order or a subpoena. We may also disclose your information to prevent or investigate a possible crime; to protect the security of the Services; to enforce or apply our online Terms of Service or other agreements; or to protect our own rights or property or the rights, property, or safety of our users or others.

We will not share your personal data with any other third party without your consent.

Data Controller

Crediflow AI can be both the Controller and Processor in the relationship you, users of the website or customers of our products and services, have with us.

1- Crediflow AI is the data controller for some data processing activities, meaning that we determine the purposes and means of the processing of your personal data. In some regulations data controllers may be described as "data owner" or similar terms.

We are the controller of your personal data when:

You are a visitor of the website,
You communicate with us on Slack/ support channel/ social media,
Subscribe to receive newsletters,
You go through onboarding for the Crediflow AI platform,
You have a user account with the Crediflow AI platform

In accordance with this notice and our Terms of Service, we put the greatest effort into ensuring the responsible use of your data and in compliance with data protection regulations that cover jurisdictions we operate in.

2- Crediflow AI is the Data Processor of your personal data when we process personal data on your behalf. In some regulations the Data Processor may be referred to as a vendor or service provider.

Crediflow AI is the data processor of the data you add or ingest on the platform. We only access data we need in order to provide our services, and we will only process your data according to this Privacy Notice and our Terms of Service. When you connect your account, software or Internal platform with the Crediflow AI platform, you are in control of what data you want to ingest in Crediflow AI. Crediflow AI does not have write access beyond what is necessary to aggregate telemetry data from your accounts.

This means it is your responsibility to:

Manage who has what access permissions in your Crediflow AI team account,
Control what datasets are shared with Crediflow AI,
Understand and manage retention of datasets, including potentially personal data of your customers.

As a data processor, Crediflow AI provides the technology to enable you to manage your activities on the platform.

Our security

As part of our ongoing commitment to GDPR, Crediflow AI will report any security breaches or attempted breaches to the relevant authorities within 24 hours. We will subsequently contact all those affected by the breach within 72 hours of its occurrence.

At Crediflow AI, safeguarding the personal data of our customers and users is of utmost importance. To ensure maximum protection, we employ robust technical, organisational, and administrative measures to safeguard the data stored through the Crediflow AI website and platform against unauthorised access, loss, misuse, modification, or destruction.

Examples of organisational measures we take, include:

Policies that outline how personal data will be collected, processed, and protected, such as this one,
Conduct data protection impact assessments (DPIAs) to identify and mitigate privacy risks associated with data processing activities, and
Limit access to personal data to employees who need it to perform their duties.

Examples of technical measures we take, include:

Encrypting personal data in transit and at rest to prevent unauthorised access and to ensure the confidentiality and integrity of the data,
Implementing access controls, such as passwords, to limit access to personal data,
Regularly backing up data to prevent data loss or corruption,
Implementing firewalls, intrusion detection systems, and other security measures to prevent unauthorised access to the organisation's systems and networks, and
Regularly updating software and security patches to ensure that systems are protected against known vulnerabilities.

Legitimate interests

As part of the Data Protection Act 2018, Crediflow AI observes the right to share selected information with third-parties that use data for non-marketing purposes. This could include (but is not limited to) organisations that provide credit assessments, identification services and fraud prevention activities.

Children Privacy and Age limits

Crediflow AI does not process children’s personal data knowingly and adheres to the Children's Online Privacy Protection Act (“COPPA”). COPPA is a law in the United States that regulates the way in which online websites may collect and use information from children. Our data processing is done according to the COPPA.

We care about the safety of children. Crediflow AI’s services are not directed towards children under the age of 18, therefore they are not allowed to register with us, use our services, or disclose any personal data without appropriate parental or legal guardian approval. Crediflow AI requires parental consent to use the platform until the child turns 18 years old regardless of the predefined age categories.

We do not knowingly contact or engage with children under the age of 18 without said parental consent (or consent from your legal guardian). If you have reason to believe that a child under the said age has provided us with their personal data, please contact us at us privacy@crediflow.ai and we will endeavour to delete that data from our databases.

Advertising

Crediflow AI may work with several companies that assist in marketing our services to you on third party websites, mobile apps, and online services. These third parties may use cookies, web beacons or other tracking technologies to collect information about your use of certain parts of the Services and your activities across other websites and online services, which they may associate with persistent identifiers.

Their activities and your choices regarding their use of your information to personalise ads to you are subject to and set out in their own policies. We neither have access to, nor does this Privacy Policy govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device by non-affiliated, third-party providers. As described below, these providers may offer you a way to opt-out of the collection of information that is used for our interest-based advertising to you. We cannot guarantee that these instructions will not change, or that they will continue to be available; they are controlled by each third-party service provider, not us.

We do not use Child Activity Information to direct or personalise advertisements, do not advertise to children, and do not present third-party advertising within the Services.

If you are interested in more information about interest-based advertising and how you can generally control cookies and other tracking technologies from being put on your computer to deliver such advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, or the Digital Advertising Alliance’s (DAA’s) Consumer Opt-Out link. To opt out of the display of interest-based advertising from Google, please visit the Google Ads Settings page.

Your Rights

You have certain rights when it comes to the use of your data. At Crediflow AI, we make this a global commitment and treat all our users equally. These are:

Right to be Informed: You have the right to be informed about all data processing activities performed on your personal data at the point of collection.
Right of Access: Also known as Data Subject Access Requests (“DSARs” or “SARs”), you have the right to request information relating to you, and to receive a copy of your personal data.
Right to Rectification:You have the right to request the rectification or completion of inaccurate or incomplete personal data concerning you.
Rights to Erasure, Restriction, Data Portability and to Object:

In certain circumstances you have the right to:

Request and obtain the erasure of personal data concerning you,
Request and obtain the restriction of processing of personal data concerning you,
Request to have your personal data transmitted to another controller without hindrance, where technically feasible (data portability),
Object at any time to data processing carried out in our legitimate interests or carried out for direct marketing purposes.

Keep in mind that we can still store some of our users' anonymised personal information, as it is not possible to directly link the data back to their identity. We may also retain some personal information that is strictly necessary to comply with legal or governmental obligations.

Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you.
Facilitating Your Rights: Crediflow AI is required to provide within one month of receipt, information on the action we have taken to facilitate the request, or where applicable, the reasons for not taking action. This must include your right to lodge a complaint with the ICO and to seek a judicial remedy.

Any requests made by children younger than 18 years must be made on behalf of a parent or legal guardian. If you would like to exercise any of those rights, please contact us through privacy@crediflow.ai

Other Jurisdictions

For residents of other jurisdictions, to exercise your data protection rights or to receive more details in connection with them, you can submit requests via privacy@crediflow.ai. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. We will consider all such requests and provide our response within the period required by applicable law.

Please note, however, that certain information may be exempt from such requests, for example if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims. Your rights and our responses will vary based on your state or country of residency.

Please note that you may be in a jurisdiction where we are not obligated, or are unable, to fulfil a request. In such a case, your request may not be fulfilled. If applicable, you may make a complaint to your local data protection supervisory authority in the country where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.

Crediflow AI is committed to upholding your rights. If you have any questions, comments or concerns about this privacy policy or wish to exercise your rights in relation to your personal data, please email privacy@crediflow.ai at Crediflow AI.

We will process any request within 30 days. Subject Access Requests are normally performed free of charge, but we may need to charge individuals for excessive or unreasonable data requests.

Privacy Notice

Solutions

Company

Social