CredoWeb

Privacy Policy

CredoWeb Privacy Policy

CredoLab Regional Privacy Policies

CredoApp Regional Privacy Policies

CredoApply Regional Privacy Policies

CredoWeb Regional Privacy Policies

We are working this. In case you want to access them immediately, please reach out to privacypolicy@credolab.com

(Last Updated: March 2020)

At CredoLab it is important to us that you feel comfortable and trust us with your information when you use the CredoLab services. Please take a few minutes to read this CredoWeb Privacy Policy, so that you understand what information we collect, while you use CredoWeb application, what we do with it and why.

What this policy covers?

This Privacy Policy covers how CredoLab Pte. Ltd. and its affiliated companies (collectively, "CredoLab," "we," "us" or "our") collect, use, and share information in connection with your access and use of our proprietary web application used to assess your potential credit risk, named CredoWeb. It does not cover the privacy practices of third parties that we do not own or control.

Why do you collect my data?

It’s simple. CredoWeb provides your financial institution with the tools to help produce a real-time credit decision. While you apply for a loan or credit card on the web page of your financial institution in which it is embedded, we assess your device data fingerprint, application form behavioral data, and perform anti-fraud checks. We provide this assessment only in relation to the financial service of the financial institution that you are applying for. We do not share your assessment with anyone else. During this process we use data that does not directly identify you. In particular, we may use such data to build data profiles and provide segmented risk profile, generate aggregate statistical information, and to improve and administer our current products and create new products. You can be assured that we protect the information we collect. By using CredoWeb application, you agree to the collection, use, and sharing of your data in accordance with this Privacy Policy.  

How do you collect my data?

We collect your data when you apply for a loan or credit card on the web page of your financial institution and consent to us obtaining your digital footprint. We will not and cannot extract a digital footprint without your consent.

We do not request for your data from financial institutions without your consent and do not collect or process it without your consent. We will also ask you to click on a button that says “proceed with credit analysis”, or similar, before commencing an assessment and/or anti-fraud check on your device.

What data do you collect?

We collect various types of data from your device to perform our services. Our CredoWeb web application will only access the information on your device after you have agreed to its collection and use. This information may include your device ID numbers, hardware type, operating system, language and similar information (i.e. your digital footprint) and, in some cases described below, the IPaddress[1] of your device. You may change such permissions using your device settings.

We would access the IP address only if your financial institution subscribes to the anti-fraud solution (offered by CredoLab on behalf of Iovation Inc. based on the reseller agreement). If your financial institution subscribes only to the CredoLab’s credit analysis services, we will not access the IP address of your device. The IP address will be accessed only one-time, upon your application for specific financial service (loan, credit card etc.), and not persistently. The IP address information collected by us is similar to the types of information captured by common web analytics tools.

We collect also data to improve our services, including: Advertising ID associated with your device; Internet service provider or mobile network you use to connect to our products; and Information regarding other applications you may have on your device and how they are used (we never enter said applications).


Do you collect information that can identify me?

Unlike other companies, we do not collect your name or email address to identify you. We collect other information about you such as: IP address[2] and/or Device ID number, including Machine ID, IMEI and/or MEID; depersonalized geographic location present in media files. We use this information to detect fraudulent applications coming from the same device. In doing this, we protect your identity but retain the ability to recognize what information relates to you.  

To protect your identity, we may also remove personal identifiers from the information that we collect or aggregate and/or anonymize personal data we collect about you. For instance, although we would consider your precise location to be personal data if stored separately, if we combined the locations of our users into a data set that could only tell us how many users were located in a particular country, we would not consider this aggregated information to be personally identifiable.

The information collected by our web application is not sent to the financial institution you are applying for a financial service with. The processing of the information is done on CredoLab’s secure servers. The financial institution of your choice receives some limited pseudonymized information about you including the results of your credit assessment. While the information remains attributable to you, it cannot be reverse engineered to produce the original raw information collected.

These techniques assist in keeping the information that is sent to our servers secure and allows you to retain your raw information on your device.

While we cannot list out each and every type of data that we collect, we’ve tried below to give you a general understanding of what types of data we collect and examples to help you see what we mean.  

For Example:

  • Our web application collects information regarding your behavior while you apply for a loan or credit card on the web page your financial institution. While the web application may scan all types of information on your device, we only collect (and upload to the server) certain limited information. For instance, the web application may assess how you type, including factors such as key pressure typing speed and rhythm, and ca. 120 more events such as cut/paste, scroll down, delete a field, use of auto filling forms tools etc. Only this information is sent to our servers, not the underlying raw data or the information you type.
  • While our web application may scan and process your device for any type of information, it does not collect any personally identifiable information and it does not collect or read cookies.

How do you use my data?

We use your data to assess your financial health and status to allow your financial institution to decide whether or not to grant a loan or other financial services to you.

We also use your data to: -

  1. Obtain an assessment of your solvency including but not limited to an assessment of the probability of default of your obligations in the framework of contracts for the provision of financial services;
  2. Assess your interest in receiving financial services through algorithms and mathematical modeling.

The IP address of your device will be used to investigate and prevent fraud, spam, malware, identity theft or other unauthorized access, or any other unlawful activity as a part of the anti-fraud solution only.

You may withdraw your consent to receive advertising and marketing collateral from us and the financial institutions at any time.

Do you share my data?

We share the result of your credit assessment with the financial institution with which you are applying for a financial service and your potential willingness to communicate directly with the financial institution, if requested by the financial institution. We also share your potential willingness to communicate directly with the financial institution, if requested by the financial institution.

We may also share your data in the following ways:

When authorized by law or necessary to comply with a valid legal process; when required to protect and defend the rights or property of CredoLab, including the security of our products and services; when necessary to protect the personal safety, property or other rights of the public, CredoLab or its customers or employees; or in connection with a sale of all or part of our business. If we are involved in a merger, acquisition or asset sale, we will abide by this Privacy Policy, and any affected users will be informed if we transfer any personal data to a third party or if personal data becomes subject to a different privacy policy as a result.

How long do you keep my data?

To implement and improve the functionality of the web application and to update the credit scorecards developed for the client financial institution, we will keep your data for up to three 3 years unless you request us to delete your data at an earlier date.

What rights do I have over my data?

You have the right to ask us about the data we process about you, the purpose and nature of the processing, and to provide information on who we share it with. You have the right to request that we update or delete (assuming that this does not impact the services we are providing to you) the data we have collected about you at any time. Please note that we may reject requests which risk the privacy of others or are unreasonable or repetitive or would require a disproportionate effort. Unless you request us to delete your data, please note that we may keep your data after you stop being a user (but we typically keep your data no longer than is reasonably necessary given the purposes for which the data was collected). You have the right to expect us to protect your data and keep it safe. We work hard to protect CredoLab and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of the information we hold. In particular: we abide by this Privacy Policy at all times with respect to all data that we collect from you; we limit the use and disclosure of your data, and work to ensure that anyone with whom we share such information treats that information with the privacy and security it deserves; and we have put in place industry-accepted physical, technical and administrative practices to safeguard and secure the information we collect. You have the right to lodge a complaint with the relevant data protection authorities for any violation of applicable data protection laws.

What changes have you recently made?

We reserve the right to change this Privacy Policy at any time and will indicate the date the Privacy Policy was most recently updated. If there have been significant changes, we will highlight any such changes and will attempt to directly alert you when possible. We will also keep prior versions of this Privacy Policy in an archive for your review.

How can I contact you?

If have any questions about this policy or any of the above, please email us at privacypolicy@credolab.com. You may also contact us by mail at: CredoLab Pte. Ltd, #12-01 Capital Tower, 168 Robinson Road, Singapore 068912.

Is there anything else I need to know?

You may opt-out of our collection, use and disclosure of your information by requesting for your financial institution to delete your application for a financial service with them or us to delete your information.

We require information from the you to properly perform the services intended. Some or all of the functionalities of our service may not be accurate or available should you choose not to share information with us.

Periodically, our site or products may contain links to and from websites or other external destinations managed by third parties. If you follow a link to any of these destinations (like offers on web sites etc.), please note that those sites have their own privacy policy. When you are on those sites you are subject to those policies, and should therefore read and understand them before you submit any personal data to those sites.

[1] Every device connected to the Internet is assigned a unique number known as an Internet protocol (IP) address. IP addresses are assigned and reassigned by Internet Service Providers and companies regularly.

[2] IP address is not always considered as Personally Identifiable Information (PII). In the Philippines, Singapore or GDPR countries it is considered as PII. In other jurisdictions it isn't.

(Last Updated: March 2020)

At CredoLab it is important to us that you feel comfortable and trust us with your information when you use the CredoLab services. Please take a few minutes to read this CredoWeb Privacy Policy, so that you understand what information we collect, while you use CredoWeb application, what we do with it and why.

What this policy covers?

This Privacy Policy covers how CredoLab Pte. Ltd. and its affiliated companies (collectively, "CredoLab," "we," "us" or "our") collect, use, and share information in connection with your access and use of our proprietary web application used to assess your potential credit risk, named CredoWeb. It does not cover the privacy practices of third parties that we do not own or control.

Why do you collect my data?

It’s simple. CredoWeb provides your financial institution with the tools to help produce a real-time credit decision. While you apply for a loan or credit card on the web page of your financial institution in which it is embedded, we assess your device data fingerprint, application form behavioral data, and perform anti-fraud checks. We provide this assessment only in relation to the financial service of the financial institution that you are applying for. We do not share your assessment with anyone else. During this process we use data that does not directly identify you. In particular, we may use such data to build data profiles and provide segmented risk profile, generate aggregate statistical information, and to improve and administer our current products and create new products. You can be assured that we protect the information we collect. By using CredoWeb application, you agree to the collection, use, and sharing of your data in accordance with this Privacy Policy.  

How do you collect my data?

We collect your data when you apply for a loan or credit card on the web page of your financial institution and consent to us obtaining your digital footprint. We will not and cannot extract a digital footprint without your consent.

We do not request for your data from financial institutions without your consent and do not collect or process it without your consent. We will also ask you to click on a button that says “proceed with credit analysis”, or similar, before commencing an assessment and/or anti-fraud check on your device.

What data do you collect?

We collect various types of data from your device to perform our services. Our CredoWeb web application will only access the information on your device after you have agreed to its collection and use. This information may include your device ID numbers, hardware type, operating system, language and similar information (i.e. your digital footprint) and, in some cases described below, the IPaddress[1] of your device. You may change such permissions using your device settings.

We would access the IP address only if your financial institution subscribes to the anti-fraud solution (offered by CredoLab on behalf of Iovation Inc. based on the reseller agreement). If your financial institution subscribes only to the CredoLab’s credit analysis services, we will not access the IP address of your device. The IP address will be accessed only one-time, upon your application for specific financial service (loan, credit card etc.), and not persistently. The IP address information collected by us is similar to the types of information captured by common web analytics tools.

We collect also data to improve our services, including: Advertising ID associated with your device; Internet service provider or mobile network you use to connect to our products; and Information regarding other applications you may have on your device and how they are used (we never enter said applications).


Do you collect information that can identify me?

Unlike other companies, we do not collect your name or email address to identify you. We collect other information about you such as: IP address[2] and/or Device ID number, including Machine ID, IMEI and/or MEID; depersonalized geographic location present in media files. We use this information to detect fraudulent applications coming from the same device. In doing this, we protect your identity but retain the ability to recognize what information relates to you.  

To protect your identity, we may also remove personal identifiers from the information that we collect or aggregate and/or anonymize personal data we collect about you. For instance, although we would consider your precise location to be personal data if stored separately, if we combined the locations of our users into a data set that could only tell us how many users were located in a particular country, we would not consider this aggregated information to be personally identifiable.

The information collected by our web application is not sent to the financial institution you are applying for a financial service with. The processing of the information is done on CredoLab’s secure servers. The financial institution of your choice receives some limited pseudonymized information about you including the results of your credit assessment. While the information remains attributable to you, it cannot be reverse engineered to produce the original raw information collected.

These techniques assist in keeping the information that is sent to our servers secure and allows you to retain your raw information on your device.

While we cannot list out each and every type of data that we collect, we’ve tried below to give you a general understanding of what types of data we collect and examples to help you see what we mean.  

For Example:

  • Our web application collects information regarding your behavior while you apply for a loan or credit card on the web page your financial institution. While the web application may scan all types of information on your device, we only collect (and upload to the server) certain limited information. For instance, the web application may assess how you type, including factors such as key pressure typing speed and rhythm, and ca. 120 more events such as cut/paste, scroll down, delete a field, use of auto filling forms tools etc. Only this information is sent to our servers, not the underlying raw data or the information you type.
  • While our web application may scan and process your device for any type of information, it does not collect any personally identifiable information and it does not collect or read cookies.

How do you use my data?

We use your data to assess your financial health and status to allow your financial institution to decide whether or not to grant a loan or other financial services to you.

We also use your data to: -

  1. Obtain an assessment of your solvency including but not limited to an assessment of the probability of default of your obligations in the framework of contracts for the provision of financial services;
  2. Assess your interest in receiving financial services through algorithms and mathematical modeling.

The IP address of your device will be used to investigate and prevent fraud, spam, malware, identity theft or other unauthorized access, or any other unlawful activity as a part of the anti-fraud solution only.

You may withdraw your consent to receive advertising and marketing collateral from us and the financial institutions at any time.

Do you share my data?

We share the result of your credit assessment with the financial institution with which you are applying for a financial service and your potential willingness to communicate directly with the financial institution, if requested by the financial institution. We also share your potential willingness to communicate directly with the financial institution, if requested by the financial institution.

We may also share your data in the following ways:

When authorized by law or necessary to comply with a valid legal process; when required to protect and defend the rights or property of CredoLab, including the security of our products and services; when necessary to protect the personal safety, property or other rights of the public, CredoLab or its customers or employees; or in connection with a sale of all or part of our business. If we are involved in a merger, acquisition or asset sale, we will abide by this Privacy Policy, and any affected users will be informed if we transfer any personal data to a third party or if personal data becomes subject to a different privacy policy as a result.

How long do you keep my data?

To implement and improve the functionality of the web application and to update the credit scorecards developed for the client financial institution, we will keep your data for up to three 3 years unless you request us to delete your data at an earlier date.

What rights do I have over my data?

You have the right to ask us about the data we process about you, the purpose and nature of the processing, and to provide information on who we share it with. You have the right to request that we update or delete (assuming that this does not impact the services we are providing to you) the data we have collected about you at any time. Please note that we may reject requests which risk the privacy of others or are unreasonable or repetitive or would require a disproportionate effort. Unless you request us to delete your data, please note that we may keep your data after you stop being a user (but we typically keep your data no longer than is reasonably necessary given the purposes for which the data was collected). You have the right to expect us to protect your data and keep it safe. We work hard to protect CredoLab and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of the information we hold. In particular: we abide by this Privacy Policy at all times with respect to all data that we collect from you; we limit the use and disclosure of your data, and work to ensure that anyone with whom we share such information treats that information with the privacy and security it deserves; and we have put in place industry-accepted physical, technical and administrative practices to safeguard and secure the information we collect. You have the right to lodge a complaint with the relevant data protection authorities for any violation of applicable data protection laws.

What changes have you recently made?

We reserve the right to change this Privacy Policy at any time and will indicate the date the Privacy Policy was most recently updated. If there have been significant changes, we will highlight any such changes and will attempt to directly alert you when possible. We will also keep prior versions of this Privacy Policy in an archive for your review.

How can I contact you?

If have any questions about this policy or any of the above, please email us at privacypolicy@credolab.com. You may also contact us by mail at: CredoLab Pte. Ltd, #12-01 Capital Tower, 168 Robinson Road, Singapore 068912.

Is there anything else I need to know?

You may opt-out of our collection, use and disclosure of your information by requesting for your financial institution to delete your application for a financial service with them or us to delete your information.

We require information from the you to properly perform the services intended. Some or all of the functionalities of our service may not be accurate or available should you choose not to share information with us.

Periodically, our site or products may contain links to and from websites or other external destinations managed by third parties. If you follow a link to any of these destinations (like offers on web sites etc.), please note that those sites have their own privacy policy. When you are on those sites you are subject to those policies, and should therefore read and understand them before you submit any personal data to those sites.

[1] Every device connected to the Internet is assigned a unique number known as an Internet protocol (IP) address. IP addresses are assigned and reassigned by Internet Service Providers and companies regularly.

[2] IP address is not always considered as Personally Identifiable Information (PII). In the Philippines, Singapore or GDPR countries it is considered as PII. In other jurisdictions it isn't.