Credphone Privacy Policy

Definitions

“Your personal information” means any data that identifies you, collected when you use Credphone services. Terms like ‘your data’, ‘personal data’, and ‘your information’ used in this policy refer to “your personal information”. “Credphone Services” include mobile contracts, device financing. Full details can be found in our Terms and Conditions. “Third party” refers to any entity not part of Credphone or you (e.g., credit agencies, fraud prevention services).

How We Use Your Personal Information

To provide credit-based mobile services, manage your account, and comply with legal obligations, we collect, process, and store your personal information. You must ensure all the information provided is accurate and up to date. If details change (e.g. address, income), notify us immediately. Failure to do so may delay or suspend services. If you submit information about another person (e.g. a guarantor), you confirm you have their consent or legal authority.

Information We Collect

Depending on your service, we may hold:

• Identity & contact details: Name, address, date of birth, email, phone number.
• Financial & credit data: Income, employment status, bank details, credit history (from CRAs).
• Device & usage: IMEI number, call records, data usage (for billing and fraud prevention).
• Fraud prevention: Data shared with agencies to verify applications.
• Special categories: Health data (e.g., for accessibility) only with explicit consent.

Sources of Data

We may obtain information from:

1. Credit reference agencies (CRAs) – To assess creditworthiness.
2. Fraud prevention databases – To verify identity and prevent fraud.
3. Public records – Electoral Register, insolvency registers.
4. Third-party partners – Retailers, network providers.

Credit Checks & Automated Decisions

For financed devices or Pay Monthly plans, we may:

• Share your data with CRAs (e.g., Experian, Equifax).
• Use automated systems to approve/decline applications based on credit scoring.
• Retain credit check records to manage your account and comply with regulations.

You can request manual review of automated decisions by contacting us.

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including legal, regulatory, fraud prevention and business requirements:

1. Active customer accounts: We maintain your data for the duration of your contract plus 6 years after termination. This allows us to:
   • Meet financial reporting and tax obligations
   • Handle any post-contract queries or disputes
   • Comply with statutory limitation periods for legal claims

1. Declined applications: We store application data for up to 12 months to:

1. • Prevent and detect fraudulent applications
   • Maintain records for regulatory compliance
   • Support any reconsideration requests during this period

1. Credit information: We retain credit-related data in line with Credit Reference Agency guidelines (typically 6 years) because:

1. • This matches standard financial industry practice
   • It supports responsible lending decisions
   • It enables accurate credit risk assessment over time
   • It helps prevent identity fraud

All retention periods are periodically reviewed to ensure they remain appropriate and comply with our legal obligations under UK GDPR and financial services regulations. We securely delete or anonymize data when no longer needed for these purposes.

Legal Basis for Processing

We process your data under:

1. With your explicit consent (Article 6(1)(a)) – When you voluntarily agree to specific uses of your personal data for one or more particular purposes.
2. To fulfill our contractual obligations (Article 6(1)(b)) – When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
3. For legitimate business interests (Article 6(1)(f)) – Where processing is necessary for our legitimate interests or those of third parties, provided these interests are not overridden by your fundamental rights and freedoms. In such cases, we always conduct a legitimate interest assessment to ensure fair balance.

International Transfers

Data is stored in the UK/EEA. If transferred outside, we use:

• Adequacy agreements (approved countries); only transferring your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the Information Commissioner’s Office (ICO) or the European Commission
• Standard Contractual Clauses (EU-approved safeguards); using specific contracts approved by the ICO with recipients giving personal data the same protection it has in Europe.

Your Rights

• Access, correct, or delete your data; If any of the personal information we hold about you is incorrect or incomplete, you have the right to ask us to correct it. You can also ask for this information to be deleted.
• Object to processing (e.g., direct marketing); In some cases, you can request that we cease using your personal data, such as after closing your account or changing your marketing preferences
• Request manual review of automated credit decisions; If you are 16 years old or younger, you must obtain permission from a parent or guardian before sharing any personal information with us. Without their consent, we cannot accept your personal data.

You may request a copy of the personal data we hold about you, to access this information contact us on Credphoneuk1@gmail.com.

Age Restrictions

We do not enter into credit agreements with individuals under 18 years of age.

 

Policy last updated: 04/07/2025