CREDIT KARMA UK PRIVACY NOTICE

Version: 4

Date adopted: 13/05/2019

This Privacy Notice provides information about how we use and share personal data about users of the Credit Karma website at www.creditkarma.co.uk and the Credit Karma app (together referred to below as the Service), and what cookies are used on the Service. You can also find more information about our services and how we provide them in the Credit Karma Terms and Conditions. This privacy notice covers the following topics:

  1. WHO WE ARE AND HOW YOU CAN CONTACT US

    We are the Credit Karma Group, which is a group of companies with headquarters at 760 Market St., 2nd Floor, San Francisco, CA 94102, USA. Some of the members of the Credit Karma Group are listed in section 5 below. However, this privacy notice only covers the activities of Credit Karma UK Limited whose registered office address is c/o Legalinx Limited, One Fetter Lane, London EC4A 1BR, United Kingdom.

    The Credit Karma company which operates the Service is Credit Karma UK Limited (trading as Credit Karma). Credit Karma UK Limited is a controller of the personal data that you provide us with on our website or app, or if you contact us using the details below. This means that it is responsible for ensuring that the personal data is used fairly and lawfully. Credit Karma UK Limited is also a controller of the credit data (and the other information relevant to your financial standing) that you can access through our Service.

    You can contact us by sending an email to contact@support.creditkarma.co.uk.

    References to “TransUnion” in this privacy notice mean TransUnion International UK Limited (company number 3961870), a credit reference agency authorised and regulated by the Financial Conduct Authority under number 737740, whose registered office is at One Park Lane, Leeds, West Yorkshire, LS3 1EP. Authorisation can be checked on the Financial Services Register at www.fca.org.uk.

  2. WHAT WE USE YOUR PERSONAL DATA FOR

    This section explains the purposes for which we use your personal data. More detail about the types of personal data that we might use for these purposes can be found in section 3 below.

    Verifying your identity

    We will use information about you to help us verify your identity so that we know we are providing your credit history to the correct person. We do this by, for example, checking the information (and personal data) you give us against databases such as the Electoral Register and your credit file. We use an identity verification service provided by TransUnion. You can find more information about how that service uses personal data in TransUnion’s Bureau Privacy Notice, which is available at: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.

    We also use technology that detects unusual use of your account to identify and prevent potential fraud.

    Providing our website and our products and services to you

    We use personal data to provide you with products and services through our website and our mobile app. This includes providing you with products and services such as:

    • your credit report, credit score and credit rating;
    • product comparison and eligibility services;
    • third-party offers for financial products;
    • other services such as Credit Coach, Credit Monitoring and Credit Factors.

    Credit Coach and Credit Monitoring rely on information about you that we obtain from TransUnion, who are a separate data controller in respect of this information. You can find out more information about how TransUnion use your personal information at: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.

    Credit Coach

    The Credit Coach service gives you information on actions that you should consider taking to build up enough credit history for TransUnion to provide a credit file and score to you in the future. You may request a copy of your credit file based on the data TransUnion do hold here. Please note that we do not control this website, and cannot guarantee that the TransUnion website address and/or contents will not change without our knowledge.

    Credit Coach checks the information you have provided us during sign-up on an ongoing basis to see whether there is enough information to enable you to be provided with our credit report services and we will contact you via one of the following means if this is the case: (i) the email address you have saved on your Credit Karma account; (ii) text message to the mobile phone number you have saved on your Credit Karma account; (iii) a notification on your mobile device via the Credit Karma app; or (iv) by any other communication method you have provided us.

    Credit Monitoring

    TransUnion may provide us with alerts when there are changes to your credit score, credit report or other information they hold about you. We may use these alerts to provide various services to you, which may include a communication via any one or more of the following means: (i) the email address you have saved on your Credit Karma account; (ii) text message to the mobile phone number you have saved on your Credit Karma account; (iii) a notification on your mobile device via the Credit Karma app; or (iv) by any other communication method you have provided us.

    General service updates

    We also use your personal data to contact you about our services. For example, we may contact you by email, text message or (if you are using the Credit Karma app) push notification to let you know when your new credit report is ready.

    Prevention and detection of fraud and other crime

    We may use information about you (including from third party sources as described elsewhere in this notice) to detect or prevent fraud or for security purposes related to our Service or our partners (for example, to ascertain whether someone has fraudulently accessed your account or whether you have only entered information about yourself). We may use third parties to undertake these checks on our behalf.

    Marketing

    Overview

    We use personal data for marketing purposes. This includes showing you advertisements or otherwise informing you about products and services that we think may be of interest to you. These may relate to products and services offered by any current or future member of the Credit Karma Group (see section 5) or any third party.

    We will not sell your personal data to third parties for their own marketing purposes, but we may use it to promote third parties’ products and services to you.

    How we get to know you

    We continuously strive to improve, develop and expand the range of services within Credit Karma and to provide our customers with a more personalised experience. So that we can do this and present relevant services and partnering arrangements to you, we need to understand your possible needs, interests, and preferences. To do this we build up insight about you throughout your Credit Karma relationship in the following ways:

    • from your use of our Service including, for any application you make for any services within Credit Karma, the particular services you choose and how you use them;
    • from how you engage with any of the third parties involved when you use your selected services within Credit Karma, for example when using the product comparison service; and
    • from information we receive from credit reference agencies such as TransUnion.

    These activities will be undertaken when you use the Service, and in your dealings with us generally.

    What we contact you about and how

    Whether or not and how you hear from us through direct marketing is always in your control. We will only contact you for direct marketing purposes in accordance with your choices about:

    • whether you want to receive information about our products and services, and/or the products and services of third parties; and
    • what methods of communication you have selected.

    You can make these choices when you first register with us, and you can also make these choices in the preference centre, located within the My Account section of our website and app. You can unsubscribe from our direct marketing at any time. If you click ‘unsubscribe’ within our marketing mailings, or unsubscribe via our text messages, you will be directed to the preference centre where you can make your changes.

    Your marketing preferences will not affect how we contact you for non-marketing purposes. You will still hear from us by a range of contact methods as part of our relationship management (see below) or if contacting you is an integral part of the service you have signed up to. An example of this is a reminder email letting you know that your new credit report is ready. Please note that you will automatically receive our newsletter unless you separately unsubscribe from this in the preference centre.

    If you agree that we can send you direct marketing information about third parties, this will relate to the third parties we work with to bring you the particular Credit Karma services you sign up to, or those whose goods and services may be relevant to you.

    We do not sell your personal details to or share your personal information with third parties for their own marketing purposes. If you select to receive information from us about relevant third party goods and services, this doesn’t mean that you will hear from them directly or that we will give them your personal details, unless you follow up directly with them. In this case we will exchange a minimal level of information, such as your email address and name, as we may receive a commission from the third party if you take up their goods and services.

    As well as direct marketing that we send to you, we may also show you targeted advertisements on the Credit Karma website, the app or via online advertising platforms. Section 11 below tells you about the website cookies we use and how you can manage your cookie preferences.

    Analysis and estimates

    We may use your credit data (such as your credit report, credit score, and your historical and trended credit data) and other information we obtain from you, or in relation to you, to analyse, sort, and present certain information, services or features to you. This can include:

    • sorting, filtering or highlighting offers from our third party partners based on this data and our analysis of it to help indicate offers that we believe may be of greater interest to you;
    • analysing the data to provide you with proprietary credit ratings or suggestions as to how you might improve your credit rating; and
    • estimating how your credit score or credit report may change in the future (including based on specific changes to your credit profile or credit providers).

    Relationship management

    We use personal data for relationship management purposes. Relationship management is the ongoing maintenance of our relationship with you. This could include activities such as letting you know about product changes or planned maintenance activity, providing you with technical support or dealing with your enquiries.

    When we contact you for relationship management purposes it might be through any of the means available to us, such as by email, SMS, telephone or via our website and app.

    Administering, monitoring and improving the Service

    We use information about how people use the Service (such as how different people navigate around our website and app, how long they spend on particular pages and whether they download any of our content) in order to help customise and improve our services. This can include recording the clicks and mouse movements of our users, but any personal data is screened out of these recordings to help protect your privacy.

    These activities allow us to tailor the website to better match your interests and preferences and to present you with more relevant content and offers. And they help us understand who has visited which pages to determine the most popular areas of the website.

    This information is also used for security and system administration and to generate aggregate non-personalised information for use by us, our business contacts, selected third parties, sponsors or advertisers (such as anonymous statistics related to the take up or use of services, or to anonymous patterns of browsing).

    Product or systems development and testing

    We may sometimes use personal data while improving, developing, testing or debugging our products and systems. This includes making sure that our security measures are working properly. Wherever possible, we will anonymise or pseudonymise the data before doing this.

    Legal and regulatory purposes

    We may use your personal data for legal and regulatory purposes. For example, this might include responding to complaints or enquiries from you or a regulator about how we have used your personal data.

    Combining data

    The information you give us may be combined with other information about you that is obtained from other sources, and the combined data may be used in accordance with this Privacy Notice. For example:

    • The information you give us may be compared with data available elsewhere to verify your identity or validate the information you have provided (for example in the context of anti-fraud measures).
    • De-identified information about you may be combined with information about your devices (or cookies placed on your devices) to improve the quality and relevance of advertising material on websites you visit.
    • We may combine information about how you use the Service with the other information we hold about you in order to help us develop a better and more detailed understanding of the way you use the Service and what your preferences and interests are.

  3. WHAT KINDS OF PERSONAL DATA WE USE, AND WHERE WE GET IT FROM

    We obtain and use information from various sources. These are summarised below.

    • Name and contact details

      This is basic personal data about you, and how to get in touch with you.

      This information is provided directly by you, typically through our website or our app, or obtained from other sources as further described in this Privacy Notice. Some of it is also matched with data on your credit file.

    • Other identifying information

      This is other information that we need to help identify who you are, such as your date of birth and address history. In some cases, such as where you have changed your name, we may require physical documents such as a deed poll or marriage certificate.

      This information is provided directly by you, typically through our website and our app, or obtained from other sources as further described in this Privacy Notice. Some of it is also matched with data on your credit file.

    • Your credit file

      This is information about your credit history, such as your loans, mortgages and other credit arrangements, your repayments, and your financial associates (i.e. people who are financially linked to you, because you share a mortgage or a credit card, for example). It also includes information like court judgments, bankruptcies and individual voluntary arrangements that may have been made against you, as well as your current and previous names and addresses. TransUnion also keeps a record of who has previously made searches of your credit file, and any disputes and queries that have been raised by you. Your credit file also contains fraud prevention indicators.

      This information is gathered by TransUnion UK in its role as a credit reference agency.

      TransUnion are a separate data controller with respect to this data, and you can find out more information about how TransUnion uses your personal information at: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.

      TransUnion gets the information from a range of different sources, including lenders. Information about court judgments and insolvency-related events come (indirectly) from the courts. Address information is obtained from the electoral register, which is supplied to TransUnion by local authorities. Fraud prevention indicators are provided by fraud prevention services such as Cifas.

      For us to be able to provide the Credit Karma services to you, we need to obtain your credit data, including your credit score and credit report, held in TransUnion’s credit reference database. We do this by submitting, on your behalf, something called a “limited subject access request” in accordance with Article 15 of the General Data Protection Regulation as modified by section 13 of the Data Protection Act 2018.

      In order to provide you with the best possible service and ensure we are providing you with the most up-to-date information we can (including to provide your credit score, credit report and relevant products or offers), we may submit requests for your credit data to TransUnion: (i) whenever you access our services or receive a credit monitoring alert; and (ii) on a weekly basis irrespective of whether you access our services. TransUnion may also supply certain credit data relating to you (such as notification of changes to your credit score or credit report) on a more frequent or “real-time” basis in order that we can provide our services to you. By applying for our services, you authorise us to obtain on your behalf and use your credit data in this way.

    • Product comparison data

      When you use our product comparison services we will obtain information needed for that service, such as which products you may be able to apply for and how likely you are to be accepted for them. Using your personal data for our product comparison services will ultimately help you select products which are relevant to you.

      We obtain this data from our product comparison services providers (see section 5).

    • Transaction history

      This is information about what Credit Karma products and services you have subscribed to and when you subscribed to them.

      We produce these records ourselves.

    • Contact history

      This is information about our contact with you. It also includes your behaviour in response to our interactions with you, such as whether you have opened our emails or clicked on a link.

      We produce these records ourselves.

    • Device information

      This is information about the device or devices you use to access our websites and app, such as the type of device, its operating system, browser, IP address, screen resolution and what cookies are on it.

      We produce these records ourselves by monitoring your use of our websites and apps.

    • Website and app usage

      This is information about your use of our website and app, such as what pages you have visited and what content you have downloaded. It includes information about how you arrived on our website, navigated around it and browsed away from it (including dates and times), the services you viewed or searched for, page response times, download errors, length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs). Cookies and similar technologies may be used to help us do this – see section 11 below.

      We produce these records ourselves by monitoring your use of our website and our app.

    • Third party data

      This is information that we obtain about you from third parties and associate with you or your devices.

      We may obtain this data from various different data suppliers.

    Type of information
    Description
    Source
    Name and contact details

    This is basic personal data about you, and how to get in touch with you.

    This information is provided directly by you, typically through our website or our app, or obtained from other sources as further described in this Privacy Notice. Some of it is also matched with data on your credit file.

    Other identifying information

    This is other information that we need to help identify who you are, such as your date of birth and address history. In some cases, such as where you have changed your name, we may require physical documents such as a deed poll or marriage certificate.

    This information is provided directly by you, typically through our website and our app, or obtained from other sources as further described in this Privacy Notice. Some of it is also matched with data on your credit file.

    Your credit file

    This is information about your credit history, such as your loans, mortgages and other credit arrangements, your repayments, and your financial associates (i.e. people who are financially linked to you, because you share a mortgage or a credit card, for example). It also includes information like court judgments, bankruptcies and individual voluntary arrangements that may have been made against you, as well as your current and previous names and addresses. TransUnion also keeps a record of who has previously made searches of your credit file, and any disputes and queries that have been raised by you. Your credit file also contains fraud prevention indicators.

    This information is gathered by TransUnion in its role as a credit reference agency.

    TransUnion are a separate data controller with respect to this data, and you can find out more information about how TransUnion uses your personal information at: https://www.transunion.co.uk/legal-information/bureau-privacy-notice.

    TransUnion gets the information from a range of different sources, including lenders. Information about court judgments and insolvency-related events come (indirectly) from the courts. Address information is obtained from the electoral register, which is supplied to TransUnion by local authorities. Fraud prevention indicators are provided by fraud prevention services such as Cifas. For us to be able to provide the Credit Karma services to you, we need to obtain your credit data, including your credit score and credit report, held in TransUnion’s credit reference database. We do this by submitting, on your behalf, something called a “limited subject access request” in accordance with Article 15 of the General Data Protection Regulation as modified by section 13 of the Data Protection Act 2018.

    In order to provide you with the best possible service and ensure we are providing you with the most up-to-date information we can (including to provide your credit score, credit report and relevant products or offers), we may submit requests for your credit data to TransUnion: (i) whenever you access our services or receive a credit monitoring alert; and (ii) on a weekly basis irrespective of whether you access our services. TransUnion may also supply certain credit data relating to you (such as notification of changes to your credit score or credit report) on a more frequent or “real-time” basis in order that we can provide our services to you. By applying for our services, you authorise us to obtain on your behalf and use your credit data in this way.

    Product comparison data

    When you use our product comparison services we will obtain information needed for that service, such as which products you may be able to apply for and how likely you are to be accepted for them. Using your personal data for our product comparison services will ultimately help you select products which are relevant to you.

    We obtain this data from our product comparison services providers (see section 5).

    Transaction history

    This is information about what Credit Karma products and services you have subscribed to and when you subscribed to them.

    We produce these records ourselves.

    Contact history

    This is information about our contact with you. It also includes your behaviour in response to our interactions with you, such as whether you have opened our emails or clicked on a link.

    We produce these records ourselves.

    Device information

    This is information about the device or devices you use to access our websites and app, such as the type of device, its operating system, browser, IP address, screen resolution and what cookies are on it.

    We produce these records ourselves by monitoring your use of our websites and apps.

    Website and app usage

    This is information about your use of our website and app, such as what pages you have visited and what content you have downloaded. It includes information about how you arrived on our website, navigated around it and browsed away from it (including dates and times), the services you viewed or searched for, page response times, download errors, length of visits to certain pages, and page interaction information (such as scrolling, clicks, and mouse-overs). Cookies and similar technologies may be used to help us do this – see section 11 below.

    We produce these records ourselves by monitoring your use of our website and our app.

    Third party data
    This is information that we obtain about you from third parties and associate with you or your devices.
    We may obtain this data from various different data suppliers.

    You are free to choose whether or not you give us your personal data. However, if you are signing up to one of our products or services we might not be able to provide you with that product or service if you do not give us the information we need in order to do so.

  4. WHAT OUR LEGAL GROUNDS FOR HANDLING YOUR PERSONAL DATA ARE

    This section explains the basis on which we process your personal data in connection with our Service. TransUnion’s basis for acting as a credit reference agency (and separate data controller) is explained separately at https://www.transunion.co.uk/legal-information/bureau-privacy-notice.

    Performance of our contract with you

    When you sign up to Credit Karma, we agree to provide you with certain services as set out in the Credit Karma Terms and Conditions. We need to use some of your personal data in order to be able to provide you with those services. For example, we need to know your username and password so that you can log onto the Service and we need to process your contact information so we can pull your credit report on your behalf.

    Consent

    Where necessary, we rely on your consent for sending you direct marketing materials by email, telephone or text message. You can give or withhold consent when you first sign up to Credit Karma, and you can subsequently withdraw your consent through your account settings or (in the case of email) by clicking the “unsubscribe” link. See the information about “Marketing” in section 2 above for more details.

    Legitimate interests

    The UK’s data protection law allows the use of your personal data where necessary for a legitimate purpose, provided that this purpose isn’t outweighed by the impact it has on your rights and freedoms. The law calls this the “legitimate interests” condition for processing personal data. The interests can be yours, ours, or those of a third party.

    The legitimate interests we are pursuing include:

    • Interest: Promoting knowledge among consumers about their credit history and its implications for them. Enabling consumers to see activity on their credit report so they can take action where necessary. Allowing consumers to challenge incorrect data on their credit report. Helping consumers make decisions to improve their financial situation.
      Explanation:It is important that consumers are well-informed about their credit history and how it may be taken into account by lenders. Where a consumer has been declined credit, Credit Karma helps them understand why this might be, and allows them to challenge information on their credit report if it is inaccurate. Credit Karma also enable consumers to monitor their credit report to identify any unusual or potentially fraudulent activity, and take steps to improve their credit rating.
    • Interest: Monitoring and securing our systems and our data
      Explanation:Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept up-to-date and secure, and only made available to the correct people.
    • Interest: Our general commercial interests, such as showing consumers offers and products relevant to them, understanding our customers and how they use our Service, and generally running the Credit Karma business.
      Explanation:Like any commercial organisation, we seek to earn revenue through the effective and efficient provision of services to our customers and clients. This requires us to process the personal data of our customers and our clients.
    Interest
    Explanation
    Promoting knowledge among consumers about their credit history and its implications for them. Enabling consumers to see activity on their credit report so they can take action where necessary. Allowing consumers to challenge incorrect data on their credit report. Helping consumers make decisions to improve their financial situation.
    It is important that consumers are well-informed about their credit history and how it may be taken into account by lenders. Where a consumer has been declined credit, Credit Karma helps them understand why this might be, and allows them to challenge information on their credit report if it is inaccurate. Credit Karma also enable consumers to monitor their credit report to identify any unusual or potentially fraudulent activity, and take steps to improve their credit rating.
    Monitoring and securing our systems and our data
    Some of the ways we use personal data are justified by the need to ensure that our systems and the data we make available through the website are kept up-to-date and secure, and only made available to the correct people.
    Our general commercial interests, such as showing consumers offers and products relevant to them, understanding our customers and how they use our Service, and generally running the Credit Karma business.
    Like any commercial organisation, we seek to earn revenue through the effective and efficient provision of services to our customers and clients. This requires us to process the personal data of our customers and our clients.
  5. WHO WE SHARE YOUR PERSONAL DATA WITH

    Our group companies

    We may share your personal data among the members of the Credit Karma Group. If we do so, then use of the data by those companies will be governed by this Privacy Notice. A list of relevant Credit Karma Group companies is set out below, although the list may be updated from time to time.

    • Group company: Credit Karma UK Holdings Limited (UK company no. 11594902)
      Role: Our UK holding company
      Registered office: [C/O Legalinx Limited One, Fetter Lane, London, United Kingdom, EC4A 1BR]
    • Group company: Credit Karma, Inc., a Delaware corporation
      Role: Our U.S. parent company
      Main trading address: 760 Market St., 2nd Floor, San Francisco, CA 94102

    Service providers

    We may provide your information to third party service providers or agents to have them perform on our behalf any of the activities described in section 2. For example:

    • Our database of personal data may be hosted by third parties on our behalf.
    • We use a third party email broadcasting service in order to send you service emails, text messages or marketing emails.
    • We may use third party advertising platforms to help us target advertisements to you.
    • We sometimes use market research companies to help us better understand our customers.

    These service providers will not be allowed to use your information for their own purposes or on behalf of other organisations, unless you agree otherwise.

    Product comparison services provider

    We sometimes use third party suppliers (such as TotallyMoney Limited) to provide our product comparison services, which help you select products which are relevant to you. To see TotallyMoney’s Terms and Conditions go to https://www.totallymoney.com/info/terms/. To see TotallyMoney’s Privacy Policy, go to https://www.totallymoney.com/info/privacy-policy/.

    When you use our product comparison services, we will provide any relevant suppliers of that service with your personal data, unless we are providing the product comparison services ourselves. The third party product comparison services may themselves use third parties to process this information in accordance with our instructions for the purpose of generating a view of how likely you are to be accepted for any particular product, and they may use other third parties to send you your product comparison results electronically.

    Credit providers and credit reference agencies analyse key elements of your credit file, including the Electoral Register and shared credit performance data, in order to determine your current financial standing. If you have a financial associate, their data may also be used. The analysis of your credit file will be used by the third party to identify and rank product offers in order of appropriateness for your circumstances (although this does not guarantee that there will be appropriate product offers available to you). You will then have the opportunity to apply for the product with the credit provider. It is important to note that there may be other products available from lenders who are not represented by this service.

    How our products may affect you

    When information about you is requested from a credit reference agency for the purposes of the product comparison services, it will place a record of the request on your credit file, whether or not you decide to apply for the product. This will be marked as a “quotation” search in the name of the third party performing the search, and will not affect your ability to gain credit. Credit reference agencies may also use the information for statistical purposes, or supply it to other organisations such as fraud prevention agencies who may use it for checking identity, preventing fraud, tracing and the collection of debt. In some cases your information may be shared with lenders to check whether you are an existing customer, which may affect whether you are eligible for the lenders’ other products. More information about how credit reference agency search records are used is available at https://www.transunion.co.uk/crain.

    If you choose to proceed to apply for a product from the list of offers, the supplier you choose will carry out its own identification and credit checks as part of its ordinary application process. Your credit file will not be provided to any third party credit provider at any point during this process unless you agree.

    Online advertising platforms

    We may use third party advertising platform providers such as Google to serve advertisements to you. These third parties may use information about your visits to this and other websites in order to provide you with advertising about products and services that may be of interest to you.

    Sometimes we may provide information associated with you to third parties who operate other websites (such as social media platforms) so that we can show you relevant advertisements while you are using those websites. This information will be protected so that you can only be identified if the third party already knows you – the information we provide only tells them that you are a Credit Karma user.

    You can often configure your advertising preferences on social media such as Facebook, Twitter, Instagram or Pinterest by accessing your settings or preference options on the relevant platform. If you no longer want to receive personalised advertising on any website you visit, you may be able to opt out directly through the privacy policy of the particular website you are accessing, or by adjusting the privacy settings in your internet browser. Please note that this is not likely to block ads that are displayed on the websites you visit; it would more likely just stop your receipt of advertising that has been tailored to your interests. This opt-out relies on a cookie, so if you wipe all your cookies then that website will no longer know that you have opted out. The same applies if you use a different internet browser, or use a new computer to access the internet. You can also opt out of such advertising by visiting the Internet Advertising Bureau’s opt-out platform at www.youronlinechoices.com but please note that this and other platforms only allow you to opt out of interest-based advertising delivered by registered members.

    Business transfers

    If we sell all or part of our business to a third party, or go through a corporate reorganisation, we will transfer personal data to the company that acquires the business.

    Fraud prevention agencies

    The personal information we have collected from you will be shared with fraud prevention agencies who will use it to prevent fraud and money-laundering and to verify your identity. If fraud is detected, you could be refused certain services, finance, or employment. Further details of how your information will be used by us and these fraud prevention agencies, and your data protection rights in relation to this information, can be found by visiting the website of Cifas, a fraud prevention service, at www.cifas.org.uk/fpn.

    Regulators

    We may sometimes need to pass personal data to a regulator such as the Information Commissioner’s Office or the Financial Conduct Authority.

    Sharing of anonymised data with third parties

    We may share anonymised information with other third parties, but only where the information cannot realistically be identified as relating to you.

  6. WHERE YOUR PERSONAL DATA IS STORED AND SENT

    Within Europe

    We are based in the United Kingdom and will access and use your information from here. We may also extend operations to elsewhere in the European Union, in which case personal data would be potentially accessible from there too. In these cases, the use of the information in those locations would be protected by European data protection standards.

    Elsewhere

    We also send information elsewhere in the world. For example:

    • To our parent company, Credit Karma, Inc. in the United States, who provide certain administrative services to us.
    • Sometimes another group company or branch office based overseas (such as our offices in the United States and Canada) may need to use the data in accordance with this Privacy Notice.
    • We sometimes use third party service providers such as cloud-based technology or a data centre or backup facility overseas, and people in other countries may also need to access data for purposes such as technical support, troubleshooting, data security, or system development and testing.

    While countries within the European Union all ensure a high standard of data protection law, some parts of the world (such as the United States) may not provide the same level of legal protection in relation to personal data. As a result, when we do send personal data overseas, we will make sure that suitable safeguards are in place to protect the information. For example, these safeguards might include:

    • Putting in place a contract with the recipient containing terms which have been approved by the authorities as providing a suitable level of protection, such as the European Commission’s standard contractual clauses for international data transfers.
    • Sending the information to an organisation which is a member of a scheme which has been approved by the authorities as providing a suitable level of protection. One example is the “Privacy Shield” scheme that has been agreed between the European and US authorities.

    For more information on the safeguards we have in place, please contact dpo@support.creditkarma.co.uk. Please note that this mailbox is monitored by our data protection team in the United States. As a result, by sending personal data to this mailbox you will be sending personal data to the United States.

  7. HOW LONG YOUR PERSONAL DATA IS KEPT FOR

    We will keep your personal data for as long as you are a Credit Karma member and for a period of up to two years from the date when your Credit Karma account is closed. We keep the data for that extra period of time in case we need to respond to any enquiries from you (or from any regulators), and for antifraud purposes. We may keep anonymised data for a longer period of time for analysis and anti-fraud purposes.

    We may close your account if you do not use it for a long time, and you can close your account at any time by contacting us at contact@support.creditkarma.co.uk. Please see the Credit Karma Terms and Conditions for more information about this.

  8. WHETHER YOUR PERSONAL DATA IS USED TO MAKE AUTOMATED DECISIONS ABOUT YOU OR TO PROFILE YOU

    We perform the following automated decision-making and profiling activities using your personal data. When we refer to profiling, we mean using personal data to make predictions about you, or to categorise you into particular groups.

    Identity verification

    As explained in section 2 above, we will use the information you provide on registration to help us to verify your identity so that we know we are providing your credit history to the correct person. We do this by checking the information you give us against databases such as the Electoral Register and your credit file. This is an automated process, and it can result in you being declined access to Credit Karma if we can’t verify your identity.

    Thin file upgrade process

    If you sign up to Credit Karma but do not have enough credit history to enable us to provide you with a credit report at the time of sign up, we will check your credit file on an ongoing basis so that if you do develop enough of a credit history we can automatically upgrade you to a full Credit Karma account.

    Credit scores and ratings

    Your credit score and rating are created from your personal data by TransUnion. Please refer to www.transunion.co.uk/crain to find out more about how they use your personal data.

    Product comparison service

    The product comparison service involves assessing your creditworthiness in order to present you with products which may be more appropriate to your personal circumstances. This activity may be carried out by a third party provider. Please refer to section 5 above to find out more.

    Account management, marketing and website personalisation

    If you do not use your Credit Karma account for a long time we may automatically categorise you as a dormant user. While you are classed as a dormant user we may attempt to reengage with you, for example by sending you messages reminding you about your account and warning you that if you do not use the account it may be closed.

    We may also categorise you alongside other data subjects based on information such as how you move around the website or what products and services you seem most interested in so that we can tailor advertisements for particular groups of people at the same time or in order to personalise the website for particular groups of people.

    Marketing

    As explained in section 2 above, we build up a relationship profile from your dealings with Credit Karma and may use this to contact you with marketing information in accordance with your contact preferences.

  9. YOUR RIGHTS IN RESPECT OF THE PERSONAL DATA THAT WE HOLD ABOUT YOU

    You have several different rights in relation to the personal data that we hold about you. These are briefly described below. To enquire about exercising these rights, please contact us at dpo@support.creditkarma.co.uk. Please note that this mailbox is monitored by our data protection team in the United States. As a result, by sending personal data to this mailbox you will be sending personal data to the United States.

    • Access: You have a right to find out what personal data we hold about you, and certain other information such as how we are using it. You can see some of this information by visiting the “My Account” section of the website.
    • Withdrawal of consent: When we rely on your consent to use your data (see section 4 above), you have the right to withdraw that consent at any time. You can do this by contacting us, or through your account settings or (in the case of direct marketing emails) by clicking the “unsubscribe” link.
    • Objection to direct marketing: You have the right to object to us using your personal data for direct marketing purposes. If you do this we will stop using it for those purposes.
    • Rectification: If the information that we hold about you is inaccurate or out of date, you have a right to ask us to correct it.
    • Objection to legitimate interests: If you disagree with us relying on the legitimate interests grounds for using your personal data (see section 4 above), you can object to us doing so. We will then reassess the extent to which we can continue to use the data in light of your particular circumstances.
    • Erasure: In certain circumstances you can ask us to delete your personal data from our systems. However, this usually won’t apply to all of your data because we might have good reason for needing to keep some of it.
    • Objection or restriction: In some circumstances you can object to us processing your personal data, or ask us to restrict the ways in which we use your personal data.
    • Portability: You have the right to receive some limited kinds of information in a portable format. Please note that this does not apply to the information on your credit report.

    Some special rules apply when you make a request about information on your credit report; please refer to www.transunion.co.uk/crain to find out more.

  10. WHO YOU CAN COMPLAIN TO IF YOU ARE UNHAPPY ABOUT THE USE OF YOUR PERSONAL DATA

    We try to ensure that we deliver the best levels of customer service but if you are not happy you should make contact so that we can investigate your concerns. Please contact us by sending an email to contact@support.creditkarma.co.uk, and you can also contact our Data Protection Officer at dpo@support.creditkarma.co.uk. Please note that our DPO mailbox is monitored by our data protection team in the United States. As a result, by sending personal data to this mailbox you will be sending personal data to the United States.

    You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), which is the body that regulates the handling of personal data in the United Kingdom. You can do this online through the ICO’s website at www.ico.org.uk, by telephone on 0303 123 1113, or by writing to them at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow SK9 5AF.

  11. WHAT COOKIES ARE USED ON OUR SERVICE

    We use cookies and similar technologies to distinguish you from other users of the Service. This helps us to provide you with a good experience when you browse our websites and also allows us to personalise and improve our websites.

    A cookie is a small file of letters and numbers that we put on your device. We use the following kinds of cookie:

    • Strictly necessary cookies. These are cookies that are required for the operation of the Service. They include, for example, cookies that enable you to log into secure areas of the Service.
    • Analytical/performance cookies. These cookies allow us to recognise and count the number of visitors and to see how visitors move around the Service when they are using it. This helps us to improve the way our Service works, for example, by ensuring that users are finding what they are looking for easily. They also allow us to tell if you have reached one of our websites from one of our advertising partners so that we can meet our contractual commitments to that partner.
    • Functionality cookies. These are used to recognise you when you return to our Service. This enables us to personalise our content for you, greet you by name and remember your preferences.
    • Targeting cookies. These cookies record your visit to our Service, the pages you have visited and the links you have followed. We will use this information to make our Service and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

    You can find more information about the individual cookies we use and the purposes for which we use them below.

    • _utma, _utmb, _utmc, _utmz

      These cookies are used to collect information about how visitors use our Service. We use the information to compile reports and to help us improve the Service. The cookies collect information in an anonymous form, including the number of visitors to the Service, where visitors have come to the Service from and the pages they have visited.

    • source

      This cookie is used for the user session to work correctly.

    • source-params

      This cookie holds additional information passed to Credit Karma from a third party for use on the Service, for example to pre-fill the sign-up form.

    • guest_id, original_referer

      This is a Twitter widget. Widgets let you display Twitter updates on your website or social network page.

    • __stid

      These cookies are used to provide the service that allows you to share certain articles on the Service with friends/colleagues via various social networks.

    • __uset (Sharethis)

      These cookies are used to provide the service that allows you to share certain articles on the Service with friends/colleagues via various social networks.

    • C1, C2, __RequestVerificationToken*

      These cookies are essential for the operation of our Service and are used to verify a visitor’s identity in order to prevent fraud.

    • SessionSettings

      This cookie stores user preferences & configuration information for the Credit Karma website. The cookie will expire when the user closes their browser.

    • bt3, btv3, btpdb, btps

      Third-party cookies used to collect information about how visitors use our Service. They collect information in an anonymous form for the purposes of marketing.

    • Facebook Pixel
      Pixel ID: 574412322762120
      PageView

      The pixel is used for targeting Facebook users who have visited the Service with Facebook Advertising. A tracking pixel delivers information to a server, and a cookie stores information in a user's browser so that server can read it again later. A third party can't simply track someone around the web, the browser needs to contact their server to initiate the interaction. The tracking pixel serves the purpose.

    • ABTasty, ABTastyNPS, ABTastySession

      These cookies are used to track multivariant tests on the Service. They collect information in an anonymous form for the purposes of improving the Service and serving personalised content. They also enable mouse movement tracking across our websites to allow us to optimise conversion rates and to troubleshoot problems. The NPS cookie allows us to surface a net promoter score survey to users at any point on our websites.

    • cc_cookie_decline

      This is used to indicate users who have declined acceptance of cookies on our website.

    • cc_cookie_accept

      This is used to indicate users who have accepted the use of cookies on the website.

    • rUsername

      This is created when a user indicates that they wish their username to be remembered on the log in page.

    • CustomerId ResultModelTempData + number (for example ResultModelTempData1)

      This is created as part of the signup process.

    • _gcl_aw and _gcl_dc

      These cookies track the success of our Google ad campaigns and enable us to make sure we do not continue to target these campaigns at existing customers.

    • MintAV

      This pixel helps us measure the impact of our television advertising by monitoring any uptick in member registrations or engagement activities following a television advertisement. This data is used in non-identifiable and/or aggregated form to show incremental change. As an example, data from these pixels might show that, within a specified time period following a television advertisement, member engagement increased 20% or that 100 extra people registered for our service above the normal baseline.

    • TV Squared

      This pixel helps us measure the impact of our television advertising by monitoring any uptick in member registrations or engagement activities following a television advertisement. This data is used in non-identifiable and/or aggregated form to show incremental change. As an example, data from these pixels might show that, within a specified time period following a television advertisement, member engagement increased 20% or that 100 extra people registered for our service above the normal baseline. It is used as a secondary validation tool for the MintAV tool.

    Name
    Purpose
    More Information
    _utma, _utmb, _utmc, _utmz

    These cookies are used to collect information about how visitors use our Service. We use the information to compile reports and to help us improve the Service. The cookies collect information in an anonymous form, including the number of visitors to the Service, where visitors have come to the Service from and the pages they have visited.

    source

    This cookie is used for the user session to work correctly.

    source-params

    This cookie holds additional information passed to Credit Karma from a third party for use on the Service, for example to pre-fill the sign-up form.

    guest_id, original_referer

    This is a Twitter widget. Widgets let you display Twitter updates on your website or social network page.

    __stid

    These cookies are used to provide the service that allows you to share certain articles on the Service with friends/colleagues via various social networks.

    __uset (Sharethis)

    These cookies are used to provide the service that allows you to share certain articles on the Service with friends/colleagues via various social networks.

    C1, C2, __RequestVerificationToken*

    These cookies are essential for the operation of our Service and are used to verify a visitor’s identity in order to prevent fraud.

    SessionSettings

    This cookie stores user preferences & configuration information for the Credit Karma website. The cookie will expire when the user closes their browser.

    bt3, btv3, btpdb, btps

    Third-party cookies used to collect information about how visitors use our Service. They collect information in an anonymous form for the purposes of marketing.

    Facebook Pixel
    Pixel ID: 574412322762120
    PageView

    The pixel is used for targeting Facebook users who have visited the Service with Facebook Advertising. A tracking pixel delivers information to a server, and a cookie stores information in a user's browser so that server can read it again later. A third party can't simply track someone around the web, the browser needs to contact their server to initiate the interaction. The tracking pixel serves the purpose.

    ABTasty, ABTastyNPS, ABTastySession

    These cookies are used to track multivariant tests on the Service. They collect information in an anonymous form for the purposes of improving the Service and serving personalised content. They also enable mouse movement tracking across our websites to allow us to optimise conversion rates and to troubleshoot problems. The NPS cookie allows us to surface a net promoter score survey to users at any point on our websites.

    cc_cookie_decline

    This is used to indicate users who have declined acceptance of cookies on our website.

    cc_cookie_accept

    This is used to indicate users who have accepted the use of cookies on the website.

    rUsername

    This is created when a user indicates that they wish their username to be remembered on the log in page.

    CustomerId ResultModelTempData + number (for example ResultModelTempData1)

    This is created as part of the signup process.

    _gcl_aw and _gcl_dc

    These cookies track the success of our Google ad campaigns and enable us to make sure we do not continue to target these campaigns at existing customers.

    MintAV

    This pixel helps us measure the impact of our television advertising by monitoring any uptick in member registrations or engagement activities following a television advertisement. This data is used in non-identifiable and/or aggregated form to show incremental change. As an example, data from these pixels might show that, within a specified time period following a television advertisement, member engagement increased 20% or that 100 extra people registered for our service above the normal baseline.

    TV Squared

    This pixel helps us measure the impact of our television advertising by monitoring any uptick in member registrations or engagement activities following a television advertisement. This data is used in non-identifiable and/or aggregated form to show incremental change. As an example, data from these pixels might show that, within a specified time period following a television advertisement, member engagement increased 20% or that 100 extra people registered for our service above the normal baseline. It is used as a secondary validation tool for the MintAV tool.

    You can block cookies using your browser settings that allow you to refuse all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access parts of our Service or use some of its features. For more information about this, and about cookies in general, you may wish to visit www.allaboutcookies.org.