Consumer Data and Credit Checks Notice

Consumer Data and Credit Checks Notice

This notice explains how MVSI may collect, use, share, and retain personal data in connection with consumer data checks, credit reference checks, identity verification, fraud prevention, affordability assessment, compliance, due diligence, and related risk management activities.

This notice should be read together with our main Privacy Policy.

1. When this notice applies

This notice applies where, in connection with a product, service, onboarding process, verification activity, compliance review, fraud-prevention check, affordability assessment, due diligence process, or other risk review, we obtain or use personal data from credit reference agencies, identity verification providers, fraud prevention providers, or other third-party data providers.

It does not necessarily apply to every visitor to our website or every user of our services. It applies where these checks are relevant to the services we provide or the checks we are required to carry out.

2. The personal data we may collect

Depending on the circumstances, the personal data we obtain, use, or receive in connection with these checks may include:

• identity and contact information
• date of birth and other identifiers
• address history
• information used to verify identity
• credit commitments
• payment history
• financial standing
• affordability indicators
• fraud indicators
• sanctions, politically exposed person, or other compliance screening results where relevant
• public record information
• information provided to us by you, your employer, client, intermediary, or another organization involved in the relevant service or transaction

3. Where we get this information from

We may collect personal data about you from a range of sources, depending on the nature of the service, the checks being carried out, and our legal or regulatory obligations.

These sources may include:

• you directly
• employers, clients, customers, intermediaries, or other organizations connected with the relevant service, application, or transaction
• referees, where relevant and permitted by law
• publicly available sources, such as professional networking sites, business websites, and public records
• credit reference agencies
• identity verification providers
• fraud prevention providers
• compliance and screening providers
• other third-party service providers and data suppliers that support onboarding, verification, fraud prevention, risk management, due diligence, and compliance processes

4. How we use this information

We may use this information to:

• verify identity
• assess creditworthiness or affordability where relevant
• prevent, detect, and investigate fraud
• support anti-money laundering, sanctions, counter-terrorist financing, tax evasion prevention, and other compliance checks where relevant
• assess risk
• support onboarding, due diligence, and decision-support processes
• meet legal, regulatory, audit, and reporting obligations
• protect our business, our clients, our services, and third-party data sources

5. Our lawful basis for processing

Depending on the circumstances, we may process personal data covered by this notice because:

• the processing is necessary for the performance of a contract or in order to take steps at your request before entering into a contract
• the processing is necessary for compliance with a legal obligation
• the processing is necessary for our legitimate interests or those of a third party, where those interests are not overridden by your interests, rights, or freedoms
• in limited cases, the processing is based on your consent where consent is the appropriate lawful basis

Where we rely on legitimate interests, those interests may include operating our business, providing and improving our services, fulfilling contractual obligations, ensuring system and data security, preventing fraud, supporting audit and compliance activities, verifying identity, assessing creditworthiness or affordability where relevant, and protecting third-party data, including data obtained from credit reference agencies and other data providers. We consider and balance these interests against the rights and freedoms of individuals and apply appropriate safeguards to protect personal data.

6. Credit reference agencies and third-party providers

Where relevant to the service or checks being carried out, we may obtain information about you from credit reference agencies and other third-party data providers.

This may include information used to help verify identity, assess risk, prevent fraud, support compliance activity, assess affordability where relevant, and meet legal or regulatory obligations.

The providers we use may vary depending on the product, service, jurisdiction, region, and the nature of the checks being carried out. These include, but are not limited to Creditsafe, TransUnion, Creditorwatch, and Equifax and we may use other credit reference agencies, identity verification providers, fraud prevention providers, or compliance data providers where appropriate.

Where relevant, this information may be obtained via Creditsafe Business Solutions Limited, which uses its data partner TransUnion International UK Limited to supply consumer credit and identity data.

• Creditsafe Business Solutions Limited is authorized and regulated by the Financial Conduct Authority
  FCA Firm Reference Number: 742313
• TransUnion International UK Limited is authorized and regulated by the Financial Conduct Authority.
  FCA Firm Reference Number: 805757

Further information about how Creditsafe and TransUnion process personal data can be found in their respective notices:

• Creditsafe Customer / Supplier Transparency Notice
• TransUnion Credit Reference Agency Information Notice (CRAIN)
• TransUnion Bureau Privacy Notice

7. Who we may share this information with

We may share personal data covered by this notice, where relevant and lawful, with:

• service providers that support verification, identity checks, fraud prevention, compliance, onboarding, due diligence, and risk management
• credit reference agencies and related data providers
• professional advisors, auditors, and insurers
• regulators, law enforcement, courts, government authorities, and supervisory authorities where required or permitted by law
• clients, customers, intermediaries, or counterparties where relevant to the service being provided and where lawful to do so
• other members of our corporate group where necessary for internal administration, governance, compliance, reporting, or service delivery

8. How long we keep this information

We keep personal data only for as long as necessary for the purposes for which it was collected and used, including to provide services, manage relationships, carry out verification and compliance activity, respond to complaints, resolve disputes, meet legal and regulatory obligations, and protect our legal rights.

The retention period will depend on the type of personal data, the reason we collected it, the service involved, and any legal, regulatory, audit, or reporting requirements that apply.

Personal data used for credit reference, identity verification, fraud prevention, affordability checks, or related risk and compliance activities is retained only for as long as necessary for those purposes and any related legal, regulatory, audit, or compliance requirements, after which it is securely deleted, anonymized, or otherwise disposed of in accordance with our retention and security procedures.

9. Automated decision-making and profiling

We may use automated systems, tools, or profiling techniques to support certain verification, risk assessment, fraud prevention, screening, record matching, or compliance processes covered by this notice.

These tools may analyze personal data using predefined rules, models, or criteria in order to generate indicators, flags, scores, matches, or recommendations that help inform our internal processes. However, we do not make decisions that have a legal or similarly significant effect on individuals based solely on automated processing in connection with these activities.

Where these tools are used, any final decision that may significantly affect an individual is subject to meaningful human review. The use of these tools may affect the speed, order, or level of review applied to an application, request, or assessment, but individuals will not be subject to automatic rejection or other adverse decisions without human involvement.

If you would like more information about how these processes apply to you, please contact us using the details set out below.

10. Your rights

Depending on the circumstances and applicable law, you may have rights to:

• access your personal data
• request correction of inaccurate or incomplete data
• request erasure of personal data
• request restriction of processing
• object to processing
• request portability of personal data
• withdraw consent, where processing is based on consent
• request information about relevant automated processing, where applicable

To exercise your rights, please contact us using the details below.

11. Complaints

If you are dissatisfied with how we collect, use, or protect your personal data, you have the right to lodge a complaint with a relevant data protection, privacy, or supervisory authority in the jurisdiction where you live, work, or where the relevant conduct took place. For example, this may include the Information Commissioner’s Office (ICO) in the United Kingdom, the Office of the Australian Information Commissioner (OAIC) in Australia, or another relevant authority.

12. Contact us and Data Protection Officer

If you have any questions about this Privacy Policy, our use of your personal data, or your data protection rights, you may contact us at DPO@mvsi.com.

Our Data Protection Officer is:
Daniel Sheahan
Email: DPO@mvsi.com

‍