Privacy Policy

General information and contact details

SCS Digital, Inc. ("SCS", "we", "us" or "our") takes the protection and security of your personal data very seriously. This privacy notice sets out the data we collect and process about you through our products and services, the purposes of the data processing, and how you can exercise your privacy rights under GDPR and other applicable laws.

 

You may be reading this notice because of a link provided by an organization you are engaging (our customer), or you simply want more information on data processing in relation to our products and services.

 

Our customer and data supplier (the lender, bank, fintech, or other institution you have engaged with) will have a lawful reason for collecting and processing your data and may have a separate relationship with you. It is separately required to provide you with information (for example through their own privacy notice) about how it collects and processes your data.

 

We have offices in several locations, and our registered office address is at:

 

SCS Digital, Inc.

200 East Grayson Street

Suite 210

San Antonio, Texas 78215

 

If you have any questions about how we use your data, please contact our Data Protection Officer by email at privacy@securecreditsystems.com.

 

We review this privacy notice on an annual basis, or sooner if changes to regulation require it or we change the way we process personal data.

 

This privacy notice was last updated on 21 September 2021.

 

What do we do?

SCS provides products and services to introduce customers to financial and other organizations and help those organizations produce real-time credit decisions. We use mobile and web device metadata along with other data that you decide to share to produce an alternative credit score via proprietary technology. This includes highly sophisticated algorithms and predictive analytics applied to the data accessed via our mobile applications. We provide this alternative credit score only in relation to the service that you are applying for at the organization of your choice (our customer). We do NOT share your alternative credit score with anyone else. For example:

  1. You want to receive a credit and/or other financial service from an organization of your choice (our customer).

  2. To provide you with that service, the organization needs to assess your creditworthiness.

  3. At our customer’s request SCS collects specific metadata from your mobile device (via our products and services) and processes this data with our proprietary technology.

  4. Your data may be collected in two ways:

    1. When you download our application; or

    2. When you use the mobile application of the organization that has embedded SCS’s mobile technology.

  5. We pass your alternative credit score (but in no event your personal data) to the organization you selected(our customer).

  6. The Organization you selected (our customer) then decides how it will respond to you, e.g. provide you a specific financial service (loan, credit card etc.), decline your request etc.

  7. SCS does not have visibility on, nor can we influence how the Organization responds to you.

More examples are included below describing why we collect your personal data.

 

What data do we collect and why?

It’s simple. We only collect what you explicitly give us permission to collect.  You are in control.  Unlike other companies, we do NOT collect data that directly identifies you, i.e. your name, phone number or email address unless you choose to provide that information. While collecting your data to calculate your alternative credit score, we use metadata and the other data you provide to calculate a segmented risk profile, generate aggregated statistical information, and to improve and administer our current products and create new products. To protect your identity, unless you choose otherwise, we also remove all personal identifiers (if any) from the data we collect or aggregate and, in doing so, pseudonymise the information we collect. Any information we produce based on collected data cannot be reverse engineered to reproduce the original information collected. The processing of the information is done on SCS’s secure servers and those of its service providers.

 

SCS’s technology may access some or all of the following (or similar) data on your mobile and/or web device (your digital footprint):

  • History of SMS messages, contacts, calendars, list and storage of applications, and registered accounts which might include social accounts, and installed applications;

 

While we cannot list out each and every type of data that we collect, we give you a general understanding of what types of data we collect and examples to help you see what we mean:

  • Our mobile technology may count the number of calendar events scheduled and their time stamps. Only this aggregate information is sent to our servers, NOT the details of your calendar entries.

  • Our mobile technology may scan and process your phone contacts, the names and contact details are NOT sent to our servers.

  • Our mobile technology may scan and process information about the list of applications installed on your mobile device, but we will only collect data relating to the frequency of use of such applications but NOT the activities you engage on any such application or any of your data in those applications.

  • Our mobile technology may count the number of registered accounts, including your social accounts. However, we will NOT access your social media profiles and we will NOT analyze the information in the apps connected with them.

The digital footprint on your device will be accessed only when you request it, NOT persistently or when you do not give consent. The information we collect is similar to the types of information captured by common web analytics tools.

 

Our legal basis for processing data

We collect your data only after you have given consent either directly to us or via the organization you are interacting with. We will NOT and cannot extract your data without your consent.

 

We do NOT request your data from our customers (organizations that you have engaged with) without your consent and do NOT collect or process it without your consent. We or the organization that you have engaged with will also ask you to click on a button that says “proceed with credit analysis”, or similar, before commencing a credit scoring assessment on your mobile phone.

 

You can be assured that we protect the information we collect. By using our products or services, you agree to the collection, use, and sharing of your data in accordance with this privacy notice. You may change and revoke your ‘access to data’ permissions at any time by using your phone/device settings.

 

How do we use your data?

We use your data to assess your creditworthiness for a service of your choice (loan, credit card etc.) with the organization of your choice (our customer). The organization may use SCS’s assessment as part of their decision making process whether or not to grant you a loan or other financial service.

We also use your data to: -

  • obtain an assessment of your creditworthiness including but not limited to an assessment of the probability of default of your obligations in the framework of contracts for the provision of financial services;

  • assess your interest in receiving financial services through algorithms and mathematical modelling.

 

Who will we share your data?

As explained above under "What do we do", the data collected by our technology is NOT directly sent to the organization of your choice (our customer). The organization receives some limited pseudonymized information about you including the result of your credit scoring assessment.

 

Put another way, we share the result of your credit assessment with the organization you are applying for a financial service, not the underlying data. The result of your credit assessment that we share, depends solely on your consent to disclose your information in order to get the services you have requested. We also share your willingness to communicate directly with the organization, if requested by the organization. We do NOT share the raw data collected from you with any person, including the organization.

 

We may also share your data in the following ways: when required by competent authority or when necessary to comply with a valid legal process; when required to protect and defend the rights or property of SCS, including the security of our products and services; when necessary to protect the personal safety, property or other rights of the public, SCS or its customers or employees; or in connection with a sale of all or part of our business. If we are involved in a merger, acquisition or asset sale, we will abide by this privacy notice, and any affected users will be informed if we transfer any personal data to a third party or if personal data becomes subject to a different privacy notice as a result.

 

Transfers outside of the European Economic Area (EEA)/UK

Your data may be transferred to, and processed in, countries other than the country in which you are resident.  These countries may have data protection laws that are different to the laws of your country.

 

Our group companies, data suppliers, customers and third-party service providers operate around the world.  This means that when we collect your data we may process it in any of these countries.

 

However, we have taken appropriate safeguards to require that your data will remain protected in accordance with this privacy notice.

 

How long do we retain your data in our Products and Services?

We retain the data we collect from you for the length of time necessary to fulfill the specific purpose or purposes for which it has been collected (for example, to provide our customers with a service you have requested or for our customers to comply with applicable legal requirements, such as anti-money laundering laws). We may also keep it to comply with our legal obligations, resolve any disputes and enforce our rights.

 

Once the respective purpose ceases to apply, we will either delete or anonymize the personal data or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your data and isolate it from any further processing until deletion is possible.

 

To implement and improve the functionality of SCS’s technology and to update the credit scorecards developed for our clients, we will keep your data for up to 3 (three) years unless you or our customer requests us to delete your data at an earlier date.

 

If you have questions about or need further information concerning how long we keep your data, please contact us using the contact details provided below.

 

Your rights under the GDPR

Due to how SCS processes data, your personal data is pseudonymized, therefore we are unable to fulfill your rights directly as it is not possible for SCS to identify you as an individual.  

 

To exercise any of the right outlined below, please consult with the organization you have been interacting with.  They will then be able to provide SCS with information to assist in exercising your rights.  

As an individual, you have rights under the GDPR regarding the use of your data, these are:

  • The right to withdraw consent – you can withdraw consent at any time.  

  • The right to erasure – you can request that SCS remove your data from our systems.

  • The right to restrict processing – you can request that SCS only process your data for the purposes you specify.

  • The right to data portability – you can request that the data you have provided to SCS be ported to another organization.

  • The right to access your data – You have a right to know what data SCS holds on you and for what purpose we are processing your data. This is known as a Subject Access Request (SAR).

  • The right to rectification – you have the right to ask us to rectify any information you believe is inaccurate. You also have the right to ask us to complete information you think is incomplete.

  • The right to object to processing – you have the right to object to processing if we are able to process your information because the processing is in our legitimate interests.

You are not required to pay any charge for exercising your rights. We have one calendar month to respond to you. If SCS is unable to comply with your request, we will provide you with an explanation.

How to contact us if you're not happy

We appreciate that SCS may not always get things right and it is regrettable for us as an organization when we receive a complaint. We take all complaints seriously and can assure you we will do our best to deliver a satisfactory outcome. If you do wish to complain about how your personal data is used by SCS then please write to us at: privacy@securecreditsystems.com.  

 

You may also contact us by mail at:

SCS Digital, Inc.

200 East Grayson Street

Suite 210

San Antonio, Texas 78215

 

SCS will investigate your complaint and aim to respond within 10 working days after receipt. This allows us time to investigate your complaint thoroughly.  

 

Your right to lodge a complaint with the Supervisory Authority

Where you believe that SCS has not taken its responsibilities with your data seriously, you have the right to complain to a relevant Data Protection Authority or regulator who governs GDPR.  Click here for more information.