Close this window   
We use a minimal number of cookies to enhance your browsing experience - you can change your settings at any time.
0800 086 9383  |  Privacy & Cookies  |  News  |  Login  |  Sign up  |  Help 

Privacy Policy

We treat the privacy of our customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This Privacy Policy explains how we protect and manage any Personal Data that you share with us and that we hold about you, including how we collect, process protect and share that data.

Who we are

We are Credit Reporting Agency Limited of Trevithick House, Trevissome Park, Truro, Cornwall, TR4 8UN.

Some of our Key Promises

  1. We will never sell your personal details or your email address to anyone for marketing purposes.
  2. We will never disclose your personal details to anyone unless we have your permission to do so, or if we are compelled to do so by Court Order, or if we are required to do so because of an investigation of suspected fraudulent use of your personal data by the Police, by HM Revenue & Customs, or by members of fraud prevention agencies.
  3. You may opt out or opt back in to receive our marketing emails at any time. Every marketing email we send contains a simple one-click ability to opt out.

How We Obtain Your Personal Data

Information Provided by You

You provide us with Personal Data when you register to use our services on our website. This includes your name, current and previous addresses, date of birth, email address, payment/card details and your password. We use this information in order to manage, provide and administer our post scanning services to you.

By the nature of our services, you arrange for your post to be forwarded to us and we scan and store this for your personal use.

We may also keep information contained in any correspondence you may have with us by post or email. We may also record telephone calls, but only if we tell you at the start of the call and not otherwise. If we do not record a telephone conversation with you, we may keep brief details of the contents of your call on our files.

Each time you visit our website we obtain information about the device you use to access our services, your location and your IP address.

Information We Get from Other Sources

When you register to use our services, you agree to our Terms and Conditions. In agreeing to our Terms and Conditions, you agree to appoint us (Credit Reporting Agency Limited) as your attorney for the specific purposes of receiving and handling post, opening letters, storing the contents electronically, shredding post one month after receipt and, at your request, forwarding post either to you or to a third party.

Legitimate Interest

We have a legitimate interest to process your Personal Data as when you sign up to use our services you appoint us as your attorney for the specific purposes of receiving and scanning your post, as more particularly described above and in our terms and conditions and as part of our business, and the processing of the data that results from this is necessary to enable us to provide our services to you.

How We Use Your Personal Information

Your Personal Data is used to administer and manage your account with us. Your IP address, details of the device you use and your location are used to help identify you, to prevent fraudulent use of our services, to diagnose problems with our servers, and to administer our website.

We do not share your Personal Data with any third party, other than for necessary purposes and for the purposes of fraud prevention and enforcement. We also need to give your email address to trusted service providers to enable us to email you, or to confirm the deliverability of your email address from time to time. We stress that we will never sell your Personal Data, or your email address to anyone for marketing purposes, at any time, nor allow any third party to use your email address for any other purpose.

To help prevent abuse of our services and fraud, we share information about you and the use of our services (but not the items we have scanned for you) with trusted service providers and fraud prevention agencies strictly to enable them and us to detect, prevent and otherwise address unlawful or suspected fraudulent internet activity on our own websites and on websites owned and operated by others. We have security measures in place to take reasonable precautions to protect the loss, misuse and alteration of the information under our control. These include the issue and use of passwords, powerful encryption and computer firewalls to guard against hacking. No data transmission over the internet can be entirely secure, so we cannot guarantee the security of your Personal Data when in transit between you and us. From time to time we may have to suspend services whilst we investigate any attempted breach of security. You are obligated, under the Terms and Conditions you agree to abide by when you use our services, to report any suspected breach to us immediately. We also take reasonable security measures to protect your Personal Data in storage.

Your Payment/Card details are used to enable us to manage your subscription with us. We act as controller and data processor in regard to the processing of your subscriptions either by continuous credit card authority, by PayPal or by Direct Debit.

We undertake at all times to protect your Personal Data in accordance with our terms and conditions and in a manner that is consistent with the requirements of the General Data Protection Regulation (GDPR) concerning data protection.

Do We Use Your Personal Data for Marketing Purposes?

Any information that you choose to give us will not be used for marketing purposes by any third party. Only if you consent to us doing so when you register to use our services, at our discretion we may send you occasional email messages whether you are a current subscriber to our services or not. If you wish to opt out of receiving such messages from us you, you can do so at any time by clicking on the appropriate link at the foot of each email.

Authentication – Endeavouring to Ensure that We Only Provide Your Personal Data to You

As part of regulatory requirements defined by HM Customs & Revenue to help prevent money laundering and terrorist financing, and also to authenticate your identity, we will ask you to produce a defined set of identity documents. These are scanned and stored and used for the processing of the authentication, for monitoring purposes and for fraud prevention.

From time to time we may need to authenticate you more carefully. The reasons are always to try to ensure that we are protecting the privacy of your information, or to discharge our duties under anti money laundering and anti-terrorist financing regulations. The information we require will vary depending on the depth of our investigation. For example, we may ask you to provide any or all of original bank statements, credit card statements and utility bills, addressed to you at your current and previous addresses, and on occasion, government issued identification such as copy passport details or a copy of your driving licence. The documents you provide is scanned to your account at no cost, all your data is kept confidential whilst being processed, and any original documents are returned to you after being used by us to authenticate you.

Postcode Based and Other Aggregated Information

Demographic and profile data is also collected at our website. This information is not held on an individual basis. We use this data to tailor your experience at our site, showing content that we think you might be interested in, and displaying the content according to your preferences. We do not pass your personal information to any third party except when under compulsion of law or with your consent to do so.

Links to Other Websites

Our website contains links to other websites. Credit Reporting Agency Limited is not responsible for the privacy practices or the content of such websites.

Sharing Information

We will keep information about you confidential. We will only disclose your information with other third parties as explained in this Privacy Policy, or with your authority or your express consent, with the exception of the following:

Categories of Third Parties

  • Regulatory authorities to comply with any legal and regulatory issues and disclosures;
  • Fraud prevention agencies for the purposes of investigating suspected fraud and fraud prevention;
  • Email or mail service providers who provide a fulfilment service for us, on the understanding that they will keep information confidential;
  • Anyone to whom we may transfer our rights and duties under any agreement we may have with you; and
  • Legal or crime prevention agencies and/or to satisfy any regulatory request if we are under a legal duty to do so

Transfer of your personal Data outside of the European Economic Area (EEAA)

We do not currently transfer your Personal Data outside the EEA, other than for fraud prevention checks where the receiver has agreed to provide the same or similar protection as we do, and that they will only use your Personal Data in accordance with our instructions. If in the future we transfer your Personal Data outside of the EEA for reasons other than fraud prevention checks, then, in accordance with the terms of this Privacy Policy, we will make sure that the receiver agrees to provide the same or similar protection as we do and that they only use your Personal Data in accordance with our instructions.

How long do you keep information about you?

We keep information in line with our data retention policy. The retention periods are in line with the length of time we need to keep your Personal Data in order to manage and administer our services to you and also in order to discharge our duties under anti money laundering and anti-terrorist financing regulations. The retention periods vary to take into account our need to meet any legal, statutory and regulatory obligations and can vary for individual customers and for different reasons. In general, we do not keep information for longer than we deem necessary. In the absence of any compelling reason not to do so, your Personal Data will be removed from our databases within six years after the date of closure of your account with us. In all cases our need to use your Personal Data is reassessed on a regular basis and information that is no longer required is disposed of.

What happens if Credit Reporting Agency Limited changes hands?

We may, from time to time, expand or reduce our business activities and this may involve the sale and/or the transfer of control of all or part of our business. Any Personal Data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by us. In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will not, however, be given the choice to have your data deleted or withheld from the new owner or controller.

Data Subject Rights

Subject Access Requests

The General Data Protection Regulation (GDPR) grants you the right to access particular Personal Data that we hold about you. This is referred to as a Subject Access Request. We shall respond promptly to any Subject Access Request received, and always within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the Personal Data that we hold about you, including the following:

  • Sources from which we acquired the information;
  • The purposes for processing the information, and
  • Persons or entities with whom we are sharing the information.

If you wish to exercise your Subject Access Rights, please email our Data Protection Officer, whose details are given at the foot of this Privacy Policy.

Right to rectification

You have the right to obtain from us, without undue delay, the rectification of inaccurate data we hold concerning you. Taking into account the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.

Right to erasure

Under the General Data Protection Regulation (GDPR), you have the right to erasure of Personal Data concerning you without delay. To invoke your right please log in and send an email to our Data Protection Officer and ask him to erase your Personal Data. In response, in most cases you are likely to be advised that your right to erasure cannot apply for at least six years because there continues to be an overriding legitimate ground for your data to be maintained by us for the purposes of anti-money laundering and anti-terrorist financing, which is in the public interest.

If you have any history of a dispute with us on any matter, including any payment dispute, we will routinely refuse to erase your data on the basis that it is required by us for the establishment, exercise or defence of legal claims.

Right to restriction of processing

Subject to certain exemptions, you have the right to obtain from us restriction of processing where one of the following applies:

  • The accuracy of the Personal Data is contested by you and is restricted until the accuracy of the data has been verified;
  • The processing is unlawful and you oppose the erasure of the Personal Data and instead request the restriction in its use;
  • We no longer need the Personal Data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims;
  • You have objected to processing of your Personal Data pending he verification of whether there are legitimate grounds for us to override these objections.

Notification obligation regarding rectification or erasure of Personal Data or restriction on processing

We shall communicate any rectification or erasure of Personal Data or restriction of processing as described above to each recipient to whom the Personal Data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.

Right to data portability

You have the right to receive your Personal Data which you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller without hindrance from us. We may charge you an appropriate fee if you invoke this right.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of Personal Data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the Personal Data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you, or the establishment, exercise or defence of legal claims.

Right to not be subject to decisions based solely on automated processing

Other than our online authentication process, which is an essential part of our fraud prevention procedures, we do not carry out any automated processing which may lead to an automated decision based on your Personal Data.

Invoking your rights

If you would like to invoke any of the above Data Subject Rights with us, please email our Data Protection Officer at the address given below.

Accuracy of information

In order to provide the highest level of customer service possible, we need to keep accurate Personal Data about you. We take reasonable steps to ensure the accuracy of any Personal Data or sensitive information we obtain. We ensure that the source of any Personal Data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information such as name or address changes, and you can help us by informing us of these changes when they occur.

Policy changes

This Privacy Policy is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right, at all times, to update, modify or amend this Policy. We suggest that you review this Privacy Policy from time to time to ensure you are aware of any changes we may have made. We will not significantly change how we use information that you have already given to us without either your prior agreement or as otherwise permitted under the General Data Protection Regulation (GDPR).

If you have a complaint

Our general Complaints Policy can be found at the foot of our Terms and Conditions but if you have a complaint which specifically relates to the use of your Personal Data or sensitive information then please write to the Data Protection Officer, using the contact details found at the end of this Privacy Policy.

If your complaint is not resolved to your satisfaction and if you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under the General Data Protection Regulation (GDPR) have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and to exercise your right to seek compensation.

Opting out of marketing communications

You have the following options if you do not wish to receive future marketing communications from us. Please note that we may still be required to notify you from time to time of any significant changes to our terms and conditions, even after you express a preference not to receive marketing communications.

Correct/Update

To change and/or modify information previously provided, please email admin@scanmypost.co.uk

Information About Cookies

A cookie is a small text file stored on your browser, for example Internet Explorer or Chrome.

We use a minimal number of cookies to support your use of our website. We classify these as being Strictly Necessary, Performance, Referral or Advertising cookies. More information is available below - you can change your settings by using the switch at the top of each section.

Strictly Necessary Cookie Examples

These cookies are always set by us, and never by third parties and are used to facilitate your navigation of the site, and provide features or functionality that you request which are provided by us.

Cookie Name
Provider
Purpose
ASP.NET_SessionId
ScanMyPost
Used to manage your session on the site - enabling you to navigate pages and access secure areas. No personal information is stored in this cookie which is automatically destroyed when you log out and close your browser.
CookiePreference
ScanMyPost
Required to remember any cookie preferences you set with us, namely your preferences for blocking or showing Performance cookies.

Performance Cookie Examples

Set by us, or our trusted suppliers these cookies enable us to identify and resolve issues with our website, and to manage the amount of data that is required to view each page, thereby improving the performance of the website for all users.

Cookie Name
Provider
Purpose
__utma
Google
Used by Google to provide data for their Google Analytics service which provides us with detailed information about how our website is performing, which areas have issues and which are the most popular sections of the site that we would then seek to optimise. The data collected through this service is anonymous - we only permit access to our Google Analytics information to ourselves and to no other third party.
  
View the Google Privacy & Cookies Policy.

Important information

Questions and queries

If you have any questions or queries which are not answered by this Privacy Policy, or have any potential concerns about how we may use the Personal Data we hold, please write to:

Ian Carpenter
Data Protection Officer
Credit Reporting Agency Limited
Trevithick House
Trevissome Park
Truro
Cornwall
TR4 8UN

Or email ian.carpenter@scanmypost.co.uk



Last updated: 24 May 2018

Terms & Conditions  |  Privacy & Security  |   About Us  |  FAQ  |  0800 086 9383  |  help@scanmypost.co.uk
© Credit Reporting Agency Ltd 2009-2018. All Rights Reserved.

Authorised and regulated by the Financial Conduct Authority

VISA | Mastercard