Under UK GDPR, every use of personal data must have a lawful basis. Credicorp does not rely on a single basis for everything; instead we match the basis to the purpose. Knowing which basis applies also affects which rights are available to you.
The bases we rely on
- Contract where processing is needed to set up or run a facility for your company, such as administering Credicorp Flex or Credicorp Slice.
- Legal obligation where law requires it, for example anti-money-laundering and identity checks, and record keeping.
- Legitimate interests where we have a genuine business reason that does not override your rights, such as preventing fraud, securing our systems and managing the relationship.
- Consent for specific things you opt into, such as certain marketing or open banking access, which you can withdraw at any time.
Why the basis matters
Some rights, such as the right to erasure or to object, depend on the basis being used. For example, data we hold to meet a legal obligation usually cannot be deleted on request until the retention period ends.
Find out more
Our privacy notice sets out, purpose by purpose, which lawful basis applies. If you want to understand the basis behind a particular use, our data protection team can explain it.
See also: What happens if there is a data breach?, Who is the data controller for my information?, How do I complain about how you handled my data?.