Privacy Policy

1. Introduction

EveryData Group and its affiliates (“EveryData”, “we”, “us”, or “our”) provide credit bureau, ID verification and data analytics services. We are committed to protecting the privacy of our data subjects across all jurisdictions in which we operate. This policy outlines how we collect, use, and protect your personal data in compliance with:

  • Jamaica: Data Protection Act, 2020.
  • Barbados: Data Protection Act, 2019.
  • Guyana: Data Protection Act, 2023.
  • Eastern Caribbean: Relevant Data Protection Acts (e.g., Antigua & Barbuda, St. Kitts & Nevis).
  • United Kingdom (UK) & European Union (EU): UK General Data Protection Regulation (UK GDPR) and EU General Data Protection Regulation (EU GDPR).
  • United States (US): The California Consumer Privacy Act (CCPA) and the amended California Privacy Rights Act (CPRA).

 

2. Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of information:

  • Identifiers: Name, alias, address, email, phone number, Passport/Driver’s License, and Social Security/Tax ID numbers.
  • Sensitive Personal Information (SPI): Government-issued identifiers and biometric data used for identity verification.
  • Financial & Credit Information: Loan acccout numbers, credit history, payment behavior, and loan balances.
  • Commercial Information: Records of products or services purchased or considered.
  • Internet Activity: Browsing history, search history, and interactions with our website.

 

3. Lawful Bases for Processing

We only process your data where we have a lawful basis to do so:

  • Legal Obligation: To fulfill our statutory duties as a licensed credit bureau.
  • Contractual Necessity: To provide the products or services you have requested (e.g., your credit report).
  • Consent: For elective activities such as direct marketing or specific data sharing.
  • Legitimate Interests: For fraud prevention, network security, and internal analytics (where not overridden by your privacy rights).
  • Regulatory Compliance: Fulfilling statutory credit bureau duties under local Credit Reporting Acts.
  • Service Fulfillment: Providing credit reports and scores to you or authorized third parties.
  • Security & Fraud Prevention: Detecting security incidents and protecting against fraudulent activity (including the use of biometric "liveness" checks).
  • Technical Maintenance: Debugging and repairing errors in our platform functionality.

 

4. How We Share Your Information

EveryData does not sell your personal information to third parties for monetary compensation. We do not share your information with third parties for targeted advertising purposes. We may share your data with the following under strict data processing agreements or legal requirements.

  • Credit Information Providers: Financial institutions and service providers in accordance with Credit Reporting legislation.
  • Sub-processors: Cloud hosting providers (e.g., AWS, Azure) and IT contractors who are bound by strict non-disclosure agreements.
  • Regulatory & Law Enforcement Authorities: When required by law to prevent fraud, money laundering, or to comply with a court order.
  • Cross-Border Transfers: Your data may be transferred across our regional offices. We ensure these transfers are protected by Standard Contractual Clauses (SCCs) or other adequacy mechanisms required by the UK/EU GDPR and local laws.

 

5. Your Data Protection Rights

Regardless of your location, you have the following rights:

  • Right to Know/Access: Request details about the specific pieces of data we collected and the categories of sources from which it was collected.
  • Right to Rectification/Correction: Demand the correction of inaccurate credit or identity information.
  • Right to Deletion: Request that we delete personal information, subject to legal exceptions (e.g., credit data that must be retained for 7 years by law).
  • Right to Opt-Out of Sale/Sharing: As we do not sell or share data for advertising, this is maintained by default.
  • Right to Limit Use of Sensitive Personal Information: You may limit our use of SPI to only what is necessary to perform services (e.g., identity verification).
  • Right to Non-Discrimination: We will not deny services or change prices because you exercised your privacy rights.

 

6. International Data Transfers

EveryData operates regionally. Data may be transferred between the Caribbean, the UK, and the US.

  • Safeguards: We utilize Standard Contractual Clauses (SCCs) for UK/EU transfers and comply with the EU-U.S. Data Privacy Framework where applicable. We ensure all regional transfers meet the "adequacy" requirements of the relevant Data Protection Act.

 

7. Data Security (TOMs)

We implement industry-standard Technical and Organizational Measures (TOMs), including AES-256 encryption, Multi-Factor Authentication (MFA), and regular security audits.

  • Encryption: AES-256 for data at rest; TLS 1.2+ for data in transit.
  • Access Control: Strict Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA).
  • Audit: Third-party security audits.

 

8. Retention

Data is retained only for as long as necessary to fulfill the purposes outlined or as required by financial regulations (typically 7 years). Biometric data used for verification is deleted immediately following the verification session.

 

9. Use of Cookies

Our website uses functional and analytical cookies to improve user experience. You can manage your cookie preferences through your browser settings, though this may impact site functionality.

 

10. Contact Information

For any privacy-related inquiries or to exercise your rights, please contact our Global Data Protection Officer:

Email: privacy@everydata.com

Background-Pattern-1-1.webp
icoRing

Let's Talk About Your Business Goals!

Get in touch with us

Talk directly to our experts

Book a meeting at your convenience

 

 

BOOK NOW