In the course of its business activities, FICO collects, processes, stores, and discloses personally identifiable information ("personal data" or "personal information") about individuals who register to use one of FICO's websites or become a FICO customer. FICO also processes personal data in its capacity as a service provider for other companies. FICO is committed to fairly and accurately processing and protecting personal data. This Policy describes FICO's data privacy practices.
Collecting personal data at this website is necessary for performance of the services and functionalities offered on this website. In addition, FICO uses personal data to (i) register consumers with the website, (ii) provide consumers with requested information or services, and (iii) analyze and research improvements to the website, and its solutions. If a consumer declines to provide the requested personal data, FICO may not be able to process inquiries, provide access to certain functionality, or fulfill requests. When a consumer uses FICO websites or services, FICO does not permit third parties to collect personal data about those online activities over time and across different websites beyond what is necessary for the third parties to perform business activities on behalf of FICO.
Note: Websites that are owned, operated and hosted by FICO may contains links to other websites. FICO is not responsible for the privacy practices or the content of the other websites.
1. Categories of Personal Data
A. Personal Data that FICO Collects, Processes, Stores, and Discloses
FICO collects personal data for its own business purposes that may include:
- Identifiers such as a real name, alias, signature, postal address, telephone number, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver's license number, passport number, or other similar identifiers.
- Physical characteristics or description, biometric information, geolocation data, education, professional or employment-related information.
- Commercial information, including bank account number, credit card number, debit card number,records of personal property, credit data from credit bureaus,and demographic data from data brokers to build and populate FICO models that control its business software.
- Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies; Internet or other electronic network activity information, including browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement.
FICO draws inferences from any of the information identified in this section to create a profile about a consumer reflecting the consumer's preferences, characteristics, psychological trends, preferences, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. These inferences allow FICO to improve its products and services and tailor its online information for the benefit of its customers.
2. Sources of Personal Data
A. Consumer Provided Information.
FICO collects personal data from applications, questionnaires, and other forms you submit to us or our clients, such as your contact information (name, home address, email, and telephone number) and your date of birth, Social Security number, social insurance number, passport or other identification number, nationality, job title, your company's name and industry sector, your company's location (country, state and zip code). FICO also collects personal data from your transactions and interactions with us, such as your professional interests, or information you may provide via your interactions with our online forums, blogs, or participation in our online communities.
B. Credit Bureaus and Other Data Sources.
FICO collects personal data from credit bureaus if it is necessary for the delivery of the services we provide you, and we may access public sources of personal data, such as census data and real estate records, and private source of personal data such as business bureau, industry analyst, or market research data.
In addition, FICO uses web-based tools when you visit FICO websites, such as "cookies" to track your online activities, including your registration, submissions, and information requests, in accordance with applicable law. Cookies are small text files placed by a website server on your computer or other device you are using to access the website. Sometimes we collect information about the pages you have viewed, which is used to monitor and assess the website and improve its performance. Other cookies track your online activities on this website, including the IP address from which you accessed the website, and may link that information with personal data you have provided us through online registration, to help us remember your settings. We may also use your IP address to help diagnose problems with our server and to administer the website. The length of time we may keep a cookie on your device will depend on the nature of the cookie and the reason we have set it. We use "session" cookies, which expire when you close your browser and do not remain on your computer or device. We may also use "persistent" cookies, which remain on your computer or device, and which are deleted when they no longer have a business purpose.
D. Web Analytics.
3. Storage and Retention of Personal Data
Your personal information will be held only as long as you are a FICO customer, or the customer of a business for which FICO is a vendor, and thereafter only if FICO or the business has a legitimate interest in the personal data. FICO may use personal information in a depersonalized (anonymized or pseudonymised) or aggregated format for the purpose of reviewing and improving our own account acquisition and management processes, analyzing the effectiveness of our solutions, and creating, validating or updating our products and services.
4. Disclosure of Personal Data
A. Service Providers (vendors and contractors).
FICO discloses personal information to its service providers who provide technical, operational, or administrative support, but only if the personal information is reasonably necessary and proportionate to provide the services. FICO will only disclose personal information to service providers who process it pursuant to FICO's instructions and with FICO's oversight. Disclosure to service providers may occur for these purposes:
- Auditing related to a current customer interactions and concurrent transactions, including counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards.
- Maintaining and repairing FICO's digital infrastructure for efficiency and data security, including the company's computer hardware, web servers for cloud hosting its web servers; detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Undertaking activities to verify or maintain the quality or safety of FICO software or a service FICO engages in, and to improve, upgrade, or enhance the software or service; debugging to identify and repair errors that impair existing intended functionality; performing internal research for technological development and demonstration
- Maintaining and servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of FICO or its service providers.
- Processing employees' personal data for the purposes of: (i) recruitment, relocation, and performance of an Employee's contract of employment; (ii) health and safety at work; (iii) exercise and enjoyment of rights and benefits related to employment, including compensation, medical benefits stock plan services, and providing other support services; and (iv) the termination of the employment relationship.
- Performing certain corporate functions, such as legal compliance, keeping accounting and tax records, company audits, sales and distribution of FICO products and services.
B. Affiliates and Subsidiaries
FICO may disclose personal information, in electronic or other form, among FICO affiliates and subsidiaries for the purpose of implementing, administering, and managing your business relationship with FICO, provide the product or service you requested, to contact you in connection with product or service offerings, or for other legitimate business purposes.
C. Government Agencies
FICO may disclose personal information if necessary or appropriate to government agencies, advisors, and other third parties, in order to comply with applicable laws, or protect the rights or property of FICO and its affiliated companies, or its customers.
D. Third Parties
FICO will not sell consumers' personal information to third parties for their own marketing, advertising, or other purposes. FICO has not sold consumers' personal information to any third party in the preceding 12 months.
E. Corporate Acquisition
If another company acquires, or plans to acquire, our company, business, or our assets, FICO will also share information with that company, including at the negotiation stage.
5. Opting Out of Receiving Marketing and Other Financial Services Information
Receiving myFICO Emails. If you have signed up to receive myFICO emails at this website, and consented to receive information about FICO and myFICO products and other financial services information, you may receive that information via telephone, automated email messages, or direct mail. FICO may transfer to third party service providers, including business partners in joint marketing agreements, certain personal information for them to assist us in marketing FICO or myFICO products or providing other financial services information. You may update your preferences, or revoke your consent and unsubscribe at any time by clicking the unsubscribe link in the footer of all FICO email messages, or by following the unsubscribe instructions at this website.
myFICO® Forums Registrants. If you have registered as a myFICO Forums user at this website, and consented to receive information about FICO and myFICO products and other financial services content, you may receive that information via telephone, automated email messages, or direct mail. FICO may transfer to third party service providers, including business partners in joint marketing agreements, certain personal information for them to assist us in marketing FICO or myFICO products, or providing other financial services information. You may revoke your consent by clicking the unsubscribe link in the footer of all FICO email messages, or by following the instructions at https://pages.myfico.com/unsubscribe.html.
Note: myFICO does not send information about FICO and myFICO products or other financial services information to its customers unless they have (i) signed up to receive myFICO emails or (ii) registered as a myFICO Forums user, and given their consent to receive such information. The status of a myFICO customer will not be affected if the customer declines to sign up to receive myFICO emails or declines to register as a myFICO Forum user. Also, the status of a myFICO customer will not be affected if the customer signs up to receive myFICO emails or registers as a myFICO Forums user, but declines to give consent, or gives and later revokes consent, to receive myFICO emails.
FICO's email messages may contain web beacons and other features that tell us you received and were able to open the message. FICO does not honor electronic do-not-track signals sent by a consumer's browser when the consumer visits FICO's or myFICO's websites or other mechanisms that would give the consumer an ability to exercise choice regarding the collection of personal information about the consumer's online activities over time and across third party websites.
6. FICO Business Solutions That Process Personal Data
A. Business Solutions. FICO sells, licenses, hosts, and distributes software solutions, such as predictive models and analytics, which are built with depersonalized (anonymized or pseudonymised) data. FICO clients use the solutions for their business purposes. Some solutions are operational: these solutions assist a company in its resource planning, financial projections, and record-keeping, for example. Other solutions facilitate the processing of consumers' personal data. Those solutions are designed to be used for:
- new customer acquisition — to predict which consumers are likely to buy certain products or services; marketing solutions process personal data, which may include the age, gender, marital status, and buying patterns of financially and demographically similar consumers, to determine whether a company's products and services match other consumers' product preferences and their inclination and ability to purchase the products and services.
- credit and insurance eligibility — to predict which consumers and current customers are good candidates for financial, insurance, or retail services; credit risk solutions may process personal data, as permitted by law, from (i) an applicant's credit application, (ii) an applicant's past credit history (including loan, telecommunication, and rental payments), (iii) an applicant's cash flow, and (iv) social media, to assess an applicant's credit or insurance risk.
- financial fraud detection and prevention — to verify the identity of an applicant for credit, and to prevent fraudulent financial transactions; some financial fraud solutions process personal data from a consumer's application and the consumer's past credit activity to verify the identity of the consumer requesting credit; other financial fraud solutions process personal data about a current customer's past shopping and purchasing behavior, to protect the customer from unauthorized access to the customer's accounts.
- healthcare fraud detection — to identify and prevent fraudulent or improper healthcare transactions; healthcare fraud solutions process personal data about individual health care claimants from the claimant's healthcare provider's claims records and the claim records of other health care providers, to identify fraudulent behaviors by the health care claimant.
- customer management — to determine which customers would benefit from enhanced or additional services; customer management solutions may process personal data about a customer's payment history, past purchases, and customer service interactions to match customer expectations with available services.
- debt management — to determine whether debt counseling, debt settlement, debt collection, litigation, or other activity is appropriate for a credit grantor or debt buyer; debt collection solutions may process personal data from the data subject, credit bureaus, and other debt collectors, to assess the size and age of the consumer's debt, the consumer's past payment history, and the consumer's current financial situation to find an appropriate response to a consumer's credit delinquency.
B. Automated Decisions, Including Profiling. FICO predictive models can be used to make automated decisions, including profiling. In building and updating these models, FICO reviews the data sets used to address any prejudicial elements, and reviews the correlations indicated by the model to address any non-empirical or non-intuitive results. When FICO hosts the models, FICO audits the performance of its algorithms that drive these models, and regularly reviews the accuracy and relevance of the automated decision-making, including profiling, that results from the use of the models. FICO has strict procedures and measures designed to prevent errors, inaccuracies, or discrimination on the basis of special category data. The outcome of such measures is fed back into the system design.
Some FICO models utilize explainable artificial intelligence (AI) in model development and model operation. One component of AI, called machine learning, adapts through progressive learning algorithms to let the data do the programming. Machine learning finds structure and regularities in data so that the algorithms acquire the ability to classify data and predict outcomes. Machine learning algorithms are built with relevant variables called "features", and the process of extracting features is called "feature engineering". This technique of deriving features, which can be automated, is a way to inject expert knowledge into the process of building and deploying accurate machine learning models. Explainable AI inspects relationships among features that drive model outputs and the decisions based on these models. FICO observes the model output of all expert derived features, and the relationships predicted by the models, to prevent bias, ensure palatability, prevent overfitting, and avoid spurious correlation learned through historical data.
7. The General Data Protection Regulation (GDPR)
This section applies to individuals in the European Union and to individuals in other countries whose data privacy laws are similar to GDPR. In those jurisdictions, special conditions apply, and individuals have certain privacy rights:
- Special Categories of Personal Data. We will not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; and we will not process genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation, without your explicit consent, or in accordance with the law.
- Transfer of Personal Data to Another Country. If we transfer your personal data to another country for processing, we will comply with the requirements of the General Data Protection Regulation: (1) we are certified under the Privacy Shield; and (2) we use the standard data protection clauses, approved by the European Commission.
- Right of Access and Rectification. You have the right to be informed of the purpose, means, and recipients of the processing of your personal data. You may access your personal data in our possession to amend or correct any errors, and you may request the source of the personal data and the transferees of the personal data. We will attempt to notify each third party who has received the personal data of the corrected information. You may object to our processing of your personal data, but we may decline if the personal data is necessary to complete the delivery of a FICO solution you have requested, or if we have a legitimate interest in the processing.
- Right to Erasure. You have the right to have your personal data erased from our systems if it is being processed unlawfully, or is no longer necessary in relation to the purposes for which it was collected or processed. At your request, if we made your personal data public (with your consent), we will take reasonable steps to inform controllers that you requested erasure of any links to, or copy of, that information.
- Right to Data Portability. You have the right to receive back the personal data you provided us, if we processed the information by automated means. You will receive the personal data in a structured, commonly used and machine-readable format. We will assist you in the transmission of the personal data to another company if it is technically feasible.
- Right to Object to Automated Decision-Making. If your personal data is used to make a decision based solely on automated processing, including profiling, which produces legal or significant effects concerning you, you have the right to object. We reserve the right to make such decision if the use of your personal data is necessary for entering into, or performance of, a contract between us. In that event, we will protect your rights and freedoms and legitimate interests, including the right to speak to a human to express your point of view and contest our decision.
- Right to File a Complaint. You have the right to file a complaint with us and with a supervisory authority.
8. The EU-U.S. Privacy Shield Framework, including the United Kingdom, and the Swiss-US. Privacy Shield Framework
FICO's certification means FICO has committed to the principles of the Privacy Shield:
- Notice. We will notify you about the purposes for which we collect and use personal data about you. This Policy explains the types of third parties to which we disclose the personal data; the choices and means you have for limiting its use and disclosure; and how you can contact us with any inquiries or complaints.
- Choice. We will not disclose your personal data to a third party for a purpose incompatible with the purpose for which it was originally collected, or subsequently authorized by you, without your consent. For sensitive information ("special categories of personal data"), we will get your explicit (opt in) consent if the information is to be disclosed to a third party or used for a purpose other than its original purpose or the purpose authorized subsequently by you. You may withdraw your consent at any time by contacting us as described in this Policy.
- Onward Transfer. If we transfer personal data to a third party that is acting as an agent, we will (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal data transferred in a manner consistent with the organization's obligations under the Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Department of Commerce upon request.
- Security. We will take reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data.
- Data Integrity and Purpose Limitation. We will collect and retain personal data that is relevant to the purposes of processing, and not in a way incompatible with the purposes for which it has been collected or subsequently authorized by you. We will take reasonable steps to ensure that personal data is reliable for its intended use, accurate, complete, and current.
- Access. You will have access to personal data about yourself that we hold, and you may correct amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the privacy risks in question, or where the rights of persons other than you would be violated. For security reasons, FICO will take steps to authenticate your identity before providing you with access to personal data.
- Recourse, Enforcement and Liability. FICO will maintain a mechanism to provide that your complaints or disputes are investigated and resolved, and damages awarded where applicable law so provides. FICO will remedy problems arising out of its failure to comply with the Principles. If you believe FICO has violated its obligations to you under the Principles, you should first raise the claimed violation directly with us, and we will respond within 45 days of receiving a complaint. If we are unable to resolve your complaint, you should next raise the issue through your Data Protection Authority to the U.S. Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue, at no cost to you. Then, if such violation still remains fully or partially unremedied, you may contact JAMS, which is an international dispute resolution provider, at no cost to you. JAMS may be reached by Internet at @jamsadr.com, phone 800.352.5267, or mail to JAMS, 620 8th Avenue, 34th Floor, New York, New York 10018. If you are contacting JAMS to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint shared with the company. For information about JAMS or the operation of JAMS' dispute resolution process, contact Patrick Mullarkey, JAMS Global Practice Development Manager, firstname.lastname@example.org, 212.607.2771. The JAMS dispute resolution process shall be conducted in English. For complaints and disputes over human resources data, FICO has agreed to cooperate with Data Protection Authorities. You may, under certain conditions, invoke binding arbitration.
9. Personal Data Security and Confidentiality
FICO has industry standard physical safeguards, such as secure areas in buildings; electronic safeguards, such as passwords and encryption; and procedural safeguards, such as customer authentication procedures designed to prevent ID theft. We restrict access to your personal data to only those employees who need to know that information to provide products or services to you. We carefully select and monitor outside service providers, such as mail vendors, who have access to personal data, and we require them to keep it safe and secure. We do not allow them to use or share personal data for any purpose other than the job they are hired to do. We train our employees on these security procedures, and we conduct regular audits designed to check on compliance with the procedures.
10. Contacting FICO and myFICO
If you have a question about FICO's privacy practices, or want to submit a complaint, you may contact us at:
Vickie Miller, Data Protection Officer
3661 Valley Centre Drive, Suite 500
San Diego, CA 92130 USA
Email Address: email@example.com
Simon Elsom, Vice President Legal
Cottons Centre 5th Floor
London SE1 2 QP
Email Address: firstname.lastname@example.org
myFICO. If you are a myFICO customer and have a question about our privacy practices, or want to submit a complaint, you may contact us at this website. at this website.
If FICO changes this Policy, we will post the changes here. This Policy is effective as of May 17, 2019.