Welcome to Bottomline Customer Support
Search frequently asked questions
Ask your question by entering it here, or choose from the list of frequently asked questions below.
Why are the CRAs allowed to hold personal information?
The Data Protection Act (DPA) doesn’t actually require the Credit Reference Agencies (CRAs), or any other organisation, to have your consent before they are allowed to process your personal data as long as they have a legitimate reason for doing so and you have been told what is going to happen to your data. If you have taken out a loan or credit card you will probably find this in the original terms and conditions that you signed.
Because lenders rely on the information provided by the CRAs, it’s likely that they will refuse you credit if you don’t agree to your information being shared with a credit reference agency. However, organisations wishing to process sensitive personal data about you are subject to tighter controls around what constitutes a ‘legitimate reason’ for processing your data and may need to rely on consent more often. For the purposes of the DPA financial information is not distinguished as being ‘sensitive’ personal data.