Late repayment can cause serious money problems. Help gyda thaliadau.

Credicorp is becoming CreditCorp. Same team, same lending — a clearer name. Read what’s changing

Your data rights and automated lending decisions

Credicorp uses an automated decision engine to decide business-loan applications. This page explains, in plain English, what data that engine uses, what it deliberately ignores, and the rights you have under UK GDPR Article 22 — including how to ask for a human to review any significant decision we make about your company.

Financial charts and figures on a printed report, illustrating the business signals behind an automated lending decision
Negative Space — via Wikimedia Commons (CC0)

How our lending decisions are made

When you apply, our decision engine reads a handful of stable business signals and produces a score. The score is one input; the engine then reaches the lending decision. We are direct about this: the AI decision is the lending decision. We do not run a routine human checkpoint over every borderline case — that is what lets us return most decisions within one working day.

Being automated is a difference in method, not a licence to be opaque. Your personalised rate and every fee are set out in writing before you commit, and the rights below apply to every applicant on request.

What data we use — and what we deliberately do not

Signals we use

  • Your company’s business credit file (business credit reference agencies).
  • Bank-account history you authorise us to see via Open Banking (read-only).
  • An identity check on the director.
  • Your sector and trading history.
  • A small set of behavioural signals — only if you consent to them being collected.

Signals we deliberately exclude

  • The director’s personal credit file.
  • Home postcode or perceived demographic characteristics.
  • Night-time use of our website.
  • Low-bandwidth / Save-Data mode.
  • Use of our Simple-View accessibility mode.

These can correlate with protected characteristics, so we keep them out of the decision.

Your rights under Article 22

UK GDPR Article 22 gives you the right not to be subject to a decision based solely on automated processing where it produces legal effects or significantly affects you. With us, you can:

How to use these rights

The simplest route is to follow the steps in our decline-review guide, which walks through what to send and where. You can also write to dpo@credicorp.co.uk. We aim to respond within 30 days, in line with UK GDPR. The full detail lives in our AI and automated decision-making policy and our Privacy Policy.

How we keep it fair

We carry out periodic reviews to check that approval rates, decline reasons and arrears outcomes do not show a pattern that disadvantages a protected group. Our reviewer panel can stop a signal from being used in scoring if it shows signs of correlating with a protected characteristic. You can read more about how we lend on our how we lend page.

Common questions

Does a computer decide whether my company gets a loan?

Yes. Our decision engine reads a set of business signals and produces the lending decision. The AI decision is the lending decision — we do not run a routine human checkpoint over every case. What is always preserved is your right, under UK GDPR Article 22, to ask for a person to review any significant decision that affects you.

What information does the automated decision use?

It uses your company's business credit file, the bank-account history you authorise us to see via Open Banking, an identity check on the director, your sector and trading history, and — only if you consent — a small set of behavioural signals. We deliberately do NOT use the director's personal credit file, home postcode, perceived demographic characteristics, night-time use of our site, Save-Data / low-bandwidth mode, or use of our Simple-View accessibility mode, because those can correlate with protected characteristics.

Can I ask a human to review an automated decision?

Yes. UK GDPR Article 22 gives you the right to request human intervention, to give us more information to consider, and to contest the decision through our complaints procedure. The simplest route is our decline-review guide, or you can write to dpo@credicorp.co.uk. We aim to respond within 30 days.

How do you make sure the automated decision is fair?

We carry out periodic reviews to check that approval rates, decline reasons and arrears outcomes do not show a pattern that disadvantages a protected group. Our reviewer panel can stop any signal from being used in scoring if it shows signs of correlating with a protected characteristic.

Where can I read the full policy and complain if I am unhappy?

The detail is in our AI and automated decision-making policy (our UK GDPR Article 22 disclosure) and our Privacy Policy. If you remain unhappy after our final response, you have the right to complain to the Information Commissioner's Office at ico.org.uk/concerns.

Credicorp Limited (Company No. 16093826); ICO registration ZC157682. An exempt business lender under FSMA RAO 2001, lending only to UK limited companies and LLPs. This article is general information, not legal advice; where regulated wording matters, our policy and Privacy Policy are authoritative.

A new name

Credicorp is becoming CreditCorp

Same company, same team, same careful lending — we’re moving to a clearer name. Nothing about your agreement, your account or how to reach us changes.

Press Enter to search  ·  Esc to close