The Credit Clinic Caribbean Limited (“Credit Clinic”, “we”, “us”, “our”)
Effective Date: December 1, 2025
Business Address: 47–49 Trinidad Terrace, New Kingston, Kingston 5, Jamaica, West Indies
Telephone: 876-534-8330
Privacy Email: creditclinccl@gmail.com
Data Protection Officer (DPO): Trudy-Anne M. Riley (as at December 1, 2025)
Purpose
We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, secure, and share personal data when you visit our website, contact us, engage our services, or participate in our programmes.
Legal Framework
We process personal data in a manner consistent with Jamaica’s Data Protection Act (DPA) and our operational responsibilities when supporting clients with credit-report related matters in Jamaica under the Credit Reporting Act environment.
Your Agreement
By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the website and do not submit personal data to us.
WHO WE ARE (DATA CONTROLLER)
Credit Clinic is the data controller for personal data collected through our website and client services, except where we act under a written data-processing arrangement for a business client.
Contact for privacy questions or requests:
creditclinccl@gmail.com
Attention: Data Protection Officer – Trudy-Anne M. Riley
Effective Date: December 1, 2025
Business Address: 47–49 Trinidad Terrace, New Kingston, Kingston 5, Jamaica, West Indies
Telephone: 876-534-8330
Privacy Email: creditclinccl@gmail.com
Data Protection Officer (DPO): Trudy-Anne M. Riley (as at December 1, 2025)
Purpose
We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, secure, and share personal data when you visit our website, contact us, engage our services, or participate in our programmes.
Legal Framework
We process personal data in a manner consistent with Jamaica’s Data Protection Act (DPA) and our operational responsibilities when supporting clients with credit-report related matters in Jamaica under the Credit Reporting Act environment.
Your Agreement
By using our website or engaging our services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the website and do not submit personal data to us.
WHO WE ARE (DATA CONTROLLER)
Credit Clinic is the data controller for personal data collected through our website and client services, except where we act under a written data-processing arrangement for a business client.
Contact for privacy questions or requests:
creditclinccl@gmail.com
Attention: Data Protection Officer – Trudy-Anne M. Riley
Information We Collect
We collect only the personal data that is reasonably necessary for legitimate business purposes, including providing services you request.
1) Information you provide directly
2) Website and technical data
Like most websites, we collect certain data automatically:
1) Information you provide directly
- Identity & contact data: name, address, email, telephone number.
- Verification data (where required): date of birth, TRN, and government-issued identification (e.g., passport, driver’s licence, national ID) when needed to verify identity and prevent fraud.
- Service and case data: information you share about your goals, credit challenges, and any supporting documents you provide (for example, correspondence, statements, bureau responses, creditor communications, and related records).
- Payment and billing data: limited transaction details (e.g., invoice reference, amount, date). We do not intentionally store full card details on our systems unless explicitly required and securely handled via a payment processor.
2) Website and technical data
Like most websites, we collect certain data automatically:
- IP address, browser type, device type, operating system
- referring/exit pages, date/time stamps
- pages visited and basic usage analytics
This data is used for security, website performance, troubleshooting, and aggregated reporting.
Cookies & Similar Technologies
We use cookies and similar technologies to help our website function properly and to improve your experience.
What cookies may be used for
You can manage cookies through your browser settings. Disabling certain cookies may affect site functionality
What cookies may be used for
- Essential cookies: enable core website functionality (e.g., security, page navigation).
- Analytics cookies: help us understand how visitors use the site so we can improve it (typically aggregated).
- Preference cookies: remember your settings where applicable.
You can manage cookies through your browser settings. Disabling certain cookies may affect site functionality
How We Use Your Information
We use personal data for specific, legitimate purposes, including:
Marketing Communications (OPT-IN AND CONTROLLED)
We do not sell your personal data. We do not share personal data with third parties for their independent marketing.
When we may send marketing
We will send promotional messages only where:
You can unsubscribe at any time by using the link in our messages (where available) or by emailing creditclinccl@gmail.com.
Credit-Report Support and Consent
Credit Clinic is not a credit bureau. We provide education and support services, including helping clients prepare documentation, action plans, and dispute-support materials.
Where credit-report related information is involved:
- To provide services you request
- client intake and onboarding
- consultations, assessments, action plans, and support documentation
- client communication and service delivery
- safeguarding clients, reducing misuse, and maintaining service integrity
- case notes, correspondence history, and service documentation
- training, quality checks, and internal controls (using minimized data where possible)
- responding to lawful requests, disputes, and regulatory requirements
- service notices, policy changes, administrative messages
Marketing Communications (OPT-IN AND CONTROLLED)
We do not sell your personal data. We do not share personal data with third parties for their independent marketing.
When we may send marketing
We will send promotional messages only where:
- you have opted in, or
- it is otherwise permitted by applicable law.
You can unsubscribe at any time by using the link in our messages (where available) or by emailing creditclinccl@gmail.com.
Credit-Report Support and Consent
Credit Clinic is not a credit bureau. We provide education and support services, including helping clients prepare documentation, action plans, and dispute-support materials.
Where credit-report related information is involved:
- we process information only as needed to provide the service you request, and
- where required, we rely on your authorization/consent and apply confidentiality and data-minimization principles.
Sharing of Information
We share personal data only when necessary and for a defined purpose, such as:
1) Service providers (data processors)
Trusted vendors that support our operations (e.g., website hosting, email, cloud storage, CRM, scheduling, payment processing). These providers may process data only under our instructions and subject to confidentiality and security obligations.
2) Professional advisers
Lawyers, accountants, auditors, and insurers where necessary for professional services.
3) Business partners (only where appropriate)
If you request a product or service that requires a third party, we will disclose only what is necessary and typically only with your explicit consent.
4) Legal and regulatory requirements
We may disclose personal data where required by law, court order, or lawful regulatory request.
We do not disclose personal data to third parties for unrelated “direct marketing offers.”
International Transfers
Some of our technology providers may store or process data outside Jamaica. Where this occurs, we take reasonable steps to ensure appropriate contractual protections and security safeguards are in place and that only necessary data is processed.
Data Security
We apply reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the data, which may include:
Data Retention
We retain personal data only as long as necessary to:
Your Rights
Subject to applicable law, you may request:
Data Breach Management
We maintain procedures to identify, manage, and respond to suspected personal data breaches. Where notification is required, we will notify the relevant authority and affected individuals in accordance with applicable Jamaican law and guidance.
Children's Privacy
Our services are intended for adults. We do not knowingly collect personal data from children without appropriate authority/consent. If we become aware that we have collected such data, we will take steps to delete it or regularize processing where lawful.
Changes To This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised Effective Date.
1) Service providers (data processors)
Trusted vendors that support our operations (e.g., website hosting, email, cloud storage, CRM, scheduling, payment processing). These providers may process data only under our instructions and subject to confidentiality and security obligations.
2) Professional advisers
Lawyers, accountants, auditors, and insurers where necessary for professional services.
3) Business partners (only where appropriate)
If you request a product or service that requires a third party, we will disclose only what is necessary and typically only with your explicit consent.
4) Legal and regulatory requirements
We may disclose personal data where required by law, court order, or lawful regulatory request.
We do not disclose personal data to third parties for unrelated “direct marketing offers.”
International Transfers
Some of our technology providers may store or process data outside Jamaica. Where this occurs, we take reasonable steps to ensure appropriate contractual protections and security safeguards are in place and that only necessary data is processed.
Data Security
We apply reasonable administrative, technical, and physical safeguards appropriate to the sensitivity of the data, which may include:
- access controls and least-privilege permissions
- confidentiality obligations for staff and contractors
- secure authentication practices
- encryption in transit and, where appropriate, at rest
- security monitoring, logging, and incident response procedures
- vendor due diligence and contractual safeguards
Data Retention
We retain personal data only as long as necessary to:
- provide services and maintain service records,
- satisfy legal/regulatory obligations, and
- support dispute resolution and audit trail needs.
Your Rights
Subject to applicable law, you may request:
- access to your personal data
- correction of inaccurate personal data
- deletion or restriction of processing in appropriate circumstances
- objection to certain processing, including direct marketing
Data Breach Management
We maintain procedures to identify, manage, and respond to suspected personal data breaches. Where notification is required, we will notify the relevant authority and affected individuals in accordance with applicable Jamaican law and guidance.
Children's Privacy
Our services are intended for adults. We do not knowingly collect personal data from children without appropriate authority/consent. If we become aware that we have collected such data, we will take steps to delete it or regularize processing where lawful.
Changes To This Policy
We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised Effective Date.
