Devoted to the GDPR

Protecting the privacy and rights of individuals through our commitment to the renewed GDPR

A foundation for our trusted and cooperative relationships

Strong customer relations start with transparency and fair business conduct

On 25 May 2018, the European Union will experience the biggest update to its data protection legislation in the past 20 years as we welcome the enforcement of the General Data Protection Regulation (GDPR). 

This positive step will result in individuals having more control over how their data is collected and used, creating a fairer and more transparent environment for business to business relationships.

Creditsafe, like many other companies, is engaged in a full GDPR programme to ensure that both our operations and services are fully compliant with the regulation.

Creditsafe GDPR data proof

A commitment to and for all

Data Protection

Compliance

Data Breaches

Personal data

The scope of GDPR is extensive; anyone offering goods or services or monitoring the behaviour of anyone within the EU will be "affected" by it.  An important aspect of preparing for GDPR is understanding that it is an issue for everyone in a company - not just the data protection officer. GDPR can cause a lot of work for many different departments, so it's vital that everyone is on board and understands the importance.

An open and transparent data processing with Creditsafe

GDPR Request or Enquiry

The GDPR Regulation allows you to reveal your personal data and its use clearly and transparently.

As part of Creditsafe's commitment to open and transparent data processing, you can always contact us:

Data Protection Officer

You can contact our DPO by post or e-mail at the following contact details:

Creditsafe Group,
Caspian Point One,
Pierhead Street,
Cardiff,
CF10 4DQ
UK

Contact the DPO of Creditsafe here by email

Frequently asked questions

How do you make sure Creditsafe is fully GDPR compliant?

Creditsafe is involved in a full GDPR program that ensures both our operations and services are fully compliant with the regulation.

Creditsafe, as a company, is required to collect data on companies and their (past) activities in order to assess and provide business intelligence to its customers. Personally identifiable information (PII) processed by Creditsafe is only kept on individuals directly related to a business entity.

Creditsafe operates in a business-to-business (B2B) environment. When we hold the PII of individuals, whether as part of an organization such as a director or as a sole trader where the individual is the business, we only assess the ability of the business entity to do (and continue to do) business and fulfill contracts based on past performance. As such, the type and quality of data provided to customers will not change after the implementation of GDPR. If data collected by Creditsafe is found to be unsuitable for use or does not appear to have the appropriate consent, it will be deleted.

How is Creditsafe preparing its sales and marketing data for the GDPR to ensure compliance?

Creditsafe is involved in a full GDPR programme that ensures all data is collected and used with the appropriate consent, whether consent or legitimate interest. Data use is fully mapped across the business and subject to rigorous risk and privacy impact assessments.

When is consent obtained for the use of this data for marketing purposes?

Our data partners obtain and store annual consents. If an explicit consent is not available, the legitimate interest is the main ground for use.

Where is all the data we access hosted

All Creditsafe data is stored either within the UK or within the EEA on secure servers which are fully protected for disaster recovery.

What permission does Creditsafe ask from the companies that are included in their marketing data?

Consent obtained by Creditsafe is relevant to the use of the data being collected at that point, i.e. consent for use, marketing consent, consent for calling and consent for updating records for future contact.

In circumstances where consent is not available, GDPR Article 6:F permits the processing for the purposes of the legitimate interests pursued by the controller or by a third party. The legitimate interest that Creditsafe operates under is that we are facilitating businesses to make risk based financial decisions in order to enable our clients to make better business and economic decisions.  As such, we also maintain the legitimate interest to make businesses aware of this capability, including when they are in the pursuit of new business opportunities.

Which security software/crypts does Creditsafe have to protect data?
  • Creditsafe are ISO27001 certified, regulated by the FCA and registered as a data controller with the UK Information Commissioner’s office.
  • Creditsafe operates through a Tier3+ UK datacentre, which is audited to ISO9001, ISO14001, ISO27001, ISAE3402, SSAE16 and PCI DSS standards.
  • Comprehensive data centre physical security, including a 6-layer wall design, 24/7 campus patrols, military grade fencing, digital tripwires, multiple IR CCTV towers and is constructed to Californian earthquake standards.
  • Creditsafe security controls include:
  • Firewalls – All network ingress/egress points are protected by a firewall.
  • DMZs – Well-defined for public-facing servers, with internal network segmentation used to further isolate sensitive resources.
  • HIDS/NIDS – Enabled at key choke points on the network.
  • SIEM – Networks monitored by SIEM, with security events logged and analysed, automated alerts and alarms in place.
  • Antivirus – All compatible endpoints covered by anti-virus software, with automatic updates via an update server and the Internet.
  • VLAN separation.
  • Data Encryption.  
  • ACLs.
  • Private Fibre/Encrypted MPLS networks.
  • Network/Host Scanning – Regular scanning for vulnerable configurations.
  • Encrypted VPNs.
  • Regular penetration testing, web application testing and vulnerability scanning – Threat and vulnerability management programme in place to manage output.
  • Data Backup-Data is replicated at 5 minute intervals from the Creditsafe production environment to a dedicated business continuity environment. The platform is sized and configured to use high availability, allowing automated fail-over of servers.