Transparency Notice | Sales Joe
Transparency Notice

Creditsafe Business Solutions Limited Transparency notice for business information data.

Transparency Notice for Business Information Data
pursuant to Art. 13/14 and Art. 21 General Data Protection Regulation  (GDPR)


Creditsafe Business Solutions Limited  (hereinafter "Creditsafe“ or "we“, "us“)

Who is the responsible Controller for the Data?

Who can I turn to?

Name and address of Data Controller:
Creditsafe Business Solutions Limited                     
Bryn House
Caerphilly Business Park
Van Road
E-Mail: [email protected]               

You can reach our Data Protection Officer as follows:
Caspian Point One
Pierhead Street
CF10 4DQ
Email:       [email protected]
Tel.+44 (0) 7808 245896           

Which categories of Data does Creditsafe process for which purposes?

We save and process personal identifiable information to provide our customers with information to assist with direct marketing such as providing contact details of natural and legal persons as well as information about the financial situation and creditworthiness of such persons in a business capacity.
Information is only provided if the respective contracting party has substantiated a legitimate interest in obtaining the information for example for the purpose of direct marketing.
We process the following categories of personal data:

  • Data on Individuals like e.g. name, given name, business address, business email addresses and phone/fax numbers
  • Creditworthiness and financial information, including credit scores.

Special categories of personal data in the sense of the Art 9 GDPR (e.g. nationality, ethnic origin, health data or data on political or religious attitudes are neither provided nor stored).

Where does the data originate from?

The data comes from public sources such as the commercial register, insolvency publications and the register on defaulting debtors, which is kept at central enforcement courts and also from contractual business partners of Creditsafe.  In addition, verifiable information you as the data subject decide to provide can be used to update your information.
We also collect the content that a customer creates or uploads to the Sales Joe platform when using the service.  This includes things such as date and time of contact, contact details and comments/ text a customer enters after making contact with somebody.

What is the legal basis for processing the data?

The legal basis for the processing of personal data is the General Data Protection Regulation, in particular Art. 6 (1) (f) GDPR, which permits processing for the protection of the legitimate interests of the controller or third parties, unless there is an outweighing interest of the person concerned which prohibits such processing.

Who do we share your data with?

Where is personal data stored?

Recipients of the personal data are customers of Creditsafe, which use the data we provide for direct marketing purposes (as long as you have not objected against the processing of your data for marketing purposes) and to assess the creditworthiness of potential customers before establishing a business relationship with default risk.
In addition, we also transfer personal data to third parties which process the data on our behalf as a service providers bound by contracts pursuant to data protection law.
Finally, personal data is also transmitted to members of the Creditsafe group of companies and other credit reporting agencies.
Generally, we only process the content of personal data uploaded to the Sales Joe platform by customers so that the content is only available to the customer that uploaded such data.  However, we may access the content where we have a lawful basis for doing so, such as to comply with a legal obligation placed upon us.
Personal data is stored on Creditsafe servers in the EU.

Is data transferred to a recipient outside of the European Union or the European Economic Area (i.e. a so called third country) or an inter­national organization?

Where personal data is provided to contractors or group companies outside the European Union or the European Economic Area, i.e. to so-called third countries, this takes place taking into account the requirements of the GDPR to recipients in countries with adequate data protection levels (Art. 45 GDPR) or to those recipients with whom EU standard contractual clauses have been concluded (Art. 46 (2) (c) GDPR).

How long does Creditsafe keep the data?

We store personal data only for as long as necessary to achieve the purposes described above.  We will archive personal data after 6 years unless there is a business justification for continued use. We may hold data in an archived form for things like research and development, analytics and analysis, for audit purposes, and as appropriate for establishment, exercise or defence or legal claims. The criteria used to determine the storage period will include the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements and industry standards.

What are my rights as a Data Subject?

Where can I raise a complaint?

According to Art. 15 GDPR you have the right to obtain information regarding all data we stored about you.
In the event that you discover outdated or incorrect information about yourself, you have the right in accordance with Art. 16 GDPR to have it updated and corrected by us at any time.
Furthermore, in accordance with Art. 17 GDPR, you may also have the right to have your personal data deleted provided that we have no right or authority to further process the data.
Finally, under the conditions set out in Art. 18 GDPR, you have the right to restrict processing of your personal data.
Please direct any inquiries for information about the data we store about you, their rectification, deletion or restriction of processing, to the contact address mentioned in point 1.
In addition, you are entitled to the right of objection pursuant to Art. 21 GDPR. Please see the separate information box below.
In addition, you can contact our supervisory authority, the Information Commissioners Office.

Do I have an obligation to share or update data?

You do not have to provide any data when we ask you. However, if you do not provide any information, your information will not be taken into account when determining scores.

Is there any automated decision making?

In principle, we do not make any automated decisions within the meaning of Art. 22 GDPR on the conclusion of a legal transaction or its terms (such as offered payment methods, payment conditions or interest), but support our contractual partners only with information to assist in the relevant decision-making. The risk assessment and assessment of the creditworthiness of a person or a company for a particular transaction is carried out solely by the contractual partners of Creditsafe.

Is my data used for Profiling and/or Scoring?

The information provided by us often includes so-called creditworthiness assessments (scores), which uses information and assessments from the past to generate a forecast of solvency and payment default probabilities. The scoring is based on the information we have on file for the respective person or entity. On the basis of this data, address-related information, for companies additionally industry information mathematical-statistical calculations (in particular logistic regression methods) are applied to assign the person or entity to groups of people or groups of companies that had similar characteristics in the past.
The following categories of data are used for the scoring, whereby not every type of data is included in each calculation: data on the size, industry affiliation and age of a company as well as number of employees, payment behavior and defaulting payments, debtor registrations and information on insolvency proceedings, balance sheet data, corporate links, contingent liabilities, age, address-related data (publicity of address and name at the address), address data (information on non-conforming payment behavior in the address environment), information from contractual partners of Creditsafe.

Right to object according to Art GDPR:

1. Right to object on grounds relating to the particular situation:

According to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.

If you object we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (e.g. to assert or defend ourselves against legal claims)

2.  Right to object against marketing:

In addition, pursuant to Art. 21 (2) GDPR, you may also object against the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.

An objection does not require a particular form and should be directed to the address stipulated in paragraph 1.