3. What data does Creditsafe collect and for which purposes?
We save and process personal identifiable information for our internal marketing purposes.
Data on Individuals associated with businesses for example name, given name, date of birth, place of birth, residential address, previous addresses, business address, business email-addresses and phone/fax numbers
Related business information for example industry, business type, financial status, payment behaviour and settlement of claims
In order to ensure the effectiveness of our marketing campaigns we may segment our customers and prospects based on metrics such as purchasing history, product usage, industry sector and sections of the website visited. This segmentation attempts to ensure that we present relevant products and services to companies.
Special categories of personal data as specified in Article 9 GDPR (e.g. ethnic origin, health data, or data on political or religious attitudes) are not processed for this purpose.
The personal data may be held and processed with customer relationship management systems operated by Creditsafe for prospect and customer management purposes.
4. Where does Creditsafe data originate from?
Creditsafe data comes from public sources such as the commercial register and third-party data suppliers, who will have obtained the data from you in the course of their business. We also collect personal data via our website; for example when you submit a request for information, a free report or trial, or otherwise contact us.
We also collect usage information on our website via cookies and analytics providers. More information regarding this is available in our Website Privacy Notice and Cookies Policy, accessible via our website.
5. What is the legal basis for Creditsafe to process data?
The legal basis for the processing of personal data is Art. 6 (1) (f) GDPR, which permits processing for the protection of the legitimate interests of the controller or third parties, unless there is an outweighing interest of the person concerned which prohibits such processing. In particular, we rely on legitimate interests on the basis that a business has made its details available and it is for the benefit of all businesses that marketing is facilitated, as envisaged by Recital 47 of the GDPR.
For businesses that do not wish to receive marketing, there are legitimate means to prevent it, including unsubscribing to any marketing emails sent out by Creditsafe, not supplying the details for inclusion in business registers, objecting to direct marketing under the GDPR, and/or registering with the TPS/CTPS and Creditsafe is fully compliant with such requirements.
6. Who does Creditsafe share data with?
Creditsafe may share personal data with third party suppliers of Creditsafe in order to provide services in connection with Creditsafe’s marketing and advertising activities, including marketing due diligence, data enhancement, and marketing analytics. All such suppliers will be subject to contractual obligations which meet data protection requirements.
Personal data may also be transmitted to other members of the Creditsafe group of companies for their own marketing purposes, for example in the case of a prospect which is outside of the UK.
Marketing Services
Creditsafe provides data to its clients for their own marketing campaigns. The information for these marketing lists will come from two main sources:
- Companies House data for registered business addresses.
- The Open Electoral Roll for home addresses.
Companies House
Companies House data is the public register of all Limited companies in the UK. It provides information about the company, the directors, the registered address and the company’s registered activities. The Companies House website gives a great deal of information about what information you must supply and what information is made freely available, please see here; (https://www.gov.uk/guidance/your-personal-information-on-the-public-record-at-companies-house) and would like to draw your attention to the paragraph that states:
“Anybody who becomes a director or officer of a company must be prepared for some of their details to be publicly available. It’s important to understand what information we have a duty to make available to the public. You must carefully consider any personal or sensitive information you decide to register.” It also states; “Other organisations have the right to make copies of any information available on the public register.”
The Electoral Register
The electoral register contains the names and addresses of everyone who is registered to vote in public elections. There are two versions of the electoral register; the full version and the ‘open register’ (‘edited register’ in Northern Ireland). The open register is the version that is available to anyone who wants to buy a copy and includes only the details of individuals who have not ‘opted-out’ of being on it. Further information can be found on the government website here.
Creditsafe receives a copy of the open register on a rolling basis and provides clients with the information made available as part of the open register. In some instances, Creditsafe combines the electoral register with other data sets to verify individuals. Our clients may use this information for direct marketing purposes (for example, to send you postal marketing).
When you registered with the electoral roll (e.g. to vote), you will have been given the option to opt-out of having your details placed on the open register. If you did not opt-out, your data can be used for direct marketing purposes under the lawful basis of legitimate interests.
You can opt-out from appearing on the open register at any time by contacting your local Electoral Registration Office. Please be aware that, while choosing to be removed from the open register will prevent companies having access to those details in the future, companies may continue to send you marketing communications using information they have previously obtained.
In any case, you have the right to opt-out from receiving marketing communications by notifying the sender directly.
7. Where is personal data stored
Personal data is stored on servers located in the UK and EU.
8. Is data transferred to a recipient outside of the UK, European Union, or the European Economic Area?
Where personal data is provided to contractors or group companies outside the UK, European Union or the European Economic Area, i.e. to so-called third countries, this takes place taking into account the requirements of the GDPR to recipients in countries with adequate data protection levels (Art. 45 GDPR), or to those recipients with whom EU Standard Contractual Clauses and the UK International Data Transfer Agreement Addendum have been executed (Art. 46 (2) (c) GDPR) and once Transfer Impact Assessments have been concluded.
9. How long does Creditsafe store data?
We store personal data only for as long as necessary to achieve the purposes described above. We will archive personal data after 6 years unless there is a business justification for continued use. We may hold data in an archived form for research and development, analytics and analysis, for audit purposes, and as appropriate for establishment, exercise or defence or legal claims. The criteria used to determine the storage period will include the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements and industry standards.
10. What are your rights as a data subject?
According to Art. 15 GDPR you have the right to obtain information regarding all data we stored about you.
In the event that you discover outdated or incorrect information about yourself, you have the right in accordance with Art. 16 GDPR to have it updated and corrected by us at any time.
Furthermore, in accordance with Art. 17 GDPR, you may also have the right to have your personal data deleted provided that we have no right or authority to further process the data.
Under the conditions set out in Art. 18 GDPR, you have the right to restrict the processing of your personal data.
You are entitled to the right of objection pursuant to Art. 21 GDPR in the following circumstances.
1. Right to object on grounds relating to the particular situation:
According to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (e.g. to assert or defend ourselves against legal claims)
2. Right to object against marketing:
In addition, pursuant to Art. 21 (2) GDPR, you may also object against the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.
Please direct all data subject rights requests to the contact address mentioned at the top of this page.
11. Where can you raise a complaint?
You have the right to contact our supervisory authority, the Information Commissioners Office.
12. Do you have an obligation to share or update data?
You do not have to provide any data when we ask you, except for the data required to administer any contracts between you and Creditsafe.
13. Is your data used for automated decision making?
We do not make any automated decisions within the meaning of Art. 22 GDPR.
14. Is your data used for profiling and/or scoring?
Not for the purposes set out in this Transparency Notice. Please see our ‘Business Information Transparency Notice for more information on our profiling/scoring activities.
This Transparency Notice was updated on the 9th February 2026.