This document describes how Creditsafe Business Solutions Limited, uses and shares personal data we receive about your business.
Understanding what personal data we hold and how we use it is important as the data protection law governs the way this data can be used and what rights you have.
This document answers the following questions:
- Who is Creditsafe and how can I contact them?
- What data does Creditsafe collect and for which purposes?
- Where does the data originate from?
- What is the legal basis for Creditsafe to process data?
- Who do Creditsafe share data with and where is personal data stored?
- Is data transferred to a recipient outside of the European Union or the European Economic Area?
- How long does Creditsafe store data?
- What are my rights as a data subject?
- Where can I raise a complaint?
- Do I have an obligation to share or update data with Creditsafe?
- Is there any automated decision making?
- Is my data used for profiling or scoring?
Who is Creditsafe and how can I contact them?
Creditsafe Business Solutions Limited can be contacted at:
Creditsafe Business Solutions Limited
Caerphilly Business Park,
E-Mail: [email protected]
Tel: +44(0)2920 886 500
You can reach our Data Protection Officer as follows:
Caspian Point One,
Email: [email protected]
Tel: +44 (0)2920 440 880
Where does Creditsafe data originate from?
The data comes from public sources such as the commercial register, insolvency publications and the register on defaulting debtors, which is kept at central enforcement courts as well as from contractual business partners of Creditsafe. Information on payment behaviour and special payment agreements are provided by business partners of Creditsafe. In addition, verifiable information you as the data subject decide to provide can be used to update your organisation’s credit reference information.
On request of a client, we purchase data on the creditworthiness of natural persons from TransUnion Limited.
What data does Creditsafe collect and for which purposes?
We process business related information regarding the financial standing and creditworthiness of businesses, and other organisations, so that businesses can manage their financial risks. In addition, the data is also used for, due diligence, identity verification, verification of business banking details (UK only), prevention of money laundering and fraud, or for customer account management, customer service and direct marketing.
Creditsafe receives business information data from a number of sources, as indicated above, and then uses its proprietary algorithms and technologies to cross reference, match and append this data, thereby providing a more complete picture of any organisation or company director and shareholder.
Information is only provided if the respective contracting party has substantiated a legitimate interest in obtaining the information (for example, in the course of an envisaged business transaction which entails the granting of credit for which there is a risk of default) and provided that there is no outweighing interest of the individual. The aim of a creditworthiness check is not only to avoid losses in the (trade) credit business but also to protect borrowers from over-indebtedness.
We process the following categories of business information data:
- Data on Individuals, for example name, given name, date of birth, place of birth, residential address, previous addresses, business address, business email-addresses and telephone numbers
- Information on debts, payment behaviour and settlement of claims
- Creditworthiness and financial information, entries in the register of defaulting debtors, information on insolvency proceedings and other adverse information as well as credit scores.
Special categories of personal data in the sense of the Art 9 GDPR (e.g. nationality, ethnic origin, health data, or data on political or religious attitudes are neither processed nor taken into account in the calculation of credit scores). Also the assertion of data subjects rights according to the GDPR has no influence on the credit scores.
What is the legal basis for Creditsafe to process the business information data?
The legal basis for the processing of personal data is Legitimate Interest, Art. 6 (1) (f) GDPR. Creditsafe’s legitimate business interest is the supply of commercial data (and the marketing of our business). The purpose of this processing is to enable businesses to manage their financial risks, protect against fraud, know who they are doing business with, meet compliance and regulatory obligations and better understand organisations, industries and markets. We also licence or sell professional business contact information to authorized resellers or organisations for marketing and data management purposes.
In addition, personal data is also processed by us where we receive information from contractual business partners that may rely on consent to share data. You can revoke your consent at any time with the source. This has no retroactive effect. However, due to your revoked consent, we are then no longer allowed to process your data.
Who do Creditsafe share data with?
Recipients of the business information data are customers of Creditsafe, which assess the creditworthiness of the potential customers before establishing a business relationship with default risk. We also share business information data with other third-party business data partners, including other credit reporting agencies.
In addition, we also transfer business information data to third parties which process the data on our behalf as a service provider bound by contracts pursuant to data protection law.
We also transfer contact information (postal addresses and telephone numbers) to contracted parties for marketing purposes, as long as you have not objected against the processing of your data for marketing purposes.
Finally, personal data is also transmitted to members of the Creditsafe group of companies.
Where is business information data stored?
Business Information data is stored on servers in the UK and the EU.
Is data transferred to a recipient outside of the European Union or the European Economic Area?
Where personal data is provided to contractors or group companies outside the United Kingdom, the European Union or the European Economic Area, i.e. to so-called third countries, this takes place taking into account the requirements of the GDPR to recipients in countries with adequate data protection levels (Art. 45 GDPR), or to those recipients with whom EU standard contractual clauses and risk assessments have been concluded (Art. 46 (2) (c) GDPR).
How long does Creditsafe store data?
We store personal data only for as long as necessary to achieve the purposes described above. We will archive personal data after 6 years unless there is a business justification for continued use. We may hold data in an archived form for research and development, analytics and analysis, or for audit purposes, and as appropriate for the establishment, exercise or defence of legal claims. The criteria used to determine the storage period will include the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements and industry standards.
What are my rights as a data subject?
According to Art. 15 GDPR you have the right to obtain information regarding all data we stored about you.
In the event that you discover outdated or incorrect information about yourself, you have the right in accordance with Art. 16 GDPR to have it updated and corrected by us at any time.
Furthermore, in accordance with Art. 17 GDPR, you may also have the right to have your personal data deleted provided that we have no right or authority to further process the data. Please note that if your business information appears in public registries, then it will automatically be ingested into our databases. Therefore you should contact the relevant registry to have your data removed.
Under the conditions set out in Art. 18 GDPR, you have the right to restrict the processing of your personal data.
You are entitled to the right of objection pursuant to Art. 21 GDPR. 1. Right to object on grounds relating to the particular situation:
According to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.
If you object we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (e.g. to assert or defend ourselves against legal claims)
2. Right to object against marketing:
In addition, pursuant to Art. 21 (2) GDPR, you may also object against the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.
Please direct all data subject rights requests to the contact address mentioned in point 1.
Is my data used for automated decision making?
In principle, we do not make any automated decisions within the meaning of Art. 22 GDPR on the conclusion of a legal transaction or its terms (such as offered payment methods, payment conditions or interest), but support our contractual partners only with information to assist in the relevant decision-making. The risk assessment and assessment of the creditworthiness of a person or a company for a particular transaction is carried out solely by the contractual partners of Creditsafe.
Where can I raise a complaint?
Please direct all complaints to the contact addresses mentioned in point 1.
In addition, you can contact our supervisory authority, the Information Commissioners Office.
Do I have an obligation to share or update data?
You do not have to provide any data when we ask you. However, if you do not provide any information, your information will not be taken into account when determining scores.
Is my data used for profiling and/or scoring?
The information provided by us often includes so-called creditworthiness assessments (scores), which uses information and assessments from the past to generate a forecast of solvency and payment default probabilities. The scoring is based on the information we have on file for the respective person or business entity.
The following categories of data may be used for the scoring:
- data on the size of the organisation
- industry type
- age of a company
- number of employees
- payment behaviour and defaulting payments,
- debtor registrations and information on insolvency proceedings
- accounting information, e.g. balance sheet, profitability statements and contingent liabilities
- corporate links
- address-related data (publicity of address and name at the address), address data (information on non-conforming payment behaviour in the address environment)
- information gathered from contractual partners of Creditsafe.