Customer / Supplier Transparency Notice
This document describes how Creditsafe Business Solutions Limited uses and shares personal data we receive about you and your business as a customer of, or supplier to, Creditsafe and its group of companies.
Understanding what personal data we hold and how we use it is important as the data protection law governs the way this data can be used and what rights you have.
This document answers the following questions:
- Who is the responsible controller for the data?
- What data does Creditsafe collect and for which purposes?
- Where does Creditsafe’s data originate from?
- What is the legal basis for Creditsafe to process your data?
- Who does Creditsafe share data with?
- Where is personal data stored?
- How long does Creditsafe store data for?
- Is data transferred to a recipient outside of the UK, European Union, or the European Economic Area?
- What are your rights as a data subject?
- Where can you raise a complaint?
- Do you have an obligation to share or update data with Creditsafe?
- Is your data automated decision making?
- Is your data used for profiling or scoring?
Who is the responsible controller for the data?
Creditsafe Business Solutions Limited can be contacted at:
Creditsafe Business Solutions Limited,
Caerphilly Business Park,
E-Mail: [email protected]
Tel: +44(0)2920 886 500
You can reach our Data Protection Officer as follows:
Caspian Point One,
Email: [email protected]
Tel: +44 (0)2920 886 500
In accordance with Article 27 of the GDPR we have appointed an EU representative. The contact information is as follows:
Creditsafe Ireland Limited
Block B Joyce’s Court,
E-Mail: [email protected]
Telephone: 01 898 3200
What data does Creditsafe collect and for which purposes?
We process the following categories of data on customers and suppliers: Company name, legal form, business address, legal representatives and contact persons (name, given name, e-mail address and phone / fax numbers) as well as invoicing data.
Creditsafe processes this data to prepare and execute a contract, to provide your employees with access to our services, to manage the account, including invoicing, customer relationship management and dealing with customer service enquiries and to offer to you as a customer any other services that may be of interest to you, unless you have objected to the use of your data for marketing purposes.
Where does Creditsafe’s data originate from?
The information we process has either been collected directly from the customer/supplier and the respective contacts at the customer / supplier or via publicly available information sources such as commercial registers or the website of the customer/ supplier.
It has become common practice to record calls due to the growth of business conducted by telephone. Recording customer conversations allows organisations to assess customer satisfaction, train and develop staff, review call quality, and have access to a verbal record of what is said in the event of a subsequent complaint.
Creditsafe may record the telephone call in the following instances:
· to assist in quality monitoring of staff
· to keep evidence of the formation of a contract
· to investigate and resolve a complaint
· for the detection, investigation and prevention of crime (including fraud)
All inbound calls to Creditsafe will hear an automated message informing them that calls may be recorded. For outbound calls, the Creditsafe employee will inform the recipient whenever calls are being recorded. Note that if payment information is taken over the telephone, the recording will be paused whilst these details are communicated.
Call recordings are retained for 3 years so that multi-year contracts can be reviewed as they near their expiry date.
What is the legal basis for Creditsafe to process your data?
The legal basis for the processing of personal data is as follows:
- Art. 6 (1) (b) GDPR, which permits processing for purposes of entering into and performance under a contracts ,
- Art. 6 (1) (f) GDPR, which permits processing for the protection of our legitimate interests, unless there is an outweighing interest of the natural person concerned which prohibits such processing.
- Art. 6 (1) (a) GDPR, which permits the processing based on the consent given by the relevant data subjects. You can revoke your consent at any time. This has no retroactive effect. However, due to your revoked consent we are then no longer allowed to process your data. The other regulations permitting data processing (Art. 6 (1) (b) GDPR, Art. 6 (1) (f) GDPR) remain unaffected.
Who does Creditsafe share data with?
We share personal identifiable information with recipients in the following groups:
· Personnel within the Creditsafe group who need to know this information to perform their functions and obligations,
· Other third parties which process the data on our behalf as a service provider bound by contracts pursuant to data protection law, for example marketing agencies
· To institutions who Creditsafe has to pass on information to fulfil statutory obligations.
· With Creditsafe’s partners who provide third party data products and services that are sold by Creditsafe.
Where is personal data stored?
Personal data is stored on servers located within the UK and EU.
How long does Creditsafe store data for?
We store personal data only for as long as necessary to achieve the purposes described above and delete the data thereafter, but in any event upon expiration of the relevant statutory retention periods.
Is data transferred to a recipient outside of the UK, European Union, or the European Economic Area?
Data stored in Creditsafe’s CRM system is accessible to all Creditsafe’s entities including those in the USA, Canada and Japan. Creditsafe has executed data sharing agreements with these entities and where necessary included the EU Standard Contractual Clauses and the UK International Data Transfer Agreement Addendum have been executed (Art. 46 (2) (c) GDPR) and once Transfer Impact Assessments have been concluded.
Otherwise personal data from customers / suppliers will only be transferred to recipients in third countries to the extent necessary for the execution of the contract.
What are your rights as a data subject?
According to Art. 15 GDPR you have the right to obtain information regarding all data we stored about you.
In the event that you discover outdated or incorrect information about yourself, you have the right in accordance with Art. 16 GDPR to have it updated and corrected by us at any time.
Furthermore, in accordance with Art. 17 GDPR, you may also have the right to have your personal data deleted provided that we have no right or authority to further process the data.
Under the conditions set out in Art. 18 GDPR, you have the right to restrict the processing of your personal data.
You are entitled to the right of objection pursuant to Art. 21 GDPR in the following circumstances.
1. Right to object on grounds relating to a particular situation:
According to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.
If you object we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (e.g. to assert or defend ourselves against legal claims).
2. Right to object against marketing:
In addition, pursuant to Art. 21 (2) GDPR, you may also object against the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.
Please direct all data subject rights requests to the contact address mentioned at the top of this page.
Where can you raise a complaint?
You have the right to contact our supervisory authority, the Information Commissioners Office.
Do you have an obligation to share or update data?
You do not have to give us any data. However, as long as we have a contract or a pre-contractual relationship, we are entitled to process your data for the contract, or for the aforementioned use purposes (see above under Which categories of Data does Creditsafe process for which purposes? and under What is the legal basis for processing the data?).
Is your data used for automated decision making?
As a matter of principle we do not use any customer / supplier data for automated decision making in the meaning of Art. 22 GDPR.
Is your data used for profiling and/or scoring?
This Transparency Notice was updated on 30th November 2022.