Supporting GDPR

Protecting the privacy and rights of individuals through our commitment to GDPR

A foundation for trusted and collaborative relationships

Strong customer relationships start with transparency and fair practice

On May 25th, the European Union will experience the biggest update in its data protection laws over the last 20 years as we welcome the enforcement of the General Data Protection Regulation (GDPR). 

This positive step will see individuals gain greater control over how their data is collected and used, providing a fairer and more transparent environment for business to individual relationships.

As we approach May, Creditsafe, like many other businesses are engaged in a full GDPR programme ensuring that both our operations and services are in full alignment with the regulation.

GDPR

A commitment for everyone

Data Protection

Compliance

Data Breaches

Personal Data

The scope of GDPR is far-reaching; it will affect everyone offering goods or services or monitoring the behaviour of anyone within the EU.  A key aspect of preparing for GDPR is understanding that it’s a matter for everyone within a company – not just the Data Protection Officer. GDPR may entail work for many different departments so it’s vital that everyone is on board and understands the importance.

Want to find out more about our services?

Speak to a Creditsafe representative today about our range of business offerings.

Our commitment to open and transparent data processing

GDPR Requests

The GDPR Regulation allows you to have free and transparent visability of your personal data and how that data is used. As part of Creditsafe's commitment to open and transparent processing of data, we have a dedicated page on our Help Hub to guide you through your rights and how you can exercise them.

 

Data Protection Officer (DPO)

You can contact our DPO by post or email using the following contact information:

Creditsafe Group,
Caspian Point One,
Pierhead Street,
Cardiff,
CF10 4DQ

Contact Creditsafe's DPO by email here.

Frequently asked questions

How do you ensure Creditsafe are fully GDPR compliant?

Creditsafe are engaged in a full GDPR programme ensuring that both our operations and services are in full alignment with the regulation.

Creditsafe as a business has a requirement to collect data on businesses and their historical conduct in order to assess and provide its clients with company information data. Personally identifiable information (PII) which is handled by Creditsafe is only held on those individuals who are directly connected to a business entity.

Creditsafe operates in a business to business (B2B) environment. Where we have the PII of individuals either as part of an organisation such as a director or as a sole trader where by the individual is the business, we are only assessing the capability of the business entity to conduct and continue to conduct business and fulfil contracts based on historical performance. As such, the type and quality of data provided to customers will not change after the introduction of GDPR. If data collected by Creditsafe has been determined as unsuitable for use or does not appear to have appropriate consent; this data will then be deleted.

How are Creditsafe preparing their sales and marketing data for GDPR to ensure compliance?

Creditsafe are engaged in a full GDPR programme ensuring that all data is collected and used under proper permission, be that consent or legitimate interest. Usage of data is fully mapped throughout the business and subjected to rigorous risk and data privacy impact assessments.

When was consent for this data to be used for marketing purposes obtained?

Consent is obtained and maintained on a yearly basis by our data partners. When explicit consent is not available the core basis of use is legitimate interest.

Is Creditsafe a member of a professional marketing body or accredited in some way?

Yes, Creditsafe UK is a member of the Direct Marketing Association (DMA).

Where is all the data we access hosted, is this the UK?
All Creditsafe data is stored either within the UK or within the EEA on secure servers which are fully protected for disaster recovery.
What consent does Creditsafe ask from the businesses included in their marketing data?

Consent obtained by Creditsafe is relevant to the use of the data being collected at that point, i.e. consent for use, marketing consent, consent for calling and consent for updating records for future contact.

In circumstances where consent is not available, GDPR Article 6:F permits the processing for the purposes of the legitimate interests pursued by the controller or by a third party. The legitimate interest that Creditsafe operates under is that we are facilitating businesses to make risk based financial decisions in order to enable our clients to make better business and economic decisions.  As such, we also maintain the legitimate interest to make businesses aware of this capability, including when they are in the pursuit of new business opportunities.

What security software/encryptions does Creditsafe have in place to protect data?
  • Creditsafe are ISO27001 certified, regulated by the FCA and registered as a data controller with the UK Information Commissioner’s office.
  • Creditsafe operates through a Tier3+ UK datacentre, which is audited to ISO9001, ISO14001, ISO27001, ISAE3402, SSAE16 and PCI DSS standards.
  • Comprehensive data centre physical security, including a 6-layer wall design, 24/7 campus patrols, military grade fencing, digital tripwires, multiple IR CCTV towers and is constructed to Californian earthquake standards.

Creditsafe security controls include:

  • Firewalls – All network ingress/egress points are protected by a firewall.
  • DMZs – Well-defined for public-facing servers, with internal network segmentation used to further isolate sensitive resources.
  • HIDS/NIDS – Enabled at key choke points on the network.
  • SIEM – Networks monitored by SIEM, with security events logged and analysed, automated alerts and alarms in place.
  • Antivirus – All compatible endpoints covered by anti-virus software, with automatic updates via an update server and the Internet.
  • VLAN separation.
  • Data Encryption.  
  • ACLs.
  • Private Fibre/Encrypted MPLS networks.
  • Network/Host Scanning – Regular scanning for vulnerable configurations.
  • Encrypted VPNs.
  • Regular penetration testing, web application testing and vulnerability scanning – Threat and vulnerability management programme in place to manage output.
  • Bata Backup-Data is replicated at 5 minute intervals from the Creditsafe production environment to a dedicated business continuity environment. The platform is sized and configured to use high availability, allowing automated fail-over of servers.
Has the list been screened against the TPS or other relevant preference services? If so, when?

All marketing lists are screened against the TPS on a regular basis.