Transparency Notice for Customers and Suppliers and their respective contacts pursuant to Art. 13/14 and Art. 21 General Data Protection Regulation (GDPR) of Creditsafe Business Solutions Limited (hereinafter „Creditsafe“ or ,,we“, ,,us“)
Who is the responsible Controller for the Data? Who can I turn to?
Creditsafe Italy srl, Via Pantano 2, 20122, Milano
Tel.: +39 011 19 46 46 00
You can reach our Data Protection Officer as follows: Caspian Point One, Pierhead Street, Cardiff (UK) CF10 4DQ
Tel.+44 (0) 7808 245896
Which categories of Data does Creditsafe process for which purposes?
We process the following categories of data on customers and suppliers: Company name, legal form, business address, legal representatives and contact persons (name, given name, e-mail address and phone / fax numbers) as well as invoicing data.
We store and process such data as far as necessary
- to prepare and execute a contract (including customer relationship management);
- for billing purposes and
to offer you as a customer any other services that may be of interest to you, unless you have objected to the use of your data for marketing purposes.
Where does the data originate from?
The information we process has either been collected directly from the customer/supplier and the respective contacts at the customer / supplier or via publicly available information sources such as commercial registers or the website of the customer/ supplier.
What is the legal basis for processing the data?
The legal basis for the processing of personal data is the General Data Protection Regulation, in particular
- Art. 6 (1) (b) GDPR, which permits processing for purposes of entering into and performance under a contracts , and
- Art. 6 (1) (f) GDPR, which permits processing for the protection of our legitimate interests, unless there is an outweighing interest of the natural person concerned which prohibits such processing.
In addition, personal data is also processed by us on the basis of the consent given by the relevant data subjects. You can revoke your consent at any time. This has no retroactive effect. However, due to your revoked consent we are then no longer allowed to process your data. The other regulations permitting data processing (Art. 6 (1) (b) GDPR, Art. 6 (1) (f) GDPR) remain unaffected.
Who do we share your data with?
We share personal identifiable information with recipients within the Creditsafe group who need to know this information to perform their functions and obligations as well as other third parties which process the data on our behalf as a service provider bound by contracts pursuant to data protection law or to whom Creditsafe has to pass on information to fulfill statutory obligations. We also share personal identifiable information with Creditsafe partners who provide third party data products and services that are sold by Creditsafe.
Personal data is stored on Creditsafe servers within the EU.
Is data transferred to a recipient outside of the European Union or the European Economic Area (i.e. a so called third country) or an inter¬national organisation?
Personal data from customers / suppliers will only be transferred to recipients in third countries to the extent necessary for the execution of the contract.
How long does Creditsafe keep the data?
We store personal data only for as long as necessary to achieve the purposes described above and delete the data thereafter but in any event upon expiration of the relevant statutory retention periods
What are my rights as a Data Subject? Where can I raise a complaint?
According to Art. 15 GDPR you have the right to obtain information regarding all data we stored about you.
In the event that you discover outdated or incorrect information about yourself, you have the right in accordance with Art. 16 GDPR to have it updated and corrected by us at any time.
Furthermore, in accordance with Art. 17 GDPR, you may also have the right to have your personal data deleted provided that we have no right or authority for the continued processing of the data.
Finally, under the conditions set out in Art. 18 GDPR, you have the right to restrict processing of your personal data.
Please direct any inquiries for information about the data we store about you, their rectification, deletion or restriction of processing, to the contact address mentioned in point 1.
In addition, you may require that you obtain the information you provided to us in a structured, common and machine-readable format, or that this information should transmitted to a third party.
In addition, you are entitled to the right of objection pursuant to Art. 21 GDPR. Please see the separate information box below.
In addition, you can contact our supervisory authority, the
Garante per la protezione dei dati personali:
Piazza di Monte Citorio n. 121 00186 ROMA
Do I have an obligation to share or update data?
You do not have to give us any data. However, as long as we have a contract or a pre-contractual relationship, we are entitled to process your data for the contract for the aforementioned use purposes (see above under 2. Which categories of Data does Creditsafe process for which purposes? and under 4. What is the legal basis for processing the data?).
Is my data used for any automated decision making?
As a matter of principle we do not use any customer / supplier data for automated decision making in the meaning of Art. 22 GDPR.
Is my data used for Profiling and/or Scoring?
Right to object according to Art GDPR:
1. Right to object on grounds relating to the particular situation:
According to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.
If you object we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (e.g. to assert or defend ourselves against legal claims)
2. Right to object against marketing:
In addition, pursuant to Art. 21 (2) DS-GVO, you may also object against the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.
An objection does not require a particular form and should be directed to the address stipulated in paragraph 1.