AVG / GDPR

Protecting the privacy and rights of individuals through our commitment to GDPR

Creditsafe Nederland B.V.

A foundation for trusted and collaborative relationships

Strong customer relationships start with transparency and fair practice

On May 25th 2018, the European Union will update its data protection laws with the enforcement of the General Data Protection Regulation (GDPR) which will replace the Data Protection Directive 1995. 

This positive step will see individuals gain greater control over how their data is collected and used, providing a fairer and more transparent environment for business to individual relationships, and, will make doing business with EU member states more convenient by providing clearer legislation for global companies dealing within Europe.

GDPR

GDPR as a core business principle

Data Protection

Compliance

Data Breaches

Personal Data

The scope of GDPR is far-reaching; it will affect everyone. In order to be ready for GDPR Creditsafe has analysed its whole business to ensure it know what data it has, how it’s using it and that it is being used under the correct legitimate interest. We have also put in place everything we need to ensure we are ready to address the rights of data-subjects and the obligation of data-controllers.

All of this has allowed us to put privacy by design at the forefront of our business and a key consideration in our strategy.

 

Want to find out more about our services?

Speak to a Creditsafe representative today about our range of business offerings.

Our commitment to open and transparent data processing

GDPR Requests

GDPR allows you to have free and transparent visibility of your personal data and how that data is used. As part of Creditsafe's commitment to open and transparent processing of data, you can contact us directly about your rights and how you can exercise them.

Data Protection Officer (DPO)

You can contact our DPO by post or email using the following contact information:

Creditsafe Group,
Caspian Point One,
Pierhead Street,
Cardiff,
CF10 4DQ

Contact Creditsafe's DPO by email here.

Frequently asked questions

How do you ensure Creditsafe are fully GDPR compliant?

Creditsafe are engaged in a full GDPR programme, ensuring that both our operations and services are in full alignment with the regulation.

Credit reference agencies receive personal data about individuals that’s part of, derived from, or used in credit activity Personally Identifiable Information (PII) which is handled by Creditsafe is only held on those individuals who are directly connected to a business entity.

Creditsafe operates in a business to business (B2B) environment. Where we have the PII of individuals either as part of an organisation such as a director, or as a sole trader where by the individual is the business; we are only assessing the capability of the business entity to conduct and continue to conduct business and fulfil contracts based on historical performance.

How is Creditsafe preparing data for GDPR to ensure compliance?

Creditsafe operates under a legitimate interest (a form of lawful processing) to support business growth.

GDPR Article 6:F permits the processing for the purposes of the legitimate interests pursued by the controller or by a third party. The legitimate interest that Creditsafe operates under is that we are facilitating businesses to make risk based financial decisions. As such, we also maintain the legitimate interest to make businesses aware of this capability, including when they are in the pursuit of new business opportunities.

We vet all our data sets against call preference services and our marketing products such as Sales Joe contains features which allow our users to address individuals’ rights.

Usage of data is fully mapped throughout the business and subjected to rigorous risk and data privacy impact assessments.

Is Creditsafe a member of a professional body or accredited in some way?

Yes.

Current President of the Federation of Business information Service 

Creditsafe UK certified to ISO standard ISO27001 for information security

Creditsafe is certified under the Financial Services Qualification Service 

Creditsafe is a member of the Direct Marketing Association (DMA).

Where is all the data we access hosted?
All Creditsafe data is stored are stored in the UK or within the EEA on secure servers which are fully protected for disaster recovery.
What security software/encryptions does Creditsafe have in place to protect data?
  • Creditsafe are ISO27001 certified, regulated by the FCA and registered as a data controller with the UK Information Commissioner’s office.
  • Creditsafe operates through a Tier3+ UK datacentre, which is audited to ISO9001, ISO14001, ISO27001, ISAE3402, SSAE16 and PCI DSS standards.
  • Comprehensive data centre physical security, including a 6-layer wall design, 24/7 campus patrols, military grade fencing, digital tripwires, multiple IR CCTV towers and is constructed to Californian earthquake standards.

Creditsafe security controls include:

  • Firewalls – All network ingress/egress points are protected by a firewall.
  • DMZs – Well-defined for public-facing servers, with internal network segmentation used to further isolate sensitive resources.
  • HIDS/NIDS – Enabled at key choke points on the network.
  • SIEM – Networks monitored by SIEM, with security events logged and analysed, automated alerts and alarms in place.
  • Antivirus – All compatible endpoints covered by anti-virus software, with automatic updates via an update server and the Internet.
  • VLAN separation.
  • Data Encryption.  
  • ACLs.
  • Private Fibre/Encrypted MPLS networks.
  • Network/Host Scanning – Regular scanning for vulnerable configurations.
  • Encrypted VPNs.
  • Regular penetration testing, web application testing and vulnerability scanning – Threat and vulnerability management programme in place to manage output.
  • Bata Backup-Data is replicated at 5 minute intervals from the Creditsafe production environment to a dedicated business continuity environment. The platform is sized and configured to use high availability, allowing automated fail-over of servers.
Is Creditsafe registered with the Supervisory Authority?

Yes, Creditsafe is registered with the supervisory authorities in countries where we have operations. A list of supervisory authorities can be found here.