Customer & Supplier Transparency Notice

Creditsafe USA Inc Transparency notice for customer and supplier data

This document describes how Credtsafe USA Inc [ML1] uses and shares personal data we receive about you and your business as a customer of, or supplier to, Creditsafe and its group of companies.

Understanding what personal data we hold and how we use it is important as the data protection law governs the way this data can be used and what rights you have.

 This document answers the following questions:

  1. Who is Creditsafe?
  2. Who is the responsible controller for the data?
  3. What data does Creditsafe collect and for which purposes?
  4. Where does Creditsafe’s data originate from?
  5. What is the legal basis for Creditsafe to process your data?
  6. Who does Creditsafe share data with?
  7. Where is personal data stored?
  8. How long does Creditsafe store data for?
  9. Is data transferred to a recipient outside of the UK, European Union, or the European Economic Area?
  10. What are your rights as a data subject?
  11. Where can you raise a complaint?
  12. Do you have an obligation to share or update data with Creditsafe? 
  13. Is your data automated decision making?
  14. Is your data used for profiling or scoring?

Who is Creditsafe?

Creditsafe has the largest wholly owned database in the industry, providing accurate and reliable data to over 500,000 subscribers across the globe. Our global database contains insights on more than 365 million businesses, directors and shareholders worldwide.

We gather data from our local, trusted partners and combine it with our scoring algorithm, resulting in the superior data powering our complete business solutions product suite. 

Creditsafe is the founder and administrator of a global network of leading commercial credit reference agencies. We have live data streams for over 70 countries, working with partners that are recognized market leaders in each country for online database reports. By using local providers wherever possible, we are ensuring niche knowledge is streamed into our data and updated on a regular basis.

Who is the responsible controller for the data?

Creditsafe USA Inc can be contacted at:

4635 Crackersport Road,

Allentown, PA, 18104

E-Mail: [email protected]
Website: www.creditsafe.com/us/
Tel: +1 855-551-6903

You can reach our Data Protection Officer as follows:

Caspian Point One,
Pierhead Street,
Cardiff,
CF10 4DQ

Email: [email protected]
Tel: +44 (0)2920 886 500

In accordance with Article 27 of the GDPR we have appointed an EU representative. The contact information is as follows:

Creditsafe Ireland Limited
Block B Joyce’s Court,

Talbot Street,

DUBLIN 1

E-Mail:  [email protected]
Website: https://www.creditsafe.com/cs/en.html
Telephone: 01 898 3200

What data does Creditsafe collect and for which purposes?

We process the following categories of data on customers and suppliers: Company name, legal form, business address, legal representatives and contact persons (name, given name, e-mail address and phone / fax numbers) as well as invoicing data.

Creditsafe processes this data to prepare and execute a contract, to provide your employees with access to our services, to manage the account, including invoicing, customer relationship management and dealing with customer service enquiries and to offer to you as a customer any other services that may be of interest to you, unless you have objected to the use of your data for marketing purposes.

Where does Creditsafe’s data originate from?

The information we process has either been collected directly from the customer/supplier and the respective contacts at the customer / supplier or via publicly available information sources such as commercial registers or the website of the customer/ supplier.

 What is the legal basis for Creditsafe to process your data?

The legal basis for the processing of personal data is as follows:

  • Art. 6 (1) (b) GDPR, which permits processing for purposes of entering into and performance under a contract,

  • Art. 6 (1) (f) GDPR, which permits processing for the protection of our legitimate interests, unless there is an outweighing interest of the natural person concerned which prohibits such processing.
  •  
  • Art. 6 (1) (a) GDPR, which permits the processing based on the consent given by the relevant data subjects. You can revoke your consent at any time. This has no retroactive effect. However, due to your revoked consent we are then no longer allowed to process your data. The other regulations permitting data processing (Art. 6 (1) (b) GDPR, Art. 6 (1) (f) GDPR) remain unaffected.

Who does Creditsafe share data with?

We share personal identifiable information with recipients in the following groups:

·       Personnel within the Creditsafe group who need to know this information to perform their functions and obligations,

·       Other third parties which process the data on our behalf as a service provider bound by contracts pursuant to data protection law, for example marketing agencies

·       To institutions who Creditsafe has to pass on information to fulfil statutory obligations. 

·       With Creditsafe’s partners who provide third party data products and services that are sold by Creditsafe.

Where is personal data stored?

Personal data is stored on servers located within the USA.    

How long does Creditsafe store data for?

We store personal data only for as long as necessary to achieve the purposes described above and delete the data thereafter, but in any event upon expiration of the relevant statutory retention periods.

Is data transferred to a recipient outside of the UK, European Union, or the European Economic Area?

Data stored in Creditsafe’s CRM system is accessible to all Creditsafe’s entities including those in the USA, Canada and Japan. Creditsafe has executed data sharing agreements with these entities and where necessary included the EU Standard Contractual Clauses and the UK International Data Transfer Agreement Addendum have been executed (Art. 46 (2) (c) GDPR) and once Transfer Impact Assessments have been concluded.

Otherwise personal data from customers / suppliers will only be transferred to recipients in third countries to the extent necessary for the execution of the contract. 

 What are your rights as a data subject?

According to Art. 15 GDPR you have the right to obtain information regarding all data we stored about you.

In the event that you discover outdated or incorrect information about yourself, you have the right in accordance with Art. 16 GDPR to have it updated and corrected by us at any time. 

Furthermore, in accordance with Art. 17 GDPR, you may also have the right to have your personal data deleted provided that we have no right or authority to further process the data.

Under the conditions set out in Art. 18 GDPR, you have the right to restrict the processing of your personal data.

You are entitled to the right of objection pursuant to Art. 21 GDPR in the following circumstances.

1. Right to object on grounds relating to a particular situation:

According to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.

If you object we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (e.g. to assert or defend ourselves against legal claims).

2. Right to object against marketing:

In addition, pursuant to Art. 21 (2) GDPR, you may also object against the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.

Please direct all data subject rights requests to the contact address mentioned at the top of this page.

Where can you raise a complaint?

You have the right to contact our supervisory authority, the Information Commissioners Office.

Do you have an obligation to share or update data?

You do not have to give us any data. However, as long as we have a contract or a pre-contractual relationship, we are entitled to process your data for the contract, or for the aforementioned use purposes (see above under Which categories of Data does Creditsafe process for which purposes? and under What is the legal basis for processing the data?). 

Is your data used for automated decision making? 

As a matter of principle we do not use any customer / supplier data for automated decision making in the meaning of Art. 22 GDPR.    
  

Is your data used for profiling and/or scoring?

No.

This Transparency Notice was updated in September 2022.