Credas platform privacy notice

Introduction

This Platform Privacy Notice (together with our Terms and Conditions which can be read here (“Terms”) applies to your use of:

  • Credas Technologies Ltd web platform (“Platform”).
  • Any of the services accessible through the Platform (“Services”).

Version

12th April 2022

Who we are

Credas Technologies Ltd (referred to as “Credas“, “We“, “Us” or “Our” in this notice) is responsible for the Platform and Services.

We have appointed a Data Protection Officer (DPO). If you have any questions about this privacy notice, please contact them using the details set out below.

Name: Louis Lancaster
Email address: Louis.Lancaster@credas.com

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, however We would always appreciate the opportunity to resolve any issue you may have with the Platform or Services in the first instance.

The purpose of the Platform is to help customers (“Customers”) provide Services to their clients (“you” or “End User”) quickly and securely.

The data We collect about you

We will collect different data from you for different purposes:

As a process when We are asked by a Customer to process specific checks on you on their behalf.

As a controller to administer and protect Our business, Platform and Sites including troubleshooting, data analysis and system testing.

As a data controller when you sign up to an account with us.

The categories of data which We may collect are as follows:

ContactContentFinancialIdentityProfileUsage
Email addressDocumentBank accountBiometric (selfie)FeedbackDevice
Postal addressPhotoCredit checkDate of birthPasswordIP address
Tel. numberTextTransactionalDirectorshipPreferencesSystem
  Job title 
Name

The above categories of data may change to reflect additional services offered by Us from time to time. We will amend this policy from time to time to reflect such additional services.

Special Category Data We may collect about you

As data processor, we may collect Special Category Data at the request of the Customer. Special Category Data includes:

  • personal data revealing racial or ethnic origin;
  • personal data revealing political opinions;
  • personal data revealing religious or philosophical beliefs;
  • personal data revealing trade union membership;
  • genetic data;
  • biometric data (where used for identification purposes);
  • data concerning health;
  • data concerning a person’s sex life; and
  • data concerning a person’s sexual orientation.

Under data protection laws We require your explicit consent to process Special Category Data, which will be provided by you in the registration process. If you do not provide your consent for Us to process this data, We may not be able to carry out the Check required by the Customer.

Criminal Office Data We may collect about you

As data processor, we may collect Criminal Offence Data at the request of the Customer. The Customer is only permitted to request Criminal Offence Data is they have a lawful basis to do so. Any queries regarding the Customer’s lawful basis should be raised with the Customer.

How your personal data is collected

We may collect and process your data using different methods:

Information you give Us: This is information you consent to giving Us about you by using the Platform and Services.

Information We receive from others: This is information given to Us by the Customer or information We receive from our Data Providers when carrying out a Check on behalf of the Company. Our current Data Providers are: Companies House; GB Group Plc; LexisNexis Risk Solutions UK Limited. We may update this list from time to time.

How We use your personal data

We will only use your personal data when the law allows Us to do so. Most commonly We will use your personal data in the following circumstances:

  • Consent: where you have consented before the processing
  • Contract: where We need to perform a contract We have with the Customer that has requested that you use Our Platform
  • Legitimate Interests: where it is necessary for Our legitimate interests and your interests and fundamental rights do not override those interests

Purposes for which We will use your personal data

This table identifies the purposes for processing types of personal data and confirms in which situations we are acting as a data controller or processor of such data. It should be noted that the data controller controls the purpose and therefore the range of data We collect will depend on the Services requested by the data controller.

PurposeDataLawful basis for processingController/Processor
To register you as a new Platform userContact
Identity Profile
Consent
Contract
Controller
To administer and protect Our business, Platform and Sites including troubleshooting, data analysis and system testingContact
Identity
Usage
Legitimate InterestsController
Check(s)Contact
Content Financial
Identity
Consent
Contract
Processor


Disclosures of your personal data

When you consent to providing Us with your personal data, you also consent for Us to share your personal data with the third parties set out below:

  • Service providers acting as processors based in based in England and Wales to provide IT and system administration services (e.g. Microsoft).
  • Professional advisers acting as processors including lawyers, bankers, auditors and insurers based in based in England and Wales to provide consultancy, banking, legal, insurance and accounting services.
  • HM Revenue and Customs, regulators and other authorities acting as processors or joint controllers based in England and Wales who require reporting of processing activities in certain circumstances.
  • Third parties to whom We may choose to sell, transfer or merge parts of Our business or Our assets. Alternatively, We may seek to acquire other businesses or merge with them. If a change happens to Our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
  • Data Providers

International transfers

We do not transfer your personal data outside the United Kingdom.

Data security

All information you provide to Us is stored on secure servers situated in the United Kingdom.

All communication between our Platform and the servers is carried out over secure connections, and data is encrypted during transit and at rest.

We perform ongoing automated penetration to ensure that the Platform is secure.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when We are legally required to do so.

Data retention

The data controller (the Customer) decides the retention period for data We process. We shall retain the data until such a time as We are told to delete or anonymise the data; whether that be by explicit instruction by the Controller or contractual obligation.

Your legal rights

Under certain circumstances you have rights under data protection laws in relation to your personal data.

Your right of access

You have the right to ask for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information We process. You can read more about this right here.

Your right to rectification

You have the right to ask to rectify information you think is inaccurate. You also have the right to ask to complete information you think is incomplete. This right always applies. You can read more about this right here.

Your right to erasure

You have the right to ask to erase your personal information in certain circumstances. You can read more about this right here. 

Your right to restriction of processing

You have the right to ask to restrict the processing of your information in certain circumstances. You can read more about this right here.

Your right to object to processing

You have the right to object to processing if We are able to process your information because the process forms part of our public tasks, or is in our legitimate interests. You can read more about this right here. 

Your right to data portability

This only applies to information you have given Us. You have the right to ask that We transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. You can read more about this right here.

Please contact the Customer if you wish to make a request.

Lawful Basis

Legitimate Interest

Usage category data is required in order to troubleshoot any issues encountered (e.g. operating system version is not supported) and/or to inform product development (e.g. user preference of desktop over mobile).