Privacy Policy
Credit Acuity Ltd Privacy Policy
General
This privacy policy (“Policy”) gives you information about how Credit Acuity Ltd collects and uses your Personal Data through your use of this Website, including any data you may provide to us when obtaining any reports from our Website or otherwise when engage our services.
This Website is not intended for children (being any person(s) under the age of 18) and we do not knowingly collect any form of data relating to children.
Throughout this Policy, references to:
“We”, “Us”, “Our” and “Controller” refers to the Company.
“You”, “Your” and “Client” means the client of the Company or Website user, as identified in the applicable Agreement.
“Agreement” has the meaning given in our terms and conditions of business, which can be accessed using the following link: Terms and Conditions
“Data” has the meaning given in the Agreement.
“Data Protection Legislation” means all applicable data protection and privacy legislation in force from time to time in the United Kingdom, including the Data Protection Act 2018, the Privacy and Electronic Communications (EC Directive) Regulations 2003, as amended, updated, replaced or re-enacted from time to time.
“Debtor” has the meaning given in the Agreement.
“Operating Platform” has the meaning given in the Agreement.
“Personal Data” any information about an individual from which that person can be identified, and as further described in the Data Protection Legislation.
“Services” has the meaning given in the Agreement.
“Website” means this website: www.creditacuity.com
If you have any queries about this Policy, please contact us using the information set out in the contact details section (paragraph 10).
Types of Personal Data we collect
We may collect, use, store and transfer certain types of Personal Data about you, which we have grouped together as follows:
Identity Data includes first name(s), surname(s), address(es), and Contact Data relating to you and/or the relevant Debtor(s).
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Profile Data includes username(s) and password(s) in order to access the Operating Platform.
Transaction Data includes all Data provided by you when engaging our Services, which will be uploaded to our Operating Platform, as well as details about payments to and from you and/or other information relating to the Services you have engaged us to provide.
Usage Data includes information about how you interact with and use our Website, Operating Platform, or otherwise engage our Services from time to time.
How is your Personal Data collected?
We use different methods to collect data (including Personal Data) from and about you including through:
Your interactions with us: you may provide your Personal Data by filling in online forms or by corresponding with us by post, telephone, email or otherwise. This includes Personal Data you provide when you:
enquire about or proceed to engage our Services; and/or
obtain reports via the Website.
Third parties or publicly available sources: From time to time, we may collect or receive Personal Data about you from various third parties (including public sources), including Contact Data, Financial Data, and Transaction Data collected from providers of technical, payment and delivery.
How we use your Personal Data
Legal Basis: The law requires us to have a legal basis for collecting and using your Personal Data. Our legal basis for collecting your Personal Data includes:
Performance of a contract with you: Where we need to perform the contract, we are about to enter into or have entered into with you.
Legitimate interests: we may use your Personal Data where it is necessary to conduct our business and pursue our legitimate interests, for example to prevent fraud and enable us to give you the best and most secure customer experience. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your Personal Data for our legitimate interests. We do not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Legal obligation: we may use your Personal Data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.
Consent: we rely on consent only where we have obtained your active agreement to use your Personal Data for a specified purpose, for example if you subscribe to an email newsletter.
Purposes for which we will use your Personal Data: we have set out below, in a table format, a description of all the ways we plan to use the various categories of your Personal Data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Performance of an Agreement with you to provide our Services.
| Purpose/Use | Type of data | Legal basis [and retention period] |
|---|---|---|
| To register you as a new client. | (a) Identity (b) Contact (c) Financial (d) Profile (e) Transaction (f) Usage | Performance of an Agreement with you to provide our Services. We will retain this data for six years as per the legal requirement in the UK. |
| To process and deliver your instruction when providing the Services, including: (a) Collecting and/or managing payments, fees and charges. (b) Supplying business information reports | (a) Identity (b) Contact (c) Financial (d) Profile (e) Transaction (f) Usage | (a) Performance of an Agreement with you. (b) Necessary for our legitimate interests (to recover any amounts due to us). We will retain this data for six years as per the legal requirement in the UK. |
| To manage our relationship with you which will include: (a) Notifying you about changes to the Agreement and/or this Policy. (b) Dealing with your requests, complaints and queries. c) Using you data for marketing purposes | (a) Identity (b) Contact (c) Profile (d) Transaction (e) Usage | (a) Performance of an Agreement with you (b) Necessary for compliance with applicable laws and regulations (c) Necessary for our legitimate interests (to keep our records updated and manage our relationship with you). (d) ability to unsubscribe. We will retain this data for six years as per the legal requirement in the UK. |
International transfers
We do not transfer your Personal Data outside of the UK. Should these circumstances ever change, we will seek your prior agreement before making any disclosure outside of the UK.
Data security
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used, or accessed in any unauthorised way, or otherwise altered or disclosed.
We limit access to your Personal Data to only those employees, agents, contractors and third parties who have a legitimate business purpose in accessing such data. Those persons will only process your Personal Data in line with our instructions, and will at all times remain subject to an ongoing duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breaches and will notify you, as well as the applicable regulator, of any breach where we are legally required to do so.
Data Retention
Details of retention periods for different aspects of your Personal Data are set out in the table above.
Your legal rights
You have a number of rights under Data Protection Legislation in relation to your Personal Data.
You have the right to:
request access to your Personal Data (commonly known as a “subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
request erasure of your Personal Data in certain circumstances. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
object any time to the processing of your Personal Data for direct marketing purposes.
request the transfer of your Personal Data to you or to a nominated third party. We will provide to you, or a third party you have nominated, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform our obligations under an Agreement with you.
request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in one of the following scenarios:
if you want us to establish the data’s accuracy;
where our use of the data is unlawful, but you do not want us to erase it;
where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
If you wish to exercise any of the rights set out above, please contact us, under the contact details at paragraph 9.
No fee usually required: you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances
What we may need from you: we may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond: we try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Contact details
If you have any questions about this Policy or about the use of your Personal Data or you want to exercise your privacy rights, please contact us in the following ways:
Email address: customerservices@creditacuity.com
Postal address: Office 7, 35-37 Ludgate Hill, London EC4M 7JN
Complaints
You have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). However, before doing so please make sure you have first made your complaint to us or asked us for clarification if there is something you do not understand. The ICO will expect you to have done this before reviewing your complaint.
Credit Acuity Ltd is committed to providing a high level of service to its clients and their customers. Please be assured that your complaint will always be investigated by somebody who is independent from the original issue.
If you do wish to make a complaint, please contact our operational support team at customerservices@creditacuity.com or write to us at:
Credit Acuity Ltd, Office 7 35-37 Ludgate Hill, London, EC4M 7JN
Changes to this Policy and your duty to inform us of changes
We keep this Policy under regular review.
It is important that the Personal Data we hold about you is accurate and current. Please keep us informed if your Personal Data changes during your relationship with us, for example a new address or email address.
35-37 Ludgate Hill, London, England, EC4M 7JN