Transparency Statement

This document describes how Company Check Ltd, uses and shares personal data we receive about your business for our own marketing.

Understanding what personal data we hold and how we use it is important as the data protection law governs the way this data can be used and what rights you have.

This document answers the following questions:

  1. Who is Company Check and how can I contact them?
  2. What data does Company Check collect and for which purposes?
  3. Where does the data originate from?
  4. What is the legal basis for Company Check to process data?
  5. Who do Company Check share data with and where is personal data stored?
  6. Is data transferred to a recipient outside of the UK?
  7. How long does Company Check store data?
  8. What are my rights as a data subject?
  9. Where can I raise a complaint?
  10. Do I have an obligation to share or update data with Company Check?
  11. Is there any automated decision making?
  12. Is my data used for profiling or scoring?

Who is Company Check and how can I contact them? 

Company Check Ltd can be contacted at:

Company Check Ltd

Caspian Point One

Pierhead Street

Cardiff

CF10 4DQ

E-Mail: dpo@companycheck.co.uk

Website: https://companycheck.co.uk

Tel.: +44 29 2267 9568

You can reach our Data Protection Officer as follows:

Caspian Point One

Pierhead Street

Cardiff

CF10 4DQ

E-Mail: dpo@companycheck.co.uk

Tel.: +44 29 2267 9568

What data does Company Check collect and for which purposes?

We save and process personal identifiable information for our internal marketing purposes.

Data on Individuals associated with businesses for example; name, given name, date of birth, place of birth, residential address, previous addresses, business address, business email-addresses and phone/fax numbers

Related business information for example;. industry, business type, financial worthiness, payment behaviour and settlement of claims

Customer case studies. Some of our customers have kindly consented to recording videos, podcasts, or written statements about how Company Check has added value to their organisations. Therefore Company Check will store and make available videos, photographs and the associated stories about the person, including their name, and their organisation.

Special categories of personal data in the sense of the Art 9 GDPR (e.g. ethnic origin, health data or data on political or religious attitudes) are not processed for this purpose.

The personal data may be held and processed with customer relationship management systems operated by Company Check for prospect and customer management purposes.    

Where does Company Check data originate from?

 

The data comes from public sources such as the commercial register and third party data suppliers, which will have obtained the data from you in the course of their business. We also collect personal data via our website, for example, when you submit a request for information, a free report or trial, or otherwise contact us.

We also collect usage information on our website via cookies and analytics providers. More information regarding this is available in our Privacy Policy and Cookies Policy, accessible via our website.

For customer case studies, the information is gathered directly from the individuals.

What is the legal basis for Company Check to process my data?

The legal basis for the processing of personal data is the General Data Protection Regulation, in particular Art. 6 (1) (f) GDPR, which permits processing for the protection of the legitimate interests of the controller or third parties, unless there is an outweighing interest of the person concerned which prohibits such processing. In particular, we rely on legitimate interests on the basis that a business has made its details available and it is for the benefit of all businesses that marketing is facilitated, as envisaged by recital 47 of the GDPR.

The legal basis for processing customer case studies is Consent as per Article 6 (1) (a).

For businesses that do not wish to receive marketing, there are legitimate means to prevent it, including not supplying the details for inclusion in business registers, objecting to direct marketing under the GDPR, and/or registering with the TPS/CTPS under the Privacy and Electronic Communications Regulations (PECR) and Company Check is fully compliant with such requirements.    

Who do Company Check share data with and where is personal data stored?

Company Check may share personal data with third party suppliers of Company Check in order to provide services in connection with Company Check’s marketing activities, including marketing due diligence, data enhancement, and marketing analytics. All such suppliers will be subject to contractual obligations which meet data protection requirements.

Customer case studies will be made available on Company Check’s websites and via social media platforms, which can be viewed by anyone in any territory.

Personal data may also be transmitted to other members of the Company Check group of companies for their own marketing purposes, for example in the case of a prospect which is outside of the UK.

Personal data is stored on Company Check servers in the EU.

Is data transferred to a recipient outside of the UK?

Where personal data is provided to contractors or group companies outside the UK, i.e. to so-called third countries, this takes place taking into account the requirements of the GDPR to recipients in countries with adequate data protection levels (Art. 45 GDPR) or to those recipients with whom EU standard contractual clauses have been concluded (Art. 46 (2) (c) GDPR).

How long does Company Check store data?

We store personal data only for as long as necessary to achieve the purposes described above.  In line with the data retention policies of national registries, we retain information about companies for 20 years after their dissolution, unless there is a business justification for continued use. We may hold data in an archived form for things like research and development, analytics and analysis, for audit purposes, and as appropriate for establishment, exercise or defence or legal claims. The criteria used to determine the storage period will include the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements and industry standards.

Customer case studies will be made available for 2 years after which they will be archived unless consent for further use is gained from the individual or organisation.   

What are my rights as a data subject and where can I raise a complaint?

According to Art. 15 GDPR you have the right to obtain information regarding all data we stored about you.

In the event that you discover outdated or incorrect information about yourself, you have the right in accordance with Art. 16 GDPR to have it updated and corrected by us at any time.

Furthermore, in accordance with Art. 17 GDPR, you may also have the right to have your personal data deleted provided that we have no right or authority to further process the data.

Under the conditions set out in Art. 18 GDPR, you have the right to restrict processing of your personal data.

Please direct any inquiries for information about the data we store about you, their rectification, deletion or restriction of processing, to the contact address mentioned in point 1.

Right to object according to Art GDPR.

1. Right to object on grounds relating to the particular situation:

According to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.

If you object we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (e.g. to assert or defend ourselves against legal claims)

2. Right to object against marketing:

In addition, pursuant to Art. 21 (2) GDPR, you may also object against the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.

An objection does not require a particular form and should be directed to the address stipulated in paragraph 1.

How do complain?

If you have a complaint about the use of your data, then please contact us at the addresses in paragraph 1. In addition, you can contact our supervisory authority, the Information Commissioner’s Office here.

Do I have an obligation to share or update data?

You do not have to provide any data when we ask you.    

Is my data used for automated decision making? 

We do not make any automated decisions within the meaning of Art. 22 GDPR.    

Is my data used for profiling and/or scoring?

Not for the purposes set out in this transparency notice. Please see our ‘product information’ transparency notice for more information on our profiling/scoring activities.