1.1 These Terms and Conditions apply to the provision of commercial and consumer credit, financial, and operational data, management and other related services provided by the Supplier to the Customer. Unless expressly agreed in writing by the Supplier, the Agreement ,the Terms and Conditions and the ancillary documents referred to together constitute the entire agreement between the parties as to the subject matter hereof and supersedes all prior understandings,representations, or communications, whether written or oral, as to the subject matter of the Agreement. No variation of or waiver of or amendment to the Agreement or the Terms and Conditions shall be binding on the Supplier unless agreed in writing by a Director on its behalf.
1.2 Any provision of this or any Agreement which is unenforceable under any applicable law shall not affect the remaining provisions. No waiver or forbearance by the Supplier (whether express or implied) in enforcing any of its rights under this or any Agreement shall prejudice its rights to do so in the future.
1.3 By signing the Customer Agreement Form, or by accessing or using the service, the Customer accepts the content of this Agreement. Unless otherwise stated in the Terms and Conditions, where the terms of the Agreement Confirmation conflict with the Terms and Conditions, the Terms and Conditions shall take precedence.
1.4 This Agreement shall be in force from the date stipulated in the Customer Agreement Form. From time to time the Supplier may make alterations to the services including the algorithms used to calculate risk ratings, credit limits, payment scores and other criteria in order to provide what the Supplier believes to be the most accurate recommendations. The Customer accepts that the Supplier may make such changes at any time in order to provide accurate and predictive recommendations.
1.5 This Agreement entitles the Customer to access and retain the Service for the purposes detailed in this Agreement and for the duration of the Agreement only. At the end of this minimum period, the ownership of the Service and ensuing rights shall revert to the Supplier.
1.6 This Agreement does not permit the Customer to access and / or use the service outside the United Kingdom and Ireland, with the exception of incidental use such as when a customer is travelling, provided that the Customerâ€™s permanent place of employment is within the UK or Ireland.
THE FOLLOWING EXPRESSIONS SHALL HAVE THE FOLLOWING MEANINGS:
Agreement means this, or any other Agreement, each of which shall incorporate these Terms and Conditions, the ancillary documents referred to in these Terms and Conditions and any other special Terms and Conditions agreed in writing by the Customer and the Supplier.
Customer means any individual, firm, partnership, company or organisation or any other undertaking, which orders or receives from the Supplier any Credit Information or any other service as detailed herein. The name and other details of the Customer are identified within the Agreement.
Supplier means Credit Assist Ltd, Registered in England number 05002999.
Contributors means any party who owns or provides any of the data content or information, which is made available under this, or any Agreement.
Credit Information means any credit report or other business information of any kind supplied by the Supplier under this or any Agreement.
Points means one or more points of such value in sterling or Euro as the Supplier shall specify that may be purchased by the Customer and used in payment for the services provided by the Supplier.
Start Date means the date at which the Customer can start using the Supplierâ€™s solution.
Invoice Plan means a Customer who wishes to pay for the use of the Supplierâ€™s solution via invoice.
Payment Plan means a customer who wishes to pay for the use of the supplier solution via Direct Debit or Standing Order.
2.1 Each party undertakes that it shall not at any time disclose to any person any confidential information concerning the business affairs, customers, clients, or suppliers of the other party except as permitted by clause 2.2
2.2 Each party may disclose the other partyâ€™s confidential information:
2.2.1 To its employees, officers, representatives, or advisers who need to know such information for the purposes of carrying out the partyâ€™s obligations under this Agreement. Each party shall ensure that its employees, officers, representatives or advisers to whom it discloses the other partyâ€™s confidential information comply with clause 2.
2.2.2 And as may be required by law, court order or any governmental or regulatory authority.
2.3 The Customer shall not indentify the Supplier or the Contributors as a source of reference except with the prior written consent of a director of the Supplier
3.1 The Customer undertakes to use any Credit Information supplied by the Supplier or its Contributors only for general information and not as the basis for making any business or other decision. The Supplier and its Contributors shall not be liable for any loss or damage whatsoever as a result of the Customerâ€™s use of the Credit Information, its reliance on any advice or opinions expressed therein including any loss suffered by the Customer as a result of any claim by the subject of any such Credit Information arising from refusal of credit to its customers or other third parties or for any reason howsoever arising.
3.2 Credit Information provided to the Customer may in whole or part represent, be compiled from or contain expressions of advice or opinion based on data supplied by Contributors, the accuracy or completeness of which the Supplier is unable to verify. Neither the Supplier nor its Contributors warrant or guarantee the accuracy or completeness of any Credit Information provided to the Customer or the validity of any advice or opinion contained therein nor do they make any representation in respect thereof and they accept no liability for any errors or omissions therein.
3.3 All times and dates quoted for delivery of any Credit Information are estimates only and the Supplier and its Contributors shall not be liable for any liability, loss or damage arising from the delay or failure of themselves or their officers, employees or agents in procuring, presenting, communicating or otherwise providing any Credit Information. The Customer undertakes at all times to exercise its own judgement in the use of data provided by the Supplier and its Contributors, and shall be solely liable for all consequential opinions, recommendations, forecasts, comments, or actions taken.
3.4 The Customer hereby indemnifies the Supplier, its officers, employees, agents or associates and its Contributors from and against any liability, loss or damage whatsoever (including costs and any necessary payments made in order to settle or compromise any claim) which it or they may suffer or incur directly or indirectly from any breach of any of the provisions of this or any Agreement by the Customer or by the Customerâ€™s employees or agents or by any other party acting through or with the Customer.
3.5 The Supplier's maximum liabillity under this or any Agreement shall be limited to the ammount of the Supplier's invoice issued for the service
4.1 The Credit Information made available to the Customer under this or any Agreement is the copyright property of the Supplier and its Contributors, except as expressly set out in this or any Agreement. All rights are reserved and the Customer shall not sell, rent out, disclose or sub-licence any part of any Credit Information without the written consent of the Supplier and its Contributors in each instance.
4.2 The Customer acknowledges that any and all of the copyright, trademarks, and other intellectual property rights subsisting in or used in connection with the service provided by the Supplier, are the property of the Supplier or a Contributor (as the case may be) and the Customer shall not during or at any time after the expiry or termination of the Agreement in any way question or dispute the ownership by the Supplier or a Contributor (as the case may be) of any such rights.
4.3 The Customer is not permitted and will not allow any third party to adapt, alter, modify, reverse engineer, de-compile, or otherwise interfere with any element of the Service without the Supplierâ€™s written permission.
4.4 The Supplier and the Customer agree that Contributors relied upon will be entitled to have full benefit under The Contracts (Rights of Third Parties) Act 1999. All those provisions having a bearing on the use of their information and on the rights and liabilities arising out of such use including, but not limited to, those provisions of this or any Agreement in which there appear references to Contributors.
5.1 The fee payable by the Customer shall be in accordance with the Supplierâ€™s quoted rate from time to time for the service provided. The fee is exclusive of VAT, which shall be due at the rate prevailing at the date of the Supplierâ€™s invoice.
5.2 If the Customer is based and registered in Ireland, the Customer must provide the Supplier with a valid VAT registration number, which will be verified by the Supplier, and if this Ireland VAT number is not valid then VAT will be applied at the UK VAT rate prevailing at the date of Supplierâ€™s invoice. 5.3 The Customer has two payment options, either by way of invoice (Invoice Plan) or by way of Direct Debit/Standing Order (Payment Plan)
(a) For Invoice Plan customers, payment of the Agreement Value and VAT shall be due within 14 days from the date that the invoice is issued unless otherwise stated in the Customer Agreement Form, to take place no earlier than the Start Date, and shall be paid in full without deduction or set off. If the Agreement is automatically renewed, this will be on the same commercial terms and minimum period as the previous agreement.
(b) For Payment Plan Customers, this Agreement will last for the Minimum Period and will then continue after the Minimum Period until it is cancelled on any repeat Agreement anniversary date thereafter. The Customer can cancel this Agreement at the end of the Minimum Period, giving 7 daysâ€™ notice in writing, or on the anniversary of the automatic renewal date.
(c) The Customer may terminate this Agreement before the end of the Minimum Period by giving Supplier three months written notice of termination AND paying the Supplier ALL the outstanding monthly payments (Termination Payment) up to the end of the Minimum Period.
5.4 Payment is strictly due in full within 14 working days unless otherwise stated in the Customer Agreement Form, otherwise interest at 5% over FHBR (Finance House Base Rate) will be charged from invoice date. There is a standard charge of Â£40 for failed payments.
5.5 Prepayments made by the Customer for Points to access UK/Ireland business information (either by way of Invoice Plan or Payment Plan) shall be valid only for the duration of the contract minimum period term and any unused points become obsolete and cannot be used. Any amendments to this condition are at the sole discretion of the Supplier and should be stipulated in the agreement.
5.6 International reports (providing details of companies based outside the United Kingdom and Ireland) are provided on a subject to availability basis, and the countries from which reports are available may vary throughout the course of the term of this Agreement. International reports outside of UK and Ireland are charged separately to the points system used for UK and Ireland reports, and can be either be prepaid in accordance with the Invoice or Payment plan, or invoiced monthly in arrears according to usage. Commercial terms for both UK/Ireland and International reports must be stated in the Agreement. Due to the different legal filing legislation around the World, it may be necessary to conduct bespoke reports in some countries where information is not readily available.
5.7 This Agreement is subject to an automatic renewal process in order to ensure the Customer does not lose continuity of service. If the Customer does not wish the Agreement to be automatically renewed on the same basis as the previous minimum period, then the Customer must provide written confirmation to the Supplier at least 30 days before the end of the Agreement minimum period. The Supplier will endeavour to contact the Customer by telephone or email before the Agreement ends in order to discuss the basis of renewal. If notice has not been provided 30 days before the end of the contract by the Customer to cease the automatic renewal, then the Supplier will send the Customer an invoice for the next minimum period of service, which will be on the same commercial terms and service length as the previous Agreement term.
6.1 The Supplier may terminate this or any Agreement with immediate effect or decline to provide any Credit Information at any time if:
(a) The Customer fails to pay any invoice for the Supplierâ€™s charges under this or any Agreement.
(b) The Customer fails to remedy any breach of this or any Agreement within 30 days of receipt of notice of that breach.
(c) The Customer becomes insolvent or ceases to pay its debts as they fall due, or ceases in business, or goes into receivership or voluntary liquidation, winding up or bankruptcy proceedings are commenced in respect of it.
(d) The Supplier is for any reason unable to continue supporting the service (or any part of it) or making it available to the Customer.
6.2 As from the effective date of termination of this or any Agreement in any circumstances, the Supplier may refuse the Customer access to the databases and the Supplier may take steps to invalidate the Customerâ€™s password and thereby prevent access but otherwise termination will not affect the Supplierâ€™s entitlement to invoice and be paid for charges accrued under this or any Agreement or any other right or remedy which either party may have against each other.
7.1 The Supplier shall not have any liability to the Customer in respect of any failure to carry out or any delay in carrying out its obligations under this Agreement attributable to any cause of whatever nature outside its reasonable control, including (without limitation) terrorism, Act of God, war, riot, strike, lockout, industrial action, fire, flood,drought, tempest, change in the law, lack of electrical or other power or failure,malfunction, or overload in telecomunications or computer facilities or the internet.
8.1 The Customer shall maintain adequate security measures to protect the integrity and security of user IDâ€™s and passwords issued by the Supplier. This shall include (but not be limited to) the Customer limiting access to those employees who either have a need to know or are engaged in the use of the Supplierâ€™s IDâ€™s and passwords. The Customer must impress upon such employees the fact that the user IDâ€™s and passwords are confidential information. The Customer shall not (and shall procure that its employees and agents shall not) under any circumstances disclose the user IDâ€™s and passwords to any third party. The Customer will be liable for any abuse or misuse of user IDâ€™s and passwords or security breaches resulting from the Customerâ€™s (or its employeesâ€™ or agentsâ€™) failure to comply with conditions stated within this section.
9.1 Where the Supplier acts as a data controller (as defined in the General Data Protection Regulation ((EU) 2016/679) or any successor legislation to it), it shall do so in accordance with its privacy notice. The Supplierâ€™s privacy notice is available on request and may also be viewed on its website at www.creditassist.co.uk.
9.2 Where the Supplier acts as a data processor (as defined in the General Data Protection Regulation ((EU) 2016/679) or any successor legislation to it), it shall do so in accordance with its processing terms. The Supplierâ€™s processing terms are available on request and may also be viewed on its website at www.creditasssist.co.uk.
9.3 This Agreement shall be governed by, and construed in accordance with, English law which shall be the proper law of this or any Agreement and both parties hereby submit to the exclusive jurisdiction of the English courts.
9.4 The failure of the Supplier to exercise or enforce any right or provision or this Agreement shall not constitute a waiver of such a right. The service is subject to availability. Should any third party data become unavailable to the Supplier, the Supplier shall be entitled to obtain a similar service from another third party supplier.
9.5 All requests received under the Consumer Credit Act or, where appropriate, the General Data Protection Regulation ((EU) 2016/679) shall be referred to the Supplier. Nothing in this or any Agreement shall prevent or hinder either the Supplier or the Customer from complying with their respective obligations as to disclosure or otherwise in connection with the aforementioned legislation.
9.6 If any provision of this Agreement is held to be invalid or unenforceable, such provision shall be struck out and the remaining provisions shall remain.
9.7 Headings are included for ease of reference only and shall not affect the interpretation of these conditions
9.8 The supplier may assign both the benefit and burden of this Agreement.
9.9 The Customer shall not do anything to harm the reputation of the Supplier.
9.10 Availability and Maintenance of the Service The Customer acknowledges, accepts and agrees that Credit Assist will need to conduct planned or emergency maintenance which may affect the availability of the Service. Credit Assist shall use reasonable endeavours to carry out planned maintenance outside of normal business hours defined as 8.30 â€“ 5.30 on a normal working day but reserves the right to carry out emergency maintenance at any time provided always Credit Assist shall use reasonable endeavours to restore the Service as soon as reasonably practicable. Notwithstanding the foregoing, Credit Assist: does not warrant that the Customerâ€™s use of the Service will be uninterrupted or error-free; and is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Service may be subject to limitations, delays and other problems inherent in the use of such communications facilities. Credit Assist shall have no liability (on any account whatsoever) to the Customer as a result of or related to such events.
Data Processing Terms
Customer: means any individual, firm, partnership, company or organisation
or any other undertaking, which orders or receives from the Supplier any
goods or services pursuant to the Main Agreement.
Customer Data: means any information or data, in whatever form, which is
held on, entered into, processed by, or retrievable from computer,
communication or other systems or equipment of the Customer including
Customer Personal Data and data processed by the Customer in providing
goods or services to its clients and customers.
Customer Personal Data: means any Personal Data of which the Customer is
the Data Controller or which the Customer is processing on behalf of another
Data Controller (such as another company in the Customer's group or a
customer of the Customer, or any of their customers or group companies)
and which is processed by the Supplier as Data Processor on behalf of the
Customer under or in connection with the Main Agreement, including the
information more particularly described in the Schedule.
Data Protection Legislation: means (i) until the GDPR is directly applicable in
the United Kingdom, the Data Protection Act 1998; (ii) once the GDPR is
directly applicable in the United Kingdom and unless and until the GDPR is no
longer directly applicable in the United Kingdom, the GDPR and any national
implementing laws, regulations and secondary legislation in the United
Kingdom relating to the processing of personal data and the privacy of
electronic communications, as amended, replaced or updated from time to
time; and then (iii) any successor legislation to the GDPR or the Data
Protection Act 1998.
GDPR: means the General Data Protection Regulation ((EU) 2016/679).
Main Agreement: means the one or more agreements which the Supplier has
entered into with the Customer to provide goods and/or services to the
Customer as is agreed in that agreement or those agreements, as the case
Supplier: means Credit Assist Limited (company registration number
1.1 Both parties will comply with all applicable requirements of the Data
Protection Legislation. This clause 1.1 is in addition to, and does not relieve,
remove or replace, a party's obligations under the Data Protection Legislation.
1.2 The parties acknowledge that for the purposes of the Data Protection
Legislation, to the extent the Supplier is processing Customer Personal Data,
the Customer is the Data Controller (or is processing on behalf of the Data
Controller), the Supplier is a Data Processor (for the Customer or, through the
Customer, for another Data Controller) (where Data Controller and Data
Processor have the meanings as defined in the Data Protection Legislation)
and the Customer appoints the Supplier to process the Customer Personal
Data. The Schedule sets out the scope, nature and purpose of processing by
the Supplier, the duration of the processing and the types of Personal Data (as
defined in the Data Protection Legislation, Personal Data) and categories of
data subject (as defined in the Data Protection Legislation, Data Subject).
1.3 Without prejudice to the generality of clause 1.1, the Customer will ensure
that it has all necessary appropriate consents and notices in place to enable
lawful transfer of the Customer Personal Data and Customer Data to the
Supplier for the duration and purposes of the Main Agreement and the
supplementary agreement between the parties pursuant to these data
processing terms (this Processing Agreement).
1.4 Without prejudice to the generality of clause 1.1, the Supplier shall, in
relation to any Customer Personal Data processed in connection with the
performance by the Supplier of its obligations under the Main Agreement
and this Processing Agreement:
(a) process that Customer Personal Data only on the written instructions of
the Customer unless the Supplier is required by the laws of any member of
the European Union or by the laws of the European Union applicable to the
Supplier to process the Customer Personal Data (Applicable Laws). Where the
Supplier is relying on laws of a member of the European Union or European
Union law as the basis for processing the Customer Personal Data, the
Supplier shall promptly notify the Customer of this before performing the
processing required by the Applicable Laws unless those Applicable Laws
prohibit the Supplier from so notifying the Customer;
(b) ensure that it has in place appropriate technical and organisational
measures, reviewed and approved by the Customer, to protect against
unauthorised or unlawful processing of the Customer Personal Data and
against accidental loss or destruction of, or damage to, the Customer
Personal Data, appropriate to the harm that might result from the unauthorised
or unlawful processing or accidental loss, destruction or damage and the nature
of the data to be protected, having regard to the state of technological
development and the cost of implementing any measures (those measures may
include, where appropriate, pseudonymising and encrypting the Customer
Personal Data, ensuring confidentiality, integrity, availability and resilience of its
systems and services, ensuring that availability of and access to the Customer
Personal Data can be restored in a timely manner after an incident, and regularly
assessing and evaluating the effectiveness of the technical and organisational
measures adopted by it);
(c) ensure that all personnel who have access to and/or process the Customer
Personal Data are obliged to keep the Customer Personal Data confidential; and
(d) not transfer any Customer Personal Data outside of the European Economic
Area unless the prior written consent of the Customer has been obtained and
the following conditions are fulfilled:
(i) the Customer or the Supplier has provided appropriate safeguards in relation
to the transfer;
(ii) the Data Subject has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under the Data Protection
Legislation by providing an adequate level of protection to any Customer
Personal Data that is transferred; and
(iv) the Supplier complies with reasonable instructions notified to it in advance
by the Customer with respect to the processing of the Customer Personal Data;
(e) reasonably and timeously assist the Customer, at the Customer's cost, in
responding to any request from a Data Subject and in ensuring compliance
with its obligations under the Data Protection Legislation with respect to
security, breach notifications, impact assessments and consultations with
supervisory authorities or regulators;
(f) notify the Customer without undue delay on becoming aware of a Personal
(g) at the written direction of the Customer, delete or return Customer Personal
Data and copies thereof to the Customer on termination of the Main
Agreement or this Processing Agreement unless required by Applicable Law to
store the Customer Personal Data; and
(h) maintain complete and accurate records and information to demonstrate its
compliance with this clause 1.4 and allow for audits by the Customer or the
Customer's designated auditor.
1.5 The Customer does not consent to the Supplier appointing any third party
processor of the Customer Personal Data or the Customer Data under this
Processing Agreement. If the Customer does in the future consent to the
Supplier appointing a third-party processor of the Customer Personal Data or
the Customer Data under this Processing Agreement, the Supplier confirms that
it will enter into a written agreement with the third-party processor
incorporating terms which are substantially similar to those set out in this
Processing Agreement. As between the Customer and the Supplier, the Supplier
shall remain fully liable for all acts or omissions of any third-party processor
appointed by it pursuant to this clause 1.5.
1.6 If an amendment is required to this Processing Agreement in order
to comply with the Data Protection Legislation, Applicable Laws or
requirements set out by the Customer, the Customer will provide an
amendment with the required changes to the Supplier. Both parties will work
together in good faith to promptly execute a mutually agreeable amendment
to this Processing Agreement reflecting the required amendment. In case the
Supplier is not able to accommodate the requested changes, the Customer may
terminate this Processing Agreement and the Main Agreement with fifteen
days' written notice.
1.7 No failure, delay or omission by either party in exercising any right,
power or remedy provided by law or under this Processing Agreement shall
operate as a waiver of that right, power or remedy, nor shall it preclude or
restrict any future exercise of that or any other right or remedy. No single or
partial exercise of any right, power or remedy provided by law or under this
Processing Agreement shall prevent any future exercise of it or the exercise of
any other right, power or remedy.
1.8 This Processing Agreement and any dispute or claim arising out of, or in
connection with it, its subject matter or formation (including non-contractual
disputes or claims) shall be governed by, and construed in accordance with, the
laws of England and Wales.
1.9 The parties irrevocably agree that the courts of England and Wales shall
have exclusive jurisdiction to settle any dispute or claim arising out of, or in
connection with, this Processing Agreement, its subject matter or formation
(including non-contractual disputes or claims).
Schedule â€“ Processing, Personal Data and Data Subjects
1.Processing by the Supplier
1.1Scope, nature and purpose of processing
The scope, nature and purpose of the processing is the provision of goods
and/ or services by the Supplier to the Customer under the Main Agreement.
1.2 Duration of the processing
The duration of the processing corresponds to the duration of the Main
2. Types of Personal Data
- Identity Data including first name, maiden name, last name, username or
similar identifier, marital status and dependents, title, date of birth, gender,
next of kin and emergency contact information, National Insurance number
and copy of driving licence.
- Contact Data including billing address, delivery address, email address and
-Financial Data including bank account and payment card details.
-Transaction Data including details about payments to and from the Data
Subject and other details of goods and services the Data Subject has
- Technical Data including internet protocol (IP) address, the Data Subject's
login data, browser type and version, time zone setting and location, browser
plug-in types and versions, operating system and platform and other
technology on the devices the Data Subject uses to access the website of the
Customer or another Data Controller.
- Profile Data including the Data Subject's username and password, purchases
or orders made by the Data Subject, the Data Subject's interests, preferences,
feedback and survey responses. -Usage Data including information about
how the Data Subject uses the website of the Customer or another Data
Controller, goods and services.
- Marketing and Communications Data including the Data Subject's
preferences in receiving marketing from the Customer or another Data
Controller (and third parties) and the Data Subject's communication
-Employment Data including:
- Bank account details, payroll records and tax status information.
- Salary, annual leave, pension and benefits information. -Start date.
- Location of employment or workplace.
- Recruitment information (including copies of right to work documentation,
references and other information included in a CV or cover letter or as part of
the application process).
- Employment records (including job titles, work history, working hours,
training records and professional memberships). -Compensation history.
-Performance information. -Disciplinary and grievance information.
- CCTV footage and other information obtained through electronic means
such as swipecard records.
- Information about the Data Subject's use of the information and
communications systems of the Customer or another Data Controller.
- Special Categories of more "sensitive personal information" including:
- Information about the Data Subject's race or ethnicity, religious beliefs,
sexual orientation and political opinions. -Trade union membership.
- Information about the Data Subject's health, including any medical
condition, health and sickness records. -Genetic information and biometric
data. -Information about criminal convictions and offences.
3. Categories of Data Subject
-The Customer's employees (including temporary or casual workers and
- Another Data Controller's employees (including temporary or casual workers
-The Customer's group companies' employees (including temporary or casual
workers and applicants).
- The Customer's customers and potential customers.
- Another Data Controller's customers and potential customers.
- Employees of the Customer's customers and potential customers.
- Employees of another Data Controller's customers and potential customers.
- The Customer's business partners.
- Another Data Controller's business partners.
- Employees of the Customer's business partners.
- Employees of another Data Controller's business partners.
- The Customer's visitors. - Another Data Controller's visitors.
- The Customer's suppliers and sub-contractors.
- Another Data Controller's suppliers and sub-contractors.
- Employees of the Customer's suppliers and sub-contractors.
- Employees of another Data Controller's suppliers and sub-contractors.
- The Customer's agents, consultants and other professional experts and
- Another Data Controller's agents, consultants and other professional experts
- Individuals identified in documents processed by the Customer in providing
goods or services to its customers
Welcome to Credit Assist Limited’s privacy notice.
Credit Assist Limited respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data which you provide to us when you enter into a contract with us to purchase a product or service (whether on behalf of an organisation or personally), make payment to us, make an enquiry to us, visit our website at www.creditassist.co.uk (regardless of where you visit it from) or otherwise. This privacy notice will also tell you about your privacy rights and how the law protects you.
Please use the Glossary to understand the meaning of some of the terms used in this privacy notice.
Important information and who we are
Purpose of this privacy notice
This privacy notice aims to give you information on how Credit Assist Limited collects and processes your personal data which you provide to us when you enter into a contract with us to purchase a product or service (whether on behalf of an organisation or personally), make payment to us, make an enquiry to us, visit our website (regardless of where you visit it from) or otherwise.
We do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Credit Assist Limited is the controller and is responsible for your personal data (collectively referred to as the “Company”, "we", "us" or "our" in this privacy notice).
We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the data privacy manager using the details set out below.
Our full details are:
Credit Assist Limited – for the attention of the data privacy manager
York Studios, Cold Ashby Road, Guilsborough, Northamptonshire, NN6 8QP
You have the right to make a complaint at any time to the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the privacy notice and your duty to inform us of changes
This version was last updated in March 2018 and historic versions can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party links on our website
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and systems.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific feature of our website. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with products or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
How is your personal data collected?
We may use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
apply for our products or services;
create an account with us (on our website or otherwise);
subscribe to our service or publications;
request marketing to be sent to you;
enter a competition, promotion or survey; or
give us some feedback.
Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies, server logs and other similar technologies.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources.
We may also record phone conversations we have with you.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of data
Lawful basis for processing including basis of legitimate interest
To register you as a new customer
Performance of a contract with you
To process and deliver your order/instructions including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy notice
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about products or services that may be of interest to you
Necessary for our legitimate interests (to develop our products/services and grow our business)
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services, offers and other information (such as in respect of events we may run or news updates we may provide) may be relevant for you (we call this marketing).
You may receive marketing communications from us if you have requested information from us, purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have opted-in to receive that marketing and have not subsequently opted out of receiving that marketing.
We will also get your express opt-in consent before we share your personal data with any company outside the Company (or our group) for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
A cookie is a piece of information stored on your computer’s hard drive that records how you have used a website. The next time you visit that website, it can tailor your options based on the information it has stored about your last visit.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above.
Internal Third Parties as set out in the Glossary.
External Third Parties as set out in the Glossary.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We would not allow any third-party service providers to us to use your personal data for their own purposes and would only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not knowingly transfer your personal data outside the European Economic Area (“EEA”). However, some External Third Parties may run their operations outside of the EEA. Although they may not be subject to the same data protection laws as organisations based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you agree to this transfer, storing or processing at a location outside of the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available from us by request. Please be aware that, by law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data. Please see below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These are explained in the Glossary.
If you wish to exercise any of these rights, please contact us.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you or an organisation you represent are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Internal Third Parties
Other companies in the Company’s group, acting as joint controllers or processors.
External Third Parties include:
Service providers acting as processors who provide IT and system administration services.
Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, marketing advisers, human resources advisers and insurers who provide consultancy, banking, legal, marketing, human resources, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances.
YOUR LEGAL RIGHTS
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
What Are Cookies?
Cookie Types and Their Uses
Session cookies only last for the duration of your visit and are deleted when you close your browser. These facilitate various tasks such as allowing a website to identify that a user of a particular device is navigating from page to page, supporting website security or basic functionality. Most of the cookies CREDIT ASSIST uses are session cookies. They keep you signed into CREDIT ASSIST while you move between pages and service your account.
CREDIT ASSIST also uses persistent cookies. These cookies last beyond your session and remain after you have closed your browser. Persistent cookies will remain on your computer until you choose to remove them.
CREDIT ASSIST uses persistent cookies in a few ways, such as to remember your username for sign in so you donâ€™t have to re-enter the information on every visit.
First and Third Party Cookies
You may have seen references on other websites to first party cookies and third party cookies. Determining whether or not a cookie is a first or third party cookie depends on which website sets the cookie on your device. First party cookies are set by, or on behalf of, the company whose website you visit. Cookies set by any other company are third party cookies. For example, third party cookies may be used by advertising companies to serve ads when you visit their website. CREDIT ASSIST uses first and third party cookies.
For new visitors, we use first party cookies or Web beacons to collect limited data, such as the date, time, and areas of our website that are visited, as well as the website from which the new visitor came. We may use IP addresses to derive certain other information concerning businesses visiting our websites as described in this policy, but we do not analyse this information in a way which would reveal the identity of the individual browsing our websites. When you select one of our products or services, register for a newsletter or e-mail alert, fill out an online form, or complete a survey, we may try to identify your browser and we may combine information from cookies, Web beacons, and other information collected online with other data that we maintain about you. By improving the features, marketing, and content of our website and by making your online experience more convenient and meaningful, we are able to better serve our customers' needs.
What If I Don't Want to Accept Cookies?
You can choose to restrict or block access to cookies set by CREDIT ASSIST or any other company. You can set your browser to notify you when a web server attempts to write a cookie to your computer. This gives you a chance to accept or reject the cookie. You can control whether or not these cookies are used, but preventing them may mean you will be unable to log in to certain CREDIT ASSIST websites.
How Can I Control Cookies?
If you don't want to receive cookies from the CREDIT ASSIST website, you can opt out of them when given the consent option.
Web Browser Cookies
If you wish to restrict or block web browser cookies which are set on your device then you can do this through your browser settings. The Help function within your browser should tell you how. Alternatively, you may wish to visit www.aboutcookies.org, which contains comprehensive information on how to do this on a wide variety of desktop browsers. You'll also find details on how to delete cookies from your computer, as well as more general information about cookies.
Most CREDIT ASSIST websites do work without cookies, but you will lose some features and functionality if you choose to disable cookies. Occasionally some CREDIT ASSIST websites will be completely unable to function without cookies being enabled.