The data input into the system will consist of search terms to return a report (e.g. director name). As this data is already held by us or our suppliers and the purpose of the search term is to allow us to return the correct data within our respective databases, the legal advice and ICO guidance we’ve had is that the search terms are exchanged on a controller-controller basis (a mutual exchange of data between two controllers) and not a distinct processing activity. Other than returning a report, this data is retained on our customers’ account history for usage tracking, account management and auditing purposes.


As Creditsafe acts as data controller, it is its responsibility to determine how long data is retained and on what basis. As concerns search history, we generally retain this for the duration of a customer’s contract with us as the data may be required for usage tracking, dealing with queries, providing search history information to the customer etc. This constitutes a legitimate basis for retaining the data. Also, this information is available as a matter of public record in any event. Creditsafe’s maintenance of search information does not prejudice or affect our customers as Creditsafe is a data controller and therefore directly responsible for its acts or omissions under GDPR.