General Data Protection Regulation (GDPR)

Graydon Privacy Statement
Download our privacy statement
Graydon processes personal data appropriately and securely as part of our services. It's imperative that our customers have confidence in Graydon. To understand how we handle personal data, please download and read our privacy statement below:
Positioning Paper
Please look at our privacy statement in the positioning paper below.
Data is at the heart of Graydon. Our business revolves around data, and we take GDPR very seriously.
Our strategy aims for Graydon to be trusted and to act as a reliable business partner. This is why Graydon confirms it is compliant and will meet the GDPR deadline, on 25th May 2018.
What data does Graydon hold about me?
Find answers to frequently asked questions below:
I want to know what personal information you have about me.
The information that Graydon has will include your contact information such as address, telephone number and email address, as well as annual reports, financial information on your organisation(s), relevant Ultimate Beneficial Owner (UBO’s) and directors data, and other related items.
How did Graydon get the information it has on me?
Graydon gathers and collects information on companies, and individuals related to these companies. We also gather information from public sources such as Companies House, government records, public registers, from our customers and other related sources. If you have any additional questions or concerns, please contact us on the email indicated below. Be as specific as you can to make sure we can help you with your request.
You have information on me that is incorrect.
We aim to be a trusted partner in business and have the highest standards regarding the quality of our data. However, this does not guarantee a fault-free set of data. If the information that we have is incorrect, you can send us the correct information to process, after we have validated it. Please send us an email to the address indicated below. Please specify the incorrect information in sufficient detail so it can be identified.
I wish to be removed from your database.
Graydon has information on companies, UBOs as well as relevant directors’ information. Under GDPR. we have legitimate ground to gather and process this data. You can find the details in our privacy statement. If you still feel that your privacy interests prevail over ours, then please send us your request via the email indicated below.
I haven’t given Graydon consent to have or process information on me.
Graydon processes data based on our legitimate interest. The purpose of this processing is to enable businesses to manage their financial risks, protect them against fraud, know whom they are doing business with, meet compliance and regulatory obligations and better understand organisations, industries and markets they are operating with.
Processing personal data on these grounds does not take place if the interests of the person whose data is being processed prevail.
However, this needs to be proven and checked on a case-by-case basis. If you feel this is the case, please explain your concerns and provide us with any available proof or evidence to help speed up the processing of your request.
Other
For any other request, please be as detailed as possible, so we can proceed and get back to you quickly and efficiently. We are conscious of the importance of privacy-related information, so please be assured that your query will be handled with discretion.
How to contact Graydon about GDPR
At Graydon, data and transparency are two of our main values. This is why we have developed this web page where we have gathered all the relevant information related to data privacy in relation to our business...
Do you have any questions or comments? Please don’t hesitate to contact us at: gdpr@graydon.co.uk.
In order to be able to process your request as quickly and efficiently as possible, you will need to provide us with some details related to your request. Please indicate in your subject line the reason of your email (e.g. amendments to your information, request to be forgotten…)
Also to ensure that we are communicating personal information to the right person, we will need some proof of identification such as a recent utility bill (less than 3 months old), a copy of your driving licence or your passport. Please be assured that the copies of these documents will be destroyed and not kept on our servers after validation of your identity.
Database Notification
Graydon collects data about companies registered in the United Kingdom, to support our customers in growing their business, assessing customer and supplier risk, identifying fraud and ensuring compliance with new regulations. For more information, please download our notification letter below.
How did Graydon prepare for GDPR?
Graydon & GDPR
With the European General Data Protection Regulation (GDPR) only months away, you may have some questions about what Graydon is doing to prepare for this important Regulation. Below, we have provided answers to questions that we think you may have. We will be updating this regularly, so please check thispage for the latest information.
How is Graydon preparing for GDPR?
Graydon is a trusted partner to its customers and stakeholders and wants to maintain its outstanding reputation in both its domestic and international markets. Therefore, compliance with the latest data protection legislation is essential to our business. In 2016 an assessment was performed by EY to assess the level of compliance against existing laws and regulations, which showed that within Graydon, currently privacy is a topic that is well organised and managed.
We have assessed the potential impact of GDPR on our business and identified the changes that are required across multiple functions to ensure compliance with the increased requirements resulting from the GDPR. A multidisciplinary and group-wide project team has been established across the Graydon Group to work towards GDPR compliance before May 2018. A GDPR implementation project plan with key milestones has been drafted. The project is under way and is now in implementation phase.
Our Board of Directors and Executive Committee or the Graydon Group are fully engaged with our GDPR project, which is driven and overseen by our Group Compliance Officer.
How does GDPR affect me as a customer?
The products and services that you purchase and receive from Graydon are being reviewed from a GDPR compliance perspective in order to identify what, if any, changes need to be implemented prior to May 2018.
At the same time, we aim to ensure that our customer contracts reflect the new GDPR where required. We will also take this opportunity to simplify and standardise our contracts and T & C's.
What will Graydon do for data subjects?
We are reviewing our privacy statements and will be updating our notifications across the Group to ensure data subjects are informed in accordance with the transparency requirements under GDPR.
With GDPR on the way, we aim to ensure that our teams are all equipped to deal with data subject requests. In addition, we are updating and implementing our policies and procedures and simplifying the way in which data subjects can exercise their rights with Graydon.
How will Graydon comply with its obligations under GDPR?
Graydon already has robust processes and procedures in place to manage compliance under existing data protection legislation. As part of our GDPR project, we will carefully review our current processes and procedures to identify where they need revising to ensure compliance with GDPR. These will include amongst others:
* Privacy by design/default
The impact of GDPR will be considered at the design stage of all new products or enhancements to existing products and any requirements incorporated into the design.
* Data management
As part of the GDPR project, Graydon is putting together a data inventory containing a comprehensive overview of all data that is processed: by whom, where and for what purpose.
* Supplier management
We are in the process of reviewing existing supplier contracts and, where necessary, these contracts will be amended to ensure compliance with the GDPR. Graydon aims to ensure that any new supplier contracts will adhere to GDPR.
* International data transfer compliance
Graydon will aim to ensure compliance with the requirements under GDPR for international data transfer. As part of the GDPR project, we will be reviewing our current policy and practice and will update where necessary.
* Data protection (security)
Graydon considers privacy and confidentiality of personal data of upmost importance. Graydon therefore aims to ensure, that appropriate technical and organisational measures are in place to protect personal data against loss, abuse and any form of unlawful processing. This will be further clarified in an overall security policy, coupled with an effective and robust control framework in line with industry standards.
* Data breach reporting
The security of all data (including personal data) that we hold is of utmost importance to us. Graydon will implement data security measures, processes and procedures to ensure that, in the event of a breach, it will be detected, investigated and managed efficiently across the Group.
* PIA
Privacy Impact Assessments have, for a number of years, been promoted by the data protection authorities as good practice. As a responsible data company, Graydon will conduct Privacy Impact Assessments as part of the compliance approval process for any new initiatives or changes to existing products/services which are likely to have an impact on privacy. See also ‘Privacy by design/default’.
* Data Protection Officer
A DPO (Data Protection Officer) will be appointed by 25th May 2018.
* Data retention
Graydon aims to ensure personal data is stored no longer than necessary, taking into account the nature and purpose for which it was collected and any associated statutory periods that may apply.
How is Graydon ensuring compliance beyond 25th May 2018?
Whilst it is important to achieve compliance with GDPR by 25th May 2018, Graydon is committed to maintaining compliance from 25 May 2018 and beyond. The GDPR project is just a starting point for continuous compliance with GDPR.
This statement was last amended December 2017