CRED Privacy Policy
Overview
CRED (“we”; “us”) functions as an information hub, assisting businesses in pinpointing and engaging potential prospects (both at Business-to-Business as individual levels), tailoring their marketing and sales engagements, and enriching their market-entry systems. Our Services are designed to facilitate a myriad of tasks for our clients and partners, including verification of business and professional contact information for business-to-business engagement, identifying potential Corporate Clients and stakeholders within the organization, finding the right points of contact within those companies based on department, role, or level of authority, and customizing their interactions with those entities; or still which Data Subjects would be potential customers for a given product or service based on Personal Data that is Publicly accessible and/ or has been delivered to CRED by its Corporate Clients.
CRED observes applicable Personal Data Protection legislation while following the highest standard where it is more protective of the Rights and Freedoms of those natural persons whose Personal Data is under Processing (meaning the Eu Regulation 2016/679 of the Parliament and the Council, the “GDPR”).
CRED Investments has conducted a Corporate will conduct a Data Protection Impact Assessment (DPIA) to assess its Processing of Personal Data compliance with applicable Personal Data Protection legislation and IT Security Standards, identifying existing non-compliance points and mitigating those by implementing adequate mitigation actions which also mitigate inherent potential risks to the rights and freedoms of data subjects.
Terms as “Controller”; “Processor”; “Personal Data”; “Data Subject”; “Profiling”; “Personal Data Breach”; “Consent”; “Legitimate Interests”; “Performance of a Contract”; “Legal Obligation”; “Supervisory Authority” shall have the same meaning as defined under Art. 4 of the GDPR or elsewhere in the GDPR text.
This policy details the Processing of Personal Data by CRED, meaning how and why we collect, access, store, share and Process (cross-reference/ combine), and make available Personal Data through our website, credplatform.com (“Website”), our browser extension (“Extension”), our software and web-based platforms (“Platform”), and other Services (collectively the “Services”).
Processing of Personal Data
CRED basically undertakes the Processing of Personal Data under two contexts:
Internal Business-to-Business prospection – in this case, CRED will search for Personal Data that is publicly accessible (e.g. LinkedIn) and identifies plus allows enticing contact with stakeholders of prospective Corporate Clients for the Purpose and Scope of conveying to those natural persons CRED’s services portfolio that may be of relevance to that organization. The collection of Personal Data occurs having CRED acting as the Controller and under the Legal Basis of Legitimate Interests. Since, the information under Processing is limited to the minimum necessary to access the stakeholders and their contacts under a Business-to-Business scope with Publicly available Data, there is no potential conflict with the Rights and Freedoms of those Data Subjects;
Services towards Corporate Clients – in this case, CRED will either get an initial dataset from the Corporate Client or search from scratch Personal Data that is Publicly available on several Social Media platforms (e.g. LinkedIn; Facebook; Instagram; X; Personal webpages; YouTube channels; other…) which identifies Data Subjects whose “characteristics” make them a prospective Customer for the specific portfolio in terms of services and/ or products of CRED’s Corporate Client. In this case CRED acts as the Processor and the Corporate Client the Controller. CRED has in place with its Corporate Clients contractual terms where, those in their Controller role commit to:
- Having a valid documented Legal Basis in place and meeting regulatory obligations while sharing the initial dataset with CRED;
- Observe the ruling under Art. 12; 13 and mainly 14 of the GDPR when receiving the enriched dataset from CRED; which main points consists of having those Data Subjects whose Personal Data was under Procesing by CRED and is now under Processing by the Corporate Client aware and informed of such Personal Data Processing activities within 1 month of the data collection; furthermore allowing them to exercise the Rights under the law;
CRED provides it’s feedback dataset to Corporate Clients following modeled outputs using dedicated LLM and Generative artificial intelligence.
Regarding our platform/ service users’
Personal Data Under Processing
CRED undertakes the Processing of Personal Data that is Publicly available for the purpose of:
CRED acts as the Controller under the Purpose of finding and contacting stakeholders at prospective Corporate Clients (full Business to Business scope), under Legitimate Interest and consisting of:
CRED acts as the Processor for the Purpose of providing Insights on potential Prospective Corporate Client Profiles that would adhere to Corporate Client (which acts as the Controller) products/ services (Personal Scope), under the Legal Basis of Fulfilling a Contractual Obligation/ Performance of a Contract:
First Name
Additionally to the mentioned above
Last Name
Timezone
Phone (Company)
Photo URL
Corporate Email
Date of Death
Company
Corporate Client of (companies)
Company Address
Volunteering Member
Role / Job Title / Department
Member of Groups
Company Size
Interests
Location / City
Followed Persons in Social Media
Employment History
Followed Companies in Social Media
Education Background
Is an Investor
Social Media Profiles
Continent / Country / City of Residence
.
Bio
.
Birthdate
.
Education
.
Professional Data
Use of Personal Data
Purpose / Activity
Lawful Basis
To register you as a customer to use CRED’s service
Performance of a Contract with you (i.e. Contract)
To manage CRED a relationship with you (including notifying you about changes to CRED’s terms and conditions or this privacy policy)
Performance of a Contract; Legal obligation
To better understand our user base
Legitimate interests
To notify you about products or services (promotional content) that we believe might appeal to you
Legitimate Interests
To create your personal data record, which CRED needs to uniquely identify you
Performance of a Contract
To deliver CRED Services
Performance of a Contract
To provide user support and technical instructions regarding your account
Performance of a Contract
To monitor and improve our Services (to track the use of our service and identify areas where we can improve service performance or service functionality. This includes business and technical improvements)
Legitimate interests
To maintain our statutory records to comply with any applicable regulatory requirements
Legal obligation
Sharing of Personal Data and Third Parties
Your and other Data Subjects’ Privacy
Your Rights under the law
Request information on and access to the Personal Data pertaining to you under Processing;
Request correction of your Personal Data;
Request deletion of your Personal Data;
Object to processing of your Personal Data;
Request restriction of processing your Personal Data;
Request transfer of your Personal Data;
Submit a complaint regarding the Processing of Personal Data pertaining to you;
