Help Centre

Data & privacy

Glossary: what is a data controller?

A data controller is the organisation that decides why and how personal data is processed. Under UK GDPR, the controller carries the main legal responsibility for handling data lawfully, fairly and securely.

How it differs from a processor

A data processor acts on a controller's instructions and only does what the controller tells it to do with the data. A processor cannot decide to use the data for its own purposes. For example, a technology provider that hosts our systems under contract is typically a processor, while we remain the controller.

Why it matters to you

  • The controller is who you contact to exercise your data rights.
  • The controller is accountable if something goes wrong.
  • The controller chooses the lawful basis for each use of data.

In Credicorp's case

Credicorp is the data controller for the personal data we hold about the directors and contacts of a borrowing company. We are registered with the Information Commissioner's Office. Our privacy notice explains, as controller, how we use your data and how to reach us.

See also: Who is the data controller for my information?, Glossary: what does special category data mean?, What are my rights under UK GDPR?.

Already a customer? Sign in to your account Sign in

Ready to apply?

Apply online in minutes. We lend to UK limited companies and LLPs — no personal guarantee required.

Apply for a Credicorp loan →
Back to Help Centre

Still need help? Our team is here. Contact us or search the help centre for more answers.