Data & privacy

How Credicorp handles subject access requests from company directors

Under UK GDPR, individuals have the right to request a copy of the personal data a controller holds about them — known as a Subject Access Request (SAR). As a company director whose data Credicorp processes, you can exercise this right. Here is how.

Who can make a SAR to Credicorp

A SAR can be made by any individual whose personal data Credicorp processes. This includes:

  • Directors of companies that have applied for, or hold, a Credicorp facility.
  • Former directors of such companies whose data we retained after their involvement ended.
  • Individuals who enquired about a facility but did not proceed.

Note: a SAR is an individual right — it covers personal data about you as an individual, not the company's business data or the full facility file.

What personal data we are likely to hold about a director

  • Identity verification data (name, date of birth, address history, passport or driving licence details).
  • Results of KYC (Know Your Customer) and anti-money laundering checks.
  • Director-level credit or business database search results.
  • Communications with our team (emails, portal messages, support requests).
  • Records of your consent choices (Open Banking consent, marketing preferences).

How to submit a SAR

  1. Use the General Support Enquiry form and state clearly that you are making a Subject Access Request under UK GDPR.
  2. Include your full name, the company name(s) you were director of, and an email address to receive the response.
  3. We may need to verify your identity before releasing personal data. We will tell you what we need.

Our response timeline

UK GDPR requires us to respond within one calendar month of receiving a valid request. In complex cases, we may extend this by up to two further months, in which case we will notify you within the first month. There is no fee for a standard SAR.

What a SAR does not cover

A SAR gives you access to your own personal data — not to business data that belongs to the company, third-party data, or information that is legally exempt from disclosure (for example, data about a fraud investigation that, if disclosed, would prejudice law enforcement).

See also: How to make a data subject access request, What personal data do you collect about directors?, What are my rights under UK GDPR?.

Already a customer? Sign in to your account Sign in

Ready to apply?

Apply online in minutes. We lend to UK limited companies and LLPs — no personal guarantee required.

Apply for a Credicorp loan →
Back to Help Centre