GDPR Compliance

Frequently Asked Questions

1. Does Consolidated Credit do business with people in the EU?

No, and has no intention of doing so.

2. What is the current status of Consolidated Credit GDPR compliance?

Consolidated Credit intends and expects to comply with GDPR, as applicable, by its effective date on 25 May 2018, including having a legal basis under Article 6 GDPR for processing any personal data.

3. How does Consolidated Credit Software as Service products process personal data?

Consolidated Credit does not collect, use, or process personal data from individuals in the EU, or offer services or goods to people in the EU.

4. Is sensitive data stored within Consolidated Credit tools?

Consolidated Credit does not currently believe that it processes, let alone seeks or expects that it will seek to process, any personal data that is subject to Article 9 GDPR, “Processing of special categories of personal data,” which, in reference to GDPR, is generally referred to as “sensitive personal data.”

5. Are you a data processor, as you store and organize data from other sources?

Consolidated Credit currently does not believe it is a data processor for a data controller as it applies to the GDPR.

6. If applicable, is Consolidated Credit able or will Consolidated Credit be able to respond to data subject requests under GDPR?

Yes.

7. In particular, if applicable, if I am a data subject and Consolidated Credit is a data controller to my personal data, can Consolidated Credit comply with my request “to be forgotten”?

Yes. If you are a data subject as defined by the GDPR and have requests of Consolidated Credit under GDPR related to your individual rights in your personal data, including a “request to be forgotten/for erasure,” “rectification,” etc., please email help@ConsolidatedCredit.ca. Consolidated Credit will promptly review your request and respond to you.

8. Which personal data does your company collect?

Consolidated Credit does not currently believe that it processes, let alone seeks or expects that it will seek to process, any personal data that is subject to Article 9 GDPR, “Processing of special categories of personal data,” which, in reference to GDPR, is generally referred to as “sensitive personal data.”

Consolidated Credit’s efforts to identify all existing and any new sources of personal data collection are ongoing toward being compliant with GDPR by 25 May 2018.

9. Where is the headquarters of your company?

Consolidated Credit Counseling Services of Canada, Inc
505 Consumers Road, Suite 400
Toronto, Ontario M2J4V8

10. Are you planning to align, where applicable, all your contracts, Terms of Use, and Privacy Policies with the GDPR?

Yes.

11. Are you offering data storage and all processing for your EU customers to take place within the EU?

As Consolidated Credit is headquartered in the United States and is not “established” anywhere in the EU, it does not see any advantage in hosting personal data in the EU, since Consolidated Credit will have no personnel in the EU to process any of the personal data in order to perform its obligations to its subscribers.

12. Are you willing to sign the mandatory data processing agreement?

As answered in Question 4 (above), Consolidated Credit currently does not believe it is a data processor for a data controller, necessitating that it enter into customary and compliant data processing agreements with data controllers. However, should that change, in order to comply with GDPR, Consolidated Credit believes that both Consolidated Credit as a data processor and the data controller will need to enter into a compliant data processor agreement.

 
Updated July 7, 2018