This document describes how Creditsafe Business Solutions Limited, uses and shares personal data we receive about you and your business.
Understanding what personal data we hold and how we use it is important as the data protection law governs the way this data can be used and what rights you have.
This document answers the following questions:
- Who is the responsible controller for the data?
- What data does Creditsafe collect and for which purposes?
- Where does the data originate from?
- What is the legal basis for Creditsafe to process data?
- Who do we share data with and where is personal data stored?
- Is data transferred to a recipient outside of the European Union or the European Economic Area?
- How long does Creditsafe store data?
- What are my rights as a data subject?
- Where can I raise a complaint?
- Do I have an obligation to share or update data with Creditsafe?
- Is there any automated decision making?
- Is my data used for profiling or scoring?
Who is Creditsafe and how can I contact them?
Creditsafe Nederland B.V. can be contacted at:
Creditsafe Nederland B.V.
Jan Pietersz. Coenstraat 10
2595 WP Den Haag,
E-Mail: C[email protected]
Tel: +31(0)70 384 4600
You can reach our Data Protection Officer as follows:
Caspian Point One,
Email: [email protected]
What data does Creditsafe collect and for which purposes?
We process the following categories of data on customers and suppliers: Company name, legal form, business address, legal representatives and contact persons (name, given name, e-mail address and phone / fax numbers) as well as invoicing data.
We store and process such data as far as necessary
· to prepare and execute a contract (including customer relationship management);
· for billing purposes and
to offer you as a customer any other services that may be of interest to you, unless you have objected to the use of your data for marketing purposes.
Where does Creditsafe data originate from?
The information we process has either been collected directly from the customer/supplier and the respective contacts at the customer / supplier or via publicly available information sources such as commercial registers or the website of the customer/ supplier.
What is the legal basis for Creditsafe to process my data?
The legal basis for the processing of personal data is the General Data Protection Regulation, in particular
- Art. 6 (1) (b) GDPR, which permits processing for purposes of entering into and performance under a contracts , and
- Art. 6 (1) (f) GDPR, which permits processing for the protection of our legitimate interests, unless there is an outweighing interest of the natural person concerned which prohibits such processing.
In addition, personal data is also processed by us on the basis of the consent given by the relevant data subjects. You can revoke your consent at any time. This has no retroactive effect. However, due to your revoked consent we are then no longer allowed to process your data. The other regulations permitting data processing (Art. 6 (1) (b) GDPR, Art. 6 (1) (f) GDPR) remain unaffected.
Who does Creditsafe share data with and where is personal data stored?
We share personal identifiable information with recipients within the Creditsafe group who need to know this information to perform their functions and obligations as well as other third parties which process the data on our behalf as a service provider bound by contracts pursuant to data protection law or to whom Creditsafe has to pass on information to fulfill statutory obligations. We also share personal identifiable information with Creditsafe partners who provide third party data products and services that are sold by Creditsafe.
Personal data is stored on Creditsafe servers within the EU.
Is data transferred to a recipient outside of the European Union or the European Economic Area?
Personal data from customers / suppliers will only be transferred to recipients in third countries to the extent necessary for the execution of the contract.
How long does Creditsafe store data?
We store personal data only for as long as necessary to achieve the purposes described above and delete the data thereafter but in any event upon expiration of the relevant statutory retention periods.
What are my rights as a data subject?
According to Art. 15 GDPR you have the right to obtain information regarding all data we stored about you.
In the event that you discover outdated or incorrect information about yourself, you have the right in accordance with Art. 16 GDPR to have it updated and corrected by us at any time.
Furthermore, in accordance with Art. 17 GDPR, you may also have the right to have your personal data deleted provided that we have no right or authority for the continued processing of the data.
Finally, under the conditions set out in Art. 18 GDPR, you have the right to restrict processing of your personal data.
Please direct any inquiries for information about the data we store about you, their rectification, deletion or restriction of processing, to the contact address mentioned in point 1.
In addition, you may require that you obtain the information you provided to us in a structured, common and machine-readable format, or that this information should transmitted to a third party.
In addition, you are entitled to the right of objection pursuant to Art. 21 GDPR. Please see the separate information box below.
In addition, you can contact the Dutch supervisory authority (Autoriteit Persoonsgegevens in Den Haag).
Do I have an obligation to share or update data?
You do not have to give us any data. However, as long as we have a contract or a pre-contractual relationship, we are entitled to process your data for the contract for the aforementioned use purposes (see above under 2. Which categories of Data does Creditsafe process for which purposes? and under 4. What is the legal basis for processing the data?).
Is my data used for automated decision making?
As a matter of principle we do not use any customer / supplier data for automated decision making in the meaning of Art. 22 GDPR.
Is my data used for profiling and/or scoring?
Right to object according to Art GDPR.
1. Right to object on grounds relating to the particular situation:
According to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.
If you object we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (e.g. to assert or defend ourselves against legal claims)
2. Right to object against marketing:
In addition, pursuant to Art. 21 (2) DS-GVO, you may also object against the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.
An objection does not require a particular form and should be directed to the address stipulated in paragraph 1.