Marketing Data Transparency Notice

Creditsafe Nederland B.V. Transparency notice for business information data.

Creditsafe Nederland B.V.

 

This document describes how Creditsafe Business Solutions Limited, uses and shares personal data we receive about your business for our own marketing.

Understanding what personal data we hold and how we use it is important as the data protection law governs the way this data can be used and what rights you have.

 

This document answers the following questions:

  1. Who is Creditsafe and how can I contact them?
  2. What data does Creditsafe collect and for which purposes?
  3. Where does the data originate from?
  4. What is the legal basis for Creditsafe to process data?
  5. Who do Creditsafe share data with and where is personal data stored?
  6. Is data transferred to a recipient outside of the European Union or the European Economic Area?
  7. How long does Creditsafe store data?
  8. What are my rights as a data subject?
  9. Where can I raise a complaint?
  10. Do I have an obligation to share or update data with Creditsafe? 
  11. Is there any automated decision making?
  12. Is my data used for profiling or scoring?

Who is Creditsafe and how can I contact them? 

Creditsafe Nederland B.V. can be contacted at:

Creditsafe Nederland B.V.                     
Jan Pietersz. Coenstraat  10
2595 WP Den Haag,
Nederland

E-Mail: C[email protected] 
Website: www.creditsafe.nl
Tel: +31(0)70 384 4600

You can reach our Data Protection Officer as follows:

Caspian Point One,
Pierhead Street,
Cardiff,
CF10 4DQ

Email: [email protected]

 

What data does Creditsafe collect and for which purposes?

We save and process personal identifiable information for our internal marketing purposes.

Data on Individuals associated with businesses like e.g. name, given name, date of birth, place of birth, residential address, previous addresses, business address, business email-addresses and phone/fax numbers

Related business information like e.g. industry, business type, financial worthiness, payment behavior and settlement of claims

Special categories of personal data in the sense of the Art 9 GDPR (e.g. nationality, ethnic origin, health data or data on political or religious attitudes are not processed for this purpose.

The personal data may be held and processed with customer relationship management systems operated by Creditsafe for prospect and customer management purposes.    

 

Where does Creditsafe data originate from?

The data comes from public sources such as the commercial register and third party data suppliers, which will have obtained the data from you in the course of their business. We also collect personal data via our website, for example, when you submit a request for information, a free report or trial, or otherwise contact us.

We also collect usage information on our website via cookies and analytics providers. More information regarding this is available in our Privacy Policy and Cookies Policy, accessible via our website.

What is the legal basis for Creditsafe to process my data?

The legal basis for the processing of personal data is the General Data Protection Regulation, in particular Art. 6 (1) (f) GDPR, which permits processing for the protection of the legitimate interests of the controller or third parties, unless there is an outweighing interest of the person concerned which prohibits such processing. In particular, we rely on legitimate interests on the basis that a business has made its details available and it is for the benefit of all businesses that marketing is facilitated, as envisaged by recital 47 of the GDPR.

For businesses that do not wish to receive marketing, there are legitimate means to prevent it, including not supplying the details for inclusion in business registers, objecting to direct marketing under the GDPR, and/or registering with the TPS/CTPS under the Privacy and Electronic Communications Regulations (PECR) and Creditsafe is fully compliant with such requirements. 

 

Who does Creditsafe share data with and where is personal data stored?

Creditsafe may share personal data with third party suppliers of Creditsafe in order to provide services in connection with Creditsafe’s marketing activities, including marketing due diligence, data enhancement, and marketing analytics. All such suppliers will be subject to contractual obligations which meet data protection requirements.

Personal data may also transmitted to other members of the Creditsafe group of companies for their own marketing purposes, for example in the case of a prospect which is outside of The Netherlands .

Personal data is stored on Creditsafe servers in the EU.

Is data transferred to a recipient outside of the European Union or the European Economic Area?

Where personal data is provided to contractors or group companies outside the European Union or the European Economic Area, i.e. to so-called third countries, this takes place taking into account the requirements of the GDPR to recipients in countries with adequate data protection levels (Art. 45 GDPR) or to those recipients with whom EU standard contractual clauses have been concluded (Art. 46 (2) (c) GDPR).

How long does Creditsafe store data?

We store personal data only for as long as necessary to achieve the purposes described above.  We will archive personal data after 6 years unless there is a business justification for continued use. We may hold data in an archived form for things like research and development, analytics and analysis, for audit purposes, and as appropriate for establishment, exercise or defence or legal claims. The criteria used to determine the storage period will include the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements and industry standards.

 

What are my rights as a data subject and where can I raise a complaint?

According to Art. 15 GDPR you have the right to obtain information regarding all data we stored about you.

In the event that you discover outdated or incorrect information about yourself, you have the right in accordance with Art. 16 GDPR to have it updated and corrected by us at any time.

Furthermore, in accordance with Art. 17 GDPR, you may also have the right to have your personal data deleted provided that we have no right or authority to further process the data.

Finally, under the conditions set out in Art. 18 GDPR, you have the right to restrict processing of your personal data.

Please direct any inquiries for information about the data we store about you, their rectification, deletion or restriction of processing, to the contact address mentioned in point 1.

In addition, you are entitled to the right of objection pursuant to Art. 21 GDPR. Please see the separate information box below.

In addition, you can contact our supervisory authority, the Information Commissioner’s Office.

 

Do I have an obligation to share or update data?

You do not have to provide any data when we ask you.    

 

Is my data used for automated decision making? 

We do not make any automated decisions within the meaning of Art. 22 GDPR.    

 

Is my data used for profiling and/or scoring?

Not for the purposes set out in this transparency notice. Please see our ‘product information’ transparency notice for more information on our profiling/scoring activities. 

 

Right to object according to Art GDPR.

1. Right to object on grounds relating to the particular situation:

According to Art. 21 (1) GDPR you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data.

If you object we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms (e.g. to assert or defend ourselves against legal claims)

2. Right to object against marketing:

In addition, pursuant to Art. 21 (2) DS-GVO, you may also object against the use of your data for direct marketing purposes. In this case, we will no longer use your personal information for advertising purposes.

An objection does not require a particular form and should be directed to the address stipulated in paragraph 1.