Privacy Statement

Atradius N.V., together with its subsidiaries and branches (“Atradius”), is a global provider of credit insurance, surety, reinsurance, debt collections and business information/intelligence services. Atradius operates in a business-to-business market. The products and services offered by Atradius aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services and, in so doing, safeguard their sales. With these services we enable trade on a worldwide scale.

When providing our products and services, Atradius acts as “data controller”. We collect and process information mainly on companies and businesses. However, in the process of doing so, we also process data that may be qualified as “personal data” under European Union (“EU”) law as it is information relating to an individual (e.g. a sole trader, a company director, a beneficial owner, a professional contact etc.). Your trust in how we handle your personal data is important to us. When you use our websites, applications, portals, sign-up for our newsletters, engage our services as a representative or contact person of our customer, trade (as a counterparty) with our customers or do business with us as our business partner or supplier, it is important to us to use your personal data carefully and securely in a transparent manner.

In this Privacy Statement we provide information we are required to give in relation to the processing of personal data under EU law. We explain for instance the purposes and grounds of the processing of personal data, the categories of personal data concerned, the categories of the sources and the recipients of the personal data, data retention and your rights as data subject.

Atradius subsidiaries or branches may also have additional privacy notices on their own (local) websites. For the Atradius companies Graydon, Iberinform and Atradius Instalment Credit Protection (Belgium), please go to their websites for specific privacy information.

Updates to this Privacy Statement

We strive for continuous improvement in our services, processes and protecting your personal data rights, so we may update this Privacy Statement from time to time. Therefore, we advise you to check this statement on a regular basis. This Privacy Statement was updated on 23 May 2018.

When do we collect personal data and when does this Privacy Statement apply?

1. If you use our website

1.1 What personal data do we collect?

We may process the following information on your company or business, which may qualify as personal data:

• Any personal details that you submit such as your name, (work) address, telephone number, email address, login details, or other information provided during registration for any of our products or services.
• Information that allows us to remember you and your preferences in using this website. We use cookies to collect this type of information. Further details on this are available on our Cookie Information page including how to decline/disable cookies.
• Your IP address, which we use to note your interest/visit to our websites.
• Your subscriptions to any newsletters, email updates, country reports, updated trade or economic information, etc. made via the website.

1.2 Why do we collect this personal data?

We may use your information for the following purposes:

• To provide products and services, maintain contact with you and handle complaints/disputes.
• To optimise our products and services, for (direct) marketing purposes and market research.
• To perform administration within the Atradius group of undertakings and to manage and protect our information technology infrastructure.

1.3 Legal grounds for using your personal data

We process your personal data only if this is allowed under one of the legal processing grounds. We rely on one or more of the following legal grounds for the processing of your information:

• Consent
  • We request your consent for the usage of certain cookies via our website. See our Cookie Information page for more details on this.
• Legitimate interests   
  We may process your information as necessary for achieving our legitimate interests.
  • For the usage of some cookies, we do not require your consent. Here, Atradius has a legitimate interest to make a functional website available to you. See our Cookie Information page for further information on this.
  • In certain cases, we do not require your consent to use your personal data to contact you. This is, for instance, the case if you requested us to contact you via a contact form. We furthermore do not always require your consent to use your personal data for marketing purposes. This may for instance be the case if Atradius obtained your email address in the context of the sale of our products or services, and we use this address for direct marketing of our own similar products or services.

1.4 Where did we obtain your information?

We automatically obtain some information when you visit our website. We collect such information via cookies. See our Cookie Information page  for more details on this. We obtain other information when you actively provide it to us. This is, for example, the case when you sign up for any newsletters, email updates, country reports, updated trade or economic information, etc. via our website. See also the information on our marketing activities in paragraph 2.

1.5 Who will have access to your personal data?

We may disclose personal data to fulfil our purposes to:

• Atradius companies, branches, affiliates, business partners and service providers.

2. Marketing

2.1 What personal data  do we collect for marketing purposes?

In the context of our marketing activities, we may process the below information about you:

• Contact details:
  Name, title, phone number, email, (work) address, contact history.
• Information on consent provided by you to use your personal data for marketing purposes, e.g. in the form of subscriptions to any newsletters, email updates, business publications, survey reports, and white papers.
• Information on your interests e.g. based on your subscriptions for our publications for specific topics or industries.
• Information regarding any of your questions, complaints or disputes.
• Other personal data provided by you.

2.2 Why do we collect this personal data?

We may use your information for the following purposes:

• To get into and maintain contact with you.
• To promote and inform you about our (new) products and services.
• To organise events and other promotional activities.
• To analyse your interests and possible business opportunities for us.
• To obtain your views on certain matters, e.g. via (customer satisfaction) surveys.
• To deal with questions, complaints or disputes.

2.3 Legal grounds for using your personal data

We process your personal data only if this is allowed under one of the legal processing grounds. We rely on one or more of the following legal grounds for the processing of our marketing activities:

• Consent  
  • If required, we request your consent for processing your personal data for our marketing activities. You can withdraw your consent at any time by clicking on the opt-out link in our emails or by submitting a form online. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.
• Legitimate interests  
  • We may process your information as necessary for achieving our legitimate interests when performing our marketing activities. For our business interests we may for example gather, analyse and interpret information about our customers in order to find new opportunities to sell and develop products and services to satisfy the preferences and needs of our customers.

2.4 Where did we obtain your information?

For marketing purposes, we primarily obtain information concerning you from yourself. In other instances, we may obtain your personal data from the various sources displayed below.

• Parties who refer us to you, or to whom you provided consent to share your data with us.
• Third parties engaged by us in the context of our marketing activities.
• The internet (incl. social media) for as far as allowed under the applicable law.

2.5 Who will have access to your personal data?

Atradius may disclose information on you, which may qualify as personal data to:

• Atradius companies, branches, affiliates, business partners and service providers.

3. If you are a customer, policy related party, intermediary, co-guarantor, business partner or supplier

3.1 What personal data do we collect?

We may process the following information on your business, which may qualify as personal data if it relates to information relating to an individual (e.g. a sole trader, company director, (ultimate) beneficial owner, shareholder, beneficiary, professional contact etc.).

• Contact details and personal identification data, e.g. your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name.
• If your company is not a legal entity, we may also process bank account details, claims history, VAT number, details of the agreement with you and financial information.

3.2 Why do we collect this personal data?

We may process information on your business, which may qualify as personal data, for the following purposes:

• To execute and provide services in relation to the agreements. This may entail: processing transactions, communicating with you, assessing (trade) insurance risks and coverage, performing claims handling, recovery actions, providing credit (risk) management and business intelligence services and products, conducting debt collections, providing customer support services, handling complaints and disputes.
• To perform “know your counterparty”, fraudterrorism, sanctions list checks and other compliance checks.
• To optimise our products and services, conduct (market) research and statistical analyses.
• To perform administration within the Atradius group of undertakings and to manage and protect our information technology infrastructure.
• For marketing purposes: see paragraph 2 above for further details.
• To establish, exercise or defend legal claims.
• To comply with an order of a regulatory/governmental authority or an obligation under relevant laws or regulations or (voluntary) regulatory, industry or sector codes or guidelines.

3.3 Legal grounds for using your personal data

We process your personal data only if this is allowed under one of the legal processing grounds. We rely on one or more the following legal grounds for the processing of your information:

• Legitimate interests
  We may process your personal data as necessary for achieving our legitimate interests, when performing our business activities.
  • Offering and developing credit insurance, surety, reinsurance and debt collections products and services, as well as business intelligence services, which aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services.
  • As necessary for entering into and the performance of agreements with the company or business that you are associated with.

We will not process your personal data if your interests prevail.

• Performance of a contract  
  If you are a sole trader company, we need to process your personal data for entering into and the performance of agreements.

• Legal obligation 
  We may process your personal data if necessary to comply with one of our legal obligations, for instance to perform compliance checks or to comply with orders of a regulatory/ governmental authority, or follow obligations under industry or sector codes.

3.4 Where did we obtain your information?

• The personal data that Atradius processes may originate from various sources:
• Directly from you or the company you are associated with, including those representing or authorised by you or such company.
• From Atradius companies, branches, affiliates or business partners.
• From (publicly) available sources.
• From information/data vendors.

3.5 Who may have access to your personal data?

We may disclose personal data to fulfil our purposes to:

• Parties authorised by you or the company you are associated with.
• Atradius companies, branches, affiliates.
• Third parties such as claims adjusters, crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, debt collectors and other service providers.
• The departments of the Dutch State for which Atradius Dutch State Business N.V. manages the Dutch State facilities for Dutch companies (only if you are involved with our Dutch State Business).
• Advisers or other professional parties, to establish exercise or defend legal claims or to protect our business operations or legal rights.
• Law enforcement agencies, regulatory/governmental authorities: when required by law, or as necessary to protect our rights.

4. If you or your company trade with our customers (a “buyer”, “debtor” or “beneficiary”)

4.1 What personal data do we collect? 

We may process the following information on your business, which may qualify as personal data, in so far as it relates to information relating to an individual (e.g. a sole trader, company director, (ultimate) beneficial owner, shareholder, professional contact etc.).

• Contact details and personal identification data, e.g. your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name. 
• If your company is not a legal entity, we may also process bank account details, claims and payment history, trade registration, VAT number, financial information, insolvency status, sources of wealth.

4.2 Why do we collect this personal data? 

We may process information on your business, which may qualify as personal data, for the following purposes:

• To execute and provide services in relation to the agreements we have with our customers. For example: processing transactions, communicating with you, assessing (trade) insurance risks and coverage, performing claims handling, recovery actions, providing credit (risk) management and business intelligence services and products, conducting debt collections, handling complaints and disputes.
• To perform fraud, money laundering, terrorism and sanctions list checks and other compliance checks.
• To optimise our products and services, conduct (market) research and statistical analyses.
• To perform administration within the Atradius group of undertakings and to manage and protect our information technology infrastructure. 
• To establish, exercise or defend legal claims. 
• To comply with an order of a regulatory/governmental authority, or an obligation under relevant laws or regulations or (voluntary) regulatory, industry or sector codes or guidelines.

4.3 Legal grounds for using your personal data 

We process your personal data only if this is allowed under one of the legal processing grounds. We rely on one or more of the following legal grounds for the processing of your information:

• Legitimate interests
  • We may process your personal data as necessary for achieving our legitimate interests, when performing our business activities.
  • Offering and developing credit insurance, reinsurance, surety and debt collections products as well as credit (risk) management, business intelligence services, which aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services.
  • As necessary for entering into and the performance of agreements with our customers.
  • To establish, exercise or defend legal claims.

We will not process your personal data if your interests prevail.

• Legal obligation

We may process your personal data to comply with our legal obligations, for instance to perform compliance checks or to comply with orders of a regulatory/governmental authority, or follow obligations under industry or sector codes.

4.4 Where did we obtain your information? 

The personal data that we process may originate from various sources:

• Directly from our customers or from you, including those representing the customer or you.
• From Atradius companies, branches, affiliates or business partners.
• From (publicly) available sources.
• From information/data vendors.

4.5 Who may have access to your personal data? 

• We may disclose personal data to fulfil our purposes to:
• Our customers and parties authorised by the customer (such as intermediaries, representatives, companies belonging to the customer’s group).
• Atradius companies, branches, affiliates.
• Third parties such as claims adjusters, crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, debt collections and other service providers.
• Advisers or other professional parties, to establish exercise or defend legal claims or to protect our business operations or legal rights.
• Law enforcement agencies, regulatory/governmental authorities: when required by law, or as necessary to protect our rights.

5. Business information/intelligence/ services 

We refer to the (local) websites of Graydon and Iberinform for the relevant information on processing of personal data.

6. How do we transfer your personal data outside the EEA? 

The processing of your personal data may entail the transfer of your personal data within the Atradius group or to selected third parties. The Atradius group entities or selected third parties may be located outside of the Economic European Area (“EEA”). Where applicable, we have taken appropriate safeguards to transfer your personal data to a country located outside the EEA, if that country does not provide an adequate level of protection according to the applicable data protection laws, including standard contractual clauses approved by the European Commission­.

7. How do we protect your personal data?  

We are committed to ensuring that your personal data is kept secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate physical, technical and organisational measures to safeguard the information we collect and process.

8. How long do we retain your information? 

We generally shall retain personal data only: (i) for the period required to serve the applicable business purpose; (ii) to the extent reasonably necessary to comply with any applicable legal requirements; or (iii) as advisable in light of an applicable statute of limitations. Atradius may specify (e.g., in a sub-policy, notice or records retention schedule) a time period for which certain categories of personal data will be kept.

9. How can you contact us, access and update your information? 

As a data subject, you have certain rights concerning our processing of your personal data. You can:

• request access to your personal data held by us
• ask us to rectify or complete your information if you believe that your personal data is inaccurate or incomplete
• ask us to erase certain personal data
• ask us to restrict the processing of your personal data object to our processing of your personal data

You may send us your request or complaint by submitting a form online. We will handle your request carefully and in line with the applicable data protection laws. You also have the right to lodge a complaint with your national data protection authority.

The Atradius Data Protection Officer can be contacted by emailing dpo@atradius.com