Extended privacy statement

Paylex Software B.V. and the businesses affiliated to it (hereafter referred to as Paylex) process personal data as a component of their services and responsibilities. In the below paragraphs, it is described what personal data we process and for what purposes we do this. Furtherly, we explain for what services we process the data and what legal basis allows us to do so. Sharing data with other parties as well as the processing of personal data outside of the EU are described. The protection of personal data is treated in combination with the retention period for personal data. Lastly, there is a paragraph explaining your rights as a person involved. Here, you can read about the possibility to file a complaint or to contact Paylex.

Privacystatement


Separator icon
1.1 Paylex and the vision on privacy

Paylex has the opinion that the trust between businesses is increased by transparency. When companies get a clear image of their chances and risks, this opens the road to a fertile collaboration, deals are closed, and ideas become reality. It is Paylex’s mission to be the leading supplier of innovative insights in our core markets, with which our customers can identify business chances and to which they can respond with the right B2B partners in order to furtherly develop.

Paylex generates economic, financial, and commercial insights of great value on the basis of this information, which allow our customers to take better business decisions and achieve a competitive advantage. Besides being a reliable partner for its customers, Paylex wants to maintain a good reputation and give off sincere reliability, both at home and abroad. This is why the compliance policy of Paylex is visible and pro-active.

The processing of your personal data is done by Paylex in a secure, safe, and reliable way. We thus find it important that you trust our organisation, services, and products. We strive to do anything to protect your privacy. The rules for the protection of your privacy are determined in the General Data Protection Regulation (GDPR), where the data protection authority oversees the compliance with the law. The General Data Protection Regulation is one of the biggest alterations in regulations of the past decade in our sector. In summary, the core of the activities of Paylex consists of data and the different ways in which we can be of service to our customers. Paylex regards the GDPR as being of utmost importance.

What is meant by personal data
The General Data Protection Regulation indicates that personal data concerns all information about an identified or identifiable person. This means that information either directly concerns someone or can be connected to this person. Many sorts of personal data exist. Obvious data are someone’s name, address, and place of residence. However, phone numbers and postal codes with house numbers are also personal data. We sometimes anonymise your personal data, so that these can no longer be connected to you as a person. A person involved can either be a customer, an employee, or another person whose personal data are being processed.



1.2 How do we gather personal data?

Paylex uses different sources for gathering personal data:

Paylex receives personal data from the following public sources:

  • company websites, and public registers like the trade register, cadastre, annual accounting system of the Chamber of Commerce, insolvency register, register of curators, and the debt register;
  • registers for verification and signalling of public documents;
  • references in the Government Gazette and the daily and weekly newspapers, and other sources accessible to anyone, like the data already provided by the person involved or data made public by their actions through social networks or other media;
  • national and international sanction lists;
  • foreign equivalents of the mentioned sources.

Paylex receives personal data from the following non-public sources:
  • the person concerned, including those who represent the person concerned and those authorised by the person concerned to do so;
  • customers of Paylex and others who have a business or financial relationship (including an employment relationship) with us that is relevant for the goal of gathering and processing data;
  • commercial parties and businesses Paylex is in business with.



1.3 Who is the responsible controller of data?

Paylex is the responsible controller in the processing of personal data for the goals that are mentioned in paragraph 2, such as:

  • Risk management
  • Compliance
  • Marketing information



1.4 Who is the Data Protection Officer?

The Data Protection Officer (DPO) within Paylex is S. Nathoe. The Data Protection Officer is the contact person for the Data Protection Authority and oversees the compliance with the privacy legislations and regulations. If you would like to contact the Data Protection Officer, you can send an email to gdpr@Paylex.nl.



2. For what purposes do we gather personal data?

Risk management
Paylex supports companies and institutions in the field of credit management activities by means of processing and issuing personal data about natural persons and/or legal entities. Possibly in a credit score or credit information report. It can be used to support the preparation and/or settlement of the companies and/or institutions that make decisions by themselves about:

  • identifying, testing, and/or selecting potential business partners;
  • whether or not commencing, continuing, and/or ending business transactions;
  • determining the conditions that apply to these business transactions, especially to the issuance of credits or a (business) credit;
  • determining (future) possibilities for claiming and levying debts and/or determining creditworthiness;
  • issuing the above mentioned personal data to thirds who furtherly process these personal data on the same grounds as mentioned before.
Compliance
  • Supporting companies and institutions according to legal obligations and legal monitoring duties, including those originating in the Dutch financial supervision act and the Act for the prevention of money laundering and financing of terrorism, the Sanctions laws, the duty of care, and customer research procedures by means of processing and issuing personal data about natural persons and/or legal entities;
  • The issuance of the above mentioned personal data to thirds, who furtherly process these personal data on the same grounds as the before mentioned.
Marketing information
  • Supporting businesses and institutions in the field of market positioning aimed at companies and/or institutions, by means of the processing and issuing of personal data about natural persons and/or legal entities for the market activities of these companies and institutions;
  • The issuance of the above mentioned personal data to thirds, who furtherly process these personal data on the same grounds as mentioned before.
Other goals
  • The processing of personal data to improve the products and experiences of visitors to our websites, to offer customers products and services requested at Paylex, and to advertise for the offered services;
  • Contacting the customer about products and services that could be of importance to the customer, provided that permission for this has been given, or in case a product or service is already requested from us by the customer and the communication targeted by us is relevant for or related to the prior request and occurs within the period determined by the applying legislation;
  • Conducting internal administration and managing our own books and documents for this goal;
  • The recruitment of new employees, support of employees, and management of staff files.



3. The legitimate grounds on the basis of which Paylex processes personal data.

Consent:
If you, being a person concerned, enter contact forms on the website to, for example, request credit information, you have to enter your personal data, such as your name, company, email address, and phone number. The person concerned has given his or her unambiguous consent for the collaboration, Paylex only uses this information for the intended goal: to provide you with the requested service and information. Your personal data will not be made available to thirds.

Agreement:
The data processing is necessary for the execution of an agreement in which the involved person is party. This criterion applies when the processing is necessary for the execution of an agreement, such as an employment contract, purchase agreement, or rental agreement.

Legal obligation:
Data processing is necessary to meet the legal obligation Paylex is subject to.

Justified interest:
The processing of personal data with the goal to offer and issue commercial information, as well as the development of these services, is necessary in view of the justified interest of Paylex or its customer. Because of this processing, companies become able to manage financial risks, but also to protect themselves against fraud and to be aware of who they are doing business with. Furthermore, they can meet compliance and regulatory obligations and increase their insight into organisations, sectors, and markets with this. Processing of personal data on these grounds does not occur when the interests of the person whose data are processed outweigh these.



4. Does Paylex make use of automated processing?

Paylex makes use of automated processing for determining the credit score of a company. This concerns the automated processing of company data and/or personal data, combined with statistical and/or demographic data, to consequently create a credit profile by means of a logical and transparent calculation model using weighting factors. The credit score predicts if a company will probably continue its business activities, pay its bills in time, receive credit, or if specific risks are connected to the company. The result is a risk indication. Paylex does not connect legal consequences to this credit score. Paylex does not make decisions about an organisation and does not advise customers to go or not go into business with an organisation.

Automated processing of, for example, the clicking history on the website or in emails and the request for information on the website occurs within the system, thanks to which we are able to determine if someone is an interesting prospect. On the basis of this information, a score is calculated by means of a logical and transparent calculation model with weighing factors. Based on the score, Paylex will contact a potential customer. No legal consequences are connected to this automatic processing, and no substantial consequences for the persons involved exist as well, regardless of whether or not Paylex contacts the potential customer on the basis of the score.



5. Does Paylex share personal data with other parties?

Paylex does not share internal marketing data, including personal data, with anyone outside of the company. Marketing data are shared within the company. The core activity of Paylex is to gather and process personal data for supplying business information services (commercial data). Paylex shares these commercial data with:

  • customers – companies and organisations with which Paylex enters into an agreement to sell data or to gain access to this;
  • entities within Paylex;
  • suppliers – companies and organisations with which Paylex enters into an agreement to sell data or to gain access to it.



6. Does Paylex transfer data outside of the European Economic Area (EEA)?

Paylex only transfers data outside of the EEA if the concerning country has a sufficient level of data protection according to the European Commission or if extra precautionary measures have been taken (standard contractual clauses) with these parties to ensure that your personal data are protected in accordance with GDPR-standards.



7. How does Paylex secure your personal data?

Security of personal data is of great importance to us. In order to protect your privacy, we take the following measures:

  • Access to personal data is protected with a username and password
  • Access to personal data is protected with a username and login token
  • After receipt, the data are stored in an apart protected system
  • We take physical measures such as locks and lockers for access protection of the systems in which personal data are stored
  • We make use of secured connections (Secure Sockets Layer or SSL) with which all information between you and our website is protected when you enter personal data
  • We keep logs of all requests for personal data.



8. How long is the retention period of my data?

Paylex zorgt ervoor dat de persoonsgegevens die door haar worden verwerkt ten behoeve van hun handelsinformatiediensten juist, adequaat, relevant en actueel zijn. Paylex neemt alle redelijke maatregelen die nodig zijn om de persoonsgegevens te verwijderen als blijkt dat de bovengenoemde verwerkingsdoeleinden onjuist, niet langer voldoende, relevant of actueel zijn.



9. What rights do I have concerning my personal data?

Paylex is committed to ensuring that your personal data are correct and up to date. If you would like to have access (right of access), you can ask Paylex to provide you with the personal data concerning you stored by Paylex. If the information contains errors, is incomplete, or is not relevant for the goal of the processing or if it is otherwise in breach of a legal requirement, you can request Paylex to correct, supplement, or erase this data (right to rectification and right to erasure). On top of that, you can also exert your right to:

  • restrict the processing of your data (right to restriction of processing);
  • transfer your data, when your data are automatically processed based on an agreement or permission (data portability);
  • make an objection against the processing of your data; when your personal data are used for direct marketing, you can object against the processing at any moment.
If you want to exert your rights, you can make a request for this at Paylex. You can send your request, together with a signed copy of your identity papers, your citizen service number and your picture to Paylex

by post:
Paylex Software B.V.
t.a.v. GPDR
Postbus 1916
5200 BX ‘s-Hertogenbosch.


by email:



10. Complaint at the data protection authority.

It is important to us that you are satisfied. However, even when we do everything in order to achieve this, it is still possible that you will still not be satisfied. You can file a complaint at the Authority Personal Data, if your complaint concerns the protection of personal data. This is possible through this link.