The General Data Protection Regulation (GDPR) came into effect on the 25th May 2018. Below you will find all of the information you need.
1. Graydon’s vision (in relation to privacy)
2. For what purposes do we gather personal data?
3. What are the legal bases on which Graydon processes personal data?
4. Does Graydon use automated processing?
5. Does Graydon share personal data with other parties?
6. Does Graydon transfer personal data to entities outside of the European Economic Area?
7. How does Graydon protect your personal data?
8. How long does Graydon store your personal data?
9. What rights do you have concerning your personal data?
10. Complaint to the GBA
12. How do I contact Graydon?
This is the Privacy Statement for Graydon Belgium NV (hereinafter: ‘Graydon’).
Graydon processes personal data as part of its services and responsibilities. In the following sections, we outline what personal data we process and for what purposes. We also explain for which services we process the personal data and on what legal basis we are permitted to do so. Sharing personal data with other parties will also be discussed, as well as the processing of personal data outside the EU. The security of personal data is addressed, followed by information on retention periods for personal data. We conclude with a section explaining your rights as a concerned party, and the option to file a complaint or otherwise contact Graydon.
It is Graydon’s view that transparency fosters trust between companies. When companies have a clear view of their opportunities and risks, it clears the way for productive cooperation, for closing deals, and making ideas into reality. Graydon’s mission is to be the market leader in supplying innovative insights into our core markets. This enables our customers to identify business opportunities, which, together with the right B2B partners, they can take advantage of and develop further.
Based on this information, Graydon generates invaluable economic, financial, and commercial insights, which enable our customers to take better commercial decisions and so gaining a competitive advantage. Graydon strives to be a reliable partner for its customers, to maintain a solid reputation and to exude sincere trustworthiness, both domestically and abroad. Therefore, Graydon’s compliance policy must be visible and pro-active.
Graydon processes your personal data in a careful, safe, and reliable way. Your faith in our organisation and services is important to us. That is why we are happy to do everything we can to protect your privacy. The rules for the protection of your privacy are set out in the General Data Protection Regulation (hereinafter: ‘GDPR’), for which the Gegevensbeschermingsautoriteit (‘GBA) is charged with monitoring compliance with the regulation. The GDPR is one of the biggest changes in the regulations for our sector in the last decade. Data forms the core of Graydon’s activities and of the services we offer our customers. Graydon believes the GDPR is of the utmost importance.
Personal data is all data which can be linked to a person, a so-called data subject. Examples are: your name, address, telephone number, and bank account number. Sometimes we will aggregate or anonymise your personal data, so that it can no longer be traced back or linked to you. A data subject is a customer, an employee, or another person about whom personal data is being processed.
Graydon utilises various sources to collect personal data.
The public sources from which Graydon may obtain personal data include:
The non-public sources from which Graydon may obtain personal data include:
Graydon supplies its customers with business information and insights into that information. To this end, information is collected for and about all business in Belgium (both legal and natural entities), such as contact information for both the company and the natural person behind it, data about payment experiences and historical data concerning economic calamities (e.g. payment arrears, subpoenas, starts and conclusions of bankruptcy procedures.
Graydon is the controller for the processing of personal data for the purposes stated in section 2, such as:
The Data Protection Officer (hereinafter: ‘DPO’), within Graydon is Katleen Mertens. The DPO is tasked with enforcing compliance with data protection legislation and regulations and is the internal contact for the GBA. If you want to contact the DPO, you can send an e-mail to: email@example.com.
We also refer you to the “Table – Purposes of data processing and legal basis for processing by Graydon” for further information.
Graydon supports companies and institutions in making decisions concerning entering into or maintaining business relationships and/or contracts or the management of the business relationship/commercial agreement, from the tender to invoice. Graydon supports companies and institutions in the area of Credit Management, by processing and supplying personal data concerning natural and legal entities, whether in the form of a credit score, credit report, or otherwise.
With the help of our information, our customers themselves make decisions concerning:
Risk & Compliance
Supporting companies and institutions in accordance with legal obligations and legal supervisory duties, including those imposed by the Financial Supervision Act (Wet op het financieel toezicht), Anti-Money Laundering Act (Anti-witwaswetgeving, AML), duty of care and customer investigation procedures, by processing and supplying personal data about natural and/or legal entities;
The provision of the aforementioned personal data to third parties, who further process this personal data on the same basis as previously stated.
We will use your personal data to provide our services to you and to optimise those services (for example if you have questions or specific comments that require further investigation), to contact you, as our customer, about services that are important to you, provided that you consent or have already requested the specific service and the intended communication is relevant or connected to such a prior request and takes place within such timeframe as determined by applicable legislation.
Processing personal data for the purpose of improving the services and experiences for the visitors of our websites.
Internal training purposes
Your personal data may be used for internal training purposes with the aim of improving the provision of services.
Reporting and analytics purposes
In our administration, aforementioned personal data is processed to keep it up to date as much as possible. In addition, the way in which personal data is used within our administration has been recorded.
Complaints and Dispute Resolution
Despite our aim to offer you the best possible service, it is possible that you are dissatisfied about our services and want to make a complaint. In that event, the personal data we have of you may be used to allow us to resolve your complaint to the best of our ability.
Your personal data may be used for the recruitment of new employees, employee support and for the management of employee files.
Legislation and Regulation
We will, where required, use your personal data to comply with legislation and regulations.
We also refer you to the “Table – Purposes of data processing and legal basis for processing by Graydon” for further information.
Consent: The data subject has given his or her unequivocal consent for the processing.
If you, as a data subject on Graydon’s website, fill in contact forms, for example to request credit information, you are required to provide your personal data, such as your name, company, e-mail address, and telephone number. Graydon processes this personal data exclusively for the purpose for which it is intended: to supply the requested service and information. Your personal data will not be made available to third parties.
Agreement: The processing of personal data is necessary for the performance of an agreement that the data subject is party to. This criterion applies when the processing is required for the performance of an agreement, such as an employment contract, sales agreement, or rental agreement.
Legal obligation: The processing of personal data is required to comply with a legal obligation imposed on Graydon.
Legitimate interest: The processing of personal data, for the purpose of offering and providing commercial information, as well as the development of services, is necessary with a view to the legitimate interest of Graydon or its customer. The purpose of this processing is to enable companies to manage their financial risks, to protect themselves against fraud, to know who they are in business with, to meet compliance and regulatory obligations, and to gain better insight into organisations, sectors, and markets. Processing of personal data on these bases does not take place if the interests of the data subject outweigh the interests of Graydon. Graydon may also use the personal data if the public interests in them outweigh the individual interests or rights of the data subject. For example, for the prevention and tracking of criminal activity, such as fraud and money laundering. Such criminal activity costs the economy many billions of euros each year. In the end, that cost is borne by the general public in the form of higher prices. Graydon contributes to the public interest by helping to prevent fraud, such as identity theft.
Graydon uses automated processing in determining a company’s credit score, failure prediction models, growth prediction models, activity scores, fraud detection models, …. This involves the automated processing of company data and/or personal data, combined with statistical and/or demographical data, to arrive at a score using a logical and transparent calculation model, including weight factors. In this way, credit score predicts, for example, whether a company is likely to continue its business activities, pays its invoices on time, receives credit, or whether there is a specific connected to the company. All of our models result in scores which, depending on the model’s subject, express a level of probability, ‘chance of’. The result is a risk indication. Graydon does not attach any legal consequences to this credit score. Graydon takes no decisions about an organisation and does not advice customers on whether they should do business with an organisation. The customers themselves determine how much ‘appetite for risk’ they have and is informed of this responsibility in Graydon’s general terms and conditions.
We make use of automatic processing to determine whether someone may be a potential customer for us. In our system, automatic processing, for example of clicking history on the website or in e-mails and of any requests for information on the website, takes place to determine whether someone is an interesting prospective customer for us. Based on this information, a score is calculated using a logical and transparent calculation model including weight factors. Based on that score, Graydon may contact a potential customer. There are no legal consequences connected to this automatic processing and there are no substantive consequences for the data subject, regardless whether Graydon contacts the potential customer based on the score or not.
Graydon’s core activity is the collection and processing of personal data for the purpose of supplying business information services (commercial personal data). Graydon shares such commercial personal data with:
Graydon only transfers personal data to entities outside of the European Economic Area (hereinafter: ‘EEA’) if, according to the European Commission, that country enforces an adequate level of data protection, or if additional measures have been taken (Standard Contractual Clauses) with and by the parties to safeguard the security of your personal data in accordance with the GDPR.
Graydon considers the protection of the privacy and confidentiality of your personal data to be very important. Therefore, Graydon ensures adequate technical and organisational measures are in place to safeguard personal data against loss, misuse, and any form of unauthorised processing.
Graydon works with a quality management system that guarantees a consistent service level which meets the customer’s as well as any legislative and regulatory requirements.
Graydon strives for continuous quality improvement in its organisation. On that front, Graydon strives to be a market leader. That is why Graydon invests in generating awareness and offering training to all its employees. Graydon has actively drafted an ICT Security Policy and holds an ISO 27001 certification. Furthermore, Graydon has appointed a Security Manager for the Graydon Group as a whole.
Graydon ensures that the personal data that is processed by Graydon for the purpose of its services is correct, adequate, relevant, and up to date. Graydon takes all reasonable measures required, to remove personal data if it is found that aforementioned processing purposes are incorrect or are no longer sufficient, relevant, or up to date.
Graydon does everything within its power to ensure that your personal data is accurate and up to date. If you wish to exercise your rights, you can do so by filing a request with Graydon. You can file your request with Graydon by e-mail to the following address: firstname.lastname@example.org, or by post to: Graydon Belgium NV, f.a.o. Support, Uitbreidingstraat 84 bus 1 2600 Berchem (Antwerp). We will respond to your request within one month. You can exercise the following rights:
Meeting your expectations is important to us. But even though we do everything in our power to achieve that, its possible you may be dissatisfied. If your complaint concerns the protection of personal data, you can file a complaint with the GBA. You can do so via: www.gegevensbeschermingsautoriteit.be/verzoek-klacht-indienen.
Would you like to know more about Graydon’s vision of privacy, or do you have a question or suggestion? You can contact us via e-mail: email@example.com, or by post addressed to: Graydon Belgium NV, f.a.o. Support, Uitbreidingstraat 84 bus 1 2600 Berchem (Antwerp).
This Privacy Statement is updated from time to time. Therefore, we recommend that you regularly review the Privacy Statement to ensure you are aware of any changes.
This Privacy Statement was most recently updated on 18 September 2019.
In this video you will find more information about the processing of personal data by Graydon.
Graydon collects data about companies established in Belgium, with the aim of providing advice so that companies can do business with greater certainty and are better able to identify financial risks and opportunities. Graydon will include this data in its database and inform the entrepreneurs accordingly.
At Graydon, data and transparency are two of our main values. This is why we have developed this web page where we have gathered all the relevant information related to data privacy in relation to our business.
Do you have any questions or comments? Please don’t hesitate to contact us at: firstname.lastname@example.org.
In order to be able to process your request as quickly and efficiently as possible, you will need to provide us with some details related to your request. Please indicate in your subject line the reason of your email (e.g. amendments to your information, request to be forgotten, …). Also to ensure that we are communicating personal information to the right person, we will need some proof of identification such as a copy of your driving licence or your passport. Please be assured that the copies of these documents will be destroyed and not kept on our servers after validation of your identity.