General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) came into effect on the 25th May 2018. Below you will find all of the information you need.
Graydon Privacy Statement
Preamble
This is the Privacy Statement for Graydon Belgium NV (hereinafter: ‘Graydon’).
Graydon processes personal data as part of its services and responsibilities. In the following sections, we outline what personal data we process and for what purposes. We also explain for which services we process the personal data and on what legal basis we are permitted to do so. Sharing personal data with other parties will also be discussed, as well as the processing of personal data outside the EU. The security of personal data is addressed, followed by information on retention periods for personal data. We conclude with a section explaining your rights as a concerned party, and the option to file a complaint or otherwise contact Graydon.
1. Graydon’s vision (in relation to privacy)
It is Graydon’s view that transparency fosters trust between companies. When companies have a clear view of their opportunities and risks, it clears the way for productive cooperation, for closing deals, and making ideas into reality. Graydon’s mission is to be the market leader in supplying innovative insights into our core markets. This enables our customers to identify business opportunities, which, together with the right B2B partners, they can take advantage of and develop further.
Based on this information, Graydon generates invaluable economic, financial, and commercial insights, which enable our customers to take better commercial decisions and so gaining a competitive advantage. Graydon strives to be a reliable partner for its customers, to maintain a solid reputation and to exude sincere trustworthiness, both domestically and abroad. Therefore, Graydon’s compliance policy must be visible and pro-active.
Graydon processes your personal data in a careful, safe, and reliable way. Your faith in our organisation and services is important to us. That is why we are happy to do everything we can to protect your privacy. The rules for the protection of your privacy are set out in the General Data Protection Regulation (hereinafter: ‘GDPR’), for which the Gegevensbeschermingsautoriteit (‘GBA) is charged with monitoring compliance with the regulation. The GDPR is one of the biggest changes in the regulations for our sector in the last decade. Data forms the core of Graydon’s activities and of the services we offer our customers. Graydon believes the GDPR is of the utmost importance.
1.1 What is personal data?
Personal data is all data which can be linked to a person, a so-called data subject. Examples are: your name, address, telephone number, and bank account number. Sometimes we will aggregate or anonymise your personal data, so that it can no longer be traced back or linked to you. A data subject is a customer, an employee, or another person about whom personal data is being processed.
1.2 From what sources do we gather personal data?
Graydon utilises various sources to collect personal data.
The public sources from which Graydon may obtain personal data include:
- Company websites and public registers, such as the cadastre, the National Bank’s annual accounting system, and the publications of the VAT institutions and the Office for Social Security (Rijksdienst voor Sociale Zekerheid);
- registers for verification and signalling of public documents, such as Regsol;
- references in the Official Gazette (Belgisch Staatsblad) and the Central Database for Enterprises (Kruispuntbank van Ondernemingen), and other sources which are accessible to anyone, such as information already provided by the person or data that was made public by their own actions via social or other media;
- foreign equivalents of the sources referred to under (a) through (c).
The non-public sources from which Graydon may obtain personal data include:
- the data subjects themselves, including any parties representing the data subject and those authorised by the data subject to represent them;
- Graydon customers and others who have a business or financial relationship (including employment) with us, which is relevant to the purpose of the collection and processing of data;
- commercial parties and companies with which Graydon does business.
1.3 What personal data of yours does Graydon process?
Graydon supplies its customers with business information and insights into that information. To this end, information is collected for and about all business in Belgium (both legal and natural entities), such as contact information for both the company and the natural person behind it, data about payment experiences and historical data concerning economic calamities (e.g. payment arrears, subpoenas, starts and conclusions of bankruptcy procedures.
1.4 Who is the controller for the processing of personal data?
Graydon is the controller for the processing of personal data for the purposes stated in section 2, such as:
- Credit Management
- Risk & Compliance
- Market Information
1.5 Who is the Data Protection Officer?
The Data Protection Officer (hereinafter: ‘DPO’), within Graydon is Katleen Mertens. The DPO is tasked with enforcing compliance with data protection legislation and regulations and is the internal contact for the GBA. If you want to contact the DPO, you can send an e-mail to: dpo@graydon.be.
2. For what purposes do we gather personal data?
We also refer you to the “Table – Purposes of data processing and legal basis for processing by Graydon” for further information.
Credit Management
Graydon supports companies and institutions in making decisions concerning entering into or maintaining business relationships and/or contracts or the management of the business relationship/commercial agreement, from the tender to invoice. Graydon supports companies and institutions in the area of Credit Management, by processing and supplying personal data concerning natural and legal entities, whether in the form of a credit score, credit report, or otherwise.
With the help of our information, our customers themselves make decisions concerning:
- identifying, testing and/or selecting potential trade partners;
- whether to enter into, maintain and/or terminate trade transactions;
- determining the conditions under which such trade transactions take place, including especially the granting of loans or (commercial) credit;
- determining (future) opportunities for demanding and claiming repayment of debt and/or determining creditworthiness;
- the provision of the aforementioned personal data to third parties, who further process this personal data on the same basis as previously stated.
Risk & Compliance
Supporting companies and institutions in accordance with legal obligations and legal supervisory duties, including those imposed by the Financial Supervision Act (Wet op het financieel toezicht), Anti-Money Laundering Act (Anti-witwaswetgeving, AML), duty of care and customer investigation procedures, by processing and supplying personal data about natural and/or legal entities;
The provision of the aforementioned personal data to third parties, who further process this personal data on the same basis as previously stated.
Market Information
- Supporting companies and institutions in the area of market positioning aimed at companies and/or institutions, by processing and supplying personal data about natural and/or legal entities, concerning the market activities of such companies and institutions;
- The provision of the aforementioned personal data to third parties, who further process this personal data on the same basis as previously stated.
- Please note, all our marketing communication offers the option to unsubscribe from receiving further communication for commercial purposes.
Other purposes
Customer Support
We will use your personal data to provide our services to you and to optimise those services (for example if you have questions or specific comments that require further investigation), to contact you, as our customer, about services that are important to you, provided that you consent or have already requested the specific service and the intended communication is relevant or connected to such a prior request and takes place within such timeframe as determined by applicable legislation.
Website Management
Processing personal data for the purpose of improving the services and experiences for the visitors of our websites.
Internal training purposes
Your personal data may be used for internal training purposes with the aim of improving the provision of services.
Reporting and analytics purposes
- Your personal data may be used for reporting and analytics purposes, for example for mapping the geographical spread of our customer base. This allows us to improve our services and to offer you better support.
- For the improvement of our services, you may receive an invitation to participate in a customer panel. Of course, it is entirely your choice whether to accept the invitation and the invitation will include an option to unsubscribe from invitations for future studies.
Administrative purposes
In our administration, aforementioned personal data is processed to keep it up to date as much as possible. In addition, the way in which personal data is used within our administration has been recorded.
Complaints and Dispute Resolution
Despite our aim to offer you the best possible service, it is possible that you are dissatisfied about our services and want to make a complaint. In that event, the personal data we have of you may be used to allow us to resolve your complaint to the best of our ability.
Recruitment
Your personal data may be used for the recruitment of new employees, employee support and for the management of employee files.
Legislation and Regulation
We will, where required, use your personal data to comply with legislation and regulations.
3. What are the legal bases on which Graydon processes personal data?
We also refer you to the “Table – Purposes of data processing and legal basis for processing by Graydon” for further information.
Consent: The data subject has given his or her unequivocal consent for the processing.
If you, as a data subject on Graydon’s website, fill in contact forms, for example to request credit information, you are required to provide your personal data, such as your name, company, e-mail address, and telephone number. Graydon processes this personal data exclusively for the purpose for which it is intended: to supply the requested service and information. Your personal data will not be made available to third parties.
Agreement: The processing of personal data is necessary for the performance of an agreement that the data subject is party to. This criterion applies when the processing is required for the performance of an agreement, such as an employment contract, sales agreement, or rental agreement.
Legal obligation: The processing of personal data is required to comply with a legal obligation imposed on Graydon.
Legitimate interest: The processing of personal data, for the purpose of offering and providing commercial information, as well as the development of services, is necessary with a view to the legitimate interest of Graydon or its customer. The purpose of this processing is to enable companies to manage their financial risks, to protect themselves against fraud, to know who they are in business with, to meet compliance and regulatory obligations, and to gain better insight into organisations, sectors, and markets. Processing of personal data on these bases does not take place if the interests of the data subject outweigh the interests of Graydon. Graydon may also use the personal data if the public interests in them outweigh the individual interests or rights of the data subject. For example, for the prevention and tracking of criminal activity, such as fraud and money laundering. Such criminal activity costs the economy many billions of euros each year. In the end, that cost is borne by the general public in the form of higher prices. Graydon contributes to the public interest by helping to prevent fraud, such as identity theft.
4. Does Graydon use automated processing?
Graydon uses automated processing in determining a company’s credit score, failure prediction models, growth prediction models, activity scores, fraud detection models, …. This involves the automated processing of company data and/or personal data, combined with statistical and/or demographical data, to arrive at a score using a logical and transparent calculation model, including weight factors. In this way, credit score predicts, for example, whether a company is likely to continue its business activities, pays its invoices on time, receives credit, or whether there is a specific connected to the company. All of our models result in scores which, depending on the model’s subject, express a level of probability, ‘chance of’. The result is a risk indication. Graydon does not attach any legal consequences to this credit score. Graydon takes no decisions about an organisation and does not advice customers on whether they should do business with an organisation. The customers themselves determine how much ‘appetite for risk’ they have and is informed of this responsibility in Graydon’s general terms and conditions.
We make use of automatic processing to determine whether someone may be a potential customer for us. In our system, automatic processing, for example of clicking history on the website or in e-mails and of any requests for information on the website, takes place to determine whether someone is an interesting prospective customer for us. Based on this information, a score is calculated using a logical and transparent calculation model including weight factors. Based on that score, Graydon may contact a potential customer. There are no legal consequences connected to this automatic processing and there are no substantive consequences for the data subject, regardless whether Graydon contacts the potential customer based on the score or not.
5. Does Graydon share personal data with other parties?
Graydon’s core activity is the collection and processing of personal data for the purpose of supplying business information services (commercial personal data). Graydon shares such commercial personal data with:
- customers - companies and organisations with which Graydon enters into an agreement to purchase or gain access to data;
- entities affiliated to Graydon: Graydon Holding NV, Graydon Nederland BV, OpenCompanies BV (GraydonGo), Giant-net BV and Graydon UK Ltd.;
- suppliers - companies and organisations with which Graydon enters into an agreement to purchase or gain access to data;
- Atradius - a company which, in the capacity of collection agency, handles business with (international) debtors on behalf of Graydon;
- the police and other institutions in the field of law enforcement, as well as government bodies, such as local and national authorities, may request personal data. Such requests must always have a valid legal basis. For example: for the prevention or tracking of criminal activity, the arrest or prosecution of offenders, the assessment and claiming of taxes, investigating complains, or assessing to what extent a specific branch of business is functioning as it should.
6. Does Graydon transfer personal data to entities outside of the European Economic Area?
Graydon only transfers personal data to entities outside of the European Economic Area (hereinafter: ‘EEA’) if, according to the European Commission, that country enforces an adequate level of data protection, or if additional measures have been taken (Standard Contractual Clauses) with and by the parties to safeguard the security of your personal data in accordance with the GDPR.
7. How does Graydon protect your personal data?
Graydon considers the protection of the privacy and confidentiality of your personal data to be very important. Therefore, Graydon ensures adequate technical and organisational measures are in place to safeguard personal data against loss, misuse, and any form of unauthorised processing.
Graydon works with a quality management system that guarantees a consistent service level which meets the customer’s as well as any legislative and regulatory requirements.
8. How long does Graydon store your personal data?
Graydon ensures that the personal data that is processed by Graydon for the purpose of its services is correct, adequate, relevant, and up to date. Graydon takes all reasonable measures required, to remove personal data if it is found that aforementioned processing purposes are incorrect or are no longer sufficient, relevant, or up to date.
9. What rights do you have concerning your personal data?
Graydon does everything within its power to ensure that your personal data is accurate and up to date. If you wish to exercise your rights, you can do so by filing a request with Graydon. You can file your request with Graydon by e-mail to the following address: gdpr@graydon.be, or by post to: Graydon Belgium NV, f.a.o. Support, Uitbreidingstraat 84 bus 1 2600 Berchem (Antwerp). We will respond to your request within one month. You can exercise the following rights:
- right of access: you can ask Graydon to provide to you the personal data Graydon has on file for you;
- right of correction and right of removal: if the information contains incorrect information, is incomplete, or is not relevant to its processing purpose, or is otherwise in breach of a legal requirement, you can request that Graydon corrects, supplements, or removes such personal data;
- right to restrict processing: restrict or limit the processing of your personal data.
- right to data portability: to transfer your personal data, where your data is automatically processed based on an agreement or your consent;
- right to object: to object against the processing of your personal data; when your personal data is being used for direct marketing, you can object to its processing at any time.
10. Complaint to the GBA
Meeting your expectations is important to us. But even though we do everything in our power to achieve that, its possible you may be dissatisfied. If your complaint concerns the protection of personal data, you can file a complaint with the GBA. You can do so via: www.gegevensbeschermingsautoriteit.be/verzoek-klacht-indienen.
11. Cookies
Graydon’s website uses cookies. For more information, please refer to our cookie statement.
12. How do I contact Graydon?
Would you like to know more about Graydon’s vision of privacy, or do you have a question or suggestion? You can contact us via e-mail: gdpr@graydon.be, or by post addressed to: Graydon Belgium NV, f.a.o. Support, Uitbreidingstraat 84 bus 1 2600 Berchem (Antwerp).
This Privacy Statement is updated from time to time. Therefore, we recommend that you regularly review the Privacy Statement to ensure you are aware of any changes.
This Privacy Statement was most recently updated on 18 September 2019.
Download the overview table
Graydon and GDPR, we would like to inform you
In this video you will find more information about the processing of personal data by Graydon.
Graydon collects data about companies established in Belgium, with the aim of providing advice so that companies can do business with greater certainty and are better able to identify financial risks and opportunities. Graydon will include this data in its database and inform the entrepreneurs accordingly.
Download an example of the notification letter
How to contact Graydon about GDPR?
At Graydon, data and transparency are two of our main values. This is why we have developed this web page where we have gathered all the relevant information related to data privacy in relation to our business.
Do you have any questions or comments? Please don’t hesitate to contact us at: gdpr@graydon.be.
In order to be able to process your request as quickly and efficiently as possible, you will need to provide us with some details related to your request. Please indicate in your subject line the reason of your email (e.g. amendments to your information, request to be forgotten, …). Also to ensure that we are communicating personal information to the right person, we will need some proof of identification such as a copy of your driving licence or your passport. Please be assured that the copies of these documents will be destroyed and not kept on our servers after validation of your identity.