eng-AU

Data protection under GDPR

DATA PROTECTION STATEMENT

Coface Group (the “Group”) is a global provider of credit insurance, factoring, surety bonds, business information and debt collections services.
 
The Group is acting and facilitating solutions in the business-to-business trade market. It is present directly and indirectly through its partners, in 100 countries, providing support for customers in more than 200 countries.
 
It performs its activities through its primary operating subsidiary, Compagnie française d’assurance pour le commerce extérieur*[1] and its affiliates 2 (“Coface”).
 
Within the frame of our activities, we primarily collect and process data about companies, businesses and traders. Nevertheless, as part of our activities we also process data that can be qualified as "Personal data" according to the EU General Data Protection Regulation (“GDPR”), when the collected information relates to an individual (e.g. a company manager, a sole trader, a beneficial owner or any professional contact person).
 
Coface acts as the "Data controller" in the provision of our products and services. This means that Coface is the legal entity in control of the Personal data it collects. As such, it is required by law to ensure that policies, processes and procedures are in place to safeguard this data and respect the rights of the individuals whose data is collected. 
 
We are committed to the protection of Personal data we collect and process, with rigorous policies, controls, and compliance oversight to ensure that data is held and used appropriately. Your confidence in our safe and professional handling of data matters for us.
 
We are committed to process your Personal data securely and carefully and in a fair and transparent manner.
 
This Data Protection Statement explains the purposes and grounds of the processing of Personal data, the categories of Personal data concerned, the categories of sources and recipients of Personal data, data retention and your rights as a “Data subject” depending on your situation, in other words whether you are:
  • Website visitor - Chapter I
  • Prospect or recipient of commercial offers or commercial information - Chapter II
  • Customer, Broker, Guarantor, Business Partner or Supplier - Chapter III
  • “Debtor”, “Buyer” or a “Beneficiary” (in a potential or existing contractual or legal relationship with one of our customers) - Chapter IV
In addition, we inform you as a Data subject about other important information and data privacy rights:
  • Do we transfer your Personal data outside the Economic European Area (“EEA”)? - Chapter V
  • How do we protect your Personal data? - Chapter VI
  • What are your data privacy rights and how can you contact us? - Chapter VII
Please note that we are continuously improving our services and processes in order to protect your Personal data, thus, we may update this Data Protection Statement. Therefore, you are welcome to consult our website to get an updated version of this Data Protection Statement. Coface subsidiaries or branches may also have additional privacy notices on their own (local) websites.
 
This Data Protection Statement was updated on 14th September 2022.

Chapter I. You are a website visitor

Way of Personal data collecting

 

We collect Personal data you provide us when you e.g. sign up for our services on our websites, enter Personal data into an online contact form and/or activate a newsletter opt-in box.

 

We confirm that the entry of such Personal data in this context is voluntary and that it is not subject to a statutory or contractual requirement or a requirement necessary to enter into a contract. 

 

Personal data categories

 

We may process different types of Personal data that you provide us, such as surname and first name, work address, work phone number, work or personal email address, or other information provided when registering for one of our services or products.

 

Purposes and legal grounds

 

We collect and process your Personal data based on your consent, in order to:

  • provide our products and services;
  • optimize our business offers for you;
  • stay in contact with you;
  • handle complaints or disputes.

Right to withdraw

 

You have the right to withdraw your consent at any time by contacting the same address from which we have contacted you. 

 

Recipients of collected Personal data

 

In order to comply with the above purposes, your Personal data may be disclosed to any entity of the Group, our business partners and services providers.

 

Period for which the Personal data are stored

  • Newsletter contact data (E-Mail): we keep your data as long as you did not apply for withdrawal or apply for the right to object.
  • Data entered into contact form: we erase your Personal data immediately by receiving a withdrawal or objection or in case of 2 years of ongoing inactivity (if you have not responded or did not send any new request).

Cookies, statistic data & connection data

 

If you are a visitor of our websites, it is our aim to inform you clearly and openly about the Personal data we collect and that we use related to you.

 

In most cases, and also depending on personal configurations and given consent, our websites are using persistent cookies, session cookies.  Sometimes they are using also pixel technologies, local storage technologies or other similar technologies like advertising IDs and tags.

 

Since local Coface websites can differ in their specific cookie and statistical settings, we recommend that you read the current online cookies policy on the local website.

 

There you can see a complete and detailed list and description of the settings and activities as well as a permanent link that you can use to set and to change your personal preferences and consents at any time.

Chapter II. You are Prospect or Recipient of Commercial Offers or Commercial Information

Way of data collecting

 

We collect business contact data from:

  • Customers, brokers, agents or other partners who refer us to you, or to whom you provided consent to share your Personal data with us.
  • Publicly available sources (internet, trade register), also using qualified internet scanning technologies.
  • Own customer databases.
  • Contact data directly received from you.

Personal data categories

 

We may process different types of Personal data, such as surname and first name, work address, work phone number, work email address, or other information such as industry affiliation that was provided by the source from where the Personal data has been collected.

 

Purposes and legal grounds

 

We collect and process your Personal data based on your consent or our legitimate interests:

  • To stay in contact with you in order to inform you about our (new) products and services.
  • To set up promotional activities and business events.
  • To analyze your business needs and environments, optimize our products and offers for you.

Right to withdraw

 

You have the right to withdraw your consent at any time by contacting the same address from which we have contacted you. 

 

Recipients of collected Personal data

 

In order to comply with the above purposes, your Personal data may be disclosed to any entity of the Group and our business partners (if the data are publicly available).

 

Period for which the Personal data are stored

 

We erase your Personal data immediately:

  • By receiving a withdrawal or objection.
  • In case of 2 years of ongoing inactivity (if you have not responded or did not send any new request).

Chapter III. You are a Customer, Broker, Guarantor, Business Partner or Supplier

Way of Personal data collecting

 

Primarily, we collect your Personal data by asking you to complete forms (electronic documents, paper or entering data into our customer platforms).

We may also collect your data from the following sources:

  • Other Group companies, branches, affiliates or business partners;
  • Publicly available sources ;
  • Information/data providers.

Please note that the provision of the data for which we are directly asking you, is essential and a mandatory prerequisite for the conclusion of a contract, the creation of master data in our systems, and essential for compliance with anti-money-laundering law and risk prevention. 

 

Personal data categories

 

We may process different types of Personal data such as:

  • Information about your company that may be considered Personal data insofar it includes information related to an individual person (e.g. sole proprietor, manager, beneficial owner, shareholder, beneficiary, professional contact etc.)
  • Contact details and personal identification data as first name and surname, title, function, business phone number, business address, business email address, country, place and date of birth, ID, name of entity.
  • The following information also can be considered personal related, if you are not a company: personal bank account number, sales or tax identification number, claims history, contractual details and other financial information.

Purposes and legal grounds

  • We collect and process your Personal data on the basis of:
    • the preparation or performance of a contract with you
      • to offer, carry out and provide services to you and perform our undertakings according to the contracts related to such products and services. This may include business communication with you, processing transaction, assessing (trade) insurance risks and coverage, claims handling, recovery procedures, offering credit and risk management products and services, providing customer support services, operating debt collections and dealing with complaints; to establish, exercise or defend legal claims.
    • our legitimate interests, to:
      • carry out commercial purposes and improve our products and services related to our credit insurance, factoring, surety bonds, business information and debt collections activities and realizing statistical analyses and market research.
    • compliance with legal obligations, to:
      • comply with law or governmental authorities or an obligation under relevant laws or regulations or (voluntary) regulatory, industry or sector codes or guidelines.
      • perform “know your customer” and “know your supplier” programs, fighting against fraud, terrorism and money laundering, applying sanctions list checks and other compliance checks.
      • safe our interests, not being damaged by fraudulent activities - as well as on fulfilling legal requirements, such as anti-money-laundering law etc. 

Right to withdraw

 

You have the right to withdraw your consent at any time by contacting the same address from which we have contacted you. 

 

Recipients of collected Personal data

 

In order to comply with the above purposes, your Personal data may be disclosed to any entity of the Group, fraud or crime prevention and detection agencies, business partners, reinsurers, banks, external auditors, lawyers, debt collectors.

Period for which the Personal data are stored

 

If we are processing your Personal data in execution of a contract, the period of storage depends on the duration of the contract and the subsequent (local) legal retention periods.

If we are processing your Personal data for the purposes of fraud prevention, we keep relevant Personal data for a reasonable period, as long as the storage of the Personal data can make a significant contribution to fraud prevention.

If we are processing Personal data in order to fulfill legal obligations in the course of anti-money-laundering, anti-terrorism etc., the retention period depends on the respective laws.

If we are processing your Personal data for the purposes of commercial activities, we erase your Personal data: 

  • By receiving a withdrawal or objection.
  • After 2 years of ongoing inactivity (if you have not responded or did not send any new request).

Chapter IV. You are in a potential or existing Business Relationship with one of our Customers (as a “Debtor”, a “Buyer” or a “Beneficiary”)

Way of Personal data collecting

 

Primarily, we receive your Personal data from our customers.

  • We also collect your Personal data from:
  • Information providers (credit agencies, address check companies financial information companies);
  • Publicly available sources (i.a. trade registers);
  • Yourself, if you get in contact with us;
  • Own researches;
  • Partners.
  • All of the data collections, except if you are directly providing us with information, we are not directly obtaining from yourself. 

Personal data categories

Information about your company that may be considered Personal data insofar it includes information related to an individual person (e.g. sole proprietor, manager, beneficial owner, shareholder, beneficiary, professional contact etc.).

 

Contact details and personal identification data, e.g. first name and surname, title, function, business phone number, business email address, business address, country, date and place of birth, ID details, entity name.

 

If you are not a company, we may also process a personal bank account number, sales tax identification number, claims history, details of the agreement with you and financial information.

 

Purposes and legal grounds

 

We collect and process your Personal data based on:

  • Our legitimate interests,
    • to carry out and provide services in relation to the agreements we have with our customers, this includes processing transactions, operating debt collections and dealing with complaints, assessing trade insurance risks and coverage, claims handling, recovery procedures, to establish, exercise or defend legal claims. You are a third party within an economic triangle thus the processing of your data is essential in order to fulfill the purposes of legitimate contracts such as credit insurance, debt collection or factoring.
  • Consent
    • when you contact us and voluntarily provide or send us credit-related information.

Recipients of collected Personal data

In order to comply with the above purposes, your Personal data may be disclosed to any entity of the Group, fraud or crime prevention and detection agencies, business partners, reinsurers, banks, external auditors, lawyers, debt collectors.

 

Period for which the Personal data are stored

 

If we are processing your Personal data in execution of a contract (where you are a third party in an economic triangle relationship), the period of storage depends on the duration of the contract and the subsequent (local) legal retention periods.

 

If we are processing your Personal data for the purposes of fraud prevention, we keep relevant Personal data for a reasonable period, as long as the storage of the Personal data can make a significant contribution to fraud prevention.

 

If we are processing your Personal data in order to fulfill legal obligations in the course of anti-money-laundering, anti-terrorism etc., the retention period depends on the respective laws. 

 

Chapter V. Do we transfer your Personal data outside the EEA?

The global economic context and the associated internationality of our services and products mean that data can also be accessed outside the Economic European Area (“EEA”) via our global subsidiaries, branches and partners if such access is necessary and based on legal grounds.

 

Where applicable, we have taken reasonable precautions to transfer your Personal data to a country outside the EEA if that country does not offer an adequate level of protection in accordance with the applicable data protection laws. This also includes the use of standard contractual clauses that have been approved by the European Commission.

Chapter VI. How do we protect your Personal data?

We are committed to ensuring that your Personal data is protected. To prevent unauthorized access or disclosure, we have taken appropriate physical, technical and organizational measures to protect the Personal data we collect and process. 

Chapter VII. What are your data privacy rights and how can you contact us?

You, as a Data subject, have the right of access to the stored Personal data and - if and insofar other respective legal requirements are fulfilled - to object to the processing, to rectification, erasure , restriction of processing and the right of data portability. You also have the right to lodge a complaint with your local supervisory authority in order to check the legality of the processing.

 

Contact address: If you have a direct or indirect business relationship with us (for example as customer, supplier, buyer) you are welcome to send your concerns via the appropriate key account contact address or portals or other already known and used contact channels. Many data protection issues (changing master data, updating data, correcting incorrect data, information concerns) can be even resolved completely in this way.

 

If you want to object to commercial activities, you can raise your concern easily by contacting the same address from which we have contacted you.

 

Of course, our data protection contact address, to which you can address any of your concerns, is always open to you: coface_dpo@coface.com, or the postal address: Data Protection Office, 1 Place Costes et Bellonte - 92270 Bois-Colombes – FRANCE.

Top