- Introduction
In the context of our business activities and/or your business relationship with us, we will collect, hold, use and/or otherwise process and control personal data.
Based on applicable data protection and privacy law, such as EU General Data Protection Regulation 2016/679, GDPR, Vartion B.V. (hereinafter referred to as Vartion), qualifies as a ‘controller’ with respect to the personal data which Vartion collects and processes about you. The aforementioned entity will hereinafter be referred to as: ‘we’ or ‘us’. The term “process” (or a conjugation of the verb “to process”) will refer to both the processing and the controlling of personal data.
- Information about us
Vartion B.V.
Registered in the Netherlands under company number 72248408
Address: Strawinskylaan 411 (1077 XX) Amsterdam, the Netherlands
- Our vision on privacy
We understand that your privacy is important and that you care about how your personal data is used. We respect and value your privacy and will only collect and use personal data in the manner and for the purposes as described in this document and that is consistent with our obligations and your rights under the applicable legislation and regulations. By entering into a business relationship with us and by sharing your personal data with us, you acknowledge and understand that your personal data will be processed by us in accordance with this Privacy Notice.
- What does this Privacy Notice cover and whose personal data do we process?
This Privacy Notice is intended to ensure compliance with the GDPR and the Dutch GDPR Implementation Act (AVG).
Our business in general terms is the exploitation of software for the recovery of data from public resources with instant interpretation (the Service).
This external Privacy Notice is relevant for anyone whose personal data we may process in the context of our (business) activities, including but not limited to directors, authorized representatives, employees and/or (other) contact persons of our current and former clients, contracting parties, business partners and/or service providers and users of our corporate website (privacy notice – Vartion – Vartion) (hereinafter also referred to as: ‘you’). This Privacy Notice is not relevant for employees and job applicants.
This Privacy Notice explains on what legal basis we may process your personal data and:
- what personal data we collect;
- for what purposes and how we may use/process such personal data;
- how we collect the personal data;
- how we store the personal data;
- for what period we store the personal data; and
- what your rights are under the applicable data protection and privacy legislation.
We encourage you to carefully read this Privacy Notice. From time to time, we may need to update this Privacy Notice. This may be necessary, for example, if the law changes or if we change our business in a way that affects the way we process personal data. The most recent version of this Privacy Notice will always be available on our website privacy notice – Vartion – Vartion. You may also ask us to send you a copy of the most recent version of this Privacy Notice.
In the event that the Privacy Notice will materially and/or substantially change, we will actively inform you of this change and provide you with the new version of the Privacy Notice.
Note: Where you provide personal data to us which relates to another individual than yourself (for example of the legal representative of the company you are representing), please provide the concerned individual with (a copy of) this Privacy Notice before providing us with his/her personal data.
- What personal data do we collect and how do we collect this personal data?
We collect personal data in various ways:
- Resulting from the Service provided following search enquiries entered by our clients or otherwise using publicly accessible data bases;
- Directly from you, for example when you provide us with your personal information by telephone, email, social media handle or other correspondence;
- Directly from you, for example when you engage in business with us;
- From the company you work for (in case the client/contracting party is a legal entity);
- Otherwise, for example, from public sources;
- From any national or international sanction list;
- Any foreign equivalent of the sources as specified in the above bullet points;
- Any information from non-public sources, provided by our clients to us for the purposes as set out below;
- When you visit our website (include hyperlink to website) and use the contact information provided on this website to get in touch with us;
- Account login credentials, such as usernames and passwords, password hints and similar security information;
- Other account registration and profile information, such as job title, educational and professional background and qualifications, and photo;
- Payment information, such as a credit or debit card number;
- Comments, feedback and other information you provide to us, including search query data and questions or information you send to customer support; and/or
- Interests and communication preferences, including preferred language.
As part of the business through information from the public domain we may obtain personal data from individuals, such as:
- Name, date and place of birth;
- Contact details, including but not limited to addresses, telephone numbers and email addresses;
- Anti-money laundering information and, if applicable, additional information for any individual regarded as a politically exposed person;
- Financial information as well as bank account details and tax identification number;
- Information about your employment, education, family, your (criminal) background or personal circumstances, and interests, where relevant; and/or
- Any other information that might be relevant to assess compliance risks for our clients.
The Service may automatically collect information about how you and your device interact with the Service, including:
- Computer, device and connection information, such as IP address, browser type and version, operating system and other software installed on your device, mobile platform and unique device identifier and other technical identifiers, error reports and performance data;
- Usage data, such as the features you used, the settings you selected, your URL click stream data, including date and time stamp and referring and exit pages, search terms you used, and the unique search results; and/or
- For educational services, the course modules and test questions you view, answer or complete.
We collect this data through our servers and the use of cookies and other technologies. Cookies are small text files that can be read by a web server in the domain that put the cookie on your hard drive. We may use cookies and other technologies to store your preferences and settings, help you with signing in, provide targeted ads and analyse site operations. You can control cookies through your browser’s settings and other tools. However, if you block certain cookies, you may not be able to register, login, or access certain parts or make full use of the Service.
- Legal bases for processing
The following legal bases shall apply with respect to the processing of these personal data:
- Where necessary to provide the Service, fulfil a transaction or otherwise perform a contract with you or at your request prior to entering into a contract;
- Where necessary for our compliance with applicable law or other legal obligation;
- Where necessary for the performance of a task carried out in the public or legitimate interest;
- Where necessary to enable our customers to comply with their legal obligations;
- Where applicable, with your consent; and/or
- Where necessary to operate our business, protect the security of our systems, customers and users, detect or prevent fraud, or fulfil our other legitimate interests as described in this policy, except where our interests are overridden by your privacy rights.
Where we rely on your consent to process personal information, you have the right to withdraw your consent at any time, and where we rely on legitimate interests, you may have the right to object to our processing.
We will only process your personal data on the basis of consent if this has been explicitly stated. If any kind of processing is based on your consent, we hereby inform you that you have the right to withdraw your consent at any time by contacting us via the contact details mentioned in paragraph 14, without affecting the lawfulness of processing based on consent before its withdrawal.
Legitimate interests of our clients include (i) public health; and (ii) compliance with legal and regulatory obligations and protect the public from financial crime, terrorist financing, fraud and serious misconduct or dishonesty.
As part of the Service sensitive personal data may have to processed: for instances where we receive personal data relating to political affiliations as part of our politically-exposed-persons checks and/or sanctions information. Any processing of such sensitive personal data will be necessary for reasons of substantial public interest, on the basis of an applicable law that is proportionate to the aim pursued and provides for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
There may however be other exceptional occasions where we may need to process sensitive personal data or information relating to a criminal background namely where:
- The processing is necessary for the detection or prevention of crime (including the prevention of fraud, money laundering or financing of terrorism) to the extent permitted by applicable law or regulation;
- The processing is necessary for the establishment, exercise or defence of legal rights.
- Purposes for processing
Personal Data obtained by the exploitation of software for the recovery of data from public resources with instant interpretation will only be processed by us as part of the Services we provide.
If you have a business relation with us, depending on how you interact with the Service, and us we use your personal information to:
- Provide, activate and manage your access to and use of the Service;
- Process and fulfil a request, order, download, subscription or other transaction;
- Provide technical, product and other support and to help keep the Service working, safe and secure;
- Enhance and improve the Service and our other products, events, and services and to develop new products, services and benefits;
- Respond to your requests, inquiries, comments and concerns;
- Notify you about changes, updates and other announcements related to the Service and our other products and services;
- Invite you to participate in user testing and surveys;
- Identify usage trends and develop data analysis, including for purposes of research, audit, reporting and other business operations, including determining the effectiveness of our promotional campaigns and evaluating our business performance, or in other ways pursuant to a customer agreement; and/or
- Comply with our legal obligations, resolve disputes, and enforce our agreements.
- If you are an administrator of an organisation with a subscription to the Service, we will use your details to communicate with you about your organisation’s subscription and related services. If you supply us contact information of your colleagues, we may contact those individuals with communications about the Service that may include reference to you.
- Use your personal data for marketing purposes. In such case we will specifically ask for your consent, after informing you on our relevant marketing activities.
- How long will we keep your personal data?
We will not keep your personal data for a longer period than is necessary in light of the purposes for which we process them (we refer to the purposes as listed above in paragraph 7).
Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings, we will keep the personal data for longer periods.
We will only retain your personal data for as long as necessary to fulfil the purposes for which we had collected it (we refer to the purposes as listed above in paragraph 7) and, thereafter:
- For the purpose of satisfying any legal, accounting, tax, anti-money laundering and regulatory reporting requirements or obligations to which we may be subject; and/or
- To the extent that we may also need to retain your personal data to be able to assert, exercise or defend possible future legal claims against or otherwise involving you.
In some circumstances you can ask us to delete your data. See Request erasure below for further information.
- How do we protect your personal data?
We have implemented the necessary administrative, technical and organizational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
Further, we seek to ensure that we keep your personal data accurate and up to date. In that respect we kindly request that you actively inform us of any changes to your personal data (such as a change in your contact details).
- Do we share your personal data?
Because the processing and providing of personal data is our main business activity and in the context of the purposes as listed above in paragraph 7, we may share your personal data with third parties in the following situations:
- To any third party service providers engaged by us, in order to provide our services to you, to comply with regulatory requirements or to provide (without limitation) the following functions:
- Using our IT systems, software and business applications; and
- Supporting our IT and business applications support teams, accounting, legal, reporting, internal audit and risk management, administrative, transfer, document storage, payment service providers, record keeping and other related functions;
- Our professional advisors where it is necessary for us to obtain their advice or assistance, including lawyers, accountants, IT or public relations advisors;
- Our clients (companies and organisations) with whom we have entered into agreement under which we offer and sell personal data or under which we provide access to personal data as part of the Service; and
- To any bank, financial institution, insurer, tax authority, court or any other authority or supervisor, where required.
We also will disclose your personal information if we have a good faith belief that such disclosure is necessary to:
- Meet any applicable law, regulation, legal process or other legal obligation;
- Detect, investigate and help prevent security, fraud or technical issues; and/or
- Protect the rights, property or safety of Vartion, our users, employees or others; and as part of a corporate transaction, such as a transfer of assets to or an acquisition by or merger with another company.
Where relevant, we will implement appropriate safeguards to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we will enter into data processing agreements when engaging a data processor (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our documented instructions.
Some of the above-mentioned recipients may be situated or operating in countries outside the European Economic Area. Where we transfer your data outside the European Economic Area we will do so on the basis of: (i) an adequacy decision; (ii) contractual model clauses as drafted and approved by the European Commission; or (iii) another valid transfer mechanisms pursuant to the GDPR. For more information about the safeguards applied by us to international transfers, please contact us via our contact details mentioned in paragraph 14.
- Can I access my personal data?
If you want to know what personal data we have of you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a ‘data subject access request’.
All such requests should be made in writing (including by e-mail) and sent to the email or postal addresses shown in paragraph 14 below. In principle, there is no charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make unnecessary repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 30 working days after receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time is required up to a maximum of three months after the date on which we received your request. In this case you will, of course, be kept fully informed of our progress. If you make a request we may request to verify your identity.
- What are your other rights?
Under certain circumstances you have the right to:
- Receive additional information regarding the processing of your personal data;
- Rectify your personal data;
- The erasure of your personal data;
- Object to (part of) the processing of your personal data;
- The restriction of (part of) the processing of your personal data; and
- Data portability (receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization).
- Not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you in any other way.
Right to receive information when collecting and processing personal data about you from publicly accessible or third party sources. When this takes place, we will inform you, within a reasonable and practicable timeframe, about the third party or publicly accessible source from which we have collected your personal data.
Request correction or rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data you provide to us. As mentioned, it is in your interest to keep us informed of any changes or updates to your personal data which occur during the course of your relationship with us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where:
- There is no good reason for us continuing to process it;
- You have successfully exercised your right to object to processing (see below);
- Ee may have processed your information unlawfully; or
- We are required to erase your personal data to comply with local law.
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. These may include instances where continued processing is necessary in order to be able to:
- Comply with a legal or regulatory obligation to which we are subject; or
- Establish, exercise or defence of legal claims.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes on the basis of our legitimate interests.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy;
- Where our use of the data is unlawful but you do not want us to erase it;
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer (data portability) of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
We do not make use of automatic decision-making.
You may also withdraw consent at any time where we are relying on your consent to process your personal data (which will not generally be the case). This will not however affect the lawfulness of any processing which we carried out before you withdrew your consent. Any processing activities that are not based on your consent will remain unaffected.
Kindly note that none of these data subject rights are absolute, and must generally be weighed against our own legal obligations and legitimate interests. If a decision is taken to override your data subject request, you will be informed of this by our data protection team along with the reasons for our decision.
Finally you also have the right to lodge a complaint to the local data protection authority. The contact details of the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) are as follows: Bezuidenhoutseweg 30 (2594 AV) The Hague; telephone no. 088 – 1805 250.
- Automated decision making and profiling
We process personal data on the basis of automated decision-making (such as profiling) to provide our clients to possibility to decide whether or not they wish to provide services to you, to enter into an agreement with you or to terminate any agreement with you. We do not attach any (legal) consequences to such profiles, nor do we take any decisions (or advise clients regarding such decisions) based on such profiles.
- Contact details
To contact us about anything related to your personal data and/or data protection, including exercising your data subject rights as discussed above in paragraphs 10 and 11, in particular your right to object, please use the contact details below:
For the attention of: Mr. Mark Lamers
Email address: mark.lamers@vartion.com
Telephone number: +31 20 797 7817
Postal Address: Strawinskylaan 411, 1077 XX Amsterdam NL