Privacy statement of Branche Creditmanagement BV (BCM)
You share your personal data with us. If you contact us yourself or if we contact you within the framework of our services. We handle this information with care. In this statement you can read how we handle your data and your privacy.
1. Who are we?
BCM is a credit management organization. We help our customers to prevent or solve problems. With legal assistance, services or credit & finance solutions.
We serve our customers from 2 companies:
• Branche Creditmanagement BV, Westervoortsedijk 73, 6827 AV Arnhem, The Netherlands
• Branchen Creditmanagement GmbH, Drususdeich 24, 47533 Kleve, Germany
Visit www.crdt.eu for more contact details.
2. What are personal data and what is ‘processing’?
Personal data are all data that we can relate to you. You share personal information with us if you are a customer with us or if you have contact with us for other reasons. Think of your name, your telephone number or your e-mail address. This concerns data traceable to you as a contact person of a company, or when you, for example, undertake as a self-employed person, a sole proprietorship, a general partnership or a partnership.
Processing is a legal and broad concept. It concerns everything that you can do with data, such as collecting, recording, organizing, storing, updating, modifying, retrieving, consulting, using, forwarding, distributing, making available, bringing together, interrelating, shielding, erase and destroy.
3. Which personal data does BCM use?
BCM uses different categories of personal data.
Data for the application and execution of our services
When you apply for BCM products or services, you provide us with data. We record this information. This information is for example your name, address and city, e-mail address, telephone number and / or date of birth. This can also be the (contact) data of your company.
We can also use external sources for the assessment of your application. We also receive personal data when conducting our services. In order to provide good legal advice, we record all relevant information about a case. These are therefore also data of your counterparty, but also of third parties that are involved in the dispute between you and your counterparty.
Data if you have contact with BCM
4. How do we get your data?
BCM can obtain your personal information in different ways. In most cases we receive data directly from you, because you yourself provide it to BCM. For example because you request information via our website, because you want to use our services or because you have registered for a newsletter.
We can also receive personal data from others. For example, from an intermediary. This also takes place within the framework of our services. The recording of personal data is often inevitable in the execution of our services.
We can also use data from public sources. Information about companies and their representatives can be obtained from the Chamber of Commerce, but also from trade information agencies or via the insolvency register. In the context of customer or supplier acceptance we can also use public information on the internet.
5. What are we using personal data for?
BCM can only perform its services properly if BCM can request and record personal data. This is necessary to provide specific information about our services, but also to enter into and execute agreements, to fight fraud, to comply with legal provisions, for (statistical) research into the use of the website and online services and to improve the service. We will explain this further below.
5.2 To be able to deliver our services
BCM requires personal data for proper performance of the service.
With your personal data we can for example:
• Investigate whether you can become a customer with us;
• Assess your application or change of insurance or other service. The request for our services often goes digital, through automated processing. You can always contact us about the outcome of the assessment;
• Contact you or write a counterparty on your behalf;
• Put your details in our administration and update them if there are changes.
The legal basis for processing your data in these cases is the agreement that we enter into with you.
We are happy to inform our customers of our advice and solutions. For example via a newsletter, by e-mail, via our website and via personalized advertisements. We use personal data for this. Your personal data can be used for marketing activities. BCM has a central customer and prospect administration. The information we have received ourselves can be supplemented with public sources. In doing so, BCM takes your preferences into account. We think it is important that we send information that is relevant to you. With this aim we collect preferences and behavioral data (‘open and click behavior’) through our commercial e-mail and newsletters. If you do not want to receive commercial information from BCM, you can of course. You can then opt out of receiving commercial e-mail and / or newsletters.
The legitimate basis for processing data for these purposes is BCM’s legitimate interest in maintaining and increasing our customer base.
5.4 Acceptance and fraud policy
We also collect personal data to identify defaulters so that we can prevent and address default.
BCM then processes personal data for the following purposes:
• For the purpose of providing debt collection services, and the financial settlement thereof;
• In order to estimate and increase the chances of recoverability of a debt collection based on current and historical (payment) data;
• To contribute by means of our services to the prevention and minimization of payment risks and other problematic situations among those involved.
BCM can consult your information and record it with information bureaus. The purpose of this is to prevent non-payment for insurers and customers. We do this because we do not want customers who endanger BCM and / or our customers. In addition, we must ensure that we remain a healthy company, so that we can meet all our obligations now and in the future.
The legitimate basis for collecting these data is therefore to safeguard and improve the legitimate interest of BCM.
5.5 Compliance with statutory provisions
For insurers all kinds of legal obligations apply that require us to process personal data. Think of obligations to do business only with honest parties and to guarantee an ethical business. Laws and regulations can also oblige BCM to provide access to data to a government agency or a regulator, for example De Nederlandsche Bank, the Netherlands Authority for the Financial Markets.
The legal basis for the processing of these data is the legal obligation.
5.6 For (statistical) research and to improve the service
We also use data for research and improvement of our services. We do this by combining and analyzing it. These analyzes bring us to new ideas and better solutions. This is how we can:
• solve the cause of complaints, improve pages and forms on our websites and speed up processes;
• develop new services and improve existing services.
When analyzing, we only use the data that we need for this. And we can bundle data at a certain level of abstraction to limit the use of this data.
The legitimate basis for collecting this information is the legitimate interest of BCM.
6. Who do we have personal data from?
We process personal data from our customers. But also from people other than our customers. For example because you have (had) direct or indirect contact with us. For example, it may be that we process your data in the context of our service to a customer, because you are the other party of a customer of BCM. In addition, BCM provides services for customers of insurers. In that case, we also receive your data. We also process data from contacts and representatives from our business customers and from suppliers.
7. How does BCM provide personal data?
BCM records as little personal data as possible, only the necessary ones. BCM also takes the necessary technical and organizational measures to protect your personal data against loss and unauthorized use. Examples of security measures are logical access security, management of authorizations, monitoring of websites and infrastructure for security breaches, use of firewalls and agreements with suppliers about information security.
Employees of BCM and any third parties who can take cognizance of the data recorded by BCM are obliged to keep this information confidential. Only authorized personnel may view and edit data. This is also only allowed to the extent necessary for an adequate performance of the work.
8. Storage periods
BCM does not store your data longer than necessary for the purposes for which your data were obtained and further processed, unless the law obliges us to keep data for longer. For example, every entrepreneur is legally obliged to keep his administration for seven years (fiscal retention).
The retention period used by BCM may differ per purpose and also depends on the nature of the data. After the retention period has expired, your personal data will in principle be deleted or anonymised in such a way that it can no longer be used and is no longer accessible. We use anonymized data at the end of the retention period only for historical, statistical or scientific purposes.
9. Your rights. How can you view, modify or file your personal data?
You can submit a request to us to inspect, rectify, limit or delete the personal data that we process from you. You can also object to the fact that BCM processes your data or makes a request to transfer your data. But also if you have granted permission to BCM to process your personal data and want to withdraw this permission.
This service must be done in writing with a copy of a valid proof of identity as an attachment. We urge you on this copy to make your BSN and passport photo streaked / unreadable. BCM will send you a response to the request as soon as possible, but no later than within one month. You can also use our address if you have a complaint about how BCM deals with (your) personal data.
10. Provision of data to third parties
We only share information with third parties if necessary. We do this, for example, if this is necessary for the performance of the services by BCM, in the prevention of default or if required by laws and regulations.
In order to deal adequately with legal support and debt collection cases, it is sometimes necessary to exchange information with third parties, such as counterparties, courts and other agencies. We only share the data when necessary and in those cases we share as little information as possible. If you use the services of an intermediary, we will be able to communicate with your intermediary for the execution of the insurance contract.
10.2 Legal obligations
Only when we are required to do so by law, personal data will be provided to supervisors, tax authorities and investigative authorities. In all cases, BCM will take appropriate measures to ensure the confidentiality and security of the data as much as possible.
10.3 Support services
For the provision of our services we can use third parties, such as IT suppliers, social network providers, marketing agencies, and information agencies. We make good agreements with such parties before we provide the data to them. They are obliged to protect the data and may only process it in accordance with our instructions.
10.4 Provision to other countries
BCM can transfer personal data to other countries. We only do this if it is necessary for our services or if we are obliged to do so on the basis of legislation and regulations. The legislation does not offer the same level of protection of personal data in all countries. Where necessary, BCM ensures that adequate safety provisions are in place before the data is transferred.
10.5 Other websites
On the websites of BCM you will regularly find hyperlinks to websites of third parties as a service. BCM can not be held responsible for the handling of your data by those parties. If so, read the privacy statement of the relevant site.
11. Data leaks
A data breach is a breach of the security of personal data. BCM is obliged to report a data breach within 72 hours to the Dutch Data Protection Authority and to those whose data are and / or those who use them. This obligation does not apply if it is unlikely that the infringement involves a risk to the rights and freedoms of the persons concerned. Data leaks are always registered and assessed internally at BCM. It is determined on a case-by-case basis what action is needed to limit the risks for the people involved as well as possible.
It is important that all data breaches relating to personal data that are processed by BCM are reported and evaluated by BCM so that we can take action on them. You can report data leaks to the management of BCM.
Questions or remarks
BCM reserves the right to make changes to this privacy statement, for example due to new developments, online services or to ensure compliance with laws and regulations. These changes will be announced on our website.