This Privacy Notice explains how Coface and its subsidiaries and affiliates (“Coface”), which are established in the European Union, collects, processes, uses, transfers and discloses personal data (both online and offline) in connection with the services Coface provides to its corporate clients (the “Services”). Coface designates as “you” in this Notice the individuals whose Personal Data Coface processes. These individuals or data subjects may include the persons who work for or are otherwise engaged by our clients, their affiliates or other third parties in connection with the Services.
Coface Group is committed to the protection of personal data as provided for in the European laws and regulations on Personal Data, and particularly in the General Data Protection Regulation (GDPR). As part of Coface group, we are concerned to apply the protective rules related to Personal Data for your benefit.
In the performance of its business and activities, Coface may also collect and process personal data from other sources, for regulatory purposes, for the execution of contractual and precontractual obligations and for Coface’s legitimate business interests. This processing may include the processing of personal data for the generation of business information reports, the processing of data of our clients’ debtors for risk management, setting of credit limits and debt recovery purposes, or the processing of data of our clients’ business partners for the abovementioned reasons.
“Personal Data” is any information that relates directly to an identified – or identifiable – living individual. It includes also different pieces of information which, collected together, can lead to the identification of a particular person, as well as de-identified, encrypted or pseudonymised personal data if they can still be used to re-identify a person.
Personal Data includes, notably:
- name and surname;
- date of birth;
- home address;
- email address (such as email@example.com);
- telephone or fax number;
- account details and related contact information;
- identification number (for example ID card, passport, social security);
- location data;
- Internet Protocol (IP) address;
- cookie ID;
- photographic or video images;
- telephonic or electronic recordings.
In the course of providing certain Services, Coface may also receive from you, or third parties, information including:
- names of beneficial owner(s);
- employment related information (executive positions held, shareholdings, and CVs);
- information about regulatory and other investigations or litigation to which you are or have been subject.
“Sensitive Personal Data” is personal data revealing:
- racial or ethnic origin;
- political opinions, or trade union membership;
- religious or philosophical beliefs;
- genetic and biometric data when processed for the purpose of identifying an individual;
- health data;
- sexual orientation;
- criminal convictions or offences.
Coface may receive a limited amount of sensitive personal data, on the basis of European Union or national laws, from third party service providers and others in support of due diligence activities that Coface undertakes to satisfy various legal and regulatory requirements to which Coface is subject, in a manner which shall at all times be proportionate to the aim pursued.
PROCESSING AND USE OF PERSONAL DATA
Coface needs to collect and process certain personal data in order to provide its Services, or because Coface is legally required to do so for regulatory purposes or for the management and execution of the agreements it enters into.
To these extents, your personal data will be processed on the legal basis referred to in Articles 6(1)(b) and 6(1)(c) of the GDPR and for the purposes of Coface Group’s reasonable business interests within the meaning of Article 6(1)(f) of the GDPR.
For the purposes set forth above and for the needs of credit assessment, credit management, credit insurance, reinsurance, information, debt collection, bonding, factoring and financing activities and businesses of Coface Group, as well as for the purposes of any new business or activity developed by any Coface Group entity, Coface collects and processes personal data from different sources, including:
- Through the services: Coface may collect personal data through the provision of its Services.
- From External sources: Coface may receive personal data from other sources, such as public databases or information services providers.
- Other: Coface may also collect personal data through other sources, such as when you meet Coface ahead of transactions, request pitches or proposals from Coface, or participate in a transaction or contractual arrangement, are referred to in a working party list provided by you or third parties, or in information obtained from deal-related data rooms.
As stated above, Coface and its service providers may process and use personal data for their legitimate business interests, which include:
- validating the authorized signatories when concluding agreements;
- verifying a person’s identity in order to conduct transactions or conclude agreements;
- contacting individuals in relation to existing agreements or transactions;
- performing our obligations with respect to the Services provided;
- replying to information requests received from our clients and/or relevant third parties as part of the provision of Coface Services,
- managing accounts and our commercial relationships and protecting them;
- protecting personal data;
- for information and business purposes (such as audit, data analysis, improving and developing new Coface products and services, assessing the effectiveness of promotional or marketing campaigns, among others);
- for risk management and compliance purposes (such as ensuring compliance with Coface’s legal and regulatory obligations, in particular in relation to KYC, anti-money laundering, fraud and other necessary customer monitoring and checks, due diligence requirements, compliance with sanctions regulations, among others);
- to comply with laws and regulations and with other legal process and enforcement requirements (such as internal policies, among others); and
- to inform our clients of any changes or updates to any contractual terms and conditions and policies.
The personal data collected and processed by Coface for the fulfilment of its legal and regulatory obligations related to the prevention of money laundering and terrorist financing, is processed exclusively for those purposes, unless otherwise permitted.
Your Personal Data will be stored for as long as needed or permitted in light of the purposes for which it was collected and, in any case, for no longer than until the expiry of the statute of limitations for legal proceedings relating to existing contracts, extended to the duration of any ongoing litigation proceeding, or for the length of time set forth by any legal obligation to which Coface is subject. The personal data of other persons, including personal data of debtors, will be processed on the legal basis referred to in Articles 6(1)(b), 6(1)(c) and 6(1)(f) of the GDPR and will be stored for the same retention periods as set forth above.
KEEPING PERSONAL DATA SECURE
The security and confidentiality of Personal Data is a core concern for Coface.
Coface maintains reasonable physical, technical, electronic, procedural and organizational safeguards and security measures to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed by Coface in the European Union or elsewhere.
The access to your personal data is authorized only to required employees for legitimate and specific business purposes. The protection of personal data is an integral part of Coface Code of Conduct as well as specific internal procedures. Coface employees are subject to disciplinary action if they fail to follow such requirements.
DISCLOSURE OF PERSONAL DATA
In connection with the Services Coface is providing, personal data may be processed and used by and transferred to other members of Coface Group or to Coface partners, including, where applicable, outside the European Union, as well as to Coface Group reinsurers, brokers and third party services providers providing services such as IT and infrastructure, customer service, email delivery, auditing and other services, to third party experts and advisers including legal counsels, tax advisers or auditors or to any other persons as expressly agreed with you or as required or permitted by any applicable law.
Coface may also use, disclose or transfer personal data to a third party in the event of any reorganization (merger, sale, joint venture, assignment, transfer or other) of all or part of its business, or as expressly requested by clients (or our client’s representatives).
The recipients of the data will depend on the Services provided and will be subject to any confidentiality restrictions agreed between Coface and its client or other contracting parties.
Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. To ensure an adequate level of protection for Your Personal Data if transferred to recipients located outside the EU/EEA, Coface enters into agreements with the recipients which include, when applicable, the standard contractual clauses issued by the European Commission pursuant to Article 46(2)(c) of the GDPR. A copy of such agreements can be obtained from Coface’s Data Protection Officer.
Coface may also transfer and disclose personal data in order to:
- comply with any applicable laws including foreign laws and regulations, to reply to requests received from public and government or regulatory authorities and to cooperate with them, to which Coface Group entities are subject or submit worldwide, or for other legal reasons;
- respond to courts and litigation counterparties and other relevant parties pursuant to any type of court order or process in the context of litigation and arbitration proceedings;
- respond to any regulatory authority reporting requirements to which Coface Group is subject worldwide; and
- protect Coface Group’s entities rights or property, and/or that of our clients or others.
THIRD PARTY SERVICES
This Privacy Notice does not address, and Coface can in no case be held responsible for, the data privacy practices of any third parties or operators providing services such as any website hosting service or any other service relating to the Services provided by Coface.
THIRD PARTY PROCESSORS
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
EXERCISING YOUR RIGHTS
As data subject, you are entitled, under the conditions provided for by the GDPR and by any specific law or regulation, to request to review, correct, update, modify, suppress, restrict or delete any personal data previously provided, or to request to receive an electronic copy of your personal data in order to transmit it to another company to the extent your right to data portability is provided by applicable law.
You can exercise all these rights by contacting Mr. Franck Marzilli, Coface’s Data Protection Officer, in charge of our Personal Data Protection service, at the following email address: firstname.lastname@example.org
or at the following address:
Data Protection Office/Group Compliance Department
1, place Costes et Bellonte – 92270 BOIS-COLOMBES.
We will respond to your request in accordance with the applicable law.
In the event of any irregularities, all persons whose personal data will be processed pursuant to this Article will have the right to file a complaint with the Supervisory Authority pursuant to Article 57(1)(f) of GDPR.
Coface Group’s competent Supervisory Authority is:
Commission nationale de l’informatique et des libertés
Address: 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Phone Number: +33 01 53 73 22 22
In the UK and Ireland the Controller of Personal Data processed for all the above mentioned purposes is Compagnie française d’assurance pour le commerce extérieur, branch in UK, having its registered office at Egale 1, 80 St. Albans Road, Watford, Herts WD17 1RP.
PERSONAL DATA USE AND PROCESSING FOR MARKETING PURPOSES
Coface may use personal data provided by you for promotion purposes, for example to inform you of new products or products from members of Coface Group or of any change in existing products. Your personal data will not be sold to any third party for marketing campaigns without your prior consent. In addition, you shall have the right to object to the use of your personal data for marketing reasons at any time by contacting the service referred to in paragraph above upon which Coface will immediately cease and desist from any further use of your personal data for such purpose.
You can be contacted by telephone and/or by e-mail for Coface’s marketing of its products and services purposes.
Your personal data will be processed for Coface’s marketing purposes based on your consent until it is revoked. Your consent is voluntary and may be revoked at any time, and you are entitled to object to the processing of your personal data for these purposes, upon which Coface will immediately cease and desist from any further use of your personal data for such purpose. You may exercise your rights by sending an e-mail to: email@example.com.
By authorizing to be contacted by telephone and/or by e-mail, your personal contact data (i.e. name, first name, gender, postal address, e-mail address, telephone numbers landline and mobile) will be processed for Coface’s marketing purposes, which are in Coface’s reasonable business interests on the basis of Article 6(1)(f) of the GDPR.
JURISDICTION AND CROSS-BORDER TRANSFER
Personal data may be collected, used, processed, stored in, and disclosed and transferred to any country where Coface has premises or in which Coface engages service providers, including the United States. In certain cases, courts, law enforcement agencies, regulatory agencies and security authorities in these countries may be legally entitled to access your Personal data.
UPDATES OR CHANGES TO THIS PRIVACY NOTICE
Coface may change this Privacy Notice from time to time. The “Last updated” date indicated at the top of this Notice refers to the last time this Privacy Notice was revised and/or updated.
Any changes to this Privacy Notice become effective on the date Coface uploads the revised Privacy Notice. Provision of personal data by you further to any changes to the Privacy Notice acknowledge your acceptance of the revised and/or updated terms of this Notice.
The Coface entity providing the Services in connection with which your personal data is provided is the controlling company responsible for personal data collection, use, processing, transfer and disclosure.
If you want to know which Coface entity is responsible for these Services or you have any questions about this Privacy Notice, you can contact Mr. Franck Marzilli, Coface’s Data Protection Officer, in charge of our Personal Data Protection service, at the following email address:
or at the following address:
Data Protection Office/Group Compliance Department
1, place Costes et Bellonte – 92270 BOIS-COLOMBES.