COFACE PRIVACY NOTICE
Last updated May 25, 2018
Explains how Coface and its subsidiaries and affiliates (“Coface”), which are established in the European Union, collects, processes, uses, transfers and discloses personal data (both online and offline) inconnection with the services Coface provides to its corporate clients (the “Services”). Coface designates as “you” in this Notice the individuals whose Personal Data Coface processes. These individuals or data subjects may include the persons who work for or are otherwise engaged by our clients, their affiliates or other third parties in connection with the Services.
Coface Group is committed to the protection of personal data as provided for in the European laws and regulations on Personal Data, and particularly in the General Data Protection Regulation (GDPR). As part of Coface group, we are concerned to apply the protective rules related to Personal Data for your benefit.
In the performance of its business and activities, Coface may also collect and process personal data from other sources, for regulatory purposes, for the execution of contractual and precontractual obligations and for Coface’s legitimate business interests. This processing may include the processing of personal data for the generation of business information reports, the processing of data of our clients’ debtors for risk management, setting of credit limits and debt recovery purposes, or the processing of data of our clients’ business partners for the abovementioned reasons.
“Personal Data” is any information that relates directly to an identified - or identifiable - living individual. It includes also different pieces of information which, collected together, can lead to the identification of a particular person, as well as de-identified, encrypted or pseudonymised personal data if they can still be used to re-identify a person.
Personal Data includes, notably:
- name and surname;
- date of birth;
- home address;
- email address (such as email@example.com);
- telephone or fax number;
- account details and related contact information;
- identification number (for example ID card, passport, social security);
- location data;
- Internet Protocol (IP) address;
- cookie ID;
- photographic or video images;
- telephonic or electronic recordings.
In the course of providing certain Services, Coface may also receive from you, or third parties, information including:
- names of beneficial owner(s); and
- employment related information (executive positions held, shareholdings, and CVs); and
- information about regulatory and other investigations or litigation to which you are or have been subject.
“Sensitive Personal Data” is personal data revealing:
- racial or ethnic origin;
- political opinions, or trade union membership;
- religious or philosophical beliefs;
- genetic and biometric data when processed for the purpose of identifying an individual;
- health data;
- sexual orientation;
- criminal convictions or offences.
Coface may receive a limited amount of sensitive personal data, on the basis of European Union or national laws, from third party service providers and others in support of due diligence activities that Coface undertakes to satisfy various legal and regulatory requirements to which Coface is subject, in a manner which shall at all times be proportionate to the aim pursued.
PROCESSING AND USE OF PERSONAL DATA
Coface needs to collect and process certain personal data in order to provide its Services, or because Coface is legally required to do so for regulatory purposes or for the management and execution of the agreements it enters into.
To these extents, your personal data will be processed on the legal basis referred to in Articles 6(1)(b) and 6(1)(c) of the GDPR and for the purposes of Coface Group’s reasonable business interests within the meaning of Article 6(1)(f) of the GDPR.
For the purposes set forth above and for the needs of credit assessment, credit management, credit insurance, reinsurance, information, debt collection, bonding, factoring and financing activities and businesses of Coface Group, as well as for the purposes of any new business or activity developed by any Coface Group entity, Coface collects and processes personal data from different sources, including:
- Through the services: Coface may collect personal data through the provision of its Services.
- From External sources: Coface may receive personal data from other sources, such as publicdatabases or information services providers.
- Other: Coface may also collect personal data through other sources, such as when you meet Coface ahead of transactions, request pitches or proposals from Coface, or participate in a transaction or contractual arrangement, are referred to in a working party list provided by you or third parties, or in information obtained from deal-related data rooms.
As stated above, Coface and its service providers may process and use personal data for their legitimate businessinterests, which include:
- validating the authorized signatories when concluding agreements;
- verifying a person’s identity in order to conduct transactions or conclude agreements;
- contacting individuals in relation to existing agreements or transactions;
- performing our obligations with respect to the Services provided;
- replying to information requests received from our clients and/or relevant third parties as part of the provision of Coface Services,
- managing accounts and our commercial relationships and protecting them;
- protecting personal data;
- for information and business purposes (such as audit, data analysis, improving and developing new Coface products and services, assessing the effectiveness of promotional or marketing campaigns, among others);
- for risk management and compliance purposes (such as ensuring compliance with Coface’s legal and regulatory obligations, in particular in relation to KYC, anti-money laundering, fraud and other necessary customer monitoring and checks, due diligence requirements, compliance with sanctions regulations, among others);
- to comply with laws and regulations and with other legal process and enforcement requirements (such as internal policies, among others); and
- to inform our clients of any changes or updates to any contractual terms and conditions and policies.
The personal data collected and processed by Coface for the fulfilment of its legal and regulatory obligations related to the prevention of money laundering and terrorist financing, is processed exclusively for those purposes, unless otherwise permitted.
Your Personal Data will be stored for as long as needed or permitted in light of the purposes for which it was collected and, in any case, for no longer than until the expiry of the statute of limitations for legal proceedings relating to existing contracts, extended to the duration of any ongoing litigation proceeding, or for the length of time set forth by any legal obligation to which Coface is subject. The personal data of other persons, including personal data of debtors, will be processed on the legal basis referred to in Articles 6(1)(b), 6(1)(c) and 6(1)(f) of the GDPR and will be stored for the same retention periods as set forth above.
KEEPING PERSONAL DATA SECURE
The security and confidentiality of Personal Data is a core concern for Coface.
Coface maintains reasonable physical, technical, electronic, procedural and organizational safeguards and security measures to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, disclosure, or access, whether it is processed by Coface in the European Union or elsewhere.
The access to your personal data is authorized only to required employees for legitimate and specific business purposes. The protection of personal data is an integral part of Coface Code of Conduct as well as specific internal procedures. Coface employees are subject to disciplinary action if they fail to follow such requirements.
DISCLOSURE OF PERSONAL DATA
In connection with the Services Coface is providing, personal data may be processed and used by and transferred to other members of Coface Group or to Coface partners, including, where applicable, outside the European Union, as well as to Coface Group reinsurers, brokers and third party services providers providing services such as IT and infrastructure, customer service, email delivery, auditing and other services, to third party experts and advisers including legal counsels, tax advisers or auditors or to any other persons as expressly agreed with you or as required or permitted by any applicable law.
Coface may also use, disclose or transfer personal data to a third party in the event of any reorganization (merger, sale, joint venture, assignment, transfer or other) of all or part of its business, or as expressly requested by clients (or our client’s representatives).
The recipients of the data will depend on the Services provided and will be subject to any confidentiality restrictions agreed between Coface and its client or other contracting parties.
Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. To ensure an adequate level of protection for Your Personal Data if transferred to recipients located outside the EU/EEA, Coface enters into agreements with the recipients which include, when applicable, the standard contractual clauses issued by the European Commission pursuant to Article 46(2)(c) of the GDPR. A copy of such agreements can be obtained from Coface’s Data Protection Officer.
Coface may also transfer and disclose personal data in order to:
- comply with any applicable laws including foreign laws and regulations, to reply to requests received from public and government or regulatory authorities and to cooperate with them, to which Coface Group entities are subject or submit worldwide, or for other legal reasons;
- respond to courts and litigation counterparties and other relevant parties pursuant to any type of court order or process in the context of litigation and arbitration proceedings;
- respond to any regulatory authority reporting requirements to which Coface Group is subject worldwide; and
- protect Coface Group’s entities rights or property, and/or that of our clients or others.
THIRD PARTY SERVICES
This Privacy Notice does not address, and Coface can in no case be held responsible for, the data privacy practices of any third parties or operators providing services such as any website hosting service or any other service relating to the Services provided by Coface.
EXERCISING YOUR RIGHTS
As data subject, you are entitled, under the conditions provided for by the GDPR and by any specific law or regulation, to request to review, correct, update, modify, suppress, restrict or delete any personal data previously provided, or to request to receive an electronic copy of your personal data in order to transmit it to another company to the extent your right to data portability is provided by applicable law.
You can exercise all these rights by contacting Mr. Franck Marzilli, Coface’s Data Protection Officer, in charge of our Personal Data Protection service, at the following email address: firstname.lastname@example.org
or at the following address:
Data Protection Office/Group Compliance Department
1, place Costes et Bellonte - 92270 BOIS-COLOMBES.
We will respond to your request in accordance with the applicable law.
In the event of any irregularities, all persons whose personal data will be processed pursuant to this Article will have the right to file a complaint with the Supervisory Authority pursuant to Article 57(1)(f) of GDPR.
Coface Group’s competent Supervisory Authority is:
Commission nationale de l'informatique et des libertés
Address : 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07
Phone Number : +33 01 53 73 22 22
In the UK and Ireland the Controller of Personal Data processed for all the above mentioned purposes is Compagnie française d’assurance pour le commerce extérieur, branch in UK, having its registered office at Egale 1, 80 St. Albans Road, Watford, Herts WD17 1RP.
PERSONAL DATA USE AND PROCESSING FOR MARKETING PURPOSES
Coface may use personal data provided by you for promotion purposes, for example to inform you of new products or products from members of Coface Group or of any change in existing products. Your personal data will not be sold to any third party for marketing campaigns without your prior consent. In addition, you shall have the right to object to the use of your personal data for marketing reasons at any time by contacting the service referred to in paragraph above upon which Coface will immediately cease and desist from any further use of your personal data for such purpose.
You can be contacted by telephone and/or by e-mail for Coface’s marketing of its products and services purposes.
Your personal data will be processed for Coface's marketing purposes based on your consent until it is revoked. Your consent is voluntary and may be revoked at any time, and you are entitled to object to the processing of your personal data for these purposes, upon which Coface will immediately cease and desist from any further use of your personal data for such purpose. You may exercise your rights by sending an e-mail to: email@example.com.
By authorizing to be contacted by telephone and/or by e-mail, your personal contact data (i.e. name, first name, gender, postal address, e-mail address, telephone numbers landline and mobile) will be processed for Coface's marketing purposes, which are in Coface’s reasonable business interests on the basis of Article 6(1)(f) of the GDPR.
JURISDICTION AND CROSS-BORDER TRANSFER
Personal data may be collected, used, processed, stored in, and disclosed and transferred to any country where Coface has premises or in which Coface engages service providers, including the United States. In certain cases, courts, law enforcement agencies, regulatory agencies and security authorities in these countries may be legally entitled to access your Personal data.
UPDATES OR CHANGES TO THIS PRIVACY NOTICE
Coface may change this Privacy Notice from time to time. The “Last updated” date indicated at the top of this Notice refers to the last time this Privacy Notice was revised and/or updated.
Any changes to this Privacy Notice become effective on the date Coface uploads the revised Privacy Notice. Provision of personal data by you further to any changes to the Privacy Notice acknowledge your acceptance of the revised and/or updated terms of this Notice.
The Coface entity providing the Services in connection with which your personal data is provided is the controlling company responsible for personal data collection, use, processing, transfer and disclosure.
If you want to know which Coface entity is responsible for these Services or you have any questions about this Privacy Notice, you can contact Mr. Franck Marzilli, Coface’s Data Protection Officer, in charge of our Personal Data Protection service, at the following email address: firstname.lastname@example.org
or at the following address:
Data Protection Office/Group Compliance Department
1, place Costes et Bellonte - 92270 BOIS-COLOMBES.
The EU General Data Protection Regulation
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
On this page you’ll find answers to commonly asked questions, relevant documentation, links to useful external resources, and contact details should you need additional information on the GDPR.
Frequently asked questions on the GDPR
What is the GDPR?
The GDPR replaces the current EU Data Protection Directive 95/46/EC and is directly applicable in all EU and EEA Member States as of 25 May 2018.
The GDPR significantly changes the EU data protection regulatory landscape, setting stricter requirements, reaching more companies, and imposing potentially higher penalties. For example, companies must:
- Implement programmatic measures to ensure and actively demonstrate compliance
- Implement appropriate technical and organizational measures to protect the rights of individuals when designing a processing system and processing data
- Conduct data protection impact assessments of high risk processing activities
- Implement privacy by design and by default
- Implement data breach notification
Coface and GDPR
Coface is committed to the protection of personal data we collect and process, with rigorous policies, controls, and compliance oversight to ensure that data is held and used appropriately.
Coface has established an enterprise-wide GDPR programme, with key executive sponsorship, that covers its impacted subsidiaries and affiliates. Data processing activities that involve data about individuals in the EU are under review, including applications and databases, policies, processes, and procedures to ensure that our employees, partners, and vendors process personal data in compliance with GDPR requirements.
Coface leverages a network of national correspondents and a Group dedicated team to ensure sustainable compliance with the GDPR going forward.
How I am affected as a client of Coface?
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The GDPR may require updates to certain data privacy provisions of client agreements to reflect the changes required by the GDPR. If changes in documentation we have in place with you are needed, we will contact you to provide any new privacy terms or notices that are required.
I am a client of Coface outside the EU. How I am affected?
The GDPR’s territorial scope of application is wider and may apply to organizations that are not based in the EU but offer goods or services to individuals in the EU and/or monitor the behavior of individuals in the EU. Coface is reviewing all of its processing activities involving individuals in the EU to determine if the broader territorial scope applies. If applicable, Coface will take the necessary actions, which may include updating Terms and Conditions of business, to reflect the changes required by the GDPR.
Can I see your data privacy policies?
We are working through all our policies and procedures and making updates where necessary to comply with the GDPR.
You can click on the link below to download Coface Privacy Notice.
Is there a need for 'explicit' or 'unambiguous' consent - and what is the difference?Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language.
Useful GDPR external resources
EU General Data Protection Regulation (full text):
If you have additional queries on GDPR implementation, you can:
- reach out to your Coface Account Manager; or
- contact Coface Data Privacy Office by email at: Coface_dpo@coface.com; or
- write to Data Protection Office, 1 Place Costes et Bellonte, 92270 Bois-Colombes, France
IP addresses and cookies
We may collect information about your computer, including your IP address, operating system and browser type, for system administration, and to monitor the performance of our sites, including CofaNet. The information does not identify any individual. We may also obtain information about your general internet usage by using a cookie file, which is stored on the hard drive of your computer. Cookies help us to improve our site and to deliver a better and more personalised service.
In using the site you agree to the terms and conditions set out here. If you do not want to be bound by these terms and conditions, you should stop using the site.
ContentCoface has taken all reasonable steps to ensure that the information on this site is true and accurate in all material respects and that there is no misleading information on the site. However, Coface gives no guarantee in respect of the accuracy or currency of the information on the site. The content of the site is general in nature and for information only.
AccessCoface does not guarantee the full functioning of the site, nor that defects will be corrected or that the site or the server that makes it available is free from viruses. Coface reserves the right to withdraw access to some or all of the pages on the site at any time without notice and accepts no responsibility for these pages not being available.
LinksIf Coface provides links to other web sites, Coface does so for information only and such links are not evidence of any recommendation by Coface of any products or services on such sites. The use of such links is entirely at your own risk and Coface accepts no responsibility for the content or use of such web sites or for the information contained on the sites.
RightsAll rights, including copyright, in the site and its contents are owned by Coface. You are responsible for obeying all applicable copyright laws. You may use the information and take occasional copies of the site during normal viewing. You may also print from the site, provided that this is for your own personal use. Otherwise the information may not be reproduced, stored in any way (including in any other web site), given to any other person or included in any way into another document or other material without obtaining the prior written permission of Coface.
Use of the siteYou agree to use the site for lawful purposes and in a way which does not affect the rights of, or restrict the use and enjoyment of the site by any third party. You agree not to transfer to the site any information or other content which is or may be inaccurate, defamatory, offensive or in breach of our rights or damaging to the software or performance of the site.
TerritoryThe site is directed at European Union residents only and the services described in the site are only available to European Union residents to the extent that Coface UK is licensed to sell insurance within the European Union. You agree to use the site in a manner consistent with any and all applicable law and regulation in the country in which you access the site.
Your responsibilitiesYou are responsible for the use of the site by any person using your computer and are responsible for ensuring that any such person fully complies with these terms and conditions.
Your breachIf you breach these terms and conditions you agree to indemnify Coface in respect of any losses, costs or damages including reasonable legal fees incurred by Coface in relation to such breach.
Privacy statementCoface recognises the importance of the responsible use of any personal information about you, which may be collected through this site. Coface will only disclose your personal information to other Coface Group companies or responsible third parties associated with its business.
Limitation of liabilityCoface does not accept any responsibility for any losses or damages whatsoever arising out of access to, use of or reliance on any information posted on the site or any link to a website or any information contained on or accessed through such a site.
Entire agreementThese terms and conditions contain the entire understanding between you and Coface with regard to your use of the site. Coface reserves the right to change these terms and conditions from time to time. Use of the site is subject to the terms and conditions posted on the site at the time of your visit. If you do not agree to any changes to the terms and conditions then you must stop using the site immediately.
No insurance contractCoface does not sell insurance over the Internet from this site. Any contract of insurance between you and Coface will be governed by separate terms and conditions agreed between you and Coface.
Governing lawThese terms and conditions and your use of the site are governed by English law. Disputes arising out of these terms and conditions shall be subject to the exclusive jurisdiction of the English courts.
Your feedbackWe do value your feedback. Please help us to get it right every time.
Coface is committed to providing a high standard of service to you and all of its customers.
Occasionally, you may feel that we could do better. If this happens, we want to hear from you. Letting us know if you are unhappy with the service you experience from us gives us the opportunity to put matters right for you and to improve our future service for everybody.
You can share your concerns with our employees in person, by phone, by letter or e-mail.
Use the Contact Us tab on the site or telephone on +44 (0) 1923 478100.
What you need to provideTo help us investigate and resolve your complaint as quickly as possible, please provide the following information:-
Your name, company name and company address
Your policy/contract number
Your telephone number
A clear description of your concern or complaint
Copies of any relevant documentation, such as letters or policies
What we will do to helpWe will do our best to resolve your complaint immediately. Our first step is to understand and investigate the problem. We will send a written acknowledgement of your complaint within five working days along with details of who is handling your complaint. If your complaint takes a little longer to investigate, we will keep you informed of progress. We aim to resolve your complaint within four weeks. If we are unable to do so, we will write explaining what is happening and let you know when we expect to do so. After eight weeks we will send you a final response or a further progress report on our investigations.
The Financial Ombudsman ServiceIf you are a ‘micro-enterprise’ and you are still dissatisfied, you can request a review directly from the Financial Ombudsman Service.
‘Micro-enterprises’ (an EU term covering smaller businesses) can bring complaints to the ombudsman as long as they have an annual turnover of up to two million euros and fewer than ten employees.
The Financial Ombudsman Service
Coface UK is a branch of the French company Compagnie Française d’Assurance pour le Commerce Extérieur (Coface) Société Anonyme. RCS Nanterre B 552069791 00481 - NAF 660 E. Coface is registered in England and Wales number BR001974/FC017117 at Egale 1, 80 St.Albans Road, Watford, Herts WD17 1RP, United Kingdom. Coface UK Services Limited is registered in England and Wales number 3946800 at Egale 1, 80 St Albans Road, Watford, Herts WD17 1RP, United Kingdom.
VAT number GB 626 8895 84