Atradius N.V., together with its subsidiaries and branches (“Atradius”), is a global provider of credit insurance, surety, reinsurance, debt collections and business information/intelligence services. Atradius operates in a business-to-business market. The products and services offered by Atradius aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services and, in so doing, safeguard their sales. With these services we enable trade on a worldwide scale.
When providing our products and services, Atradius acts as “controller”. We collect and process information mainly on companies and businesses. However, in the process of doing so, we also process data that may be qualified as “personal data” which is any information relating to an individual (e.g. a sole trader, a company director, a beneficial owner, a professional contact etc.). Your trust in how we handle your personal data is important to us. When you use our websites, applications, portals, sign-up for our newsletters, engage our services as a representative or contact person of our customer, trade (as a counterparty) with our customers or do business with us as our business partner or supplier, it is important to us to use your personal data carefully and securely in a transparent manner.
In this Privacy Statement we provide information we are required to give in relation to the processing of personal data under data protection law. We explain for instance the purposes and grounds of the processing of personal data, the categories of personal data concerned, the categories of the sources and the recipients of the personal data, data retention and your rights as data subject.
Atradius subsidiaries or branches may also have additional privacy notices on their own (local) websites. For Atradius Instalment Credit Protection (Belgium), please go to its website for specific privacy information.
Updates to this Privacy Statement
We strive for continuous improvement in our services, processes and protecting your personal data rights, so we may update this Privacy Statement from time to time. Therefore, we advise you to check this statement on a regular basis. This Privacy Statement was updated on 10 January 2024.
When do we collect personal data and when does this Privacy Statement apply?
This Privacy Statement applies to all individuals and representatives of companies that Atradius interacts with. Atradius will process your personal data for different purposes and under a different legal ground depending on your relationship with us. Below we describe in detail when we collect and process personal data, our purposes and legal grounds for doing so and how we control access to your information.
1. If you use our website
1.1 What personal data do we collect?
When you use our website we process the following information about you as a website visitor or about your company or business, which may qualify as personal data:
- Any personal details that you submit such as your name, (work) address, telephone number, email address, login details, or other information provided during registration for any of our products or services or when you contact us with questions or complaints.
- Information that allows us to remember you and your preferences in using this website. This includes the pages you access on the website and your user journey, the website that referred you to our website, the browser and device type that you are using, cookie IDs and your IP address. We use cookies to collect this type of information. Further details on this are available on our Cookie Information Page including how to decline / disable cookies.
- Your marketing preferences including subscriptions to any newsletters, email updates, country reports, updated trade or economic information, etc. made via the website.
1.2 Why do we collect this personal data?
We may use the above-mentioned information for the following purposes:
- To provide requested products and services, maintain contact with you and handle complaints/disputes.
- To optimise our products and services, including conducting market research.
- For (direct) online and digital marketing purposes.
- Using statistics to optimize our website and ensure that our website functions properly.
- To ensure the website functions securely and protect our information technology infrastructure.
1.3 Legal grounds for using your personal data
We process your personal data only if this is allowed under one of the legal processing grounds. We rely on one or more of the following legal grounds for the processing of your information:
- Consent
- We request using your consent for the usage of certain cookies via our website. This includes consent for statistics and marketing purposes. See our Cookie Information page for more details on this.
- Legitimate interests - We may process you information as necessary for achieving our legitimate interests. Atradius’ interests are as follows:
- For the usage of some cookies, we do not require your consent. Here, Atradius has a legitimate interest to make a functional website available to you. See our Cookie Information page for further information on this.
- If you requested us to contact you via a contact form, our interests are to provide customer service function that provides timely and effective responses to enquiries.
- Our interest to look for opportunities to optimize our website and to improve our products and services offering.
- Our interest to protect our business, information and assets including against cyberattacks and fraud.
1.4 Where did we obtain your information
We automatically obtain some information when you visit our website. We collect such information via cookies. See our Cookie Information page for more details on this. We obtain other information when you actively provide it to us. This is, for example, the case when you sign up for any newsletters, email updates, country reports, updated trade or economic information, etc. via our website. See also the information on our marketing activities in paragraph 2.
1.5 Who will have access to your personal data?
We may disclose personal data to fulfill our purposes to:
- Atradius companies, branches, affiliates, business partners and service providers.
- In relation to cookies, with our advertising and marketing partners that support Atradius with its online marketing and analytics activities. These companies may collect information to enable them to display advertising for products and services that may be of interest to you when you visit our website or other websites.
- With trusted third-party service providers that perform services on our behalf including but not limited to the hosting of our website, data storage, analytics, and website maintenance and security.
- Purchasing entities, if an Atradius business unit is sold or transferred as part of a corporate transaction (only where it is necessary to disclose personal data including during due diligence conducted prior to such event (where permitted by applicable law).
2. Marketing, Surveys and Events
2.1 What personal data do we collect for marketing purposes?
We may process the below information about you:
- Contact details:
Name, title, phone number, email, (work) address, contact history. - Information on consent provided by you to use your personal data for marketing purposes, e.g. in the form of subscriptions to any newsletters, email updates, business publications, survey reports, and white papers.
- Information on your interests e.g. based on your subscriptions for our publications for specific topics or industries.
- Information you provide to us as part of a (customer satisfaction survey) or regarding any of your questions.
- Other personal data provided by you during the course of your interactions with us (for example, any dietary requirements provided for events).
2.2 Why do we collect this personal data?
We may use your information for the following purposes:
- To promote and inform you about our (new) products and services.
- To organise and invite you to events and other promotional activities.
- To analyse your interests and possible business opportunities for us.
- To obtain your views on certain matters, e.g. via (customer satisfaction) surveys so that we can analyse this for product and service improvement purposes.
- To deal with questions.
2.3 Legal grounds for using your personal data
We process your personal data only if this is allowed under one of the legal processing grounds. We rely on one or more of the following legal grounds for the processing of our marketing activities:
-
Consent
- If required, we request your consent for processing your personal data for our marketing activities. You can withdraw your consent at any time by clicking on the opt-out link in our emails or by submitting a form online. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.
- Legitimate interests
- We do not always require your consent to use your personal data for marketing purposes. This may for instance be the case if Atradius obtained your email address in the context of the sale of our products or services, and we use this address for direct marketing of our own similar products or services. In this instance, we rely on our interests to keep you informed about other products and services that may be of interest to you or the business you represent.
- We also process your information as necessary to find new opportunities to sell and develop products and services and also to understand the preferences and needs of our customers.
- We process information as necessary to arrange and host events (including webinars) to promote our products and services or otherwise support Atradius initiatives.
2.4 Where did we obtain your information?
For marketing purposes, we primarily obtain information concerning you from yourself. In other instances, we may obtain your personal data from the various sources displayed below.
- Parties who refer us to you, or to whom you provided consent to share your data with us.
- Third parties engaged by us in the context of our marketing activities.
- The internet (incl. social media) for as far as allowed under the applicable law.
2.5 Who will have access to your personal data?
Atradius may disclose information on you, which may qualify as personal data to:
- Atradius companies, branches and affiliates, business partners and service providers.
- With trusted third-party service providers that perform services on our behalf including but not limited to market research, product analysis and analytics, webinar or events organizers.
- Purchasing entities, if an Atradius business unit is sold or transferred as part of a corporate transaction (only where it is necessary to disclose personal data including during due diligence conducted prior to such event (where permitted by applicable law).
3. If you are a customer, policy related party, intermediary, co-guarantor, business partner or supplier
3.1 What personal data do we collect?
During the course of providing our products and services, we may process the following information on your business, which may qualify as personal data if it relates to information relating to an individual (e.g. a sole trader, company director, (ultimate) beneficial owner, shareholder, beneficiary, professional contact or representative etc.).
- When you are the point of contact or representative for a company or other entity with legal personality, we may process your contact details and personal identification data, e.g. your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name.
- When you conduct business through a legal entity such as or similar to a sole trader or a commercial/public partnership, we may also process bank account details, claims and payment history, trade registration, VAT number, and financial information, insolvency status, sources of wealth in relation to your business.
3.2 Why do we collect this personal data?
We may process information on your business, which may qualify as personal data, for the following purposes:
- To execute and provide services in relation to the agreements. This may entail: processing transactions, communicating with you in relation to the services, assessing (trade) insurance risks and coverage, performing claims handling, recovery actions, providing credit (risk) management and business intelligence services and products, conducting debt collections, providing customer support services, handling complaints and disputes.
- To perform “know your counterparty”, fraud, terrorism, sanctions list checks and other compliance checks.
- To optimise our products and services, conduct (market) research and statistical analyses: see paragraph 2 above for further details.
- To perform administration within the Atradius group of undertakings and to manage and protect our information technology infrastructure.
- For marketing purposes: see paragraph 2 above for further details.
- To establish, exercise or defend legal claims.
- To comply with an order of a regulatory/governmental authority or an obligation under relevant laws or regulations or (voluntary) regulatory, industry or sector codes or guidelines.
3.3 Legal grounds for using your personal data
We process your personal data only if this is allowed under one of the legal processing grounds. We rely on one or more the following legal grounds for the processing of your information:
- Legitimate interests
We may process your personal data as necessary for achieving our legitimate interests, when performing our business activities.- Offering and developing credit insurance, surety, reinsurance and debt collections products and services, including meeting market best practices as well as business intelligence services, which aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services.
- To effectively carry out our business activities as an international group of undertakings
- As necessary for entering into and the performance of agreements with the company or business that you are associated with.
- To protect our business, information and assets including to exercise our rights or defend ourselves against any (potential) legal claims.
- Performance of a contract
If you are a sole trader company, we need to process your personal data for entering into and the performance of agreements. - Legal obligation
- We may process your personal data if necessary to comply with one of our legal obligations, for instance to perform compliance checks including but not limited to anti-money laundering, ultimate-beneficial owner, sanctions lists checks or to comply with orders of a regulatory/ governmental authority, or follow legally binding obligations under industry or sector codes.
3.4 Where did we obtain your information?
The personal data that Atradius processes may originate from various sources:
- Directly from you or the company you are associated with, including those representing or authorised by you or such company.
- From Atradius companies, branches, affiliates or business partners.
- From (publicly) available sources.
- From information/data resources where permitted under law (such as but not limited to conduct checks of the beneficial ownership and management structure of our customers).
3.5 Who may have access to your personal data?
We may disclose personal data to fulfil our purposes to:
- Parties authorised by you or the company you are associated with.
- Atradius companies, branches, and affiliates.
- Trusted third party service providers such as claims adjusters, crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, debt collectors and other service providers.
- The departments of the Dutch State for which Atradius Dutch State Business N.V. manages the Dutch State facilities for Dutch companies (only if you are involved with our Dutch State Business).
- Advisers or other professional parties, to establish exercise or defend legal claims or to protect our business operations or legal rights (for example legal advisors).
- Law enforcement agencies, regulatory/governmental authorities: when required by law, or as necessary to protect our rights.
- Purchasing entities, if an Atradius business unit is sold or transferred as part of a corporate transaction (only where it is necessary to disclose personal data including during due diligence conducted prior to such event (where permitted by applicable law).
4. If you or your company trade with our customers (a “buyer”, “debtor” or “beneficiary”)
4.1 What personal data do we collect?
We may process the following information on your business, which may qualify as personal data, in so far as it relates to information relating to an individual (e.g. a sole trader, company director, (ultimate) beneficial owner, shareholder, professional contact or representative etc.).
- When you are the point of contact or representative for a company or other entity with legal personality, we may process your contact details and personal identification data, e.g. your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name.
- When you conduct business through a legal entity such as or similar to a sole trader or a commercial/public partnership, we may also process bank account details, claims and payment history, trade registration, VAT number, financial information, insolvency status, sources of wealth in relation to your business.
4.2 Why do we collect this personal data?
We may process information on your business, which may qualify as personal data, for the following purposes:
- To execute and provide services in relation to the agreements we have with our customers. For example: processing transactions, communicating with you in relation to a debt or insurance product, assessing (trade) insurance risks and coverage, performing claims handling, recovery actions, providing credit (risk) management and business intelligence services, conducting debt collections.
- To handle queries, complaints and disputes.
- To perform fraud, money laundering, terrorism and sanctions list checks and other compliance checks.
- To optimise our products and services, conduct (market) research and statistical analyses: see paragraph 2 above for further details.
- To perform administration within the Atradius group of undertakings and to manage and protect our information technology infrastructure.
- To establish, exercise or defend legal claims.
- To comply with an order of a regulatory/governmental authority, or an obligation under relevant laws or regulations or (voluntary) regulatory, industry or sector codes or guidelines.
4.3 Legal grounds for using your personal data
We process your personal data only if this is allowed under one of the legal processing grounds. We rely on one or more of the following legal grounds for the processing of your information:
- Legitimate interests
We may process your personal data as necessary for achieving our legitimate interests, when performing our business activities.- Offering and developing credit insurance, reinsurance, surety and debt collections products as well as credit (risk) management, business intelligence services, which aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services while meeting industry standards and best practices..
- As necessary for entering into and the performance of agreements with our customers.
- To effectively carry out our business activities as an international group of undertakings.
- To protect our business, information and assets including to exercise our rights or defend ourselves against any (potential) legal claims.
- Legal obligation
We may process your personal data to comply with our legal obligations, for instance to perform compliance checks, comply with applicable debt collections laws or to comply with orders of a regulatory/governmental authority, or follow obligations under legally binding industry or sector codes.
4.4 Where did we obtain your information?
The personal data that we process may originate from various sources:
- Directly from our customers or from you, including those representing the customer or you.
- From Atradius companies, branches, affiliates or business partners.
- From (publicly) available sources.
- From information/data vendors (for example credit and financial information companies).
4.5 Who may have access to your personal data?
We may disclose personal data to fulfil our purposes to:
- Our customers and parties in consultation with the customer (such as intermediaries, representatives, companies belonging to the customer’s group).
- Atradius companies, branches, and affiliates.
- Trusted third party service providers and business partners such as claims adjusters, crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, debt collections and other service providers.
- Advisers or other professional parties, to establish exercise or defend legal claims or to protect our business operations or legal rights.
- Law enforcement agencies, regulatory/governmental authorities: when required by law, or as necessary to protect our rights.
5. International Transfers of personal data
Due to the international nature of our company and our business activities, the data we process may be transferred to or accessed by other entities within the Atradius group or selected third parties. These entities and third parties are located in different countries around the world. In order to fulfill the purposes described in this Privacy Statement, your personal data may be transferred to a different country than your country of residence.
We only transfer your personal data within the framework of the relevant data protection law and in accordance with our Intra-Group Data Transfer Agreement.
When we transfer personal data outside of a restricted legal framework such as e.g., the European Economic Area (“EEA”), we have taken appropriate safeguards to provide an adequate level of protection according to the applicable data protection law. These are safeguards such as Standard Contractual Clauses approved by the European Commission or the transfer is to a country which provides an adequate level of protection according to an adequacy decision of the European Commission.
Where we transfer your personal data outside of the EEA, you can ask us for information on the appropriate safeguards.
6. How we protect your personal data
We are committed to ensuring that your personal data is kept secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate physical, technical and organisational measures to safeguard the information we collect and process.
In addition, whenever we grant access to personal data or otherwise transfer it to third parties (as described I sections 1-4) we take steps to ensure that any personal data is subject to the same or substantively similar levels of protection that Atradius already implements. This includes conducting vendor security assessments and executing data protection terms (including data processing agreements) with third parties.
7. How long we retain your information
We generally shall retain personal data only: (i) for the period required to serve the applicable business purpose; (ii) to the extent reasonably necessary to comply with any applicable legal requirements; or (iii) as advisable in light of an applicable statute of limitations. Atradius may specify (e.g., in a sub-policy, notice or records retention schedule) a time period for which certain categories of personal data will be kept.
8. How you can contact us, access and update your information
- As a data subject, you have certain rights concerning our processing of your personal data. You can:
- request access to your personal data held by us as well as information about our processing of your personal data;
- ask us to rectify or complete your information if you believe that your personal data is inaccurate or incomplete;
- ask us to erase certain personal data (unless we are required to retain it by law, or to establish, exercise or defend legal claims, or for another one of our legitimate business purposes such as to conduct debt collection activities in the name and on behalf of our customers);
- ask us to restrict the processing of your personal data if you think that the data is inaccurate, our processing is unlawful, or that we no longer need to process your data for a particular purpose (unless we are not able to delete the data due to a legal or other obligation);
- object to our processing of your personal data on grounds relating to your particular situation, where the legal justification for our processing of your personal data is our legitimate interest. We will abide by your request unless we consider that we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data to establish, exercise or defend legal claims or conduct debt collection activities in the name and on behalf of our customers; and
- where we rely on your consent to process your personal data you can withdraw that consent at any time. You can do this by: (i) by clicking on the opt-out link in our marketing emails; (ii) changing your cookie preferences or by submitting a form online. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data before your withdrawal.
You may send us your request or complaint by submitting a form online. We will handle your request carefully and in line with the applicable data protection laws. . In some cases we may need to ask you to provide additional information to verify your identity in order to exercise your request. You also have the right to lodge a complaint with your national data protection authority.
The Atradius Data Protection Officer can be contacted by emailing dpo@atradius.com