PriServices – Joint Privacy Policy
Contents
General
– PriServices
– Applicability
About data processing
– General
– – Newsletter
– – The website contact form
– – Support ticket
– – Data security
– – Participation in tax and criminal investigations
– – Deletion of data on request
– Identity verification
– Control of legal entity
– Data for mail and/or parcel processing
– Other data that is recorded
Your rights
– Right of access
– Right of rectification
– Right to restriction of processing
– Right to data portability
– Right to erasure / to be forgotten
– Retention periods
– Right to object and other rights
General
PriServices B.V. (PriServices) values your privacy to the highest standards. We strive to provide a high quality service, with reliability being one of the most important priorities. In the design of our services and products, a lot of attention has been paid to privacy measures and data minimization.
PriServices
This privacy statement applies to PriServices and to all affiliated PRI services and their trade names. These include:
- PriServices B.V.
- PriPost B.V.
- PriOffice B.V.
- PriParcel B.V.
- PriCompliance
- PriTelecom
- Trusted Verifications
- PriPortal
In accordance with the GDPR, the affiliated companies of PriServices are joint controllers for the processing of your personal data. The (administrative) processing of your personal data takes place in the online portal (www.priportal.eu). As the owner and supplier of the portal and the services offered therein, AgileGrowth Solutions LLC-FZ (AGS) is technically responsible for the security of the stored data. In order to guarantee the highest possible security and privacy, AGS is currently in an ISO certification process, with which it is the objective that the software supplied by AGS and used by PriServices and its affiliated services will be ISO 27001 and 27701 certified by December 2024. Personal data is stored with European hosting providers. A processing agreement has been concluded with them in order to guarantee the security of the storage of personal data. When choosing the hosting providers, requirements have been set in terms of security and privacy that they meet. For example, it has been stated that these providers must be at least ISO 27001 certified. Due to the joint administrative processing of the personal data in the online portal, mutual data exchange takes place between the affiliated companies of PriServices.
PriServices and its affiliated companies and services do not share data with third parties in any way other than described in this Joint Privacy Policy. For example, we have procedures in place that exclude the sharing of personal data, address data and/or other data of an Account Holder with someone who requests this by telephone, in writing or digitally. Your personal data is only visible to screened employees associated with PriServices. An exception to this is when we are legally obliged to do so.
Applicability
This privacy statement applies to the use of the websites and the services provided by the companies within PriServices. The effective date for the validity of these terms and conditions is 25-05-2018, with the appearance of a new version the validity of all previous versions expires. This privacy statement describes what data about you is collected by us, what this data is used for and with whom and under what conditions this data may be shared with third parties. We will also explain how we store your data, how we protect your data against misuse and what rights you have with regard to the personal data you provide to us. If you have any questions about our privacy statement, please contact our contact person for privacy matters, the contact details can be found at the end of the privacy statement.
General
A number of processes are uniform for all affiliated companies of PriServices. These are described below. It is also described when there are specific processing operations for an individual service. This statement includes an overview of the personal data that are processed, by which company, insofar as this does not concern PriServices or one of its affiliated companies, for what purpose the data are recorded, when they are deleted and, if this happens, with whom they are shared.
Newsletter
The newsletters are sent via Active Campain and/or Mailjet. For this purpose, we use the name and e-mail address that are known to you as an Account Holder. You can unsubscribe from the newsletter at any time. You can do this by clicking on ‘unsubscribe’ or ‘unsubscribe’ at the bottom of the emails. It is also possible to subscribe to the newsletter as a non-customer, for example if you want to take advantage of a discount or if you want to stay informed. Even then, it is possible to unsubscribe at any time by clicking on ‘unsubscribe’ or ‘log out’ at the bottom of the emails. As a non-customer, your data will not be used for anything other than the newsletter.
Support ticket
When you use the support ticket form in the portal, the information entered will only be used to answer the question and contact you. This data is stored in the supplier of the support platform (FreshDesk). A processing agreement has been concluded with Freshdesk that ensures that data is treated confidentially and cannot be used for other purposes.
Data security
Due to the nature of the services and the trust they must be able to place in their services, PriServices and its affiliated companies and services pay great attention to the technical and organizational forms of security of your data. For example, good, transparent agreements have been made with the parties that have access to data in terms of confidentiality, retention period and cooperation. In addition, the data is stored encrypted and there are various policy documents for employees to ensure the security of the information.
Participation in tax and criminal investigations
In some cases, PriServices or its affiliates may be required by law to share your data in connection with tax or criminal investigations by the government. In such a case, we are forced to share your data. We will inform you of this, within the possibilities offered by law.
Deletion of data on request
As an Account Holder, you can request the deletion of your account. At the time of deletion, all personal data will be deleted in accordance with the provisions of this privacy policy, unless there is a legal provision that prohibits this (WWFT and fiscal retention obligation).
Identity verification
PriServices and its affiliated companies offer various services for which there is a legal obligation to verify the identity of its customers. For PriServices and its affiliates and services, verification is provided by PriCompliance and/or Trusted Verifications. This is done on the basis of a copy of your identity document, which is checked by third parties for authenticity (stolen, missing, invalid, revoked, etc.). Mandatory inspections also take place in the context of the Wwft. For this purpose, data is copied and stored. We have entered into a processing agreement with the third parties to guarantee the security and privacy of the personal data. The data required for identity verification and recorded:
- Type of document
- Full Names
- Date of birth
- Sexe
- Date of issue of ID document
- Document Validity Date
- Issuer ID document
- Document number
- Nationality
- Copy of the ID document
Control of legal entity
In the case of a legal entity, PriServices must record additional data. These include:
- Company name
- Chamber of Commerce number
- VAT number
- Type of legal entity
- Extract from the Chamber of Commerce
Depending on the type of legal entity, PriServices and/or its affiliated companies must also record and monitor the UBOs. For this purpose, the same ID document data is stored for each UBO as stated under ‘Identity Verification’. In addition, the following data is also recorded:
- Percentage of direct share in the legal entity
- Percentage of indirect share in the legal entity
- Actual control of the legal entity
Data for mail and/or parcel processing
If a service for mail and/or parcel processing has been purchased by the account holder, the following data will be recorded by PriServices and/or its affiliated companies in order to be able to perform this service:
- Recipient’s first and last name
- Recipients
- Address
PriServices and/or PriPost are not responsible for personal data that appears in the Account Holder’s mail. After all, we process the mail and not the (personal) data that may be mentioned in these letters. This processing therefore does not fall under the definition of “Processing” as described in the GDPR. However, there may be cases where PriPost is the processor of the personal data mentioned in the Account Holder’s mail. This is the case when the Account Holder opts for the scanning service, where personal data can be stored in a PDF. This method of storage also falls under the definition of processing according to the GDPR. However, PriPost does not extract any data from the Account Holder’s scans other than what is necessary for the sorting of the mail. For the most part, the mail is sorted in an automated way, whereby the mail is sorted for the correct Account holder by means of advanced text recognition. To do this, the software uses data from the letter, including the address. This data is stored in order to optimize recognition. The Account Holder therefore determines how his mail is processed and can also change this. It is therefore not possible for PriPost to enter into an individual Data Processing Agreement with every customer who opts for the scanning service. For this reason, a clause has been included in the General Terms and Conditions in which it is described that if the Account Holder opts for the scanning service, the General Data Processing Agreement automatically enters into force. The General Data Processing Agreement can be found via the following link:
https://www.pripost.eu/download/General-Data-Processing-Agreement-PriPost.pdf
Other data that is recorded
In addition to the data mentioned above, a number of necessary data are stored. Below you will find what these data are and the reason. To communicate with you as a customer:
- Telephone number(s)
- E-mail address(es)
To access the online customer portal:
- Username
- IP address
For automatic collection:
- IBAN account number
For technical and automation reasons:
- Platform Used
- Brand & type of device
- Device ID
- Push token
Alert list
In order to prevent customers from repeatedly using one or more of our services for purposes that are not permitted by law and to prevent someone from opening a new account in the event of a debt that has arisen, PriServices maintains an alert list. The retention period on this list is no longer than the period stipulated by law. The data on this list includes the following data:
- IP address(es)
- Account Holder Last Name
- E-mail address
- ID Number
Right of access
You always have the right to inspect the data that we process (or have processed) and that relate to your person or can be traced back to you. You can make a request to that effect to our contact person for privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data at the e-mail address known to us, with an overview of the processors who hold this data.
Right of rectification
You always have the right to have the data that we process (or have processed) and that relate to your person or can be traced back to you, amended. Since the responsibility for the integrity of the personal data lies with you, you must report the change via the settings form provided for this purpose. After processing the change, you will receive a confirmation of the change at the e-mail address known to us.
Right to restriction of processing
You always have the right to restrict the data that we process (or have processed) that relate to your person or can be traced back to you. You can make a request to that effect to our contact person for privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you a confirmation to the e-mail address known to us that the data will no longer be processed until you lift the restriction.
Right to data portability
You always have the right to have the data that we process (or have processed) and that relate to your person or can be traced back to you carried out by another party. You can make a request to that effect to our contact person for privacy matters. You will receive a response to your request within 30 days. If your request is granted, we will send you copies of all data about you that we have processed or processed on our behalf by other processors or third parties to the e-mail address known to us.
Right to erasure / right to be forgotten
The right to erasure is the right to erasure of data when there is no longer a good reason to process the data. In the case of PriServices or its affiliates, we are limited in complying with the right to change data. You can only invoke this right if you terminate the contract or if it has already been terminated. Earlier is not possible, because we still need the personal data for the purposes for which the data was provided.
Retention periods
Immediately after the termination of the service and the closure of the account by the account holder, the following data will be deleted immediately:
- Bank account
- Username
No later than one year after the services are no longer active, the account will be automatically closed and all data will be deleted, with the exception of the data listed below.
An account holder will be notified of the fact that his account will be closed by email and/or a push notification. The customer can choose to keep his account active by logging in to his account and indicating this. If the customer initiates this, his data will not be deleted and the closing of his account will be postponed by one year. The account holder must therefore indicate annually that he wishes to keep his account and thereby gives permission for PriServices and its affiliated companies to store the personal data as referred to in this Privacy Statement.
If the account holder uses or has used a service for which there is a legal obligation to check an ID, we are obliged to keep the following data for up to 5 years after termination of the service:
- Full Names
- Address and place of residence
- Company data
- Extract from the Chamber of Commerce
- UBO statement
- Type of document
- Date of birth
- Date of issue
- Validity date
- Issuing authority
- Document number
- Nationality
- Copy of document
After this, there is no longer any reason to keep this data and will therefore be automatically deleted, unless it is necessary for other PriServices services. The following data is subject to a statutory retention obligation of seven years:
- Invoices
Right to object and other rights
You have the right to object to the processing of your personal data by or on behalf of PriServices or one of its affiliated companies or services. If you object, we will immediately cease processing data pending the resolution of your objection. If your objection is well-founded, we will make copies and/or copies of the data that we process (or have processed) available to you and then permanently cease processing. As a result, the service can no longer be continued.
You also have the right not to be subject to automated individual decision-making or profiling (direct marketing). PriServices and its affiliated companies and services do not process your data in such a way that this right applies. If you believe that this is the case, please contact our contact person for privacy matters.
Changes to the Privacy Statement
PriServices reserves the right to change the privacy statement at any time. You will always find the latest version on this page. If the new privacy statement has consequences for the way in which we process data already collected about you, we will inform you of this via a news item in the portal and/or by email and/or push notification.
Contact Information
PriServices B.V.
Headquarters: Laan van Waalhaven 139a, 2497KG The Hague (NL)
T +31 (0)85-3013777
E privacy@priservices.eu
Version 1.3 (last change 22-10-2024)