General information on the processing of personal data by the CofaceThe Coface Companies, in relation with their business activity, process personal data within the meaning of Article 4(1) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”). The data are processed for purposes arising from legitimate interests pursued by the Coface Companies, in connection with their insurance, business information and debt collection activities. For this purpose, the Coface Companies may process the following personal data:
- data of individuals pursuing a business activity,
- data of individuals representing economic operators, disclosed in public registers;
- data of individuals being contact persons of enterprises, in connection with their professional function.
Who is the controller of personal data?Depending on the purpose for which we process the data, the personal data controller will be one or more of the companies of the Coface Group in Austria:
- Coface Central Europe Holding AG
Address: All companies have their registered offices at Marxergasse 4c, 1030 Vienna, Austria.
Why do we process personal data / what is the purpose of data processing?Coface Central Europe processes personal data for the following purposes:
- the conclusion and execution of contracts with customers and counterparties;
- the assessment of credibility of economic operators, including the elaboration of reports and sharing such reports with our customers; to that end, Coface Central Europe shall process personal data of individuals pursuing business activity and natural persons representing economic operators, whose data are disclosed in the public registers. The data originate (a) from public registers such as the Commercial register and (b) directly from the enterprises concerned;
- credit insurance – for that purpose, Coface Central Europe processes personal data of our customers’ debtors. The data are provided by our customers.
- fulfillment of legal obligation such as anti-money laundering and counteracting financing of terrorism, in connection with obligations under the Austrian Anti-Money Laundering and Countering Financing of Terrorism law, e.g. Financial Markets Anti-Money Laundering Act and other legal provisions which impose on Coface the obligation to register or report certain events and to process personal data for that purpose
- marketing purposes
What personal data do we process and where do they come from?Coface Central Europe process the following personal data:
- registration and identification details of individuals pursuing business activity originating directly from entrepreneurs or public registers, which are collected by us in connection with our insurance, factoring or debt collection activities;
- financial data of enterprises, originating directly from enterprises or from contractors of these enterprises, collected by us in connection with our insurance, information or debt collection activities. The financial data may include credit rating and economic viability indicators, calculated automatically on the basis of other information held by us on the economic entity concerned;
- the contact details of the enterprises and their employees, originating directly from those persons or from contractors of these enterprises, collected by us in connection with our insurance, factoring or recovery activities;
- data of individuals representing economic operators, disclosed in the public registers;
Does automated decision-making take place, including profiling?Be informed that the personal data of entrepreneurs included in the Coface economic information system are subject to automated assessment (profiling) for the purposes related to the assessment of the payment risk in accordance with Art. 22 of GDPR. Data processing is carried out for the purposes arising from the legitimate interests of the Coface Companies and data recipients. Any person whose data are processed in such way has the right to object to such processing.
Who are the personal data recipients?The personal data for which is the Coface Central Europe are the controller may be made available to:
- our customers, in the form of reports, for legitimate purposes of those entities related to the verification of business contractors;
- other companies from the Coface Group, including Coface Central Europe and foreign companies, for legitimate purposes related to the flow of data within the group of entrepreneurs.
What is the period of the personal data processing?Coface will retain Personal Data for as long as required or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:
(i) the length of time Coface have an ongoing relationship with our client and provide the Services;
(ii) whether there is a legal obligation to which Coface are subject; and
(iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Data subjects rights and means of their executionAll persons whose data are processed by Coface Central Europe (Data subjects) have the right to request access to their personal data, the right to rectification, erasure or restriction of processing of such data, the right to object to the processing (in cases justified in GDPR) and the right to lodge a complaint with the supervisory authority. Persons whose personal data are processed in marketing purpose has right to object.
Where the processing is based on given consent to the processing of your personal data for one or more specific purposes, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Contact details with regard to the personal data processingAll matters relating to the processing of personal data by Coface Central Europe should be addressed to:
By Email: email@example.com