This privacy statement will answer your most important questions about the relevant privacy aspects. Please note that Cobase is the trading name of Financial Transaction Services BV known under KVK68914016.
Purpose of personal data
We serve typically large and midsized corporate clients. Our clients appoint users to have access to our service via app and portal. We store personal data on these users.
The primary purpose of the (personal) data we store is executing the agreements with our clients. In practice this means the following:
· Providing access and use of functionality for users on our portal and app
· Logging and auditing the history of payments, transaction and reporting and user activity (Cobase and designated users of the client only). The data will also be used in case of a legal dispute
· Store data efficiently (e.g. transfer to an archive)
Additionally we use (personal) data to comply with the law and regulations :
· Register data to comply with legal obligations, for example for customer identification and verification purposes.
· Implementation or verification of controls (e.g. internal audits or investigations)
· Dispute resolution or litigation
On top of this personal data can be used for legitimate interests of our clients and Cobase itself in which case we will always balance this with the interests of the people the personal data relate to:
· Process the data for internal analysis and product development. This enables us to improve products and services we provide to our clients.
· Process data to safeguard the security of our clients and Cobase. This can include e.g. monitoring of IP addresses.
Where possible data will be anonymised for the above stated purposes
Fraud and abuse
In the event of fraud or abuse Cobase may provide your personal data to the police and justice system. Cobase may also engage external experts who support us in security and enforcement of regulatory and company rules
Personal data we store
We can use the following personal data:
· ID number: In some countries it is a requirement to log this number for execution of payments
· Date of Birth: In some countries this is a requirement by law. We also use this data for identification purposes when we provide support.
· Mobile phone number: We require this to be able to contact you in activation as well as for support purposes
· Mail address (professional): We require this to be able to contact you for support purposes
· Logs on actions user took on the Cobase portal/app
Please note: as part of the identification and authorization in the Cobase app and portal we use devices with a camera to scan a visual code on the screen. The video taken by these cameras could accidentally include a person. These data are not stored or accessible by Cobase or other parties involved in the data processing.
Who has access to these data?
The intended parties who have access to these data are:
- The client who has provided you with access. This typically relates to their user management, auditing, cash management and Treasury Operation and related risk management and auditing (the corporate administrator)
- Third parties in our processing (see below)
Third parties we use in processing
Third parties can be involved in executing your obligations from the contract with the client. This means we may need to share personal data with them. All obligations from the client contract and this privacy statement have been enforced in these environments.
In case of legal, regulatory or fraud concerns personal data might be shared with external risk/legal fraud experts.
Policy statements regarding privacy
When creating our policies and procedures we had the GDPR/AVG in mind. All our employees have signed a non-disclosure agreement. We have determined which employees require access to specific data and ensure this is enforced by our system.
Insight and changes to your personal data
The majority of the personal data we store for the users of our apps and portal can be reviewed in our portal in the heading "My profile". Correcting data is also possible in this screen. Please note that actions you took on the portal previously can not be changed.
Should you require insight through other means please contact the appropriate contact who manages the authorizations at your employer who required your access to our portal. If this is no possible please contact our privacy officer via firstname.lastname@example.org stating in the subject "Personal data request".
You should receive the insight into data within 1 month. In case the request is denied or delayed you will receive a specific reason and we will inform you how you can take steps in case you do not agree.
Cobase sees the proper handling of (personal) data of the utmost importance.
Should you not be satisfied it is possible to log complaints with the applicable Data protection regulator. Complaints around the handling of your data by Cobase can be logged with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in The Hague.
Changes to this privacy statements
We reserve the right to change this privacy statement. In case you do not agree to changes you can require your corporate administrator to remove your access from the portal (please note that actions you took on the portal previously can not be changed).
This privacy statement is version 1.1 finalised and published on January 22nd 2018.