Privacy statement
This privacy statement will answer your most important questions about the relevant privacy aspects. If you have any questions -after reading our privacy statement- or wish to contact us about something else related to privacy aspects, you can do so via the contact details below. Please note that Cobase is the trading name of Financial Transaction Services BV known under Dutch Chamber of Commerce 68914016.
COBASE
Margriet Toren, 5th floor,
Haaksbergweg 75, 1101 BR Amsterdam ZO;
client.service@cobase.com
Purpose of personal data
Cobase complies in all cases with the applicable laws and regulations, including the General Data Protection Regulation (in Dutch the Algemene Verordening Gegevensbescherming (-AGV-).
We serve typically large and midsized corporate clients. Our clients appoint users to have access to our service via app and portal. We store personal data on these users.
The primary purpose of the (personal) data we store is executing the agreements with our clients. In practice this means the following:
- Providing access and use of functionality for users on our portal and app
- Logging and auditing the history of payments, transaction and reporting and user activity (Cobase and designated users of the client only). The data will also be used in case of a legal dispute
- Store data efficiently (e.g. transfer to an archive)
Additionally we use (personal) data to comply with the law and regulations such as the Dutch Financial laws (WFT, WWFT), applicable local sanction and Anti Money Laundering law, The 2nd Payment Service Directive, including the related RTS:
- Register data to comply with legal obligations, for example for customer identification and verification purposes.
- Implementation or verification of controls (e.g. internal audits or investigations)
- Dispute resolution or litigation
- Sanction, Anti-Money Laundering and terrorism screening.
On top of this personal data can be used for legitimate interests of our clients and Cobase itself in which case we will always balance this with the interests of the people the personal data relate to:
- Process the data for internal analysis and product development. This enables us to improve products and services we provide to our clients.
- Process data to safeguard the security of our clients and Cobase. This can include e.g. monitoring of IP addresses.
Where possible data will be anonymised for the above stated purposes
Retention period
Cobase does not store personal data for longer than necessary for the purpose for which it was provided or is required by law. Here we look how long the data is needed for the purpose for which it was collected or used.
Fraud and abuse
In the event of fraud or abuse Cobase may provide your personal data to the police and justice system. Cobase may also engage external experts who support us in security and enforcement of regulatory and company rules
Personal data we store
We can use the following personal data:
- Name
- ID number: In some countries it is a requirement to log this number for execution of payments
- Date of Birth: In some countries this is a requirement by law. We also use this data for identification purposes when we provide support.
- Mobile phone number: We require this to be able to contact you in activation as well as for support purposes
- Mail address (professional): We require this to be able to contact you for support purposes
- Logs on actions user took on the Cobase portal/app
- Personal data that are part of a paymnt (e.g. a salary payment)
Please note: as part of the identification and authorization in the Cobase app and portal we use devices with a camera to scan a visual code on the screen. The video taken by these cameras could accidentally include a person. These data are not stored or accessible by Cobase or other parties involved in the data processing.
Who has access to these data?
The intended parties who have access to these data are:
- The client who has provided you with access. This typically relates to their user management, auditing, cash management and Treasury Operation and related risk management and auditing (the corporate administrator)
- Cobase
- Third parties in our processing (see below)
Third parties we use in processing
Third parties, acting as Data processors (except SWIFT), can be involved in executing our obligations from the contract with the client. This means we may need to share personal data with them. All obligations from the client contract and this privacy statement have been enforced in these environments.
In case of legal, regulatory or fraud concerns personal data might be shared with external risk/legal fraud experts.
Geographical scope
For the purpose of data processing executed by Cobase, the data will remain in the EU or Switzerland (i.e. countries that have demonstrated to comply with the GDPR/AVG). Where transactions are executed to banks outside the EU, Cobase will only send transactions to such banks as directed by its clients.
Policy statements regarding privacy
When creating our policies and procedures we had the GDPR/AVG in mind. All our employees have signed a non-disclosure agreement. We have determined which employees require access to specific data and ensure this is enforced by our system.
Insight and changes to your personal data
The majority of the personal data we store for the users of our apps and portal can be reviewed in our portal in the heading "My profile". Correcting data is also possible in this screen. Please note that actions you took on the portal previously can not be changed.
Should you require insight through other means please contact the appropriate contact who manages the authorisations at your employer who required your access to our portal.
You should receive the insight into data within 1 month. In case the request is denied or delayed you will receive a specific reason and we will inform you how you can take steps in case you do not agree.
Complaints
Cobase sees the proper handling of (personal) data of the utmost importance.
Should you not be satisfied please contact our privacy officer via client.service@cobase.com. If we cannot find a solution with you, it is possible to log complaints with the applicable Data protection regulator. Complaints around the handling of your data by Cobase can be logged with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in The Hague.
Changes to this privacy statements
We reserve the right to change this privacy statement. In case you do not agree to changes you can require your corporate administrator to remove your access from the portal (please note that actions you took on the portal previously can not be changed).
Version
This privacy statement is version 1.2 finalised and published on June 24, 2019.