Privacy policy

Cobase is the trading name of Financial Transaction Services B.V. (hereafter “Cobase”, “we”, “us”, “our”), registered with the Dutch Chamber of Commerce number 68914016.

This Privacy Statement concerns the services provided by Cobase and informs you about the reason and scope of the collection and processing of your personal data when you use the Cobase website www.cobase.com (website) and/or the services available on Cobase portal (portal), as well as when you use our app.

How Do We Use Your Personal Information, and What is The Lawful Basis for this Use?

Purpose	Lawful Basis
Engaging in transactions with the clients, suppliers and business partners; Provision of the services to our clients through the Portal (including, account reporting and payment initiation); Providing access and use of functionality for the users on our Portal and app; Logging and auditing the history of payments, transaction and reporting and user activity; Provision of client support; Sending service-related communications.	Performance of a contract
Conduct of the Customer Due Diligence (including identification and verification of the identity); Implementation of the system of internal controls (e.g. internal audits or investigations); Support in the dispute resolution or litigation; Conduct of the AML monitoring (prescreening (sanctions) and the transaction monitoring); Responding to requests from government or law enforcement authorities with respect to the investigation being conducted.	Compliance with laws and regulations, including the Dutch Financial Supervision Act (WFT), the Dutch Money Laundering and Terrorist Financing (Prevention) Act (Wwft), applicable local sanction and anti-money laundering laws and the Revised Payment Services Directive (PSD2), including the related Regulatory Technical Standards (RTS)
Monitoring, maintaining and improving the performance of our websites, communications, services and products, and analyzing trends and usage; Improving and personalizing your experience with us and our website and tailoring the content, communications, advertisements and offers to you (where consent is not required); Ensuring the security of our office, services, Website and the Portal; For our own internal functions, management, accounting and corporate reporting, relationship management, internal research and other activities aimed at improvement of the business efficacies; Enforcement of compliance with our terms of use and other policies in connection with legal claims, compliance, regulatory and investigatory purposes as necessary (including disclosure of such information in connection with litigation or other legal procedures); Creation of aggregate and statistical data (which cannot be used to identify you). We reserve the right to transfer and/or sell aggregate or group data about the Portal’s users for lawful purposes; and Transferring of the data for storage/archive.	As required to conduct our business and pursue our legitimate interests
For sales and marketing activities (where applicable legislation requires consent); Where you provide consent to place cookies or similar technologies on your device; Processing of biometrics for authentication at the Customer Due Diligence (to the extent this processing is not fully covered by exemption under article 29 of the Dutch GDPR Implementation Act); On other occasions where we explain the purpose at the time.	Consent

Personal Data we Process

We process the following categories of Your personal data:

• For the client onboarding purposes:

Name and family name
Birthdate
Function
Address details (sometimes)
Passport details (number, data of issue, type of document)
Scope of authorities
Results from the Namecheck
Information on the source of wealth and funds (sometimes)
Email address
Biometrical data (in some cases for the digital identity verification).

• Personal data included in a payment order (e.g., salary payments)

Name of the Payer
Bank account number of the Payer
Payment Amount
Beneficiary Name
Bank account number beneficiary
Payment Message
Payment Reference

• Personal data of the employees of our clients acting as users on the Portal

Password
Name
Birth date (for verification in support calls)
Work phone nr
Relevant user actions, time of the visit to the Cobase portal
IP address
Information collected via the Website, Portal or app, including the pages visited and documents viewed, sales and customer support call recording and chat transcripts, IP address and information that may be derived from it, and information about the browser, device or application You used to access the Website, demographic data when it is attached to data used to identify you. Some of this information is collected using cookies and related technologies. To learn more, please see below.

Please note: as part of the authentication via the Cobase app and portal we use devices with a camera to scan a visual code on the screen. The video taken by these cameras could accidentally include a person. These data are not stored or accessible by Cobase or other parties involved in the data processing.

Who Has Access to Your data?

The intended parties who have access to Your personal data are:

• Cobase;

• The client who has provided you with access. This typically relates to their user management, auditing, cash management and treasury operation and related risk management and auditing (the corporate administrator);

• Third party service providers (see below).

Sharing Your Data with the Third-Parties Service Providers
We use third party service providers, who will process your personal data on Our behalf. We use third parties for customer relationship management, website and systems hosting, maintenance, software upgrades and marketing.
We will comply with requests to disclose your personal data where required by local law or government authorities to comply with a legal obligation, and where permissible, we will provide advance notice of such disclosure to the individuals concerned.
In case of legal, regulatory or fraud concerns your personal data might be shared with external risk/legal fraud experts.

Data Transfers to Third Countries

Cobase stores and processes your data in the European Union (EU), to be more specific in Ireland. But we cannot offer all our services by ourselves. A small number of our partners, service providers or other parties may be processing the data in countries outside the EU or the EEA. In such cases, to ensure that your personal data receives a comparable level of protection, we employ appropriate safeguards, such as Standard Contractual Clauses as approved by the European Commission.
Where transactions are executed by the banks outside the EU, Cobase will only send transactions to such banks as directed by its clients.

What Rights Do You Have?
We honor data subjects’ rights under applicable law to access, correct, update, erase, disable and block their personal data when lawfully requested to do so.
In some circumstances, you have the right to ask us for a copy of your personal data; to correct, delete or restrict (stop any active) processing of your personal data; and to obtain personal data you provide to us in a structured, machine-readable format, and to ask us to share (port) this personal data to another controller. In addition, you can object to the processing of your personal data or where we rely on your consent, withdraw your consent.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in the EU GDPR and local data protection laws. We will inform you of relevant exemptions we rely upon when responding to any request you make.

Rights of the users on the Portal
The majority of the personal data we store on the users of our Portal and app can be reviewed via the portal under "My profile". Correction of the data is also possible in this screen. Please note that actions taken by you on the Portal previously can not be changed.
Should you require insight through other means please contact the appropriate contact person who manages the authorisations at your employer and who has requested your access to our Portal.
You should receive the insight into your personal data processed by us within 1 month. In case the request is denied or delayed you will receive a specific reason behind it and further instructions on the steps you can take in case of objection to that.

Retention Period
Cobase does not store personal data for longer than necessary for the purpose for which it was provided or is required by law. We assess how long the data is needed for the purpose for which it has been collected or used.
Contacts

To exercise any of these rights above or if you have any questions or wish to contact us about something else related to privacy aspects, you can do so via the contact details below.

COBASE
Margriet Toren, 5th floor
Haaksbergweg 75, 1101 BR Amsterdam ZO
privacy@cobase.com

Complaints

Cobase sees the proper handling of your (personal) data of the utmost importance.

Should you not be satisfied by how we handle your personal data please contact our privacy officer via privacy@cobase.com. If we cannot find a solution with you, it is possible to lodge complaints with the applicable data protection authority. Complaints around the handling of your data by Cobase can be lodged with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in The Hague.

Updates to this Privacy Statement

We reserve the right to change this privacy statement should it become necessary or advisable to do so to comply with regulatory requirements or best practices. If we materially change our practices in processing the personal data, we will notify you as appropriate.
In case you act as a user on our Portal and you do not agree to changes you can require your corporate administrator to remove your access from the Portal (please note that actions you took on the Portal previously can not be changed).

Version
This privacy statement is version 1.6 finalized and published in April 2023.

Privacy statement