Privacy Statement

Atradius N.V., together with its subsidiaries and branches ("Atradius"), is a global provider of credit insurance, surety, reinsurance, collections and business information services. Atradius operates in the business-to-business market. Atradius' products and services provide companies around the world with insight into and protection against the risks of non-payment associated with the sale of goods and services, thereby safeguarding their revenues. With these services, we enable trade on a global scale.

In providing its products and services, Atradius acts as a "data controller," that is, the party responsible for processing data. We primarily collect and process data about companies and businesses. However, in doing so, we may also process information that qualifies as "personal data," which is any information that relates to an individual (e.g., the owner of a sole proprietorship, the director of a company, the beneficial owner, a business contact, etc.). It is important to us that you have confidence in the way we handle your personal data. When you use our websites, applications and portals, subscribe to our newsletters, use our services as our client's representative or contact person, act as our clients' counterparty, or do business with us as a business partner or supplier, we are committed to using your personal data in a careful, secure and transparent manner.

In this Privacy Statement, we provide information that we are obliged to provide with respect to the processing of personal data under data protection law. For example, we explain the purposes and legal grounds for the processing of personal data, the categories of personal data in question, the categories of sources and recipients of the personal data, the retention period of the data and your rights as a data subject.

Additional privacy notices may also be published on the (local) websites of Atradius subsidiaries and branches. For specific privacy information of Atradius Instalment Credit Protection (Belgium), please visit the relevant website.

Latest version of this Privacy Statement

Because we are constantly striving to improve our services, processes and protection of your rights in relation to personal data, this Privacy Statement may be updated from time to time. Therefore, we recommend that you reread this statement on a regular basis. This Privacy Statement was last updated on January 10, 2024.

When do we collect personal data and when does this Privacy Statement apply?

This Privacy Statement applies to all individuals and representatives of companies with whom Atradius has contact. Atradius processes your personal data for different purposes and on different legal grounds, depending on your relationship with us.

Below we describe in detail when we collect and process personal data, what our purposes and legal grounds for doing so are and how we control access to your data.

1. Visits to our websites

1.1 What personal data do we collect?

When you visit our website, we process the following information about you as a web visitor or about your company, which can be classified as personal data:

• Personal data provided by you, such as your name, (work) address, telephone number, e-mail address, login details or other information you provide when you register for our products or services or when you contact us with questions or complaints.
• Information that allows us to remember you and your usage preferences on this website. This includes the pages you visit on the website and your use of them, the website that referred you to our website, the browser and type of device you use, cookie IDs and your IP address. This type of information is collected through cookies. More information about this can be found on our Cookies Information page, which also explains how to reject or disable cookies.
• Your marketing preferences, including sign-ups you have made through the website for newsletters, email updates, country reports, current trade data or economic information.

1.2 Why do we collect this personal data?

We may use the above data to:

• offer the products and services you have inquired about, maintain contact with you and handle complaints or disputes;
• optimize our products and services, including conducting market research;
• use them for (direct) online and digital marketing purposes;
• use statistics to optimize our website and ensure that our website functions properly;
• ensure that the website functions securely and to protect our IT infrastructure.

1.3 Legal grounds for using your personal data.

We process your personal data only when permitted in accordance with one of the legal grounds for processing. The processing of your information always takes place in accordance with one or more of the following legal grounds:

• Consent
  • We request your consent for the use of certain cookies through our website. This includes consent for statistics and marketing purposes. For more information on this, please see our cookies information page.
• Legitimate interests.
  We may process your information where necessary to pursue our legitimate interests. Atradius' interests are as follows:
  • The use of certain cookies does not require your consent. In this case, Atradius has a legitimate interest in providing you with a functional Web site. For more information on this, please see our Cookies Information page.
  • If you have asked us to contact you via a contact form, our interest is to provide customer service that responds to inquiries in a timely and effective manner.
  • Our interest in seeking opportunities to optimize our website and improve our products and services.
  • Our interest in protecting our business, information and assets, including against cyber-attacks and fraud.

1.4 Where does the information we hold about you come from?

We obtain some information automatically when you visit our website. This is done through the use of cookies. For more information about this, please see our Cookies Information page.

Other information we obtain because you actively provide it to us. This happens, for example, when you sign up for newsletters, email updates, country reports, current trade data or economic information, etc. through our website. See also the information on our marketing activities in chapter 2.

1.5 Who has access to your personal data?

For our own purposes, we may provide personal data to:

• Companies, branches, affiliates, business partners and service providers of Atradius.
• With respect to cookies, our advertising and marketing partners who support Atradius with our online marketing and analytics activities. These companies may collect information to enable them to display advertisements for products and services that may be of interest to you when you visit our website or other websites.
• With trusted third-party service providers who perform services on our behalf, including but not limited to hosting our website, data storage, analytics and website maintenance and security.
• Acquirers, when an Atradius business unit is sold or transferred as part of a business transaction (only when it is necessary to disclose personal information, including during due diligence conducted prior to such event (if permitted under applicable law)).

2. Marketing, research and events

2.1 What personal data do we collect for marketing purposes?

We may process the following information about you:

• Contact information:
  Name, title, phone number, email address, (work) address, contact history.
• Information about your consent to us using your personal data for marketing purposes, for example in the form of newsletter subscriptions, email updates, business publications, research reports and white papers.
• Information about your interests, for example, based on your subscriptions to our publications on specific topics or industries.
• Information you provide to us as part of a (customer satisfaction) survey or regarding your inquiries.
• Other personal data you provide to us during your interactions with us (e.g., dietary requirements for events).

2.2 Why do we collect this personal data?

We may use your data to:

• bring our (new) products and services to your attention;
• organize and invite you to events and other promotional activities;
• analyze your interests and our ability to do business with you;
• ask you for your opinion about certain matters, for example through (customer satisfaction) surveys so that we can analyze them to improve products and services;
• handle inquiries.

2.3 Legal grounds for using your personal data.

We process your personal data only when permitted in accordance with one of the legal grounds for processing. Processing of our marketing activities always takes place in accordance with one or more of the following legal grounds:

• Consent
  • Where necessary, we request your consent to process your personal data for the purpose of our marketing activities. You may withdraw your consent at any time by clicking the opt-out link in our emails or bysubmitting a form online. If you withdraw your consent, this does not affect the lawfulness of our use of your personal data prior to the withdrawal.
• Legitimate interests.
  • We do not always need your consent to use your personal data for marketing purposes. For example, this may be the case if Atradius has obtained your e-mail address in connection with the sale of our products or services, and if we use this address for direct marketing of our own similar products or services. In this case, we rely on our interest to keep you informed about other products and services that may be of interest to you or the company you represent.
  • We also process your information as necessary to find new opportunities to sell and develop products and services and also to understand our customers' preferences and needs.
  • We process information as necessary to organize and host events (including webinars) to promote our products and services or otherwise support Atradius initiatives.

2.4 Where does the information we hold about you come from?

The personal data we obtain for marketing purposes is primarily provided by you. In other cases, we may draw for your personal data from various sources listed below.

• Parties who refer us to you or to whom you have given permission to share your data with us.
• Third parties engaged by us in connection with our marketing activities.
• Internet (including social media), to the extent permitted under applicable law.

2.5 Who has access to your personal data?

Atradius may disclose information about you that qualifies as personal data to:

• companies, branches and affiliates, business partners and service providers of Atradius;
• trusted third party service providers who perform services on our behalf, including but not limited to market research, product analysis and statistical analysis, organizers of webinars or events;
• acquiring parties, when an Atradius business unit is sold or transferred as part of a business transaction (only when it is necessary to disclose personal data, including during due diligence conducted prior to such event (if permitted under applicable law)).

3. If you are a customer, policy party, intermediary, co-borrower, business partner or supplier

3.1 What personal data do we collect?

In the course of providing our products and services, we may process the following data about your company, which may qualify as personal data if it relates to an individual (e.g., the owner of a sole proprietorship, the director of a company, the (beneficial) owner, a shareholder, beneficiary, business contact or representative, etc.).

• If you are the contact person or representative for a company or other incorporated entity, we may process your contact and personal identification data, for example, your name, title, position, telephone number, e-mail address, (work) address, country, date and place of birth, passport or identity card data, name of entity.
• If you do business as an unincorporated company, such as or similar to a sole proprietorship or general partnership, we may also process bank account information, claims payments and payment history, trade registration, VAT number and financial information, insolvency status, and sources of assets related to your business.

3.2 Why do we collect this personal data?

We may process information about your business that qualifies as personal data in order to:

• perform and deliver services under our agreements, such as, for example, processing transactions, communicating with you in connection with our services, assessing risks and coverage of (trade-related) insurance, handling claims, recovering losses incurred, providing products and services in the areas of credit (risk) management and business information, collecting debts, providing customer service, and handling complaints and disputes;
• conduct customer due diligence and fraud, money laundering, terrorism, sanctions and other compliance checks;
• optimize our products and services and conduct (market) research and statistical analysis: see section 2 above for more information;
• carry out administration within the Atradius Group and manage and protect our information technology infrastructure;
• fulfil our marketing purposes: see section 2 above for more information;
• establish, exercise and defend legal claims;
• comply with a claim of a regulatory or governmental body or an obligation under relevant laws or regulations or (voluntary) rules or guidelines of a regulatory or governmental body, the industry or sector.

3.3 Legal grounds for using your personal data.

We process your personal data only when permitted in accordance with one of the legal grounds for processing. The processing of your information always takes place in accordance with one or more of the following legal grounds:

• Legitimate interests.
  We may process your personal data as necessary to pursue our legitimate interests in conducting our business activities.
  • To offer and develop products and services in the areas of credit insurance, surety, reinsurance, debt collection, including meeting market best practices, as well as business information services, which provide businesses around the world with insight and protection against the risks of non-payment in connection with the sale of goods and services.
  • To effectively conduct our business activities as an international group of companies.
  • To the extent necessary to enter into and fulfill agreements with the company with which you are affiliated.
  • To protect our business, information and assets, including to exercise our rights or defend ourselves against legal claims or potential legal claims.
• Fulfillment of an agreement.
  If you are a sole proprietor, we need to process your personal data to enter into and fulfill agreements.
• Legal obligation
  We may process your personal data if it is necessary to comply with one of our legal obligations, for example to conduct compliance audits, including but not limited to anti-money laundering, beneficial ownership and sanctions lists, or to satisfy claims by a regulatory body or government agency or obligations under legally binding industry or sector guidelines.

3.4 Where does the information we hold about you come from?

The personal data Atradius processes may come from a variety of sources:

• Directly from you or the company with which you are affiliated, including persons representing or authorized by you or the company.
• From companies, branches, affiliates or business partners of Atradius.
• From (publicly) available sources.
• From information/data sources where permitted by law (such as, but not limited to, conducting checks on our customers' ultimate stakeholders and management structure).

3.5 Who has access to your personal data?

For our own purposes, we may provide personal data to:

• parties authorized by you or the company to which you are affiliated;
• companies, branches and affiliates of Atradius;
• trusted third party service providers such as loss adjusters, crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, collection agencies and other service providers;
• the parts of the Dutch State for which Atradius Dutch State Business N.V. manages the facilities relating to the Dutch State for the benefit of Dutch companies (only if you are involved in our Dutch State Business);
• advisors or other professional parties, to establish, exercise or defend legal claims or to protect our business activities or legal rights (e.g. legal advisors);
• law enforcement, regulatory or government agencies: when required by law or to the extent necessary to protect our rights;
• acquiring parties, when an Atradius business unit is sold or transferred as part of a business transaction (only when it is necessary to disclose personal data, including during due diligence conducted prior to such event (if permitted under applicable law)).

4. If you or your company does business with our customers ('customer', 'debtor' or 'beneficiary')

4.1 What personal data do we collect?

We may process the following information about your company, which may qualify as personal data insofar as it relates to an individual (e.g., the owner of a sole proprietorship, the director of a company, the (beneficial) owner, a shareholder, business contact or representative, etc.).

• If you are the contact person or representative for a company or other incorporated entity, we may process your contact and personal identification data, for example, your name, title, position, telephone number, e-mail address, (work) address, country, date and place of birth, passport or identity card data, name of entity.
• If you do business through an unincorporated company, such as or similar to a sole proprietorship or general partnership, we may also process bank account information, claims payments and payment history, trade registration, VAT number and fnancial information, insolvency status, and sources of assets related to your business.

4.2 Why do we collect this personal data?

We may process information about your business that qualifies as personal data in order to:

• Perform and provide services under our agreements with customers. For example: processing transactions, communicating with you in connection with a debt collection or insurance product, assessing risks and coverage of (trade-related) insurance, handling claims, recovering losses incurred, providing credit (risk) management and business information services, collecting debts;
• handle inquiries, complaints and disputes;
• carry out checks with regard to fraud, money laundering, terrorism, sanctions as well as other compliance checks;
• optimize our products and services and conduct (market) research and statistical analysis: see section 2 above for more information;
• carry out administration within the Atradius Group and manage and protect our IT infrastructure;
• establish, exercise and defend legal claims;
• comply with a claim by a regulatory or governmental body or an obligation under laws or regulations or (voluntary) rules or guidelines of a regulatory body, the industry or sector.

4.3 Legal grounds for using your personal data.

We process your personal data only when permitted in accordance with one of the legal grounds for processing. The processing of your information always takes place in accordance with one or more of the following legal grounds:

• Legitimate interests.
  We may process your personal data as necessary to pursue our legitimate interests in conducting our business activities.
  • To offer and develop credit insurance, reinsurance, surety, collections, as well as credit (risk) management and business intelligence services that provide businesses around the world with insight and protection against the risks of non-payment in connection with the sale of goods and services that meet the standards and best practices in our industry.
  • To the extent necessary to enter into and fulfill agreements with our customers.
  • To effectively conduct our business activities as an international group of companies.
  • To protect our business, information and assets, including to exercise our rights and defend against legal claims or potential legal claims.
• Legal obligation
  We may process your personal data to comply with our legal obligations, for example, to conduct compliance audits, to comply with applicable debt collection laws, or to satisfy claims of a regulatory or government agency or obligations under legally binding industry or sector guidelines.

4.4 Where does the information we hold about you come from?

The personal data we process may come from a variety of sources:

• Directly from our customers or from you, including individuals representing the company or you.
• From companies, branches, affiliates or business partners of Atradius.
• From (publicly) available sources.
• From suppliers of information or data (for example, credit and financial information companies).

4.5 Who has access to your personal data?

For our own purposes, we may provide personal data to:

• Our customers and parties in agreement with the customer (such as intermediaries, representatives, companies that are part of the customer's group);
• Atradius companies, branches and affiliates;
• reliable external service providers and business partners such as loss adjusters, crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, accountants, lawyers, collection agencies and other service providers;
• consultants or other professional parties, to establish, exercise or defend legal claims or to protect our business activities or legal rights;
• law enforcement, regulatory or government agencies: when required by law or to the extent necessary to protect our rights.

5. International transfer of personal data.

Due to the international nature of our business and business activities, the data we process may be transferred to or accessed by other entities within the Atradius Group or selected third parties. These entities and third parties are located in various countries around the world. To fulfill the purposes described in this Privacy Statement, your personal data may be transferred to a country other than your country of residence.

We transfer your personal data only within the scope of relevant data protection laws and in accordance with our intra-group data transfer agreement.

Where we transfer personal data outside a protected legal area, such as, for example, the European Economic Area ("EEA"), we have put in place appropriate safeguards to provide an adequate level of protection under applicable data protection law. These are safeguards such as standard contractual clauses approved by the European Commission or the transfer takes place to a country that provides an adequate level of protection according to an adequacy decision of the European Commission.

If we transfer your personal data outside the EEA, please ask us for information on the applicable safeguards.

6. How we protect your personal data

We are committed to ensuring that your personal data is kept secure. To prevent unauthorized access to or disclosure of personal data, we have put in place appropriate physical, technical and organizational measures to protect the information we collect and process.

In addition, when we provide access to or otherwise transfer personal data to third parties (as described in Section 1-4), we take steps to ensure that all personal data is subject to the same or substantively similar levels of protection that Atradius already implements. This includes conducting IT security assessments of suppliers and agreeing data protection terms (including data processing agreements) with third parties.

7. How long we keep your data

Generally, we retain your data only: (i) as long as necessary for the relevant business purpose; (ii) to the extent reasonably necessary to comply with applicable legal requirements; or (iii) as long as advisable given an applicable statute of limitations. Atradius may specify (for example, in a secondary policy document or in a notice or retention period document) a period of time during which certain categories of personal data are retained.

8. How to contact us and access and update your information

• As a data subject, you have certain rights regarding our processing of your personal data. You can:
  • request access to your personal data held by us, as well as access to our processing of your personal data;
  • request us to rectify or supplement your data if you believe it to be incomplete or inaccurate;
  • request us to delete certain personal data (unless we are required by law to retain it, or to establish, exercise or defend legal claims, or for any of our other legally permissible business purposes, such as conducting debt collection activities on behalf of and for the account of our customers);
  • transfer personal data that you have provided to us to a third party if we process that data based on your consent or to carry out an agreement with you and the processing is carried out by automated means;
  • request us to restrict the processing of your personal data if you believe that the data is inaccurate, that our processing is unlawful or that we no longer need to process your data for a particular purpose (unless we cannot delete the data because of a legal or other obligation);
  • object to our processing of your personal data on grounds related to your specific situation, where the legal justification for our processing of your personal data is our legitimate interest. We will comply with your request, unless we consider that we have compelling legal grounds for the processing that outweigh your interests and rights, or if we need to continue processing the data in order to establish, exercise or defend legal claims or carry out debt collection activities on behalf of and on behalf of our customers; and
  • where we rely on your consent to process your personal data, you may withdraw such consent at any time. You can do so by: (i) clicking the opt-out link in our marketing emails; (ii) changing your cookie preferences or by submitting a form online. If you withdraw your consent, this will not affect the legality of our use of your personal data prior to your withdrawal.

You may send us your request or complaint by submitting a form online.
We will handle your request carefully and in accordance with applicable data protection regulations. In some cases, we may ask you for additional information to verify your identity in order to carry out your request. You may also file a complaint with the Dutch Data Protection Authority.

Atradius' Data Protection Officer can be reached by email at dpo@atradius.com.