Privacy Statement
Mercury Partners Holding B.V., together with its subsidiaries (“Mercury”), is a global provider of credit insurance. Mercury operates in a business-to-business market. The products and services offered by Mercury aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services and, in so doing, safeguard their sales. With these services we enable trade on a worldwide scale.
When providing our products and services, Mercury acts as “data controller”. We collect and process information mainly on companies and businesses. However, in the process of doing so, we also process data that may be qualified as “personal data” under European Union (“EU”) law as it is information relating to an individual (e.g. a sole trader, a company director, a beneficial owner, a professional contact etc.). Your trust in how we handle your personal data is important to us. When you use our websites, applications, portals, engage our services as a representative or contact person of our customer, trade (as a counterparty) with our customers or do business with us as our business partner or supplier, it is important to us to use your personal data carefully and securely in a transparent manner.
In this Privacy Statement we provide information we are required to give in relation to the processing of personal data under EU law. We explain for instance the purposes and grounds of the processing of personal data, the categories of personal data concerned, the categories of the sources and the recipients of the personal data, data retention and your rights as data subject.
Updates to this Privacy Statement
We strive for continuous improvement in our services, processes and protecting your personal data rights, so we may update this Privacy Statement from time to time. Therefore, we advise you to check this statement on a regular basis.
When do we collect personal data and when does this Privacy Statement apply?
If you are a customer, policy related party, intermediary, co-guarantor, business partner or supplier
2.1 What personal data do we collect?
We may process the following information on your business, which may qualify as personal data if it relates to information relating to an individual (e.g. a sole trader, company director, (ultimate) beneficial owner, shareholder, beneficiary, professional contact etc.).
- Contact details and personal identification data, e.g. your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name.
- If your company is not a legal entity, we may also process bank account details, claims history, VAT number, details of the agreement with you and financial information.
2.2 Why do we collect this personal data?
We may process information on your business, which may qualify as personal data, for the following purposes:
- To execute and provide services in relation to the agreements. This may entail: processing transactions, communicating with you, assessing (trade) insurance risks and coverage, performing claims handling, recovery actions, providing credit (risk) management and business intelligence services and products, conducting debt collections, providing customer support services, handling complaints and disputes.
- To perform “know your counterparty”, fraudterrorism, sanctions list checks and other compliance checks.
- To optimise our products and services, conduct (market) research and statistical analyses.
- To perform administration within the Mercury group of undertakings and to manage and protect our information technology infrastructure.
- To establish, exercise or defend legal claims.
- To comply with an order of a regulatory/governmental authority or an obligation under relevant laws or regulations or (voluntary) regulatory, industry or sector codes or guidelines.
2.3 Legal grounds for using your personal data
We process your personal data only if this is allowed under one of the legal processing grounds. We rely on one or more the following legal grounds for the processing of your information:
-
Legitimate interests
We may process your personal data as necessary for achieving our legitimate interests, when performing our business activities.
- Offering and developing credit insurance, surety, reinsurance and debt collections products and services, as well as business intelligence services, which aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services.
- As necessary for entering into and the performance of agreements with the company or business that you are associated with.
-
Performance of a contract
If you are a sole trader company, we need to process your personal data for entering into and the performance of agreements.
-
Legal obligation
We may process your personal data if necessary to comply with one of our legal obligations, for instance to perform compliance checks or to comply with orders of a regulatory/ governmental authority, or follow obligations under industry or sector codes.
2.4 Where did we obtain your information?
The personal data that Mercury processes may originate from various sources:
- Directly from you or the company you are associated with, including those representing or authorised by you or such company.
- From Mercury companies, branches, affiliates or business partners.
- From (publicly) available sources.
- From information/data vendors.
2.5 Who may have access to your personal data?
We may disclose personal data to fulfil our purposes to:
- Parties authorised by you or the company you are associated with.
- Mercury companies, branches, affiliates.
- Third parties such as claims adjusters, crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, debt collectors and other service providers.
- Advisers or other professional parties, to establish exercise or defend legal claims or to protect our business operations or legal rights.
- Law enforcement agencies, regulatory/governmental authorities: when required by law, or as necessary to protect our rights.
3. If you or your company trade with our customers (a “buyer”, “debtor” or “beneficiary”)
3.1 What personal data do we collect?
We may process the following information on your business, which may qualify as personal data, in so far as it relates to information relating to an individual (e.g. a sole trader, company director, (ultimate) beneficial owner, shareholder, professional contact etc.).
- Contact details and personal identification data, e.g. your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name.
3.2 Why do we collect this personal data?
We may process information on your business, which may qualify as personal data, for the following purposes:
- To execute and provide services in relation to the agreements we have with our customers. For example: processing transactions, communicating with you, assessing (trade) insurance risks and coverage, performing claims handling, recovery actions, providing credit (risk) management and business intelligence services and products, conducting debt collections, handling complaints and disputes.
- To perform fraud, money laundering, terrorism and sanctions list checks and other compliance checks.
- To optimise our products and services, conduct (market) research and statistical analyses.
- To perform administration within the Mercury group of undertakings and to manage and protect our information technology infrastructure.
- To establish, exercise or defend legal claims.
- To comply with an order of a regulatory/governmental authority, or an obligation under relevant laws or regulations or (voluntary) regulatory, industry or sector codes or guidelines.
3.3 Legal grounds for using your personal data
We process your personal data only if this is allowed under one of the legal processing grounds. We rely on one or more of the following legal grounds for the processing of your information:
-
Legitimate interests
We may process your personal data as necessary for achieving our legitimate interests, when performing our business activities.
- Offering and developing credit insurance, reinsurance, surety and debt collections products as well as credit (risk) management, business intelligence services, which aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services.
- As necessary for entering into and the performance of agreements with our customers.
- To establish, exercise or defend legal claims.
-
Legal obligation
We may process your personal data to comply with our legal obligations, for instance to perform compliance checks or to comply with orders of a regulatory/governmental authority, or follow obligations under industry or sector codes.
3.4 Where did we obtain your information?
The personal data that we process may originate from various sources:
- Directly from our customers or from you, including those representing the customer or you.
- From Mercury companies, branches, affiliates or business partners.
- From (publicly) available sources.
- From information/data vendors.
3.5 Who may have access to your personal data?
We may disclose personal data to fulfil our purposes to:
- Our customers and parties authorised by the customer (such as intermediaries, representatives, companies belonging to the customer’s group).
- Mercury companies, branches, affiliates.
- Third parties such as claims adjusters, crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, debt collections and other service providers.
- Advisers or other professional parties, to establish exercise or defend legal claims or to protect our business operations or legal rights.
- Law enforcement agencies, regulatory/governmental authorities: when required by law, or as necessary to protect our rights.
4. How do we protect your personal data?
We are committed to ensuring that your personal data is kept secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate physical, technical and organizational measures to safeguard the information we collect and process.
5. How long do we retain your information?
We generally shall retain personal data only: (i) for the period required to serve the applicable business purpose; (ii) to the extent reasonably necessary to comply with any applicable legal requirements; or (iii) as advisable in light of an applicable statute of limitations. Mercury may specify (e.g., in a sub-policy, notice or records retention schedule) a time period for which certain categories of personal data will be kept.
6. How can you contact us, access and update your information?
-
As a data subject, you have certain rights concerning our processing of your personal data. You can:
- request access to your personal data held by us
- ask us to rectify or complete your information if you believe that your personal data is inaccurate or incomplete
- ask us to erase certain personal data
- ask us to restrict the processing of your personal data object to our processing of your personal data