Privacy statement

Introduction

In order to provide our services, we process personal data. In doing so, we comply with the General Data Protection Regulation (GDPR) and Article 11.7a of the Dutch Telecommunications (Telecommunicatiewet).

Who are we?

We are GoCredible, a payment service provider. We support clients and affiliated organizations with, among other things, the identification and verification of customers. The controller of data processing is:

GoCredible B.V.
Keizersgracht 62
1015CS Amsterdam
contact@gocredible.nl

What personal data do we process?

Personal data refers to any information that can be directly or indirectly attributed to an individual. We may obtain such data when:

• you visit and use our website;
• you contact us by telephone or request a call back;
• you follow our social media channels;
• you carry out a payment transaction;
• you enter into an agreement with us;
• we provide services to an affiliated organization of which you are, or intend to become, a customer;
• you are a notary cooperating with an affiliated organization.

We may also consult publicly available and paid sources to supplement or verify personal data. We do so in order to comply with our statutory obligations as a financial institution, to perform our services for affilliated organizations, and to minimize the need to request information directly from individuals.

The following types of personal data may be processed:

Website visits and application usage

• IP address, device type, usage data;

Calls or call-back requests

• Phone number;
• Email address;
• Any information you voluntarily provide;

Payment transactions

• IBAN and account holder name;
• Transaction details, including reference number, amount, date/time, payment method;
• Description or indication of the product or service paid for, and its supplier;

Agreements

• First and last name, address, city/town, phone number, email address;
• Gender, date of birth, country of birth, nationality;
• Type of identification document and document number, including issuance and expiry dates;
• IBAN and account holder name;
• Chamber of Commerce (KvK) number and information available from KvK extracts, Ultimate Beneficial Owner (UBO) registers, and articles of association;
• Source of income;
• Information relating to real estate assets;

Social Media (followers and sharing)

• First and last name, alias;
• Company name;
• Other information visible in or through the profile associated with the relevant social media account;

Services for affiliated organizations

• We process personal data provided to us by affiliated organizations, depending on the nature of the services we provide, including:
  • First and last name, address, city/town, phone number, email address;
  • IBAN and account holder name;
  • Chamber of Commerce (KvK) number;
• Any additional information provided in response to queries necessary to enable the provision of our services;

Identification, verification, and compliance with legal obligations

• Personal data extracted from identity documents;
• Details of the identity documents;
• Records of the outcomes of checks in sanction lists, politically exposed persons (PEP) lists, and the VIS database of lost, stolen, or otherwise invalid identity documents;
• Monitoring of transactions and transaction behavior;
• Personal data obtained from consulted publicly available and paid sources.

If the (personal) data required for our services is incomplete or inaccurate, or is deemed unacceptable based on legal requirements or risk assessments, we may decide not to provide services.

Data Processing Purposes

GoCredible processes personal data for the following purposes:

• To establish and enter into an agreement;
• To execute payment services;
• To comply with legal obligations, including identification, verification, and screening in accordance with the Dutch Anti-Money Laundering and and Anti-Terrorist Financing Act (Wwft) and the Sanctions Act;
• To identify and verify individuals;
• To verify bank account numbers and account holder details;
• To charge transaction fees;
• To provide services agreed upon with affiliated organizations;
• To ensure optimal functioning of the website and payment services;
• To manage customer relationships and deliver customer service communications;
• To produce anonymized analyses.

Personal data may also be used to detect (attempted) unlawful and/or criminal activities directed against GoCredible, its users and employees, and to safeguard the integrity of the payments system.

Disclosure to Third Parties

GoCredible may use third party processors to process personal data. This concerns the following categories of processors:

• Group companies;
• Financial institutions;
• Data providers;
• Software development providers;
• Cloud and hosting service providers;
• Notaries, in cases involving agreements relating to registered property.

Personal data will not be shared with other third parties without consent, unless required by law or regulation, or when necessary for the prevention, detection, or prosecution of criminal offenses, such as fraud or deception.

GoCredible may receive personal data from the organization it provides services to, and of which you are, or intend to become, a customer, and may share data with that organization. That organization, as the data controller, will inform you about the processing of your personal data through its own privacy statement.

Als wij dienstverlening aan andere organisaties verlenen, dan ontvangen wij gegevens van de organisatie waar je klant bent of wil worden en delen wij gegevens met die organisatie. Zij informeren je als verwerkingsverantwoordelijke over de verwerking van je persoonsgegevens via hun privacyverklaring.

Personalized Offers

Where you have provided consent, GoCredible may use your personal data for promotional activities and offers from GoCredible, its group companies, and affiliated organizations, and/or selected third parties. You may withdraw your consent at any time.

Security

GoCredible ensures that personal data is handled with due care and confidentiality. Personal data is stored in encrypted form within secure databases that are accessible only to GoCredible employees or individuals acting under GoCredible's supervision. Data is stored within the Netherlands or the European Union.

Exercising Your Rights

As a data subject, you have rights including the right of access, rectification, erasure, and restriction of processing. You may request access to the personal data processed by GoCredible and, where applicable, request correction or deletion, provided there are no legal grounds preventing this.

Requests may be submitted by email to contact@gocredible.nl or in writing to the aforementioned address. GoCredible will respond within 30 days. Personal data required for the provision of payment services or to comply with legal obligations cannot be modified.

In the case GoCredible processes data on behalf of an affiliated organization, that organization acts as the data controller, and requests should be directed to that organization.

Data Retention

To comply with legal requirements, GoCredible retains your data. Transaction and account data are retained for a maximum period of seven (7) years. Retention periods are calculated from the date of your last transaction or payment.

Complaints

If you disagree with how your personal data is handled, you may contact GoCredible at klacht@gocredible.nl or by post. If no resolution is reached, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens), Postbus 93374, 2509 AJ, The Hague.

Amendments

This privacy statement (version september 2022-I) may be amended from time to time.