Privacy.

PRIVACY STATEMENT POLICY OF DIRECT PAY SERVICES B.V. Intro Direct Pay Services B.V. (referred to below as: ‘DirectPay’) attaches great importance to the privacy of clients, customers (debtors), and employees. As a factoring company, DirectPay processes personal data and is therefore responsible for processing it correctly. How we do this is set out in this privacy policy. DirectPay, as the controller DirectPay buys claims from clients, which makes it a ‘controller’. From the moment we take over the claim, DirectPay determines the purpose and means of processing personal data. This makes us responsible within the meaning of the new privacy regulation (‘GDPR’). We explain in more detail below which personal data we process and why this is necessary. If DirectPay only performs management work for a client, where the client itself remains the owner of the claim, DirectPay is a ‘processor’ within the meaning of the GDPR. Terms and conditions For the processing of personal data it is important to us that the client has collected (processed) it in a legally valid manner and with due observance of the GDPR and other applicable privacy laws and regulations. The customers (debtors) must be informed of the intended transfer of the claim and the related provision of the personal data to DirectPay and the processing of the personal data by DirectPay and its affiliated companies within the Credit Exchange group. Personal data and purposes We need to process data to provide our services properly. DirectPay uses the personal data in compliance with the GDPR and other applicable laws and regulations. The purposes for which we process personal data are:

  1. Performance of the factoring agreement
  • The factoring services include:
  • The full or partial taking-over of claims from customers of clients (debtors);
  • Checking the accuracy of the claims that are supplied to us;
  • Writing to customers to collect a claim;

 

  1. Creditworthiness checks and payment record
  • Clients can use DirectPay to perform creditworthiness checks on new customers (debtors);
  • DirectPay uses customer (debtor) data, the outstanding amount, and their payment record to assess the credit risks of customers (debtors) and to prevent and detect fraud.

 

  1. Credit management
  • The development of statistical models, with the aim of segmenting collection portfolios to further optimize the collection result.

 

  1. Contact with the customer (debtor)
  • Contact with the customer (debtor) is necessary to ensure that the management and collection process runs as smoothly as possible.

 

  1. Payment to client and/or customer (debtor)
  • Payments to clients and repayment to customer (debtor) of amounts unduly received.

 

  1. Verification of the identity of data subjects exercising their rights under the GDPR.
  • If a person exercises a right under the GDPR, DirectPay checks whether the request was actually made by the person concerned, by means of a copy of a passport or identity document. Once the identity of the person concerned has been verified, the copy of their passport or identity document will be destroyed.

 

  1. Recording telephone calls with clients and customers (debtors)
  • Telephone calls with clients and customers (debtors) are recorded in order to improve the telephone services provided by DirectPay staff. Of course, we will inform them of this at the start of the call.

DirectPay processes the following personal data of customers (debtors) for the purpose stated:

Name and address informationPerformance of factoring agreements, creditworthiness checks, payment record, credit management, contact with the customer (debtor), payments
GenderPerformance of factoring agreement, contact with the customer (debtor), payment record
Date of birthPerformance of factoring agreement, creditworthiness checks and payment record, Credit management
E-mail addressPerformance of factoring agreement, Contact with the customer (debtor)
Phone numberPerformance of factoring agreement, Contact with the customer (debtor)
Invoice amountsPerformance of factoring agreement, creditworthiness checks and payment record, Payment
PaymentsCredit management, payment record
Copy of ID (Passport photo and citizen service number [BSN] shielded)Exercising rights under the GDPR
Bank account numberPayments
Debtor numberPerformance of factoring agreement
Phone callsQuality improvement

  DirectPay processes the following personal data of clients for the purpose stated:

Name and address informationPerformance of factoring agreement, contacting clients, making payments, verification of the client when entering into the agreement (between DirectPay and the client), making payments
Data from extract from Chamber of CommercePerformance of factoring agreement, verification of the customer when entering into the agreement (between DirectPay and the customer),
Bank account numbersMaking payments, booking payments
PaymentsFactoring services
E-mail addressContacting clients
Phone numberContacting clients
Invoice amountPayments
Copy of ID (Passport photo and citizen service number (BSN) shielded)Exercising rights under the GDPR
Phone callsQuality improvement

  DirectPay processes the following personal data of prospects for the purpose stated:

Name and address informationContact prospect
E-mail addressContact prospect
Phone numberContact prospect
Turnover dataAssess whether the services are profitable for the prospect and DirectPay

  DirectPay processes the following personal data of website visitors for the purpose stated:

IP addressAnalyse website usage

  DirectPay processes the following personal data of external parties, contacts of external parties, and service providers for the purpose stated:

Name and address informationContact party/service provider
Phone numberContact party/service provider
E-mail addressContact party/service provider

  Legal basis for processing personal data Processing the personal data of customers (debtors) is necessary for the performance of an agreement or a legitimate interest in creditworthiness checks. Processing the personal data of clients is necessary for the Performance of an agreement to which the client is a party. The processing of personal data of prospects is necessary in the run-up to the conclusion of an agreement to which the prospect will be a party. DirectPay receives personal data from: –             Clients –             Prospects –             Customers (debtors) –             Website visitors –             External parties and service providers.   In some cases, DirectPay is compelled to pass on personal data to third parties. This applies if:

  • doing so is compatible with the purpose for which the data was collected and;
  • the provision has a legal basis (i.e. permissible by law);

DirectPay may provide personal information to:

  • Customers (debtors) (this concerns the data of customers [debtors]);
  • Clients;
  • DirectPay employees;
  • Collection agency/bailiff;
  • Service providers that offer services to DirectPay as a processor within the meaning of the GDPR and the personal data needed for their services (such as hosting companies, marketing agencies) and with which DirectPay has concluded processing agreements.

Storage period DirectPay does not process personal data for longer than necessary for the purpose for which it is collected. If a statutory retention period applies, such as the fiscal retention obligation of seven years, this will be observed. Personal data may be kept indefinitely for statistical purposes or for historical research or archive management, subject to appropriate safeguards. Security Taking into account the state of technology, the performance costs and the nature, scope, context, and purposes of processing, and the different risks to the rights and freedoms of individuals in terms of probability and seriousness, DirectPay takes appropriate technical and organizational security  measures to secure the personal  data it processes. These measures include the following:

  • the pseudonymization and encryption of personal data
  • a high-quality organization of the services and systems used for the processing
  • the ability to ensure that personal data is not permanently lost in the event of an incident
  • periodic testing and evaluation of security
  • employees with access to the personal data process it only on behalf of DirectPay (unless a legal obligation provides otherwise)

  Non-disclosure agreement All employees involved in the processing of personal data at DirectPay are obliged to protect the confidentiality of the data that comes to their notice. The personal data is used only if necessary for the performance of an employee’s duties. All DirectPay employees sign a non-disclosure agreement on commencement of employment.   Data Protection Officer DirectPay has appointed a Data Protection Officer. The name of our Data Protection Officer is Ms S. Faber. She can be reached on the following contact details: Address   Blaak 16, 3011 TA Rotterdam E-mail    privacy@directpay.nl Tel:        + 31 (0)88 – 900 6666   Rights You have the following legal rights with respect to personal data that we process belonging to you:

  • An explanation of what personal information we have about you and what we do with it
  • Access to the personal data we have about you
  • Alteration of personal data
  • Erasure of personal data
  • The right to data portability
  • The right to restrict the processing of your personal data
  • Right to object to a particular use (e.g. processing of personal data relating to creditworthiness checks and payment record)
  • The right to a human approach to decisions

Questions or requests concerning your wish to exercise a right can be addressed to: Direct Pay Services B.V. Attn. Data Protection Officer, Blaak 16, 3011 TA Rotterdam. When exercising one of your rights, please enclose a copy of your passport or identity card with your request. Please screen your BSN number and passport photo. If you do not, DirectPay will do this for you. Please do not hesitate to contact us if you have any questions about privacy in general. Complaints If you feel that we are not helping you in the right way, you have the right to file a complaint with the supervisory authority, the Dutch Data Protection Authority. Information on how to submit a complaint is given at www.autoriteitpersoonsgegevens.nl.  

My DirectPay

Did you receive a reference number?

If you experience any issues while trying to log in, please contact one of our service employees by sending an e-mail to vraag@directpay.nl