Privacy Statement

Atradius India Credit Management Services (P) Limited (“Atradius India” or “We” or “Our” or “Us”), is a credit management agency incorporated and registered under the provisions of applicable law in India. Atradius India is an indirect subsidiary of Atradius N.V. The Atradius group of companies (“Atradius”) is a global provider of credit insurance, surety, reinsurance, debt collections and business information/intelligence services.

This privacy statement (“Privacy Statement”) applies to your use of this website at www.atradius.in (“Website”), owned and operated by Atradius, its affiliated companies and subsidiaries. The Website is a platform that facilitates the purchase/use of the products and services offered by Atradius India (“Services”). In this regard, please note that Our customers also include customers of Our business partners that have availed Our Services but only to the extent of availing Our Services.

This Privacy Statement describes the privacy policy of Atradius India. It is published in compliance with India’s Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 ( “SPI Rules”), and the principles outlined in the Digital Personal Data Protection Act, 2023 (“DPDP Act”) to the extent applicable, including any amendment, subsequent legalisation or replacements thereof from time to time.

When providing the Services, Atradius India collects and processes data/information of companies and businesses. However, in the process of doing so, We also process data/information that may be qualified as “personal data” under the DPDP Act, where it is information relating to natural persons (e.g. a sole trader, a company director, a beneficial owner, a professional contact etc) and is collected digitally or has been digitized from a non-digital format. This Privacy Policy applies to such natural persons who are visitors on the Website and/or representatives or contact persons of (i) prospective customers through the use of the Website, (ii) any existing customers who have agreed to obtain the Services, (iii) parties that trade with Our customers, (iv) parties that do business with Us as business partner or supplier (hereinafter, referred to as “You” or “Your” or “Yourself” or “User”). In this regard, please note that the term “personal data” refers to data or information relating to a natural person that is capable of identifying such person or is in relation to such person and includes any “sensitive personal data or information (collectively, “Personal Data”). In addition, in recognition that Atradius India may need to process or control the personal data of European Union residents and in this regard please refer to Our Privacy Statement made in accordance with applicable law.

In this Privacy Statement, We provide information that We are required to give in relation to the processing of Personal Data  under Indian law. We explain for instance the purposes and grounds of the processing of Personal Data, the categories of Personal Data concerned, the categories of the sources and the recipients of the Personal Data, sharing of the Personal Data, data retention, Your rights as a ‘data principal’ and the legitimate uses for processing of Your Personal Data.

Atradius India is committed to maintain confidentiality, integrity and availability of all information We collect from You. In this regard, We have implemented reasonable security practices and procedures that are commensurate with the information assets being protected and with the nature of Our business per applicable law.

Please read the Privacy Statement carefully before proceeding to use the Website. By using the Website, You agree to be legally bound by the terms and conditions of this Privacy Statement with immediate effect. If You do not agree, then please do not continue to access or use the Website, and do not complete any registration process available on the Website.

Updates/Modifications

We strive for continuous improvement in the Services, processes and protecting Your Personal Data, so We may update this Privacy Statement from time to time. In this regard, Atradius India reserves the right to change or modify this Privacy Statement, in whole or in part, with or without prior notice, from time to time. Therefore, We advise You to check this Privacy Statement on a regular basis. This Privacy Statement was updated on 25 October 2024.

Any changes to the Privacy Statement will become effective upon posting of the revised Privacy Statement on the Website. Access or use of the Website following the posting of the Privacy Statement will be considered as Your acceptance of the revised Privacy Statement. You should periodically review the “last updated” date at the top of this Privacy Statement so that You can familiarise Yourself with any changes, as they are binding on You. In case You no longer wish to use the Website on such revised Privacy Statement, You are entitled to terminate Your relationship with Atradius India by ceasing to use this Website any further.

Legal grounds for using Your Personal Data

We process Your Personal Data only if this is allowed under the following legal grounds:

1. Consent: We will request Your consent for processing Your Personal Data, unless such processing is otherwise permitted under Legitimate Uses or You have already consented to such processing. You can withdraw Your consent at any time by clicking on the opt-out link in Our emails or by submitting a form online. If You withdraw Your consent, this will not affect the lawfulness of Our use of Your Personal Data before Your withdrawal.

For the purpose of this Privacy Statement, consent includes any consent obtained through any consent manager authorised by you. 

2. Legitimate Uses: Subject to applicable law, separate consent may not be required to process Your data for certain legitimate uses, such as:

-    When you voluntarily provide data for a specified purpose and have not objected to such use

-    Compliance with Indian laws and court judgments

-    Employment-related purposes (for Atradius employees)

-    Responding to medical emergencies, epidemics, or disasters

When do We collect data/information and when does this privacy statement apply?

1. If You use our Website

1.1. What data/information do We collect?

We may process the following data/information on Your company or business:

•  Any Personal Data that You submit such as Your name, (work) address, telephone number, email address, login details, or other information provided during registration for any of the Services;
• We may also collect Your Personal Data if You contact Us by phone, email or through the Website;
• Information that allows Us to remember You and Your preferences in using this Website. We use cookies and similar tracking technologies to collect this type of information. Further details on this are available on Our Cookie Information page including how to decline/disable cookies.
• We may also receive and/or hold information about Your browsing history, Internet Protocol (IP) address of Your electronic device (or the proxy server), operating system, type of web browser, language, time zone, region and other specifications of Your electronic device for anonymous statistical purposes including advertisements, administration of the Website and associated servers, and to improve the Services.
• Your subscriptions to any promotional materials such as newsletters, email updates, country reports, updated trade or economic information, etc made via the Website.

1.2. Why do We collect this data/information?

We may use Your data/information for the following purposes:

• To provide and improve the Services, maintain contact with You and handle complaints/disputes;
• To optimise the Services, for (direct) marketing purposes and market research; and
• To administer the Website and related servers and to manage and protect Our information technology infrastructure.

1.3. Specific Legal grounds for using Your data/information

Apart from any processing permitted as a legitimate use under applicable law, We seek Your consent for the processing of Your Personal Data in relation to: 

• the usage of certain cookies via the Website. See Our Cookie Information page for more details on this. 
• Your Personal Data as necessary for achieving Our business interests, including but not limited to the following:

               o    Our interest to look for opportunities to optimize Our website and to improve Our products and services offering. 
               o    Our interest to protect Our business, information and assets including against cyberattacks and fraud. 
               o    Use Your Personal Data for marketing purposes.

1.4. Where did We obtain Your data/information?

We automatically obtain some data/information when You visit Our website. We collect such data/information via cookies. See Our Cookie Information page for more details on this.

We obtain other data/information including Personal Data when You actively provide it to Us. This is, for example, the case when You sign up for any newsletters, email updates, country reports, updated trade or economic information, etc. via the Website. See also the information on Our marketing activities in Section 2 below.

1.5. Who will have access to Your data/information?

We may disclose Your data/information including Personal Data to fulfil Our purposes to:

• Atradius’s group companies, branches, affiliates, business partners and service providers.
• In relation to cookies, with Our advertising and marketing partners that support Atradius India with its online marketing and analytics activities. These companies may collect information to enable them to display advertising for products and services that may be of interest to You when You visit Our Website or other websites.
• With trusted third-party service providers that perform services on Our behalf including but not limited to the hosting of Our Website, data storage, analytics, and Website maintenance and security. 
• Purchasing entities, if an Atradius business unit is sold or transferred as part of a corporate transaction (only where it is necessary to disclose personal data including during due diligence conducted prior to such event (where permitted by applicable law)). 

2. Marketing

2.1. What data/information do We collect for marketing purposes?

In the context of Our marketing activities, We may process the below data/information including Personal Data about You:

• Contact details such as Your name, title, phone number, email, (work) address, contact history;
• Information for which You have provided Your consent to use Your Personal Data for marketing purposes, e.g. in the form of subscriptions to any promotional materials such as newsletters, email updates, business publications, survey reports, and white papers;
• Information on Your interests e.g. based on Your subscriptions for Our publications for specific topics or industries;
• Information regarding any of Your questions, complaints or disputes; and
• Other Personal Data provided by You.

2.2. Why do We collect this data/information?

We may use Your data/information including Personal Data for the following purposes:

• To get into and maintain contact with You;
• To promote and inform You about the (new) Services;
• To organise events and other promotional activities;
• To analyse Your interests and possible business opportunities for Us;
• To obtain Your views on certain matters, e.g. via (customer satisfaction) surveys; and
• To deal with questions, complaints or disputes.

2.3. Legal grounds for using Your data/information

Apart from any processing permitted as a legitimate use under applicable law, We seek Your consent for the processing of Your Personal Data in relation to:

• We request Your consent for processing Your Personal Data for Our marketing activities. 
• We also request Your consent for processing Your information as necessary for achieving certain business interests  - we may for example gather, analyse and interpret information about Our customers in order to find new opportunities to sell and develop Services to satisfy the preferences and needs of Our customers.

2.4. Where did We obtain Your data/information?

For marketing purposes, We primarily obtain data/information including Personal Data concerning You from Yourself. In other instances, We may obtain Your Personal Data from the various sources displayed below:

• Parties who refer Us to You, or to whom You provided consent to share Your data with Us;
• Third parties engaged by Us in the context of Our marketing activities;
• The internet (incl. social media) for as far as allowed under the applicable law.

2.5. Who will have access to Your personal data/information?

Atradius may disclose Your data/information including Personal Data to:

• Atradius’s group companies, branches, affiliates, business partners and service providers.
• With trusted third-party service providers that perform services on Our behalf including but not limited to market research, product analysis and analytics, webinar or events organizers.
• Purchasing entities, if an Atradius business unit is sold or transferred as part of a corporate transaction (only where it is necessary to disclose personal data including during due diligence conducted prior to such event (where permitted by applicable law)).

3. If You are Our customer or any person who uses our Services, or any business partner or supplier

3.1. What data/information do We collect?

We may process the following data/information of Your business, which may qualify as Personal Data if it relates to a natural person (e.g. a sole trader, company director, (ultimate) beneficial owner, shareholder, beneficiary, professional contact etc.).

• Personal Data such as. Your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name.
• If Your company is not a legal entity, We may also process Your financial information (such as bank account details), VAT/GST number, details of the agreement with You.

3.2. Why do We collect this data/information?

We may process data/information of Your business, which may qualify as Personal Data, for the following purposes:

• To execute and provide the Services in relation to the agreements. This may entail: processing transactions, communicating with You, assessing (trade) insurance risks and coverage, recovery actions, providing credit (risk) management and business intelligence services and products, conducting debt collections, providing customer support services, handling complaints and disputes;
• To perform “know your counterparty”, fraud, terrorism, sanctions list checks and other compliance checks;
• To optimise Our Services, conduct (market) research and statistical analyses;
• To administer the Website and related servers and to manage and protect Our information technology infrastructure;
• For marketing purposes: see Section 2 above for further details;
• To establish, exercise or defend legal claims; and

3.3. Legal grounds for using Your data/information

Apart from any processing permitted as a legitimate use under applicable law, We seek Your consent for the processing of Personal Data in relation to:

• We request Your consent for processing Your data/information including Personal Data as necessary for achieving Our business interests, when performing Our business activities. 
• Offering and developing credit management services, surety, and debt collections products and services, as well as business intelligence services, which aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services.
• As necessary for entering into and the performance of agreements with the company or business that You are associated with.
• To effectively carry out Our business activities as an international group of undertakings.
• To protect Our business, information and assets including to exercise our rights or defend ourselves against any potential or actual legal claims.

3.4. Where did We obtain Your data/information?

The data/information including Personal Data that Atradius India processes may originate from various sources:

• Directly from You or the company You are associated with, including those representing or authorised by You or such company;
• From Atradius’ group companies, branches, affiliates or business partners;
• From (publicly) available sources; and
• From information/data vendors.

3.5. Who may have access to Your data/information?

We may disclose Your data/information including Personal Data to fulfil Our purposes to:

• Parties authorised by You or the company You are associated with;
• Atradius’ group companies, branches, affiliates;
• Third parties such as crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, debt collectors and other service providers;
• Advisers or other professional parties, to establish exercise or defend legal claims or to protect Our business operations or legal rights;
• Law enforcement agencies, regulatory/governmental authorities: when required by law, or as necessary to protect Our rights;
• Purchasing entities, if an Atradius business unit is sold or transferred as part of a corporate transaction (only where it is necessary to disclose personal data including during due diligence conducted prior to such event (where permitted by applicable law)); and

4. If You or Your company trade with Our customers (a “buyer”, “debtor” or “beneficiary”)

4.1. What data/information do We collect?

We may process the following data/information of Your business, which may qualify as Personal Data, in so far as it relates to data/information relating to a natural person (e.g. a sole trader, company director, (ultimate) beneficial owner, shareholder, professional contact etc.).

• Personal Data such as Your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name;
• If Your company is not a legal entity, We may also process financial information (such as bank account details), trade registration, VAT/GST number, insolvency status, sources of wealth.

4.2. Why do We collect this data/information?

We may process data/information on Your business, which may qualify as personal data, for the following purposes:

• To execute and provide the Services in relation to the agreements We have with Our customers. For example: processing transactions, communicating with You, reviewing (trade) insurance risks and coverage, recovery actions, providing credit (risk) management and business intelligence services and products, conducting debt collections, handling complaints and disputes;
• To perform fraud, money laundering, terrorism and sanctions list checks and other compliance checks.
• To optimise Our Services, conduct (market) research and statistical analyses.
• To administer the Website and related servers and to manage and protect Our information technology infrastructure.
• To establish, exercise or defend legal claims.

4.3. Legal grounds for using Your data/information

Apart from any processing permitted as a legitimate use under applicable law, We seek Your consent for the processing of Your Personal Data in relation to:

• We request Your consent for processing Your Personal Data as necessary for achieving Our business interests, when performing Our business activities, which include: 
  • Offering and developing credit management services, surety and debt collections products as well as credit (risk) management, business intelligence services, which aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services;
  • As necessary for entering into and the performance of agreements with Our customers;
  • To establish, exercise or defend legal claims;
  • To effectively carry out our business activities as an international group of undertakings.

4.4. Where did We obtain Your data/information?

The data/information including Personal Data that We process may originate from various sources:

• Directly from Our customers or from You, including those representing the customer or You;
• From Atradius’s group companies, branches, affiliates or business partners;
• From (publicly) available sources; and
• From information/data vendors.

4.5. Who may have access to Your data/information?

We may disclose personal data/information to fulfil Our purposes to:

• Our customers and parties authorised by the customer (such as intermediaries, representatives, companies belonging to the customer’s group);
• Atradius’ group companies, branches, affiliates;
• Third parties such as crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, debt collections and other service providers;
• Advisers or other professional parties, to establish exercise or defend legal claims or to protect Our business operations or legal rights: and
• Law enforcement agencies, regulatory/governmental authorities: when required by law, or as necessary to protect Our rights.

5. How do We transfer Your Personal Data outside India? 

The processing of Your Personal Data may entail the transfer of Your Personal Data to group entities of Atradius or to selected third parties. The group entities of Atradius or selected third parties may be located outside India. We ensure that transfer of Personal Data to a third party or abroad, happens only in compliance with the provisions of the applicable law.

We have taken the appropriate safeguards to ensure that any Personal Data transferred to a third party or abroad by Atradius India or any person on Our behalf maintains the same level of data protection that is adhered to by Atradius India. However, We cannot guarantee absolute security of Your personal data/information and shall not be liable for any breach of security by an outside third party.

We will comply with the Indian government's list of restricted countries/territories for data transfers, as updated from time to time.

6. How do We protect Your data/information?

We are committed to ensuring that Your data/information including Personal Data is kept secure. In order to prevent unauthorised access, modification, destruction, or disclosure, We have put in place reasonable security practices and procedures to include, physical, technical, operational, managerial and organisational measures that are commensurate with information assets and with the nature of business.

You are responsible for maintaining confidentiality and security of Your username and password and may not disclose these credentials to any third party.

In addition, whenever We grant access to personal data or otherwise transfer it to third parties (as described I sections 1-4) We take steps to ensure that any personal data is subject to the same or substantively similar levels of protection that Atradius India already implements. This includes conducting vendor security assessments and executing data protection terms (including data processing agreements) with third parties.

7. How long do We retain Your data/information? 

We generally shall retain any Personal Data only: (i) for the period required to serve the applicable business purpose; (ii) to the extent reasonably necessary to comply with any applicable legal requirements; or (iii) as advisable in light of an applicable statute of limitations. Atradius India may specify (e.g., in, notice or records retention schedule) a time period for which certain categories of Personal Data will be kept.

However, We may continue to store Your personal information in anonymised form and non-personally identifiable format for analytical and research purposes.

ISO 27001

ISO/IEC 27001:2013 is the international standard for management of information security and provides a systematic approach to keep sensitive company information secure. We have secured the ISO 27001:2013 certificate to reassure Our customers that Atradius India complies with the highest standards regarding information security. Atradius India is ISO/IEC 27001:2013 certified. We have implemented the ISO/IEC 27001: 2013 standard for all processes supporting the development and delivery of services by Atradius India.

8. How can you contact Us to amend or delete Your data/information? 

• All information including Personal Data provided to Atradius India by You is voluntary.
• Atradius India shall not be responsible in any manner for the authenticity of any information supplied by You. We may, at Our sole discretion, discontinue the Services to You, if You provide, or if We have reasonable grounds to suspect, that any Personal Data is inaccurate, untrue, out of date or incomplete.
• As a data principal, You have certain rights concerning Our processing of Your Personal Data. You can: 
  • request details of Your Personal Data processed by Us, including any disclosures to third parties and the nature of processing activities;
  • ask Us to modify, rectify or delete Your information if You believe that Your Personal Data is inaccurate or incomplete;
  • withdraw consent for certain Personal Data;
  • ask Us to restrict or object the processing of Your Personal Data.
  • nominate any individual to exercise Your rights under this Privacy Statement on Your Behalf, in the event of Your death or incapacity.
• If You update Your information, Atradius India may keep a copy of the older information in its archives;

If You choose to withdraw consent, Atradius India reserves the right not to provide the Services or to withdraw the Services for which the information was sought/collected from You. However, please note that any withdrawal of Your consent shall not be treated on a retrospective basis. 

9. Age/Capacity of Consent 

By using the Website, You represent that You are at least 18 years of age and You have given Us Your consent to allow any of Your minor dependents or any dependents with disabilities to use this Website.

We do not knowingly collect any personal information from children or from persons with disability, without verifiable consent of their legal representatives. We also do not carry out any tracking or behavioural monitoring of Personal Data of children or undertake targeted advertising directed at children.

10. Third Party Links 

On the Website, if permitted by applicable law, certain links to third party websites may be provided which are operated by the third parties and are not controlled by, or affiliated to, or associated with Atradius India unless expressly specified on the Website. If You access any such links, We request You to review the third party’s privacy policy.

We are not responsible for the policies or practices of such third-party links and accordingly We do not make any representations concerning the privacy practices or policies of such third parties or terms of use of such websites, nor do We guarantee the accuracy, integrity, or quality of the information, data, text, software, sound, photographs, graphics, videos, messages or other materials available on such websites.

11. Governing Law and Disputes Resolution

This Privacy Statement shall be governed by the laws of India. Any and all disputes arising under or in relation to this Privacy Statement shall be subject to the exclusive jurisdiction of courts in Mumbai, India.

12. Data Protection Officer

For any queries related to this Privacy Statement, correction or modification or deletion of any Personal Data provided by You or for making a complaint about breach of privacy, please contact Our Data Protection Officer on the following details and We will handle your request carefully and in line with the applicable data protection laws:

Name: José Valdivielso
Email: dpo@atradius.com

In the event that You are not satisfied with the redressal of Your grievance, You may also reach out to the CERT-In or the Data Protection Board or any other relevant authority set up by the Government of India.