Privacy Statement

Atradius India Credit Management Services (P) Limited (“Atradius India”), is a credit management agency incorporated and registered under the provisions of applicable law in India. Atradius India is a subsidiary of Atradius N.V. The latter, Atradius N.V., is a global provider of credit insurance, surety, reinsurance, debt collections and business information/intelligence services.

This Privacy Statement describes the privacy policy of Atradius India. It is published in compliance with India’s Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (the “SPI Rules”).

When providing our products and services, Atradius India acts as a “data controller”. We collect and process information mainly on companies and businesses. However, in the process of doing so, we also process data that may be qualified as “personal data” or “personal information or data”, or “sensitive personal information or data” under the SPI Rules, where it is information relating to an individual (e.g. a sole trader, a company director, a beneficial owner, a professional contact etc.). Your trust in how we handle your personal data/information is important to us. When you use our websites, applications, portals, sign-up for our newsletters, engage our services as a representative or contact person of our customer, trade (as a counterparty) with our customers or do business with us as our business partner or supplier, it is important to us to use your personal data/information carefully and securely in a transparent manner.

In this Privacy Statement we provide information we are required to give in relation to the processing of personal data/information under Indian law. We explain for instance the purposes and grounds of the processing of personal data/information, the categories of personal data/information concerned, the categories of the sources and the recipients of the personal data/information, data retention and your rights as data subject/provider of information.

This Privacy Statement applies to the Atradius India website. However, other subsidiaries of Atradius N.V. including for example Graydon, Iberinform and Atradius Instalment Credit Protection (Belgium) may also have additional privacy notices on their own (local) websites. Please go to their websites for specific privacy information.

Updates to this Privacy Statement

We strive for continuous improvement in our services, processes and protecting your personal data rights, so we may update this Privacy Statement from time to time. Therefore, we advise you to check this statement on a regular basis. This Privacy Statement was updated on 10 May 2023.

When do we collect personal data and when does this Privacy Statement apply?

1. If you use our website

1.1 What personal data do we collect?

We may process the following information on your company or business, which may qualify as personal data/information:

  • Any personal details that you submit such as your name, (work) address, telephone number, email address, login details, or other information provided during registration for any of our products or services.
  • Information that allows us to remember you and your preferences in using this website. We use cookies to collect this type of information. Further details on this are available on our Cookie Information page including how to decline/disable cookies.
  • Your IP address, which we use to note your interest/visit to our websites.
  • Your subscriptions to any newsletters, email updates, country reports, updated trade or economic information, etc. made via the website.

1.2 Why do we collect this personal data?

We may use your information for the following purposes:

  • To provide products and services, maintain contact with you and handle complaints/disputes.
  • To optimise our products and services, for (direct) marketing purposes and market research.
  • To perform Atradius India administration  and to manage and protect our information technology infrastructure.

1.3 Legal grounds for using your personal data

We process your personal data/information only if this is allowed under one of the legal processing grounds. We rely on one or more of the following legal grounds for the processing of your information:

  • Consent
    • We request your consent for the usage of certain cookies via our website. See our Cookie Information page for more details on this.
  • Legitimate interests   
    We may process your information as necessary for achieving our legitimate interests.
    • For the usage of some cookies, we do not require your consent. Here, Atradius India has a legitimate interest to make a functional website available to you. See our Cookie Information page for further information on this.
    • In certain cases, we do not require your consent to use your personal data/information to contact you. This is, for instance, the case if you requested us to contact you via a contact form. We furthermore do not always require your consent to use your personal data/information for marketing purposes. This may for instance be the case if Atradius India obtained your email address in the context of the sale of our products or services, and we use this address for direct marketing of our own similar products or services.

1.4 Where did we obtain your information?

We automatically obtain some information when you visit our website. We collect such information via cookies. See our Cookie Information page for more details on this.

We obtain other information when you actively provide it to us. This is, for example, the case when you sign up for any newsletters, email updates, country reports, updated trade or economic information, etc. via our website. See also the information on our marketing activities in Section 2 below.

1.5 Who will have access to your personal data?

We may disclose personal data/information to fulfil our purposes to:

  • Atradius companies, branches, affiliates, business partners and service providers.

2. Marketing

2.1 What personal data do we collect for marketing purposes?

In the context of our marketing activities, we may process the below information about you:

  • Contact details:
    Name, title, phone number, email, (work) address, contact history.
  • Information on consent provided by you to use your personal data/information for marketing purposes, e.g. in the form of subscriptions to any newsletters, email updates, business publications, survey reports, and white papers.
  • Information on your interests e.g. based on your subscriptions for our publications for specific topics or industries.
  • Information regarding any of your questions, complaints or disputes.
  • Other personal data/information provided by you.

2.2 Why do we collect this personal data?

We may use your information for the following purposes:

  • To get into and maintain contact with you.
  • To promote and inform you about our (new) products and services.
  • To organise events and other promotional activities.
  • To analyse your interests and possible business opportunities for us.
  • To obtain your views on certain matters, e.g. via (customer satisfaction) surveys.
  • To deal with questions, complaints or disputes.

2.3 Legal grounds for using your personal data

We process your personal data/information only if this is allowed under one of the legal processing grounds. We rely on one or more of the following legal grounds for the processing of our marketing activities:

  • Consent 
    • If required, we request your consent for processing your personal data/information for our marketing activities. You can withdraw your consent at any time by clicking on the opt-out link in our emails or by submitting a form online. If you withdraw your consent, this will not affect the lawfulness of our use of your personal data/information before your withdrawal.
  • Legitimate interests  
    • We may process your information as necessary for achieving our legitimate interests when performing our marketing activities. For our business interests we may for example gather, analyse and interpret information about our customers in order to find new opportunities to sell and develop products and services to satisfy the preferences and needs of our customers.

2.4 Where did we obtain your information?

For marketing purposes, we primarily obtain information concerning you from yourself. In other instances, we may obtain your personal data/information from the various sources displayed below.

  • Parties who refer us to you, or to whom you provided consent to share your data with us.
  • Third parties engaged by us in the context of our marketing activities.
  • The internet (incl. social media) for as far as allowed under the applicable law.

2.5 Who will have access to your personal data?

Atradius may disclose information on you, which may qualify as personal data/information to:

  • Atradius companies, branches, affiliates, business partners and service providers.

3. If you are a customer, policy related party, intermediary, co-guarantor, business partner or supplier

3.1 What personal data do we collect?

We may process the following information on your business, which may qualify as personal data/information if it relates to information relating to an individual (e.g. a sole trader, company director, (ultimate) beneficial owner, shareholder, beneficiary, professional contact etc.).

  • Contact details and personal identification data, e.g. your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name.
  • If your company is not a legal entity, we may also process bank account details, VAT number, details of the agreement with you and financial information.

3.2 Why do we collect this personal data?

We may process information on your business, which may qualify as personal data/information, for the following purposes:

  • To execute and provide services in relation to the agreements. This may entail: processing transactions, communicating with you, assessing (trade) insurance risks and coverage, recovery actions, providing credit (risk) management and business intelligence services and products, conducting debt collections, providing customer support services, handling complaints and disputes.
  • To perform “know your counterparty”, fraud, terrorism, sanctions list checks and other compliance checks.
  • To optimise our products and services, conduct (market) research and statistical analyses.
  • To perform administration of Atradius India and to manage and protect our information technology infrastructure.
  • For marketing purposes: see Section 2 above for further details.
  • To establish, exercise or defend legal claims.
  • To comply with an order of a regulatory/governmental authority or an obligation under relevant laws or regulations or (voluntary) regulatory, industry or sector codes or guidelines.

3.3 Legal grounds for using your personal data

We process your personal data/information only if this is allowed under one of the legal processing grounds. We rely on one or more the following legal grounds for the processing of your information:

  • Legitimate interests
    We may process your personal data as necessary for achieving our legitimate interests, when performing our business activities.
    • Offering and developing credit management services, surety, and debt collections products and services, as well as business intelligence services, which aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services.
    • As necessary for entering into and the performance of agreements with the company or business that you are associated with.

We will not process your personal data/information if your interests prevail.

  • Performance of a contract  
    If you are a sole trader company, we need to process your personal data for entering into and the performance of agreements.
  • Legal obligation 
    We may process your personal data if necessary to comply with one of our legal obligations, for instance to perform compliance checks or to comply with orders of a regulatory/ governmental authority, or follow obligations under industry or sector codes.

3.4 Where did we obtain your information?

The personal data/information that Atradius India processes may originate from various sources:

  • Directly from you or the company you are associated with, including those representing or authorised by you or such company.
  • From Atradius companies, branches, affiliates or business partners.
  • From (publicly) available sources.
  • From information/data vendors.

3.5 Who may have access to your personal data?

We may disclose personal data/information to fulfil our purposes to:

  • Parties authorised by you or the company you are associated with.
  • Atradius companies, branches, affiliates.
  • Third parties such as crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, debt collectors and other service providers.
  • Advisers or other professional parties, to establish exercise or defend legal claims or to protect our business operations or legal rights.
  • Law enforcement agencies, regulatory/governmental authorities: when required by law, or as necessary to protect our rights.

4. If you or your company trade with our customers (a “buyer”, “debtor” or “beneficiary”)

4.1 What personal data do we collect? 

We may process the following information on your business, which may qualify as personal data/information, in so far as it relates to information relating to an individual (e.g. a sole trader, company director, (ultimate) beneficial owner, shareholder, professional contact etc.).

  • Contact details and personal identification data, e.g. your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name. 
  • If your company is not a legal entity, we may also process bank account details, trade registration, VAT number, financial information, insolvency status, sources of wealth.

4.2 Why do we collect this personal data? 

We may process information on your business, which may qualify as personal data, for the following purposes:

  • To execute and provide services in relation to the agreements we have with our customers. For example: processing transactions, communicating with you, reviewing (trade) insurance risks and coverage, recovery actions, providing credit (risk) management and business intelligence services and products, conducting debt collections, handling complaints and disputes.
  • To perform fraud, money laundering, terrorism and sanctions list checks and other compliance checks.
  • To optimise our products and services, conduct (market) research and statistical analyses.
  • To perform administration  within Atradius India and to manage and protect our information technology infrastructure. 
  • To establish, exercise or defend legal claims. 
  • To comply with an order of a regulatory/governmental authority, or an obligation under relevant laws or regulations or (voluntary) regulatory, industry or sector codes or guidelines.

4.3 Legal grounds for using your personal data 

We process your personal data/information only if this is allowed under one of the legal processing grounds. We rely on one or more of the following legal grounds for the processing of your information:

  • Legitimate interests
    We may process your personal data as necessary for achieving our legitimate interests, when performing our business activities.
    • Offering and developing credit management services, surety and debt collections products as well as credit (risk) management, business intelligence services, which aim to help companies around the world understand and protect against the default risks associated with the selling of goods and services.
    • As necessary for entering into and the performance of agreements with our customers.
    • To establish, exercise or defend legal claims.

We will not process your personal data/information if your interests prevail.

  • Legal obligation
    We may process your personal data to comply with our legal obligations, for instance to perform compliance checks or to comply with orders of a regulatory/governmental authority, or follow obligations under industry or sector codes.

4.4 Where did we obtain your information? 

The personal data/information that we process may originate from various sources:

  • Directly from our customers or from you, including those representing the customer or you.
  • From Atradius companies, branches, affiliates or business partners.
  • From (publicly) available sources.
  • From information/data vendors.

4.5 Who may have access to your personal data? 

We may disclose personal data/information to fulfil our purposes to:

  • Our customers and parties authorised by the customer (such as intermediaries, representatives, companies belonging to the customer’s group).
  • Atradius companies, branches, affiliates.
  • Third parties such as crime or fraud detection and prevention agencies, reinsurers, other insurers, banks, business partners, auditors, lawyers, debt collections and other service providers.
  • Advisers or other professional parties, to establish exercise or defend legal claims or to protect our business operations or legal rights.
  • Law enforcement agencies, regulatory/governmental authorities: when required by law, or as necessary to protect our rights.

5. How do we transfer your personal data outside India? 

The processing of your personal data/information may entail the transfer of your personal data/information to group entities of Atradius or to selected third parties. The group entities of Atradius or selected third parties may be located outside India. We ensure that transfer of personal data to a third party or abroad, happens only in compliance with the provisions of the applicable law.

We have taken the appropriate safeguards to ensure that any personal data/information transferred to a third party or abroad by Atradius India or any person on our behalf maintains the same level of data protection that is adhered to by Atradius India.

6. How do we protect your personal data?  

We are committed to ensuring that your personal data/information is kept secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate physical, technical and organisational measures to safeguard the information we collect and process.

7. How long do we retain your information? 

We generally shall retain any sensitive personal data/information only: (i) for the period required to serve the applicable business purpose; (ii) to the extent reasonably necessary to comply with any applicable legal requirements; or (iii) as advisable in light of an applicable statute of limitations. Atradius may specify (e.g., in, notice or records retention schedule) a time period for which certain categories of personal data/information will be kept.

8. ISO 27001

ISO/IEC 27001:2013 is the international standard for management of information security and provides a systematic approach to keep sensitive company information secure. We have secured the ISO 27001:2013 certificate to reassure our customers that Atradius India complies with the highest standards regarding information security. Atradius India is ISO/IEC 27001:2013 certified. We have implemented the ISO/IEC 27001: 2013 standard for all processes supporting the development and delivery of services by Atradius India. 

9. How can you contact us, access and update your information? 

  • As a data subject/provider of information, you have certain rights concerning our processing of your personal data. You can:
    • request access to your personal data held by us
    • ask us to rectify or complete your information if you believe that your personal data is inaccurate or incomplete
    • withdraw consent for certain personal data
    • ask us to restrict the processing of your personal data
    • object to our processing of your personal data

You may send us your request or complaintto the Atradius India Grievance Officer. We will handle your request carefully and in line with the applicable data protection laws. You also have the right to lodge a complaint with your national data protection authority.

The Atradius India Grievance Officer Nazim Tamboli, can be contacted by emailing dpo@atradius.com.

Disclaimer

Each publication available on or from our websites, such as, but not limited to webpages, reports, articles, publications, tips and helpful content, trading briefs, infographics, videos (each a “Publication”) is provided for information purposes only and is not intended as a recommendation or advice as to particular transactions, investments or strategies in any way to any reader. Readers must make their own independent decisions, commercial or otherwise, regarding the information provided. While we have made every attempt to ensure that the information contained in any Publication has been obtained from reliable sources, Atradius is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information in any Publication is provided ’as is’, with no guarantee of completeness, accuracy, timeliness or of the results obtained from its use, and without warranty of any kind, express or implied. In no event will Atradius, its related partnerships or corporations, or the partners, agents or employees thereof, be liable to you or anyone else for any decision made or action taken in reliance on the information in any Publication, or for any loss of opportunity, loss of profit, loss of production, loss of business or indirect losses, special or similar damages of any kind, even if advised of the possibility of such losses or damages.