Privacy Policy Sprinque
1. General Notice
1.1
Introduction. Sprinque B.V. (‘Sprinque’) is a company based in Amsterdam, the Netherlands, and registered with the Chamber of Commerce (8197705). Sprinque is a B2B checkout platform that allows business buyers to make online purchases with the payment terms that best suit their needs, while merchants or marketplaces have the option to get paid instantly for those transactions.
1.2.
Why this privacy statement? Whenever you use our services, website, apps or when you correspond with us, whether as a customer (often a B2B marketplace or merchant) or as an end-user of our customers or a visitor to our website: you share (personal) information with us. This statement informs you how and for what purposes we collect, process, store, share and protect your data, for how long we keep your data as well as what rights you have concerning your data.
1.3.
Adherence to GDPR. Sprinque is responsible for the data you share with us as a data controller under the General Data Protection Regulation 2016/679 (‘GDPR’). It goes without saying that Sprinque adheres to the rules as set forth therein.
2. Collecting, processing and storing your personal data
2.1.
Information we collect. The personal data we collect and the use of such data depends on the context of the business relationship and the interaction with our services, the choices made by you and the services and features you use. Please note that the data items in the sections below are only considered ‘personal data’ when concerning a natural person (meaning, an individual human being). These data items are not considered ‘personal data’ when concerning a legal person or entity.
2.2.
Customer registration. When engaging with Sprinque’s services, you will register your company providing us with information, including personal data like identity details, gender, name, maiden name, date of birth, email, identity document details (ID card, passport, registration certificate), if applicable.
2.3.
This information as well as usage times (login) is used to create an account with Sprinque enabling your company to access the Sprinque services (article 6.1(b) GDPR) and is stored for 7 years.
2.4.
End-users. When end-users of our customers are offered the option of postponed payment in the purchasing process (“Pay-by-Invoice”), this is facilitated by Sprinque. In order to make this service available, we receive data from our customers at the time an end-user creates an account with the customer. This data includes personal data such as: name, IP address, and email of the end-user, as well as business information. Based on this data, we determine, whether the end-user is eligible to use the Pay-by-Invoice service by conducting fraud and credit checks. We also use this data to improve our services. This processing is based on the legitimate interest of our customer (article 6.1(f) GDPR) to offer the best payment options as well as our legitimate interest in continuing to improve our risk scoring and fraud detection capabilities. We will store your personal data used for fraud and credit risk assessments up to 2 years after the last use of the Pay by Invoice service. When an approved end-customer decides to make use of the Pay-by-Invoice service, the customer shares transaction information with Sprinque in order to check the validity of the transaction and if the end-user has credit available. As of that moment we process your data based on such agreement (article 6.1(b) GDPR). This data is stored for 7 years after full payment has been provided to Sprinque. After the retention periods described above have expired, the data will be stripped of personally identifiable information and only processed in an anonymized form.
2.5.
Queries on fraud and credit history. When a customer registers with us or when an end-user of one of our customers using our services creates an account with that customer and is eligible for the Pay by Invoice service, we will share personal data of the representative of the business with our trusted partners, providing for rating and information services (hereinafter referred to as third-party providers) in order to obtain further information about the company being registered, as well as data on payment history and credit default risk. The processing of personal data by these third-party providers is done under the sole responsibility of these parties. The privacy policies of these parties apply to this processing of personal data. An accurate list of our third-party providers is available upon request.
2.6.
The following information on creditworthiness can be obtained: information on the probability of default using the information on the previous payment history based on mathematical-statistical methods, as well as negative indicators such as ongoing collection or insolvency proceedings, an above-average risk of default on receivables, or similar. The processing is based on our legitimate interest (article 6.1(f) GDPR) to secure an advance performance or granting of credit. We store the information we receive for a period of 7 years.
2.7.
Money laundering prevention. In order to comply with our obligations under money laundering laws, we need to establish the identity of our customers. Also for reasons of money laundering prevention, an additional check is carried out to determine whether you or other persons associated with the company are a so-called politically exposed person and whether extended identification obligations exist in this context or whether you are on a sanctions list. The verification takes place when the business relationship is established and then on a regular basis. Processing is carried out in accordance with the Dutch Law for the Prevention of Money Laundering and Terrorist Financing. The data will be stored until 5 years after the end of the fiscal year in which the business relationship ends.
2.8.
Non-logged in use/website visit. When visiting our website, we will collect personal data through the use of cookies and other technologies like IP address, Google Analytics ID, internet browser and device type, location data, the pages you visited, how you got to our website, the time and length of your visit, your language preferences, etcetera. For more information about data processing through our website, please read our {Cookie Policy}.
2.9.
Email marketing. If you have given us your consent to send you information of a promotional nature, such as newsletters or text messages, we will use your e-mail address, postal address and telephone number for the purpose of sending you the relevant information. You can revoke your consent for the future at any time by using the unsubscribe link in the emails sent to you. Such revocation does not affect the lawfulness of the data processing up to that point.
2.10.
Storing your data. We store personal data only on servers located within the European Economic Area (EEA). In some cases, however, it may be necessary for us to transfer data to servers located outside the EEA. This will only be done if such a transfer is permitted under European law and it is ensured that your personal data is adequately protected.
2.11.
Security measures. We use appropriate, technical, organizational and administrative security measures to protect any information we hold in our records from loss, misuse and unauthorized access, disclosure, alteration and destruction. Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and personal data by selecting and protecting your password appropriately and limiting access to your computer or devise and browser by signing off after you have finished accessing your account.
3. Rights regarding your data
3.1
General. You have the following rights regarding your data:
(a) Access. You can request a written copy of the personal data we hold about you.
(b) Correct. We want to ensure that your personal data is accurate and current. You can rectify data with us that you believe to be incorrect.
(c) Erase: You can request us to erase your personal data. If we need the personal data to be able to provide you with our services, we may not be able to erase it immediately. We may not delete information that we are required to keep by law.
(d) Object. You can object at any time to the processing of your personal data on the basis of Article 21 GDPR.
(e) Restrict processing. You can limit the processing of your data in accordance with Article 14 of the GDPR.
(f) Withdraw consent. When the processing of your personal data is based on your consent, you have the right to withdraw your consent, without affecting the lawfulness of the processing based on your consent before the withdrawal.
(g) Data portability: If your personal data is processed by automated decision-making for the fulfillment of our contractual relationship, you have the right to request that we provide you with your personal data in a machine-readable format for transfer to another controller.
(i) Complain. You can submit a complaint at any time to founders@sprinque.com or to the authority via https://autoriteitpersoonsgegevens.nl/.
(j) Ask information. You have the possibility to request information about your personal data.
3.2.
E-mail. Questions, comments, requests or complaints concerning the processing of your personal data or this privacy statement can be addressed to founders@sprinque.com.
4. Changes in statement
4.1.
Just as our business is always changing, this Privacy statement may also change from time to time. If we plan to make material changes or changes that have an impact on you, we will always contact you in advance. An example of this kind of change would be if we were to start processing your personal data for purposes that aren’t detailed above.
Last updated: February, 2022