This is the privacy statement of CompanySpotter BV, having its registered office at Koninginnegracht 46-I in The Hague and registered in the Dutch Trade Register under number 78391857. For all questions regarding the contents of this statement or the exercise of your privacy rights, we have appointed a Data Protection Officer, who can be reached at [email protected].
Privacy is important to us, and we are committed to protecting personal data processed in our database and in our service (hereinafter referred to as the "Service"). This database privacy statement explains our purposes and legal basis for the information that we may collect about data subjects, the sources of that information and how the information is processed.
By far the majority of the data processed through our Service consists of information about legal persons and organisations in various forms (hereinafter referred to as a "Business" or, in the plural, "Businesses"), such as the software used by the Business, its business activities, field of activity, operating area and general contact details. However, a limited amount of data is collected and processed that may be linked to natural persons on the basis of their public role in the business operations of the Business, as made public in their capacity as representatives of the Business, or that is otherwise available and freely accessible in the public domain.
The Service is a software-based database that uses intelligent data-collection technology and machine-learning algorithms. The software continuously searches publicly and freely accessible sources and data, extracts and indexes the data, and compiles them into information about the Business. The data collected consist of data in the public domain, websites of Businesses, public sources and other source material made available to the public by the Business or its representatives. The Service may also contain links to external websites on which information about the Business is published.
Businesses are informed by email, in accordance with the conditions set out in Article 14 of the GDPR, about the processing of the data and the possibility that this may also include personal data.
CompanySpotter processes only publicly available personal data that are directly related to the person's role within the Business. Our Service is designed not to collect or process any personal data in the Service beyond what is directly related to the information concerning the Business. The processing is limited so as to have a minimal impact on privacy, and the processing of personal data does not go beyond what data subjects can reasonably expect (names and contact details of representatives of the Business, as available in the original public source). Our intelligent data-collection technology continuously searches for and updates the information that we collect and process, ensuring that no inaccurate or outdated personal data relating to Businesses are stored in the Service beyond a reasonable period. If the original source is updated or removed, the personal data in the Service will also be updated or removed shortly thereafter.
CompanySpotter operates an intelligent database that displays information available in public sources and on the internet. While we index and store data, we control which data are collected and how we process them. Our processing consists solely of filtering data that are already available, and we do not use them for any purpose other than making them further available to our visitors, users and customers. CompanySpotter is therefore responsible for the processing of the personal data.
When we make the data accessible to our customers, the customer can use our tool to browse the data indexed by us and may choose to import the data into its systems. By doing so, our customers assume control over the data and process the (personal) data (for the purposes specified below) in accordance with their privacy policy. Through our Terms of Use, we require our customers to undertake to use the data provided by us lawfully. In particular, where personal data are processed for other purposes, they must independently ensure transparency and assess the applicable legal basis.
In the course of carrying out our business activities and pursuing our objectives, we have created a database compiled on the basis of data relating to Businesses. The data included in our database are therefore always business data. It is nevertheless possible that certain business data are also personal data. This concerns only personal data displayed on the website of the Business in question. These data are included in our database, but are limited to the data necessary to provide our services.
The CompanySpotter Service may be used by our customers, among other things, for the following purposes:
The purposes are determined by the customer, which is the controller for the processing.
The objectives of CompanySpotter described above cannot be achieved without collecting, processing, systematising, analysing and interpreting business data (and personal data related thereto). CompanySpotter's core activity is the collection, processing and commercialisation of business information and contact details of Businesses. In pursuing these objectives, CompanySpotter does not lose sight of its obligations regarding the processing of personal data and applies a strict (internal) privacy policy. Central to this policy is the aim of offering data that are high-quality, accurate, up-to-date and complete. In addition, users are required to comply strictly with the relevant legislation and regulations concerning the processing of (any) personal data, electronic communications and direct marketing.
Under the GDPR, every processing of personal data must be justified, including processing by CompanySpotter. The rules provide that processing is justified where the purpose of the processing can be based on one of the six legal bases set out in the regulation. The applicability of the legal bases depends on the situation. It depends, among other things, on whether the processing is carried out by a public or private organisation, the purpose for which the personal data are processed and the manner in which they are collected. The legal bases are not cumulative. Nor is there any hierarchy among the legal bases. Only one of the legal bases needs to apply in order to justify processing.
The processing carried out by CompanySpotter in connection with compiling the database is necessary for the purposes of the legitimate interests pursued by CompanySpotter. In this respect, an assessment has already been made that the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data do not override those interests. Our use, processing and maintenance of such public data in the database is limited so as to have a minimal impact on privacy, and the processing of personal data does not go beyond what data subjects can reasonably expect and, where applicable, is limited to the period during which the data subject holds the position at the Business; the same information is also available and freely accessible to the public in the public domain. In addition, operating a website is a free choice, and data subjects provide information for the purpose of creating an online presence and achieving online objectives. For more information on this, we refer you to our Explanation of Legitimate Interests
CompanySpotter does not process special categories of personal data under any circumstances - such as race, ethnic origin, political opinions, memberships, data concerning health and/or religious or philosophical beliefs. Nor does any form of automated decision-making take place on the basis of individual profiles (profiling).
CompanySpotter collects personal data from open and public data of Businesses that are available in the public domain or that the Businesses themselves have freely made available to the public with a view to actively participating in commerce and being findable by search engines. Sources include websites of Businesses, business profiles on social media, press releases and other source material made available online to the public by the Business or its representatives. All personal data in our database are linked to the website or other public source from which they originate. Our technology is designed to process changes in those sources periodically, so that personal data are updated, supplemented or removed when the source gives cause to do so.
The CompanySpotter database contains a limited number of personal data that are directly related to the data subject's role within the Business. No other personal data are included in our database. Although all our internal processes are aimed at minimising the processing of personal data, it is possible that personal data may be present in the following components processed by CompanySpotter:
The collection relating to one Business in the database is always referred to as the "Record".
All personal data available to the users and customers of our Service are already freely accessible in the public domain, or otherwise available to the public in the same manner and in a similar format as in our Service. CompanySpotter focuses entirely on making this already publicly disclosed information easily searchable and available. With respect to recipients of personal data, CompanySpotter distinguishes three different types of recipients:
The data that CompanySpotter collects from data subjects are not stored at a destination outside the European Economic Area ("EEA"). However, our Service may be used by our customers and other users at a location outside the EEA. As part of the use of the Service, our customers access the database by means of searches and filters and may choose to import data from our database into their systems. Through our Terms of Use, our customers expressly undertake to use the data provided by us lawfully, including with regard to the lawfulness of any data transfer.
Personal data may be disclosed to authorities where this is required by mandatory local law or a court order. Data may also be disclosed where disclosure is permitted by applicable laws or regulations.
Personal data are stored in the database only for as long as and insofar as this is necessary to provide timely and accurate information about Businesses included in the CompanySpotter database, as designed in the Service. When such requirements no longer exist, the personal data will be erased. The requirement is deemed to exist for the period during which the data are recorded in the original source. We retain personal data for as long as they are available in the original source. Our database is updated automatically on a regular basis. When personal data are removed from the original source, we also remove those data from our database within a reasonable period.
The information security of the personal data, as well as the processing and the confidentiality, integrity and usability thereof, are safeguarded by appropriate technical and administrative measures, in accordance with CompanySpotter's information security principles. CompanySpotter employees have undertaken to observe confidentiality with respect to the information they receive when processing personal data. Privacy and security guidelines have been communicated to employees and ensure strict compliance with the privacy safeguards within CompanySpotter.
The database and information systems are accessible only with individual and personal login details (username and password) assigned by CompanySpotter. Access rights to the database are restricted so that information can be accessed and processed only by persons authorised and required to do so. Customers and users of our Service may access only the personal data made available by CompanySpotter in the Service.
As a data subject whose personal data fall within the scope of the EU General Data Protection Regulation (GDPR), you have certain rights, and this section of the database privacy statement is intended to provide you with information about your rights. The GDPR grants you the rights described below in relation to your personal data, insofar as they are included in the database. When exercising your rights, we emphasise that the nature of our Service is to collect, index and filter public data, and that all personal data in our database have been obtained from other public sources. If the data are amended or removed from the original source, they will also be amended or removed from our Service shortly thereafter.
For each of the rights listed below, please address all data protection requests and questions in the first instance to our Data Protection Officer, who can be reached at the following address: [email protected]. CompanySpotter always responds within the applicable time limits set out in the GDPR.
You have the right to information about which data are collected, the purposes of the processing for which the personal data are intended, as well as the legal basis for the processing and the recipients or categories of recipients of the personal data, if any. If your data are included in our Services, their processing is governed by this privacy statement.
You have the right to obtain confirmation from CompanySpotter as to whether or not personal data concerning you are being processed and, where that is the case, to obtain access to the personal data. After we have been able reasonably to verify your identity, CompanySpotter will confirm whether your data are included in our Services, which data we have collected, and can provide you with information about the original source of your personal data. You can submit a request to us for this purpose via [email protected].
You have the right to obtain from CompanySpotter the rectification of inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement. We will automatically update the personal data that we collect about you when you change the information in the source of the data.
You have the right to request that personal data be removed from our Services. You can submit a request to us for this purpose via [email protected]. After we have been able reasonably to verify your identity, we will remove the personal data. Please note: in order to continue to comply with your wishes in the future, we are required to store (at least) the URL of the website. If you do not want us to store the URL of your website, you can use a robots.txt file yourself to make your wishes known. This applies both to our search engine and to any other parties. You can read more about the use of a robots.txt file via this link.
You have the right to request that the personal data in the database be transferred to another entity and to receive them in a structured, commonly used and machine-readable format. You can submit a request to us for this purpose via [email protected]. After we have been able reasonably to verify your identity, we will transfer the personal data to the entity designated by you.
CompanySpotter does not apply profiling in any way.
With respect to requests made in the context of any of the rights referred to above, CompanySpotter retains the associated personal data in order to ensure proper performance and to evidence the correct handling of requests. These data are not retained longer than is necessary for this purpose.
If you believe that our processing of your personal data infringes the provisions of this privacy statement or the GDPR, you have the right to lodge a complaint with your national supervisory authority. An overview of the various national supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. For the Netherlands, data subjects can contact:
Authority for the Protection of Personal Data
Bezuidenhoutseweg 30
P.O. Box 93374
2509 AJ The Hague
Tel. +31 70 888 8500
https://autoriteitpersoonsgegevens.nl/
The relevant authorities rule exclusively on the processing of personal data. The processing of business data logically falls outside their remit.
CompanySpotter has the right to amend or update this statement, the "EU Database Privacy Statement", at any time. Where appropriate, we will endeavour to properly inform all data subjects whose rights are significantly changed/affected by the relevant amendment. In any event, it is advisable to consult this document regularly. A previous version is always available here.