This is the privacy statement of CompanySpotter BV, located at Koninginnegracht 46-I in The Hague and registered in the Dutch Trade Register under number 78391857. For any questions regarding the content of this statement or exercising your rights in respect of privacy, we have appointed a Data Protection Officer who can be contacted at [email protected].
Privacy is important to us and we are committed to protecting personal data processed in our database and our service (hereinafter "Service"). This database privacy statement explains our purposes and legal basis for the information we may collect about data subjects, the sources of the information and how the information is processed.
What personal data is processed in the Service?
The vast majority of data processed through our Service consists of information about legal entities and organisations of various forms (hereinafter referred to as "Company" or in plural as "Companies"), such as the software used by the Company, its business activities, field of activity, area of operation and general contact details. However, a limited amount of data is collected and processed which can be linked to natural persons on the basis of their public role in the conduct of the business of the Company, made public in their role as representatives of the Company or otherwise available and freely accessible in the public domain.
How is the data collected?
The Service is a software-based database, which uses intelligent data collection technology and machine learning algorithms. The software continuously searches publicly available sources and data, extracts and indexes the data and compiles it into information about the Company. The data collected includes data in the public domain, Company websites, public sources and other source material made available to the public by the Company or its representatives, always within the (legal) limits. The Service may also contain links to external websites, where information about the Company is published.
Companies are informed by e-mail, in accordance with the conditions set forth in Article 14 of the GDPR, about the processing of data and of the possibility that this may involve personal data. This is not to say that it is necessary to inform data subjects in all cases, but a conscious choice has been made to aim for a high standard.
How is personal data processed?
CompanySpotter only processes publicly available personal data that is directly related to the person's role within the Company. Our Service is designed not to collect or process personal data beyond what is directly related to the information of the Company. The processing is limited to have a minimal impact on privacy and the processing of personal data does not go beyond what is expected by the data subjects (names and contact details of Company representatives, as available in the original public source). Our intelligent data collection technology continuously searches for and updates the information we collect and process, ensuring that no inaccurate or outdated personal data relating to Companies is stored in the Service after a reasonable period of time. If the original source is updated or deleted, personal data in the Service will also be updated or deleted after a short period of time.
Who is responsible for the information?
CompanySpotter operates an intelligent database that displays information available in public sources and on the internet. While we index and store data, we control what data is collected and how we process it. Our processing consists solely of filtering data that is already available, and we use it for no other purpose than to make it further available to our visitors, users and customers. CompanySpotter is therefore responsible for the processing of personal data.
When we make the data accessible to our customers, the customer can use our tool to browse the data we index, and can choose to import the data into their systems. By doing so, our customers take control of the data and process the (personal) data (for the purposes specified below) in accordance with their privacy policies. Through our Terms of Use we require our customers to commit to the lawful use of the data provided by us. In particular, in the case of the processing of personal data for other purposes, they must independently exercise transparency and review the lawfulness of the processing.
Purpose and legal basis of processing personal data
In the conduct of our business activities and the pursuit of our business objectives, we have created a database that is compiled from data provided by companies. The data included in our database is therefore always company data. However, it is possible that (certain) company data is also personal data. This only concerns personal data that is displayed on the website of the Company in question and thus relates to the (legal) representative(s) of the organisation in question or the personal data of private persons-companies. This data is included in our database, but is limited to the data required to provide our services.
The CompanySpotter service may be used by our users and customers for the following purposes, among others:
- Having up-to-date information on potential business partners organised in one searchable database;
- Conducting market analyses and market segmentation within the business market in order to identify the most relevant companies (leads) to approach with a suitable proposal;
- Facilitating business meeting preparations by providing insights into what is currently happening at a specific Company, or within comparable organisations;
- Checking and completing databases with complete and up-to-date contact details and additional information on Companies in order to increase the quality and relevance of data by cleaning up outdated and missing company information.
- Carrying out research and analysis, which may lead to aggregated statistical insights in order to understand patterns and trends regarding Companies and the market(s) in which they operate.
These are the purposes for which further processing may be carried out by users and customers.
The aforementioned objectives of CompanySpotter cannot be achieved without collecting, processing, systemising, analysing and interpreting company data (and associated personal data). CompanySpotter's core business is the collection, processing and commercialisation of company information and contact details of Companies. However, within the framework of this activity, CompanySpotter does not lose sight of its obligations regarding the processing of personal data and maintains a strict (internal) privacy policy. The main focus of this policy is the ability to provide high quality, correct, up-to-date and complete data. In addition, users are obliged to strictly comply with all relevant regulations concerning the processing of (any) personal data, electronic communication and direct marketing.
In accordance with the GDPR, any processing of personal data must be justified, including the processing performed by CompanySpotter. The rules state that the processing is justified if the purpose of the processing can be based on one of the six legal grounds listed in the regulation. The applicability of the grounds depends on the specific situation. It depends, among other things, on whether the processing is carried out by a public or private organisation, for what purpose the personal data are processed and in what manner they are collected. The legal grounds are not cumulative. Nor is there any hierarchical order to the legal grounds. Only one of the legal grounds needs to apply in order to justify the processing.
The processing performed by CompanySpotter in the context of compiling the database is necessary in order to protect the legitimate interests of CompanySpotter. In this regard, careful consideration has already been given to the fact that the interests or fundamental rights and freedoms of the person concerned that require the protection of personal data do not outweigh these interests. Our use, processing and retention of such public data in the database is limited to have a minimal impact on privacy, and the processing of personal data does not go beyond what the data subject can reasonably expect and, where applicable, is limited to the period that the data subject holds the position with the Company, and the same information is available and freely accessible to the public in the public domain. Moreover, managing a website is a free choice and subjects provide information for the purpose of creating online presence and achieving online goals. For more information in this regard, please refer to our Explanation of Legitimate Interests
CompanySpotter does not process any special personal data such as race, ethnic origin, political opinions, memberships, health data and/or religious or philosophical beliefs under any circumstances. Furthermore, no form of automated decision-making takes place on the basis of individual profiles (profiling).
Origin of personal data
CompanySpotter collects personal data mainly from open and public data from Companies, which is available in the public domain or has been made freely available to the public by the Companies themselves in order to actively participate in commerce and to be found by search engines. Sources include Company websites, company profiles on social media, press releases and other source material made available to the public by the Company or its representatives. National registration agencies (or their equivalents) may be used to validate and enrich data. All personal data in our database is linked to the source from which it was obtained, and our technology is designed to update the personal data based on that source.
Personal data included in the database
CompanySpotter's database contains a limited amount of personal data directly related to the person's role in the Company. No other personal data is included in our database. Despite the fact that all our internal processes are aimed at minimising the processing of personal data, it is possible that personal data may be found in the following items processed by CompanySpotter:
- Domain name
- Company name
- VAT number
- Telephone number
- E-mail address
- Title of the website
- Description of the website
- Social media links of the website
- Content of the website
- IP Address
The compilation of information related to one company in the database is always referred to as the "Record".
Recipients of personal data
All personal data available to users and customers of our Service is already accessible within the public domain, or otherwise available to the public in the same way and format as it is within our Service. CompanySpotter is committed to making this information, which has already been made public, easily searchable and available. Regarding the recipients of personal data, CompanySpotter distinguishes three different types of recipients:
- Visitors; in principle, visitors do not have access to personal data. A limited amount of information on the Companies included in our service and related data is available through the search engine on our website, which can be used without a customer relationship with CompanySpotter. All systems are set up in such a way that personal data is not visible and export possibilities are closed. Visitors are also required to comply with the terms of use of the website.
- Registered users; registered users of the CompanySpotter Service have limited access (online viewing only) to the any potential personal data relating to the Companies they are looking for, to the extent that this data is available in the Service. Export options (downloads) are excluded. All registered users are required to register in advance and agree to the Terms and Conditions of Use, which explicitly binds them to maintain strict compliance with all laws and regulations.
- Paying customers; paying customers of the CompanySpotter Service have access to the personal data relating to the Companies they are looking for, to the extent that such data is available on the Service. All paying customers are required to register in advance and agree to the Terms of Use which expressly commits them to the use of due diligence and strict compliance with all laws and regulations. CompanySpotter's paying customers can export data from the Service. When our customers use this feature, they become responsible for processing personal data, in which case the customer's privacy statement will apply to the data processing they may perform. In the event that personal data is disclosed to our customer, we require the customer to contractually agree to appropriate data processing practices.
- We may use third parties to provide our Service. In such cases, we will always enter into formal agreements with third parties that provide at least the same level of security and privacy safeguards as CompanySpotter imposes on itself.
Transfer and handling of information
The data that CompanySpotter collects from data subjects will not be stored at a destination outside the European Economic Area ("EEA"). However, our Service may be used by our customers and other users at a location outside the EEA. As part of their use of our Service, our customers may access the database through searches and filters and may choose to import data from our database into their own systems. By means of our Terms of Use, our customers explicitly agree to the lawful use of the data provided by us, including the lawfulness of any data transfer.
Personal data may be disclosed to authorities in cases required by mandatory local legislation or court order. Data may also be disclosed if the disclosure is permitted by applicable law or regulation.
Storage of personal data
Personal data will only be stored in the database for as long as, and to the extent that, it is necessary to provide timely and accurate information about Companies listed in the CompanySpotter database, as intended in the Service. When such requirements no longer exist, the personal data will be deleted. The requirement shall be deemed to exist for the period that the data remains in the original source. The retention periods for personal data in CompanySpotter are designed to reflect the retention period of the original data source. The database will be automatically updated on a regular basis, and personal data will not be retained for longer than a reasonable time after it has been removed from the original source.
Data protection principles
The information security of personal data and its processing, as well as its confidentiality, integrity and usability, are guaranteed by appropriate technical and administrative measures, in accordance with CompanySpotter's information security principles. CompanySpotter employees are fully committed to respecting professional secrecy and confidentiality with regard to the information they receive when processing personal data. Privacy and security guidelines have been made available to employees and ensure strict compliance with privacy safeguards within the company.
The database and information systems can only be accessed with individual and personal login details (user name and password) provided by CompanySpotter. Access rights to the database are limited so that the information can only be viewed and processed by those who are authorised and required to do so. The customers and users of our Service may only access the personal data provided by CompanySpotter in the Service.
Prior to CompanySpotter's operational activities, an information security risk analysis was carried out. This analysis has provided insight into potential risk areas and appropriate (security) measures have been taken. This risk assessment is reviewed on a regular basis to ensure it is always up-to-date and all measures are in accordance with the present situation and to anticipate any potential risks in the foreseeable future.
Rights of the data subject
You, as a data subject whose personal data is subject to the EU's 'General Data Protection Regulation' (GDPR), have certain rights and this section of the database's privacy statement is intended to provide you with information about your rights. The GDPR grants you the rights described below in relation to your personal data, to the extent that it is contained in the database. In exercising your rights, we emphasise that the nature of our Service is to collect, index and filter public data, and that all personal data in our database is obtained from other public sources. If the data is modified or deleted from its original source, it will be shortly modified or deleted from our Service as well.
For each of the rights mentioned below, please direct all data protection requests and questions to our Data Protection Officer, who can be reached at the following e-mail address: [email protected]. CompanySpotter always responds within the applicable deadlines as are included in the GDPR.
Information on processing
You have the right to information; which data is collected, the purposes of the processing for which the personal data is intended, as well as the legal basis for the processing and the recipients or categories of recipients of the personal data, if any. If your data is included in the CompanySpotter database, the processing is governed by this privacy statement.
Access
You have the right to obtain confirmation from CompanySpotter as to whether or not the personal data in question is being processed and, if so, to gain access to the personal data. After we have had the opportunity to reasonably verify your identity, CompanySpotter will confirm whether your data is included in our services, what data we have collected and provide you with information regarding the original source of your personal data. You can make a request in this regard by sending an email to [email protected].
Correction and rectification
You have the right to request CompanySpotter, without undue delay, to correct any inaccurate personal data. Taking into account the purposes of the processing, you as a data subject have the right to have incomplete personal data completed, including by providing a supplementary statement. We will automatically update the personal data we collect about you if you change the information in the source of the data.
Restriction and deletion
You have the right to ask for the deletion of personal data stored in the database. We will automatically delete the personal data we collect about you when you delete the information in the data source. You may also make a request to us at [email protected]. We will delete the personal data after we have had a reasonable opportunity to verify your identity. Note: To comply with your wishes in the future, we are required to store (at the very least) the URL of the website. If you do not want us to store the URL of your website, you can use a robots.txt file yourself to make your wishes known. This applies both to our search engine and any other parties. You can read more about using a robots.txt file via this link.
Transfer
You have the right to request that the personal data in the database be transferred to another entity in a structured, commonly used and machine-readable format. You can make a request for such transfer by sending an e-mail to [email protected]. We will, after we have reasonably been able to verify your identity, transfer the personal data to the entity you request.
Non-profiling
CompanySpotter does not engage in any form of profiling.
With respect to requests made by data subjects under any of the data subjects' rights as provided by the GDPR, CompanySpotter retains the request and associated data for a period of up to two years from the time the request is made. This is done in order to provide a check on the proper execution of handling such requests and managing evidence thereof.
Right to file a complaint
If you believe that the processing of your personal data by us would infringe the terms of this privacy statement or the GDPR, you have the right to file a complaint with your National Supervisory Authority. An overview of the various National Supervisory Authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. For the Netherlands, data subjects can contact:
Authority for the Protection of Personal Data
Bezuidenhoutseweg 30
P.O. Box 93374
2509 AJ The Hague
Tel. +31 70 888 8500
https://autoriteitpersoonsgegevens.nl/The relevant authorities only assess the processing of personal data. The processing of company data falls outside the scope of the authority.
Changes to this statement
CompanySpotter reserves the right to change or update this 'EU Database Privacy Statement' at any time. If the occasion arises, we will strive to correctly inform all data subjects whose rights are significantly changed/affected by the change in question. In any case, it is advisable to consult this document regularly. A 'second to last' version is always available here.