Coface Trade Credit Insurance South Africa

POPIA

COFACE SOUTH AFRICA DATA PROTECTION STATEMENT

 
Coface South Africa is a provider of credit insurance, business information and debt collections services (Coface).
 
Within the frame of our activities, we primarily collect and process data about companies, businesses and traders. 
 
Coface acts as the "responsible party" in the provision of our products and services. This means that Coface is the legal entity in control of the personal data it collects and is required by law to ensure policies, processes and procedures are in place to safeguard this data and respect the rights of the individuals whose data is collected.
 
Coface is committed to the protection of personal data we collect and process, with rigorous policies, controls, and compliance oversight to ensure that data is held and used appropriately. Your confidence in our safe and professional handling of data matters for us.
We are committed to process your personal information securely and carefully and in a fair and transparent manner.
 
This Data Protection Statement explains the purposes and reasons for the processing of personal data, the categories of personal data concerned, the categories of sources and recipients of personal data, data retention and your rights as a data subject depending on your situation, in other words whether you are:
I.       Website visitor 
II.      Prospect or recipient of commercial offers or commercial information 
III.     Customer, Broker, Guarantor, Business Partner or Supplier
IV.     Debtor, Buyer or a “Beneficiary” (in a potential or existing contractual or legal relationship with one of our customers) – 
 
In addition, we will inform you as a Data Subject about other important information and data privacy rights:
  1. Does Coface transfer your Personal Data outside the RSA? 
  2. VI.       How does Coface protect your Personal Data? 
VII.      What are your Data Privacy Rights and how can you contact us? 
 
Please note that we are continuously improving our services and processes in order to protect your personal data, thus, we may update this Data Protection Statement. Therefore, you are welcome to consult our website to get an updated version of this Data Protection Statement.
 
I. You are a Website Visitor.
 
Way of data collecting
Coface collects data you provide us when you e.g., sign up for our services on our websites, enter data into an online contact form and/or activate a newsletter opt-in box. We confirm that the entry of such data in this context is voluntary and that it is not subject to a statutory or contractual requirement or a requirement necessary to enter into a contract.
 
Data Categories
Personal details that you may provide on voluntarily basis, such as name, work address, work phone number, work or personal email address, or other information provided when registering for one of our services or products.
 
Purposes and Legal grounds
We collect and process your data on the basis of legitimate interest and consent:
§ Respond to your requests and queries on our products and services; § Stay in contact with you if you have required so; § Respond to your complaints filed on our website.
 
Right to withdraw
You have the right to withdraw your consent at any time by contacting the same address from which Coface has contacted you.
 
Recipients of collected data.
In order to comply with the above purposes, your personal data may be disclosed to any entity of the Coface Group, our business partners and services providers.
 
Period for which the personal data will be stored
Newsletter contact data (E-Mail): we keep your data as long as you did not apply for withdrawal or apply for the right to object.
Data entered into contact form: we will erase your data immediately by receiving a withdrawal or objection or in case of 2 years of ongoing inactivity (if you have not responded or did not send any new request).
 
Cookies, statistic data & connection data
If you are a visitor of our websites, it is our aim to inform you clearly and openly about the data we collect and that we use related to you. In most cases, and also depending on personal configurations and given consent, our websites are using persistent cookies, session cookies, sometimes they are using also pixel technologies, local storage technologies or other similar technologies like advertising IDs and tags.
Since local Coface websites can differ in their specific cookie and statistical settings, we recommend that you read the current online cookies policy on our South African website.
 
There you can see a complete and detailed list and description of the settings and activities as well as a permanent link that you can use to set and to change your personal preferences and consents at any time.
 
II. You are Prospect or Recipient of Commercial Offers or Commercial Information
 
Way of data collecting
 
We collect business contact data from different sources like:
  • Recommendations from customers, brokers, agents or other partners.
  • Publicly available sources (internet, trade register), also using qualified internet scanning technologies.
  • Own customer databases.
  • Contact data directly received from a prospect during communications, meetings or phone calls.
 
Under no circumstances, is there any obligation to provide business contact data for Coface commercial purposes. If Coface does not have contact data from a company, then it is simply not likely that you will enter into business relationships with Coface.
 
Data Categories
Personal information such as name, work address, work phone number, work email address, or other information such as industry affiliation that was provided by the source from where the data has been collected.
 
Purposes and Legal Grounds
 
We collect and process your data:
  • To get in touch with you and to stay in contact with you to advertise and inform you about our (new) products and services.
  • To set up promotional activities and business events.
  • To analyze your business needs and environments, optimizing our products and product offers for you.
 
Legal grounds: In order to maintain a lively and innovative economic life around economically essential products such as credit insurance, debt collection, we operate our commercial activities primarily based on legitimate interests. We take the interests of our prospects into account in order to find a pleasant balance, not to make them feel disturbed by advertising activities.
 
Right to withdraw
You have the right to withdraw at any time by contacting the same address from which Coface has contacted you.
 
Recipients of collected data
Coface companies, Coface branches, business partners (if the data are publicly available).
 
Period for which the personal data will be stored
 
We will erase your data:
  • By receiving a withdrawal or objection.
  • In case of 2 years of ongoing inactivity (if you have not responded or did not send any new request).
 
III. You are a Customer, Broker, Guarantor, Business Partner or Supplier
 
Way of data collecting
Primarily, we collect your data by asking you to complete forms (electronic documents, paper or entering data into Group platforms).
 
We may also collect your data from the following sources:
  • Other Group companies, branches, affiliates, or business partners; § Publicly available sources § Information/data vendors.
 
Please note that the provision of the data for which we are directly asking you, is essential and a mandatory prerequisite for the conclusion of a contract, the creation of master data in our systems, and essential for compliance with anti-money-laundering law and risk prevention.
 
Data categories
  • Information about your company that may be considered personal data insofar it includes information related to an individual person (e.g. sole proprietor, manager, beneficial owner, shareholder, beneficiary, professional contact etc.): contact details and personal identification data as name, title, function, business phone number, business address, business email address, country, place and date of birth, ID, name of entity.
  • The following information also can be considered personal related if your company is   not a legal entity: personal bank account number, sales, or tax identification number, claims history, contractual details, and other financial information.
Purposes and Legal Grounds
 
We collect and process your data on the basis of:
  • the preparation and/or performance of a contract with you:
    • to offer, carry out and provide services to you and perform our undertakings according to the contracts related to such products and services. This may include business communication with you, transaction processing, assessing (trade) insurance risks and coverage, claims handling, recovery procedures, offering credit and risk management products and services, providing customer support services, operating debt collections and dealing with complaints; to establish, exercise or defend legal claims. § our legitimate interests, to:
    • perform “know your customer” and “know your supplier” programs, fighting against fraud, terrorism and money laundering, applying sanctions list checks and other compliance checks.
    • safe our interests, not being damaged by fraudulent activities - as well as on fulfilling legal requirements, such as anti-money-laundering Law etc. o carry out commercial purposes and improve our products and services, realizing statistical analyses and market research in order to maintain a lively and innovative economic life around economically essential products such as credit insurance, debt collection and factoring.
  • compliance with legal obligations, to:
    • comply with law or governmental authorities or an obligation under relevant laws or regulations or (voluntary) regulatory, industry or sector codes or guidelines.
 
Right to withdraw
If you are subject to commercial activities, you have the right to withdraw at any time by contacting the same address from which Coface has contacted you. 
 
Recipients of collected data
Group companies and branches, fraud or crime prevention and detection agencies, business partners, reinsurers, banks, external auditors, lawyers, debt collectors.
 
Period for which the personal data will be stored
If we are processing your data in execution of a contract, the period of storage depends on the duration of the contract and subsequent legal retention periods.
If we are processing data for the purposes of fraud prevention, we will keep relevant data for a reasonable period, as long as the storage of the data can make a significant contribution to fraud prevention.
 
If we are processing data in order to fulfil legal obligations in the course of anti-money laundering, anti-terrorism etc., the retention period depends on the respective laws.
 
If we are processing data for the purposes of commercial activities, we will erase your data:
  • By receiving a withdrawal or objection.
  • After 2 years of ongoing inactivity (if you have not responded or did not send any new request).
 
IV. You are in a potential or existing Business Relationship with one of our Customers (as a Debtor, a Buyer or a “Beneficiary”)
 
Way of data collecting
Primarily, we receive your data from our customers.
 
We also collect your data from the following sources:
  • Information providers (credit agencies, address check companies financial 
  • Information companies);
  • Trade registers;
  • Publicly available sources;
  • Yourself, if you get in contact with us; § Own researches; § Partners.
 
All of the data collections, except if you are directly providing us with information, we are not directly obtaining from yourself.
 
Please note that it is your own responsibility to keep an eye on the economic or creditworthiness data of your company at the respective credit agencies or institutions and, if necessary, to have these data updated.
 
Whether or not you send us economic updates about your company does not necessarily affect our internal credit ratings and decisions as we always try to optimize and clean up our sources of information to bring the data to the highest possible level of data quality and currency.
 
Nevertheless, in certain cases, we may recalculate our internal credit ratings and decisions, if a new information makes a qualitative difference according to our internal rules of evidence and credit evaluation.
 
Data Categories
  • Information about your company that may be considered personal data insofar it includes information related to an individual person (e.g. sole proprietor, manager, beneficial owner, shareholder, beneficiary, professional contact etc.).
  • Contact details and personal identification data, e.g. name, title, function, business phone number, business email address, business address, country, date and place of birth, ID details, entity name. 
  • If your company is not a legal entity, we may also process a personal bank account number, sales tax identification number, claims history, details of the agreement with you and financial information.
  • Credit worthiness data, payment and claims history, economic forecasts for single companies, balance sheets, trade registration, VAT number, judgments with economic relevance (economic criminal matters, bankruptcy etc.) as far as these information allow conclusions to be drawn about persons (managing directors, sole traders).
 
Purposes and Legal Grounds
We collect and process your data on the basis of:
  • Our legitimate interests o to carry out and provide services in relation to credit insurance, debt collection of factoring contracts with our customers, this includes transaction processing, operating debt collections and dealing with complaints, assessing (trade) insurance risks and coverage, claims handling, recovery procedures, to establish, exercise or defend legal claims. You are a third party within an economic triangle thus the processing of your data is essential in order to fulfill the purposes of legitimate contracts such as credit insurance, debt collection or factoring. By this way, we are also enabling and supporting your direct contract with our customers.
  • Consent
    • when you contact us and voluntarily provide or send us credit-related information.
 
Recipients of collected data
Group companies and branches, fraud or crime prevention and detection agencies, business partners, reinsurers, banks, external auditors, lawyers, debt collectors.
 
Period for which the personal data will be stored
If Coface is processing your data in execution of a contract (where you are a third party in an economic triangle relationship), the period of storage depends on the duration of the contract and the subsequent (local) legal retention periods.
 
If Coface is processing data for the purposes of fraud prevention, Coface will keep relevant data for a reasonable period, as long as the storage of the data can make a significant   contribution to fraud prevention.
 
If Coface is processing data in order to fulfil legal obligations in the course of anti-moneylaundering, anti-terrorism etc., the retention period depends on the respective laws.
 
V. Does Coface transfer your Personal Data outside the RSA?
 
The global economic context and the associated internationality of our services and products mean that data can also be accessed outside the Republic of South Africa (“RSA”) via our global subsidiaries, branches and partners if such access is necessary and based on legal grounds.
 
Where applicable, we have taken reasonable precautions to transfer your personal data to a country outside the RSA if that country does not offer an adequate level of protection in accordance with the applicable data protection laws. This also includes the use of standard contractual clauses that have been approved by the Information Regulator.
 
VI. How does Coface protect your Personal Data?
 
We are committed to ensuring that your personal information is secured. To prevent unauthorized access or disclosure, we have taken appropriate physical, technical and organizational measures to protect the information we collect and process.
 
VII. What are your Data Privacy Rights and how can you contact us?
 
With the following instruction, we refer to rights stated in POPIA, but understand the instruction as based on and serving for universal and fundamental rights in data privacy and in all data privacy laws.
 
You, as a data subject, have the right of access to the stored personal data and to object to the processing, to rectification, erasure, and restriction of processing.  You also have the right to lodge a complaint with the Information Regulator in order to check the legality of the processing.
 
Contact address: If you have a direct or indirect business relationship with us (for example as customer, supplier, buyer) you are welcome to send your concerns via the appropriate key account contact address or portals or other already known and used contact channels. Many data protection issues (changing master data, updating data, correcting incorrect data, information concerns) can be even resolved completely in this way.
 
If you want to object to commercial activities, you can raise your concern easily by contacting the same address from which Coface has contacted you.
 
Of course, our data protection contact address, to which you can address any of your concerns, is always open to you: za.popia@coface.com
Top