Your personal data is processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation; hereinafter – “the Regulation”), and other legislation governing the protection of personal data.
The processing of your personal data has the following legal bases: consent (Article 6(1)(a) of the GDPR in conjunction with Article 7 of the GDPR), the necessity to fulfill a contract with you (Article 6(1)(b) of the GDPR), processing to fulfill legal obligations (Article 6(1)(c) of the GDPR), legitimate interest in the data processing (Article 6(1)(f) of the GDPR).
We have a legitimate interest in detecting and preventing abuse of our service, and we also have a legitimate interest in improving our service and tailoring it to your needs.
Respecting your privacy and the protection of your personal data, the Company shall make every effort to ensure the security and confidentiality of your personal data and other information processed by us.
Furthermore, based on Article 25 of the GDPR, the Company engages with the concepts of Data Protection by Design and by Default. This means that the Company by design protects the rights of its users through data protection principles (such as data minimization), as well as by Default ensuring that the data collected has necessary purposes behind it.
This page has been last updated on 2021 10 11
2. What data do we collect and how is it collected?
According to Article 4 of the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
In processing your personal data, the Company adheres to the following principles of personal data processing:
- Your personal data is only processed to the extent necessary to achieve the corresponding clearly defined and legitimate purposes, taking the protection of your privacy into account;
- Your personal data is processed accurately, fairly, and lawfully and processed only for purposes that are consistent with the purposes stated before your personal data were collected;
- The Company processes your personal data strictly in accordance with the clear and transparent requirements for the processing of personal data established by legislation;
- Your personal data is processed in such a form that makes it possible to establish your identity for no longer than is necessary for the purposes for which the personal data are being processed;
- In processing your personal data, appropriate technical and organisational measures are used in order to ensure the protection of personal data, including protection against unlawful data processing and against accidental loss, destruction, and damage.
Your data can be collected in multiple different ways:
- Through registering on our Website.
- During and after filing an application.
- Signing up for our newsletter.
- Through filling out forms such as the “the investor’s form”.
- Through sending in general inquiries.
- Through using or viewing our Website via your browser’s cookies.
2.1 Personal data processed by submitting an application
When you decide to apply for funding, based on Article 6(1)(b) of the GDPR, in order to provide you with our services, the Company (depending on the jurisdiction) can and may ask you to provide your personal data: enterprise name, your full name, date of birth, residential address, copy of an ID, passport, driving license, photo, video, company name, telephone number, e-mail address, buyer, requested amount of funding, invoice payment term, your comments, and potentially other types of data (such as the Ultimate Beneficial Owner).
The aforementioned personal data are collected to contact you regarding the possible conclusion of an invoice financing agreement and/or to take the first steps to conclude the agreement.
Additionally, with respect to Article 6(1)(c), the data collected may be retained for legal obligations and risk assessment, such as compliance to money laundering and fraud-related legislation, KYC (Know Your Customer)/AML (Anti-Money Laundering) checks, Audit, Accounting, sanctions, etc.
The collected data can be disclosed to other parties to the extent required for the performance of agreements concluded by and between such third parties and the Company.
Furthermore, for those purposes, factris shall not only process personal data provided by the Seller, but also collect and process personal data from any third-party sources, which may include credit reference agencies, financial crime, and terrorism databases, and any other public register.
In order to determine the retention period for the personal data specified during your reservation, the Company applies criteria that are in line with the obligations specified in legislation and also takes your rights into account, e.g., the Company sets a personal data retention period during which requirements relating to the performance of the agreement may be provided if any should arise. For example, the retention period for AML related data is 5 years, which is the same as the statute of limitations for criminal activity.
2.2 Personal data processed for direct marketing purposes & market research
Based on Article 6(1)(f) of the GDPR, the Company can and may processes your personal data for direct marketing purposes and/or market research purposes, given that you have consented to this. In this case, the Company may send you direct marketing offers related not only to the services it offers, but also reminders and messages from its partners and advertising about the services and/or products they offer.
If you would like to receive the Company’s direct marketing offers (e.g., newsletters), you can give your e-mail address on the Website.
If you have agreed to subscribe to our newsletter, we may use your e-mail address and telephone number for information based on automated solutions (profiling) about goods, services, discounts, offers, contests, events, news, or polls, as well as to send other news by e-mail, post, telephone or SMS and contact you for these purposes. You have the right to unsubscribe from this at any point by following the instructions accompanied to the original message or by emailing us at [email protected].
Your personal data that is processed for direct marketing and market research purposes will be stored at the Company for five years, but not longer than the validity of your consent.
Please note that you always have the right to withdraw your consent to the processing of your personal data for direct marketing and market research purposes at any time. You can unsubscribe from direct marketing offers by contacting the Company by e-mail at [email protected] or by clicking the link in the e-mail that allows you to opt out of receiving direct marketing offers.
2.3 Personal data processed for the purpose of providing information to you
If you would like to contact and receive additional information, you can do this by submitting an inquiry on the Company’s Website and indicating your name, company name, telephone number, and e-mail address so that the Company knows what address to provide you with the requested information.
Your personal data processed for this purpose will be stored at the Company for as long as it takes to properly analyse the information you provided and answer the questions that concern you.
3. Who is your personal data provided to?
The Company has the right to transfer your processed personal data to state institutions and bodies to properly implement legislative requirements. Additionally, your personal data may be transferred to persons providing legal services when these personal data must be disclosed to establish, implement or defend the Company’s rights and legitimate interests.
4. Your rights and opt-out.
As the data subject, you have the right:
- to know (be informed) about the processing of your personal data;
- to receive information on which personal data have been collected and from which sources, for what purpose they are being processed, and to which data recipients they are being or were provided;
- to demand that your personal data being processed be rectified if the data is inaccurate and/or incomplete;
- to demand that your personal data be destroyed or that the processing of your personal data be suspended;
- to demand restriction to the processing of your personal data and/or to object to processing;
- to receive the personal data related to you which you have provided to the Company in a structured, commonly used, and machine-readable format, and to forward said data to another data controller, or demand that the Company forward this personal data directly to another data controller where this is technically possible (right to data portability).
The Company does not carry out profiling of your personal data, which may have legal consequences for you or may have a major impact on you, but in providing customised marketing offers and market research, you may be assigned to a relevant customer category. In light of this, you have the right to obtain human intervention, express your point of view, and challenge the decision.
If you have agreed to receive marketing, you may always opt out at a later date.
You have the right at any time to stop the Company from contacting you for marketing or research purposes.
If you intend to exercise your rights, you can contact the Company by e-mail at [email protected] or our Data Protection Officer at [email protected]. Please note that when exercising your rights, you must properly verify your identity. Therefore, if you intend to send a request to the Company, you must confirm your identity, in the procedure established by legislation, by electronic means of communication that make it possible to identify you.
The Company will provide you with the requested information free of charge within one month, but if the requests you send are clearly unsubstantiated or disproportionate, in particular, due to their repetitive content, the Company is entitled to charge a reasonable fee, taking into account the administrative costs of providing the information or of the notifications or actions you request, or to refuse to take action according to the request.
If you believe that the Company is not processing your personal data correctly or is improperly implementing or not implementing your rights, you should first contact the Company; the Company is ready to work with you to clear up any problems. If you are not satisfied with the Company’s response, you are also entitled to file a complaint with the national supervisory authority.
5. What are your duties and responsibilities?
By using the services provided by factris, you assume full responsibility for the correctness and accuracy of the personal data you provide. By submitting personal data (e.g. by completing an application form), you assume full responsibility for the lawfulness of the submission of your personal data.
If there are changes to the personal data or other related information that you have provided, you are required to update us accordingly.
If there is incorrect data collected, we have the right to restrict/terminate the services relationship.
6. How does the Company take care of the security of your personal data?
The Company uses appropriate organisational and technical personal data protection measures to protect your personal data from accidental or unlawful destruction, damage, alteration, and any other unlawful actions. These measures are selected, taking into account the risks to your rights and freedoms as the data subject.
In this case, the Company ensures strict access control to the personal data processed, only giving access to the Company employees for whom the personal data are necessary to perform their job, and monitoring how the access granted is used. The Company protects access to personal data with passwords of the appropriate level and concludes confidentiality agreements with the individuals who have access to your personal data.
Furthermore, the Company uses a safe cloud-hosted architecture, meaning there are no servers run by us. Access to our various databases (e.g., for software development or keeping registries) is limited to our CTO and the development team. Specific tasks are restricted to specific departments; for example, the data gathered by cookies is only disposable to the Marketing Department. Furthermore, when possible, the Company uses pseudonymization of personal data and encryption of hard drives, which is practiced throughout the entire Company. The Company provides online security as well, such as our Website has an SSL security certificate. There is a password policy in place, which protects the data and computers from foreign bodies, as well as regular checks and backups to ensure recoverability. Lastly, we have annual reviews on our policies and activity with regard to privacy and data.
The Company employees who have access to personal data are familiarised with personal data protection requirements and ensure confidentiality of the personal data processed.
7. Our activities on social networking websites
The Website provides links to the Company’s social media accounts. The social networking website (and its relevant data controller) controls all of the information that you provide to us through social media (including messages, use of “Like” and “Follow,” and other forms of communication). The Website contains links to our social media accounts. We currently have the following accounts:
We recommend that you read third-party privacy notices and contact the service providers directly if you have any questions about how they use your personal data.
8. The right to submit a complaint
If you believe that your privacy rights have been violated, you can contact the Company by e-mail at [email protected]. You can also submit a complaint to the Dutch Data Protection Authority or apply to the court.
9. Where to go if you have any questions?
If you have any questions, you can contact the Company.
9.1 How to contact us
9.2 How to contact the appropriate authority
Should you wish to report a complaint or if you feel that the Company has not addressed your concern in a satisfactory manner, you may contact the Dutch Data Protection Authority (DPA).
PO Box 93374
2509 AJ DEN HAAG
Telephone number: (+31) – (0)70 – 888 85 00
Fax: (+31) – (0)70 – 888 85 01
(only by appointment)
2594 AV Den Haag
Contact the Data Protection Officer at Factris
Your Question regarding Data Protection or Privacy: