FRISS Privacy Policy
At FRISS, trust is the cornerstone of our business mission. We value your privacy and do everything in our power to protect it.
FRISS is committed to protecting the rights of individuals in line with the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (GDPR), as well as other applicable data protection laws and regulations.
This privacy notice (Privacy Notice) will explain how FRISS uses the personal data we collect from you when you use our website (Website) or engage with our services. By using our services or communicating with us about them, you acknowledge that your personal information will be processed in accordance with this Privacy Policy, as revised from time to time (see section 19).
1. About FRISS
The FRISS SaaS platform supports its clients in assessing their applicants or customers for the risk of fraud. We provide our services on a global scale and our customers are generally insurance companies, lease providers and mortgage banks who integrate our services in their business.
Depending on your relationship with FRISS, FRISS acts as either the Data Controller or Data Processor within the definition of the GDPR. For the collection and processing of personal data under this Privacy Notice, the data controller is:
FRISS | fraud, risk & compliance, FRISS Fraudebestrijding B.V. , Orteliuslaan 15, 3528 BA, Utrecht, The Netherlands
2. What Personal Data does FRISS collect?
FRISS may collect and process your personal data through your use of this website and services. This may be personal data that you provide to FRISS directly through engagement with our Website or company, or this may be data generated as a result of your use and interaction with our Website. The following collection methods and types of personal data are listed below;
· Filling in the contact form ‘Get in touch’ or sending an e-mail: Full Name; Job Title; Business Email; Country; Line of work;
· Downloading files from our website such as e-books, whitepapers or reports; Full Name; Job Title; Business email address; personal email address;
· Requesting a demo from us via our website; Full Name, Job Title; Company name;
· Subscribing to receive our newsletter or product updates; Full Name, Email address, Business Email address.;
· Registering to attend events or conferences at which FRISS are a participating business; Name, Job Title, Job title;
· Data generated from the used equipment, such as a unique device ID, version of the operating system and settings of the device you use to access our service;
· Location details from your device or derived from your IP that is provided to us when you use a particular service;
· Use of service information; time of use of our website; type of service used.
3. How does FRISS use this personal data?
FRISS will only ask for personal data when this is necessary in order for us to carry out business purposes or to provide you with the necessary information or services. We only collect your data for the purposes described in this privacy notice and do not further process this data for any incompatible purposes. Where it is applicable we will give you the option to explicitly agree to the collection, use, disclosure, and sharing of the information you have provided, i.e. with regards to our newsletter or cookies. That applies even when you are browsing our website, where you can manage your cookie preferences. You can review your personal data and change your settings at all times by contacting us.
We process your personal data for the following purposes;
· Customer Service: If you make an enquiry with us, we will use the information that you provide us with in order to support you with your query quickly and effectively so as to support you with your needs.
· Product research and development: To gain insights into how our websites and services are used, how we can enhance customer experience and to support us in improving our products and services.
· Communications: We may reach out to you via email with information, such as with product updates, newsletters, event details, as well as other information about services we think will interest you. We do this within the confines of applicable rules and regulations surrounding data protection and e-privacy within the EU.
· Website administration: To better understand how visitors interact with our website and services.
· Compliance: We may use your personal data to satisfy legal obligations. For instance this may be to fulfil our obligations to our customers where we act as data processors (e.g. in the context of data subject rights under GDPR), or to fulfil our own obligations as data controllers.
4. What is the legal basis for this data processing?
As stated in this notice, FRISS processes your personal data in line with applicable Data Protection laws and regulations. Under the GDPR, the applicable legal provisions for the data processing we carry out are the following (Article 6);
· Performance of a contract or to comply with contractual obligations: The objective of FRISS as a Saas provider is to offer the services that are relevant to our prospects and customers. We therefore process the data necessary to assist any (prospective) customer or Website visitor with their queries and requests, be it to evaluate suitability of our product for a prospective customer, or to support an individual in exercising their data subject rights under applicable data protection legislation.
· Subject to consent: We rely on consent to the extent necessary in order to engage with you in relation to our products and services. Consent is applicable in certain direct marketing instances. Where consent is relied upon, we ensure that it meets the correct standards. We also take this opportunity to remind you that you have at any time, a right to withdraw consent. You may do this via the unsubscribe button in our emails or you may reach out to us by email at privacy@FRISS.com for such requests.
· Legitimate interests: FRISS relies on legitimate interests to process your data in certain circumstances. For example, for the correct administration and optimization of our website.
5. Where is my data processed?
Your data will be processed by FRISS B.V., including the Subsidiaries and Affiliates that make up the FRISS Group. Outside of the Group we will only ever share your personal data with authorized parties. These are;
· Sub-processors providing services to FRISS, such as vendors (see section below: List of Approved Sub-processors)
· To the extent permitted by law, your data may be shared in the performance of a legal request. This may include financial or judicial authorities, state agencies or public bodies.
If your personal data is shared to the above parties, we will ensure that only the minimum amount of data necessary for the purposes is shared. If required we will inform you directly or indirectly about any such transfer.
6. Are there international transfers of my data?
FRISS and its service providers store your personal data in accordance with applicable data protection laws set out in this Privacy Policy. As a global company which makes use of internet based technology services in the provision of its services, data travels within and outside of the EEA (European Economic Area).
For our European business activities, both as a Processor and Controller, we do our best to select providers within the EEA. If we cannot find a suitable processor in the EEA, we take care to ensure our partners outside the EEA have sufficient guarantees and safeguards in place to protect your data. In cases where a data transfer outside of the EEA takes place, it is important that FRISS ensures an adequate level of protection of this personal data. FRISS relies on the most up to date Standard Contractual Clauses (4 June 2021) issued by the European Commission for data transfers between the EU and non-EU countries. These clauses require organizations in third countries to commit to providing the same standards of protection as those within the EU.
7. How long is my data kept?
FRISS retains your personal data only for the time necessary to achieve the purpose for which the personal data was collected, and for any required or permitted period under applicable laws. We will keep the data according to the FRISS retention schedule. This will be a maximum of 3 years, or throughout the duration of our relationship with you, whichever is shorter. Once the applicable time period has elapsed, we will remove this data from our systems.
8. Is my data secure?
We are committed to handling your personal data confidentially and with the utmost care. FRISS is ISO/IEC 27001 certified. According to this highly reputed ISO standard, FRISS ensures that your personal data is stored securely and is only accessible to employees of FRISS, or our trusted partners, to the extent that this access is required by virtue of their position. FRISS makes every effort to secure these systems against loss and/or any form of unlawful use or processing.
9. What data rights do I have?
Please be informed that you have the following rights over your personal data;
· The right to access Art. 15: You have the right to request FRISS for copies of your personal data, under certain conditions.
· The right to rectification Art. 16: You have the right to request that FRISS correct any information you believe is inaccurate. You also have the right to request FRISS to complete information you believe is incomplete.
· The right to erasure (‘right to be forgotten’) Art. 17: You have the right to request that FRISS erase your personal data. This is not an absolute right and FRISS may refuse your request, but in such cases will always communicate its justification to you.
· The right to restrict processing Art. 18: You have the right to request that FRISS restrict the processing of your personal data, under certain conditions.
· The right to data portability Art. 20: You have the right to request that FRISS transfer the data that we have collected to another organization, or directly to you, under certain conditions.
· The right to object to processing Art. 21: You have the right to object to FRISS’s processing of your personal data, under certain conditions.
· The right not to be subject to a decision based solely on automated processing (Art.22): you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, under certain conditions.
You may contact FRISS at any time to exercise these rights via the contact information below;
By email: privacy@FRISS.com
By post: FRISS | fraud, risk & compliance, Attn. Data Protection Officer, Orteliuslaan 15, 3528 BA, Utrecht, The Netherlands
It is important to note the following when exercising these rights: Where FRISS acts as a data processor, we are not the party who will handle your request. In such cases, we will forward the request to the Data Controller so that they may handle your request in a timely manner. This may the case for example where a FRISS customer is the Data Controller of the information concerned.
10. Sub-processor list
PROCESSOR
LEGAL NAME
LOCATION
LinkedIn Ireland Unlimited Company
EU (Ireland)
OGD
Operator Group Delft B.V.
EU (The Netherlands)
Google Llc
USA
Framer
Framer B.V.
EU (The Netherlands)
Hubspot
HubSpot, Inc.
USA
Zoominfo
Zoominfo Technologies Llc
USA
Netsuite
NetSuite Inc.
EU (Ireland and The Netherlands)
HotJar
HotJar Ltd.
US
Microsoft (Sub-Contractor)
Microsoft B.V.
EEA
11. How can I contact my data protection authority?
FRISS always does its upmost best to comply to all applicable legislation and help you exercise your rights. In case we are not able to come to a satisfactory resolution with you, you can bring your complaints to the applicable authorities. Since FRISS has its headquarters in The Netherlands, the responsible Data Protection Authority (DPA) is the Autoriteit Persoonsgegevens (AP). You can contact the authority via their website: https://www.autoriteitpersoonsgegevens.nl/nl/klachtenformulier.
12. How can I contact FRISS?
You may contact FRISS at any time to enquire about a privacy matter or exercise your data rights via either of the options below;
By email: privacy@FRISS.com
By post: FRISS | fraud, risk & compliance, Attn. Data Protection Officer, Orteliuslaan 15, 3528 BA, Utrecht, The Netherlands
13. California residents and Do Not Track (DNT)
This section is applicable to FRISS Website users residing in the state of California and is in accordance with the CalOPPA act of January 2014. DNT is a regulatory mechanism from the U.S. Federal Trade Commission (FTC) that aims to increase internet user’s control with regards to the tracking of their online activities across websites. A DNT signal is preference that users can communicate websites via a change to their browser setting preferences, and which can be used to opt out of behavioral tracking carried out by certain companies through the use of cookies. To adjust these settings in your browser, please see the following;
FRISS does not respond to Do Not Track (DNT) signals as there is currently no agreed standard regarding how to respond to a DNT header received. Third parties to FRISS that have content embedded in our website may set cookies on a user’s browser to obtain information about a browser visiting the FRISS website.
14. Cookie Policy
When using this website, information about your use of these services and other websites may be collected by or on behalf of FRISS, for example by means of cookies. A cookie is a small file that is sent along with pages of a website and stored by your browser on the hard disk of your computer. We use cookies to remember settings and preferences. You can disable these cookies via your browser.
15. How does FRISS use Cookies?
Strictly necessary cookies are necessary for the website to function properly. These cookies are therefore placed by default and will not be deleted if you do not accept the cookies. These cookies are able to recognize your preferences (for instance in what language you want to visit our website).
Performance cookies: are used to analyse the website behaviour of visitors on the FRISS website. These cookies allow us to keep track of the number of visitors and see which parts of our website are popular. We use Google Analytics, HotJar and Hubspot in order to track and consult these statistics. On this website you can find explanations about all cookies that may be placed by Google.
Marketing cookies: are used to build a profile of our website visitors. It is based on your surfing behaviour on our website, after which we may contact you by telephone, e-mail or an ad based on the interests you have shown in order to offer you FRISS services or FRISS content (like blogs, eBooks, whitepapers etc.). We use HubSpot in order to track and consult these statistics. On this website you can find explanations about all cookies that may be placed by HubSpot.
Functionality cookies: these cookies allow websites to remember the user’s website preferences and choices they make on the website including login details, geo-location, language, and enhanced content. This allows FRISS to provide personalized features for our website users.
16. How can I manage my Cookie settings?
· You can select your cookie preferences and save your settings in the cookie banner on our website, either via the pop up or by selecting the ‘Cookies settings’ section at the bottom of the website Main Page.
· You can select via your browser (See section 13 above) whether you wish to accept these cookies.
17. What Cookies does FRISS use?
Strictly Necessary cookies
These cookies are necessary for you to browse and use the features of our website. For example, this could include allowing you as a user to navigate back and forth between pages without losing previous actions, keeping you logged in, or keeping items in a cart.
Cookie name
Provider
Cookie type
Expiration
Description
__cf_bm
.knowledge.friss.com
First-party
30 minutes
This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
__cf_bm
.hubspot.com
Third-party
30 minutes
This cookie is used to distinguish between humans and bots. This is beneficial for the website, in order to make valid reports on the use of their website.
__cfruid
.knowledge.friss.com
First-party
Session
Cookie associated with sites using CloudFlare, used to identify trusted web traffic.
AnalyticsSyncHistory
.linkedin.com
Third-party
1 month
Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries
_hjAbsoluteSessionInProgress
.friss.com
First-party
30 minutes
The cookie is set so Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
li_gc
.linkedin.com
Third-party
6 months
Used to store guest consent to the use of cookies for non-essential purposes
_hjFirstSeen
.friss.com
First-party
30 minutes
The cookie is set so Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
Performance cookies
These cookies collect anonymous data about the actions our users take on our website. This helps us to analyse our site performance. This includes; counting page visits, time spent visiting our website, as well as loading speeds.
Cookie name
Provider
Cookie type
Expiration
Description
__hssrc
.friss.com
First-party
Session
This cookie name is associated with websites built on the HubSpot platform. It is reported by them as being used for website analytics.
__hstc
.friss.com
First-party
6 Months
This cookie name is associated with websites built on the HubSpot platform. It is reported by them as being used for website analytics.
_ga
.www.friss.com
First-party
1 year 1 month
This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.
_ga
.friss.com
First-party
1 year 1 month
This cookie name is associated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports.
__hssc
.friss.com
First-party
30 minutes
This cookie name is associated with websites built on the HubSpot platform. It is reported by them as being used for website analytics.
_gid
.www.friss.com
First-party
1 day
This cookie is set by Google Analytics. It stores and update a unique value for each page visited and is used to count and track page views.
_ga_XNFCD9Y0EV
.friss.com
First-party
1 year 1 month
This cookie is used by Google Analytics to persist session state.
Marketing cookies
Targeting cookies are small, encrypted files that track users' actions and are used to identify users between different websites. Targeting cookies collect user information and use it to build a profile of users' interests and then show personalized ads for that specific user.
Cookie name
Provider
Cookie type
Expiration
Description
MUID
.clarity.ms
Third-party
1 year
This cookie is widely used my Microsoft as a unique user identifier. It can be set by embedded microsoft scripts. Widely believed to sync across many different Microsoft domains, allowing user tracking.
IDE
.doubleclick.net
Third-party
1 year
This cookie is set by Doubleclick and carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.
MR
.c.clarity.ms
Third-party
7 days
This is a Microsoft MSN 1st party cookie which we use to measure the use of the website for internal analytics.
bcookie
.linkedin.com
Third-party
1 year
This is a Microsoft MSN 1st party cookie for sharing the content of the website via social media.
SM
.c.clarity.ms
Third-party
Session
This is a Microsoft MSN 1st party cookie which we use to measure the use of the website for internal analytics.
MR
.c.bing.com
Third-party
7 days
This is a Microsoft MSN 1st party cookie which we use to measure the use of the website for internal analytics.
bscookie
.www.linkedin.com
Third-party
1 year
Used by the social networking service, LinkedIn, for tracking the use of embedded services.
SRM_B
.c.bing.com
Third-party
1 year
This is a Microsoft MSN 1st party cookie that ensures the proper functioning of this website.
_gcl_au
.friss.com
First-party
3 months
Used by Google AdSense for experimenting with advertisement efficiency across websites using their services
lidc
.linkedin.com
Third-party
1 year
This cookie is usually set by Dstillery to enable sharing media content to social media. It may also gather information on website visitors when they use social media to share website content from the page visited.
CLID
www.clarity.ms
Third-party
1 year
This cookie is usually set by Dstillery to enable sharing media content to social media. It may also gather information on website visitors when they use social media to share website content from the page visited.
MUID
.bing.com
Third-party
1 year
This cookie is widely used my Microsoft as a unique user identifier. It can be set by embedded microsoft scripts. Widely believed to sync across many different Microsoft domains, allowing user tracking.
UserMatchHistory
.www.linkedin.com
Third-party
1 month
This cookie is used to track visitors so that more relevant ads can be presented based on the visitor's preferences.
ANONCHK
.c.clarity.ms
Third-party
10 minutes
This cookie carries out information about how the end user uses the website and any advertising that the end user may have seen before visiting the said website.
Functionality cookies
Functionality cookies allow websites to remember the user’s website preferences and choices they make on the website including login details, geo-location, language, and enhanced content. This allows the website to provide personalized features for website users.
Cookie name
Provider
Cookie type
Expiration
Description
hubspotutk
..friss.com
First-party
6 months
This cookie name is associated with websites built on the HubSpot platform. HubSpot report that its purpose is user authentication. As a persistent rather than a session cookie it cannot be classified as Strictly Necessary.
18. Updates to this policy
FRISS will periodically and as necessary make changes to this Privacy Notice and Cookie Policy. All modifications will be published on this page. We advise you to consult this Privacy Notice and Cookie Policy regularly so that you always have the most up to date information.
Last Updated: 15.09.2023