This version of the Privacy notice has been updated to reflect our latest view on our practices and aims to better inform you.
1.1 About FRISS
FRISS is a SaaS platform that provides the ability to our Clients to help assess their applicants and customers for a risk of fraud or the investigation thereof. We provide our services on a global scale and our customers are generally insurance companies, lease providers and mortgage banks who integrate our services in their business.
We only ask for personal data when we need it for business purposes or to provide you with relevant information. Whether you sign up for our newsletter or sign a Service Agreement, you provide your personal data to us for a particular purpose. You always have the opportunity to explicitly agree to the collection, use, disclosure, and sharing of the information you’ve provided. That applies even when you’re browsing our website, where you can manage your cookie preferences. You can review your personal data and change your settings at all times by contacting our office.
Throughout this document you’ll encounter the mention of several roles and responsibilities. Below is a short overview of the different roles and responsibilities that influence the data processing.
A Controller is the company that an individual (or data subject) provides their personal data to. The Controller determines the purpose for the personal data (e.g. to receive important information or for sending invoices) and is responsible for the correct handling of the subject’s data.
A Processor is the company that provides part of the service of the Controller, and needs specific personal data in control of the Controller in order to do so. To give an example: when one of our customers sends an insurance policy for FRISS to check, we might need personal data such as a name and vehicle information to fulfill the service. The Processor, in this case FRISS, only processes personal data according to the instructions of the Controller. We don’t use this data for anything else than requested so by the controller.
Depending on your relationship with FRISS, we can be both Controller and Processor. If you have any questions about these terms or more general inquiries about how we handle your data, you can always contact us at email@example.com or send a written inquiry to:
FRISS | fraud, risk & compliance
Attn. Data Protection Officer
3528 BA, Utrecht
FRISS and its legal family
The main processor, and therefore controller, of your data is FRISS fraudebestrijding B.V. All other subsidiaries of FRISS fraudebestrijding will only process data if necessary and only for the purpose it was originally collected for.
All the personal data we process is lawfully obtained and with a legal basis. The purpose of the information we collect is so we can continue to conduct and expand our day-to-day business, and enable you to use our services. Personal data can also help us to improve our products to fit the needs of our customers.
1.2. Purposes of data processing
There are several places on our website where you can fill in your (personal) data. We will explain the purposes of the various instances of data processing below.
Filling in the contact form or sending an e-mail
If you fill in the contact form on our website or send us an e-mail, we will only use the (personal) data you provide for the purpose or purposes for which you filled in the contact form or sent the e-mail.
If you download files on our website (such as e-books, whitepapers or reports), we will use the (personal) data you provide for one or more of the following purposes:
- for the execution of an agreement, for example to send you the e-book, whitepaper or report you have chosen;
- for the formation of an agreement, for example by contacting you by telephone or in writing.
If you fill in the application form for the newsletter on our website, your (personal) data will be used to send you the newsletter. Each newsletter contains a hyperlink at the bottom of the message that you can use to unsubscribe.
In addition to the personal data you provide to FRISS yourself, FRISS may collect, record and process additional (personal) data if you use the (web) services of FRISS. This concerns the following personal data:
- data from the used equipment, such as a unique device ID, version of the operating system and settings of the device you use to access a service;
- information about the use of a service, such as the time at which you use the service and the type of service that is used;
- location details from your device or derived from your IP address that is provided to us when you use a particular service;
- data available from external sources. We may receive information about you from public or commercially available sources.
1.3. Security of data
FRISS respects your privacy and ensures that personal data are handled confidentially and with the utmost care. All processed (personal) data is stored securely. This data is only accessible to employees of FRISS, or our trusted partners, to the extent that this access is required by virtue of their position. FRISS makes every effort to secure these systems against loss and/or any form of unlawful use or processing.
1.4. Where we process your data
As a global, cloud based enterprise, our usage of the internet almost always involves the international transmission of personal data, both within and outside the EEA. If in our capacity as a Processor the Controller uses our services from outside of the EEA the legality, scope and responsibility is that of the Controller.
For our European business activities, both as a Processor and Controller we do our best to try and select providers within the EEA. If we can’t find a suitable processor in the EEA we take care to ensure our partners outside the EEA have sufficient guarantees and safeguards in place to properly treat and protect your data. Whether we’re dealing with international mobile operators or other companies, we always make sure we contractually agree on data protection to protect the rights and freedoms of all individuals, inside and outside the EU, and ensure compliance with the GDPR.
1.5. Provision of (personal) data to third parties
Your (personal) data will never be provided to third parties without your permission, unless we have an obligation to do so pursuant to legislation or regulations or you have given permission for this.
1.6 Exercising your rights as the data owner
We collect your data to make sure we only contact those who benefit from our services. As the data owner you always stay in control of your data and at any time you can instruct us about the data we process of you. In case we process your data on behalf of one of clients or another controller, please read the section ‘FRISS as a processor’.
You can view your data that is processed by FRISS at any time and free of charge and, if you so wish, modify this data or have it deleted. You can also object to receiving information about products, services or content of FRISS. If you wish to make use of one of these options, you can send an e-mail to the Data Protection Officer of FRISS via firstname.lastname@example.org or write to the following address:
FRISS | fraud, risk & compliance
Attn. Data Protection Officer
3528 BA, Utrecht
1.7 FRISS as a Processor
FRISS also processes information on behalf of others, referred to as our ‘Clients’. In order to help our clients with their business goals FRISS processes information. As such these Clients need to be addressed in order to exercise your rights. In case you contact us in regards to data we process on behalf of other we will gladly help you and identify and forward you to the actual controller of your data.
In case of a dispute
FRISS always does it upmost best to comply to all applicable legislation and help you exercise your rights. In case we are not able to come to a satisfactory resolution with you, you can bring your complaints to the applicable authorities. Since FRISS has its headquarters in The Netherlands, the responsible Data Protection Authority (DPA) is the Autoriteit Persoonsgegevens. They can be reached for complains at https://www.autoriteitpersoonsgegevens.nl/nl/klachtenformulier. In case you do not master the Dutch language you can also contact your national authorities who will forward it to the Dutch authorities.
1.8 Lists of Approved sub-processors
|Solvinity||Solvinity B.V.||EU (The Netherlands)|
|Office Extensions||Office Extensions B.V.||EU (The Netherlands)|
|Mailchimp||The Rocket Science Group LLC||USA|
|Sogeti||Capgemini Services SAS||EU (The Netherlands)|
|Netsuite||NetSuite Inc.||EU (Ireland and The Netherlands)|
|Nederland ICT||ICT Nederland B.V.||EU (The Netherlands)|
|LinkedIn Ireland Unlimited Company||EU (Ireland)|
|Aha!||Aha! Labs Inc.||USA|
|Bedrock Data||Bedrock Data Inc.||USA|
|Cognizant||Cognizant Technology Solutions B.V.||EU (Netherlands)|
|ONE. | New Amsterdam Capital B.V. | ONE.Works||New Amsterdam Capital B.V.||EU (Netherlands)|
|EY||EY Holding B.V.||EU (Netherlands)|
*For security purposes we do not disclose our internally used sub-processer (such as payrollers) and are therefore are only available upon request and after identification.