Privacy Notice for Business Partners
Treasury Intelligence Solutions
With the following privacy notice, we would like to give you an overview of how your personal data is processed by us and what rights you have in this regard. Which specific data are processed and how they are used depends largely on your request or the agreed-upon services. Therefore, not all sections of this information notice may apply to your particular situation.
Please note that this privacy notice applies in circumstances where Treasury Intelligence Solutions acts as a data controller. It does not apply in cases where we act as a data processor. In such cases, the Data Processing Agreement concluded with the respective customer exclusively governs the data processing by us.
This privacy notice may be updated periodically. You will find the latest version on this page at any time.
Responsible parties
The responsible parties (controllers) pursuant to data protection law, in particular the EU General Data Protection Regulation (GDPR), are:
Treasury Intelligence Solutions GmbH
Charlottenstraße 17
10117 Berlin
Germany
Treasury Intelligence Solutions, Inc.
75 State St, 1st Floor
Boston, MA 02109
USA
Treasury Intelligence Solutions Bulgaria Ltd.
2 Pozitano Sq. (Perform Business Center)
Sofia 1000
Bulgaria
Treasury Intelligence Solutions Belgium NV
Atealaan 34A
2200 Herentals
Belgium
You can contact us under the following contact details:
Phone: +49 6227 69 82 40
E-mail: info@tispayments.com
You can reach the data protection officer of Treasury Intelligence Solutions GmbH at:
Data protection officer of Treasury Intelligence Solutions GmbH
c/o activeMind.legal Rechtsanwaltsgesellschaft m. b. H
Potsdamer Str. 3
80802 Munich
Germany
Phone: +49 (0) 89 / 91 92 94 900
E-mail: dataprotection@tispayments.com
For which purposes and based on which legal bases may we process your data?
We process personal data in accordance with the GDPR and national data protection legislation:
- To fulfil our contractual obligations or in order to take pre-contractual measures prior to entering into a contract (Art. 6 (1)(b) GDPR)
We process the data provided by you solely for contacting you and providing you with the requested service. The same applies to the processing operations required to carry out pre-contractual measures, such as in cases of queries regarding our services.
- Due to statutory requirements (Art. 6(1)(c) GDPR)
We are subject to various legal obligations that result in data processing. These include, for example, tax laws, the applicable statutory accounting regulations, responding to inquiries and meeting the requirements of supervisory and/or law enforcement authorities, and compliance with various reporting obligations.
In addition, the disclosure of personal data may be required in the context of administrative/judicial measures of gathering evidence, prosecuting or enforcing civil claims.
- Within the scope of our legitimate interests (Art. 6(1)(f) GDPR)
As far as necessary, we process your data beyond the actual fulfilment of the contract in order to protect our legitimate interests of these or third parties. Examples of such cases are:
- if you contact us by e-mail or telephone, the data you provide will be stored for the purpose of individual communication with you,
- technical support and customer service,
- enforcement of legal claims and defense in legal disputes,
- the usage of a CRM system, communications systems and similar tools.
What categories of data may we process about you?
We may process the following categories of personal data obtained in the framework of the business relationship with you:
- name,
- contact details such as telephone number and e-mail address,
- social media contact information (e.g., LinkedIn profile information),
- field of activity and/or position within your company,
- past correspondence with you.
Who receives your data?
- In-house (internal recipients)
Our employees, insofar as necessary for contacting you and fulfilling our contractual and statutory obligations (including the fulfilment of pre-contractual measures).
The above-mentioned companies act as joint controllers with regard to the processing of personal data. Hence, more than one of the companies may obtain access to your data. You can find more information on the Joint Controllership Agreement concluded among the companies below.
- Our data processors
Furthermore, our service providers and subcontractors (data processors) may receive your data, insofar as they require the data for the fulfilment of their respective services. This may include external service providers in the following areas:
- IT support,
- cloud and hosting services (in particular, Microsoft EMEA, Amazon Web Services EMEA SARL),
- CRM system provider (in particular, salesforce.com, Inc. and HubSpot, Inc.),
- bookkeeping,
- ticketing systems,
- communications service providers (in particular, Microsoft EMEA and Aircall SAS).
All service providers are contractually obliged to treat your data confidentially.
- Other recipients (third parties)
A transfer of data to recipients outside of our companies will only take place in compliance with the applicable data protection regulations. In particular, following recipients may obtain personal data:
- our external data protection officer and our lawyers,
- public bodies and institutions (e.g. tax authorities, law enforcement authorities) when presented with a statutory or regulatory obligation to disclose the data,
- banks,
- consultants providing business services,
- tax consultants, certified public accountants and income, corporate tax or other auditors.
Is data transferred to a third country or to an international organization?
A data transfer to organisations or countries outside the European Union and the European Economic Area (so-called third countries) takes place if:
- the European Commission has decided that an adequate level of protection exists in the relevant third country (Art. 45 GDPR), or
- on the basis of appropriate safeguards (standard contractual clauses issued by the EU Commission), or
- you have given us your consent, or
- it is necessary for the performance of the contract.
Currently, your data might be processed outside the European Union and the European Economic Area in particular by the providers of the following services:
- cloud service providers,
- videoconferencing services,
- Microsoft office services,
- marketing systems,
- CRM system.
In addition, Treasury Intelligence Solutions, Inc., which is located in the USA, may obtain access to your data.
We have contractually agreed with our service providers and other data recipients located outside the EU/EEA that data protection safeguards have to be put in place in compliance with the European level of data protection.
For a copy of the appropriate safeguards in place, please contact us via one of the communication channels listed above.
How long will your data be stored?
We process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations. Data no longer required for these purposes are deleted on a regular basis.
There are some exceptions to the above-mentioned deletion criteria, in particular for:
- fulfilling statutory retention obligations and
- maintaining evidence in accordance with the legal statute of limitations.
If the data processing takes place based on our legitimate interests, personal data will be deleted as soon as these interests no longer exists. The aforementioned exceptions apply here as well.
Your rights as a data subject
You can exercise the following rights at any time by contacting us:
- right of access: You have the right to ask us whether we hold any of your personal information (Art. 15 GDPR).
- right to rectification: You have the right us to ask us to correct personal information you think is inaccurate (Art. 16 GDPR).
- right to erasure: You have the right to ask us to delete your personal information in certain circumstances (Art. 17 GDPR).
- right to the restriction of processing: You have the right to ask us to restrict our use of your personal data in certain circumstances (Art. 18 GDPR).
- right to data portability: This only applies to information you have given to us. You have the right to request data be transferred to another organisation. This right only applies if you have consented to the data processing or have entered into a contract with us (Art. 20 GDPR).
- right to object to processing: You have the right to object to the processing of your data (Art. 21 GDPR).
If you have given us your consent, you can withdraw it at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You can contact a supervisory authority with a complaint at any time, including the supervisory authority of your place of residence and the authority that oversees us. A list of EU supervisory authorities and their addresses can be found under: https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Am I obliged to provide data?
Within the scope of the contractual relationship, you have to provide us the personal data necessary for the commencement, implementation and termination of the contractual relationship and for the fulfilment of the associated contractual obligations, and the personal data we are legally obliged to collect. Without this data, we will not be able to conclude or execute the contract with you.
Do automated decision-making and profiling take place?
Automated decision-making and profiling do not take place.
Information on the Joint Controllership Agreement
The aforementioned companies belong to a group of undertakings. Depending on the actual needs of the respective company, any of the named companies may obtain access to your data. However, we have technical and organizational measures – such as restrictive access rights allocation – in place guaranteeing that only employees that need the data to fulfill their tasks actually obtain access to it (need-to-know principle).
Data subjects may approach any party of the Joint Controllership Agreement if they wish to obtain additional information on the processing of their data, or to exercise their data protection rights. Should the approached company not be in the position to fulfill the request, it will forward the request to the responsible party.
In case you wish to obtain additional information on the Joint Controllership Agreement, please feel free to contact us via one of the communication channels listed above.
Right to object in individual cases according to Art. 21(1) GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you based on Article 6(1)(f) GDPR (data processing based on legitimate interests).
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
If you wish to exercise your right to object, please contact us via one of the contact channels listed above.