Privacy Policy

Privacy Statement

Credit Risk Brokers DAC, with Company Registration Number 486357 together with its subsidiaries and branches (“CRB”), is a specialist broker of credit insurance and surety bonds. CRB is authorised and regulated by the Central Bank of Ireland. CRB operates in a business-to-business market. As a broker the services and products offered by CRB aim to help companies understand and protect against the default risks associated with the selling of goods and services and, in so doing, safeguard their sales by obtaining a Credit Insurance Policy or a Bond. All goods and services are sourced from a 3rd party or business partner or supplier of CRB, each of whom will have their own privacy statement.

When sourcing goods and services, CRB acts as “data controller”. We collect and process information mainly on companies and businesses. However, in the process of doing so, we also process data that may be qualified as “personal data” under European Union (“EU”) law as it is information relating to an individual (e.g. a sole trader, a company director, a beneficial owner, a professional contact etc.). Your trust in how we handle your personal data is important to us. When you use our website, engage our services or do business with us as our business partner or supplier, it is important to us to use your personal data carefully and securely in a transparent manner.

In this Privacy Statement we provide information we are required to give in relation to the processing of personal data under EU law. We explain for instance the purposes and grounds of the processing of personal data, the categories of personal data concerned, the categories of the sources and the recipients of the personal data, data retention and your rights as data subject.
Updates to this Privacy Statement
We strive for continuous improvement in our services, processes and protecting your personal data rights, so we may update this Privacy Statement from time to time. Therefore, we advise you to check this statement on a regular basis. This Privacy Statement was updated on 25 May 2018.

Collection and processing of personal data

Personal data is only collected if you provide it to us on your own initiative or if it is provided to us by one of our business partners.

All personal data collected by CRB will be collected, processed and processed in accordance with the relevant regulations for the protection of personal data only for the purpose of executing contracts and safeguarding legitimate business interests with regard to the advice and support of our customers and interested parties used.

We may process the following information on your company or business, which may qualify as personal data:
• Any personal details that we source from a 3rd party or that you provide to us in person, via email, on our website or by telephone, such as:
• Contact details: Name, title, phone number, email, (work) address, contact history.
• Information regarding any of your questions, complaints or disputes.
• Other personal data provided by you.
• Data which may qualify as personal data if it relates to information relating to an individual [e.g. a sole trader (including personal address which indeed be also a work address), company director, (ultimate) beneficial owner, shareholder, beneficiary, professional contact etc.].

• Contact details and personal identification data, e.g. your name, title, function, phone number, email, (work) address, country, date and place of birth, ID details, entity name.

• If your company is not a legal entity, we may also process bank account details, claims history, VAT number, details of the agreement with you and financial information.

Use and disclosure of personal data

The personal information we collect can be used as follows:
• To provide information and services as requested by you
• For fulfilment of contractual obligations
• To maintain contact with you for future marketing
• To assess the ongoing needs of customers and suppliers of products and services
• To perform data analysis to improve our quality
• To assist with the execution of training courses and seminars, as requested by you

With your permission, we may also use your personal information for other purposes

We will only disclose your personal information to authorised service providers, business partners and other third parties under the applicable data protection laws. In no case will the data collected be sold.

It should be noted that we may disclose personally identifiable information to a third party,
• if we have to do so due to a law or legal process
• if this is required for the cooperation and thus the provision of CRB services to you
• if you declare your consent
• during audits or to investigate a complaint or a security threat, if disclosure is required

Does CRB transfer your personal data to other geographical areas?

CRB may transfer certain personal data in accordance with applicable laws across geographical borders to other CRB units or service providers in other countries who work on our behalf. Transmission can be made in particular to other Farosol partners. Such transfers shall be made in compliance with appropriate data protection standards, such as the EU standard contractual clauses or equivalent data transfer agreements, which ensure the protection and confidentiality of personal data.

Safety: How do we protect your personal data?

We are committed to ensuring that your personal data is kept secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate physical, technical and organisational measures to safeguard the information we collect and process. Our security measures are continuously improved in line with technological developments.

How long do we retain your information?

We generally shall retain personal data only: (i) for the period required to serve the applicable business purpose; (ii) to the extent reasonably necessary to comply with any applicable legal requirements; or (iii) as advisable in light of an applicable statute of limitations.
Some personal data will be deleted from record once passed to a 3rd party. For example, photo identification (I.D.) data will be deleted once provided to the Insurance Company.

Rights of a data subject

You have the right to information and the data stored about you, their origin and recipient, as well as the purpose of data processing, as such you can:
• request access to your personal data held by us
• ask us to rectify or complete your information if you believe that your personal data is inaccurate or incomplete
• ask us to erase certain personal data
• ask us to restrict the processing of your personal data object to our processing of your personal data

How can you contact us, access and update your information?

You may send us your request or complaint by submitting a form online via our contact page – here

The person responsible for data protection enquiries is Michael Raleigh our Managing Director.

We will handle your request carefully and in line with the applicable data protection laws.

You also have the right to lodge a complaint with your national data protection authority.