Check6

Privacy Statement

Version: October 2020

CheckTech B.V., acting under the name of Check6, respects your concerns about privacy. This Privacy Policy (the “Policy”) applies to personal data we collect in connection with your use of the Check6 platform, our websites and our mobile applications (the “Services”). This Policy describes the types of personal data we obtain in connection with your use of the Services, how we use the personal data, and with whom we share it. We also describe the rights you may have and how you may contact us about our privacy practices.

Check6 is the data controller in respect of personal data that we collect in connection with (i) your use of our website or mobile applications and submit your personal information thereon or (ii) if you are our customer and we process your personal data with regard to the client-relationship we have with you. With regard to the processing activities in relation to the Services provided to end-users on behalf of our clients (including but not limited to (single) family offices, wealth managers and private banks), we can be deemed a data processor. Information about those processing activities should be obtained from the relevant data controllers.

1. Scope

1.1. The scope of this privacy policy is limited to processing activities to which the General Data Protection Regulation and its national implementation acts apply.

2. Responsibility

2.1. We will only process personal data in accordance with the applicable privacy legislation and as described in this privacy policy.

2.2. The website includes links to website of third parties. We are not responsible for the content of these websites, services provided by these third parties, or their compliance with the applicable privacy legislation.

3. How we obtain your personal data

3.1. We obtain your personal data in various ways:


a) We obtain information actively provided by you. For example, if you contact us or if you provide information to us in the course of our services.

b) We obtain information from third parties. For example, we may request information about your company from the Trade Register of the Chamber of Commerce.

c) We obtain information when you enter our website or mobile applications. For example, we may store your IP address and device information.

3.2. It may be that providing certain personal data to us is a statutory or contractual requirement, a requirement necessary to enter into a contract, or that you are otherwise obliged to provide the data to us. If that is the case, we will inform you thereof separately, and will also explain the possible consequences if you fail to provide such personal data to us.

4. Details of processing

4.1. It depends on the processing activity, which personal data we process about you, for which purposes and based on which legal ground. Please find an overview below.

CATEGORIES OF PERSONAL DATA

If you visit our website, we may process the following personal data about you:

1.1. We process the following personal data about you:

(i) your first and last name, physical address, e-mail address, or telephone number when you create your account and other account-related information (such as username, password, security questions and answers and any content you choose to store in your account);

(ii) professional details such as the name of your employer, and your job title or position;

(iii) bank account number and name of the account;

(iv) operating system type, device identifier, browser type, domain, and other system settings, as well as the language your system uses and the country and time zone where your device is located. The web server logs may also record information such as the address of the web page that referred you to our app or website and the IP address of the device you use to connect to the Internet;

(v) other personal information contained in content you submit to us.

1.2. Sensitive personal data: via our website we do not collect sensitive personal data.

1.3. Your personal data is collected by us when you:

(i) enter into a client-relationship with us;

(ii) contact us through the website;

(iii) use the website or our mobile applications and provide your personal information thereon;

(iv) otherwise use the website or our mobile applications.

PURPOSES AND LEGAL GROUNDS

If you visit our website, we may process your personal data for the following purposes:

 

i. Performance of a contract that you have concluded with us or another party or in order to take steps at your request prior to entering into such a contract.

ii. Communication: we use your personal data to communicate with you about our products and services and to inform you of matters that are important for your account and/or use of the website. This processing of personal data is necessary for the performance of a contract and/or for purposes of our legitimate interests, namely to conduct our normal business.

iii. Improvement purposes: in relation to technical improvement purposes, we collect certain technical information regarding your devices to help us understand and respond to your needs. These activities are carried out on the basis of our legitimate interest, namely to conduct our normal business.

iv. Customer service: if you contact our customer service, your personal data are used to provide you with our customer service. This processing of your personal data is necessary for the performance of a contract, or is necessary for purposes of our legitimate interests, namely to conduct our normal business.

4.2. If and insofar your personal data is processed on the basis of legitimate interests, information can be obtained by you as to the so-called balancing test that was carried out to allow us to rely on this processing ground. Please find our contact details below.

4.3. It may be that we intend to further process your personal data for a purpose other than those for which the personal data have been collected. In such case, we will provide you with information about the(se) other purpose(s) and all relevant further information prior to that further processing.

5. Cookies

5.1. We use the following types of cookies: Necessary cookies, Analytical cookies and Chatflow cookies.

5.2. Please see below an overview of the cookies that we use:

 

 

Name cookie

Purpose of the cookie

Is this cookie placed by a third-party or is the cookie information shared with third parties by Check6?

Validity period

Consent required

Necessary cookies

__hs_opt_out

This cookie is used by the opt-in privacy policy to remember not to ask the visitor to accept cookies again.

No

It expires in 13 months.

No

__hs_do_not_track

This cookie can be set to prevent the tracking code from sending any information to HubSpot.

No

It expires in 13 months.

No

__hs_initial_opt_in

This cookie is used to prevent the banner from always displaying when visitors are browsing in strict mode.

No

It expires in seven days.

No

__hs_cookie_cat_pref

This cookie is used to record the categories a visitor consented to.

No

It expires in 13 months.

No

__cfduid

This cookie is set by HubSpot’s CDN provider, Cloudflare. It helps Cloudflare detect malicious visitors to your website and minimizes blocking legitimate users.

No

It is a session cookie that lasts a maximum of 30 days.

No

__cfruid

This cookie is set by HubSpot’s CDN provider because of their rate limiting policies.

No

It expires at the end of the session.

No

ARRAffinity

This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing session.

No

It expires at the end of the session.

No

Analytical cookies

_hstc

The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

No

It expires in 13 months.

Yes

_hssc

This cookie keeps track of sessions. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.

No

It expires in 30 minutes.

Yes

__hssrc

This cookie is set to determine if the visitor has restarted their browser.

No

It expires at the end of the session.

Yes

hubspotutk

This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts. It contains an opaque GUID to represent the current visitor.

No

It expires in 13 months.

Yes

Ifuuid

Tracks the individual sessions on the websites, this allows the website to collect statistical data from multiple visits - This data can also be used to create leads for marketing purposes.

No

It expires in 10 years.

Yes

_ga

Registers a unique ID that is used to generate statistical data about how the visitor uses the website.

No

It expires in 2 years.

Yes

cf_clearance

Used to identify trusted web traffic. It does not correspond to any user id nor does it store any personally identifiable information.

No

It expires in 1 year

Yes

_gid

Used to distinguish users.

No

It expires in 1 day

Yes

Chatflow cookies

messagesUtk

This cookie is used to recognize visitors who chat with you via the chatflows tool. If the visitor leaves your site before they're added as a contact, they will have this cookie associated with their browser.

No

It expires in 13 months.

Yes

 

5.3. You can change your cookie settings in general – for all websites you visit – via your browser settings. Within your browser you can change your cookie preferences and choose whether you wish to accept cookies or not. If differs per browser which sort of choices you can make, such as denying all third-party cookies. For further information on how you can change your browser settings, please be referred to: aboutcookies.org/how-to-control-cookies/.

5.4. Please note that if you refuse certain cookies, this may reduce the functionality of some parts of our website.

6. Sharing with third parties

6.1. For the provision of our services we share your personal data on a strictly need-to-know-basis with:

a) affiliate companies of CheckTech B.V. in the Netherlands;

b) subcontractors and service providers involved, such as: auditing companies, consulting and law firms, insurance companies and hosting and payment providers;

c) authorities or law enforcement bodies insofar as we are required thereto by law or on the basis of court orders;

d) other third parties insofar we believe this is necessary or appropriate to prevent physical harm or financial loss, in connection with an investigation of suspended or actual fraudulent or other illegal activity and/or in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).

7. Transfer to countries outside the EEA

7.1. Check6 does not involve parties that are located outside the European Economic Area (“EEA”) for the processing of your personal data. If this will be the case in the future, Check6 will duly inform you of that matter and the procedure as explained below will apply.

7.2. Transfers of your personal data to a country outside the EEA may in the first place be legitimized on the basis of a so-called adequacy decision. This is a decision in which the European Commission states that e.g. a certain country offers a level of data protection similar to the GDPR. See this link for the current list of adequacy decisions.

7.3. If and insofar as we transfer personal data with parties in countries outside the EEA to which no adequacy decision applies, we will agree with these parties to data protection provisions set by the European Commission, so called standard contractual clauses including additional safeguarding clauses as recommended by the European Court of Justice. A copy of the agreed standard contractual clauses can be requested by you. Please also contact us if you would like to obtain additional information on the transfer of your personal data out of the EEA. Our contact details are stated below.

8. Security

8.1. We take appropriate organizational and technical security measures to protect your personal data and to prevent misuse, loss or alteration thereof. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who need to have access in view of their work/services. Also, the aforementioned persons involved are bound by a confidentiality obligation, either in their employment agreements or (data processing) agreements.

8.2. Examples of technical security measures taken by us are:

a) logical and physical security (e.g. safe, doorman, firewall, network segmentation);

b) technical control of the authorizations (as limited as possible) and keeping log files;

c) management of the technical vulnerabilities (patch management);

d) keeping software up-to-date (e.g. browsers, virus scanners and operating systems);

e) making back-ups to safeguard availability and accessibility of the personal data;

f) automatic erasure of outdated personal data;

g) encryption of personal data;

h) applying hashing or (other) pseudonymization methods to personal data; and

 

8.3. Examples of organizational security measures taken by us are:

a) assign responsibilities for information security;

b) promote privacy and security awareness among new and existing employees;

c) establish procedures to test, assess and evaluate security measures periodically;

d) check logfiles regularly;

e) using a protocol for handling data breaches and other security incidents;

f) conclude confidentiality, data processing and data protection agreements;

g) assess whether the same objectives can be achieved with less personal data;

h) provide access to personal data to as few people within the organization as possible; and

i) define the decision-making and underlying considerations per processing.

8.4. We have internal security policies in place in which it is further described how we ensure an appropriate level of technical and organizational security measures. We also have a data breach policy in place in which it is described how we deal with a (possible) data breach.

9. Retention periods

9.1. In principle, we do not store your personal data any longer than is strictly necessary for the purposes for which we process your personal data. Check6 has put in place a Retention Policy to ensure that your personal data are deleted after a reasonable period.

9.2. We have the following retention terms in place:

a) your use of our website or mobile applications: 6 months after the date of visit;

b) the client-relationship we have with you: 3 months after the end of our client-relationship.

 

9.3. In exceptional cases, we may process your personal data longer. This is the case if we need to process your personal data for a longer period in view of:

a) longer minimum statutory retention period that applies to Check6 or other specific statutory obligation;

b) legal procedure.

9.4. Please contact us via our contact details displayed below, should you wish to be further informed on how long we process your personal data.

10. Your rights (incl. the right to object)

10.1. In relation to our processing of your personal data, you have the below privacy rights. For more information on your privacy rights, please be referred to this webpage of the European Commission.

a) Right to withdraw consent: In so far as our processing of your personal data is based on your consent (see above), you have the right to withdraw consent at any time.

 

b) Right of access: You have the right to request access to your personal data. This enables you to receive a copy of the personal data we hold about you (but not necessarily the documents themselves). We will then also provide you with further specifics of our processing of your personal data.


c) Right to rectification: You have the right to request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.


d) Right to erasure: You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where: (i) the personal data are no longer necessary, (ii) you have withdrawn your consent, (iii) you have objected to the processing activities, (iv) the personal data have been unlawfully processed, (v) the personal data have to be erased on the basis of a legal requirement, or (vi) where the personal data have been collected in relation to the offer of information society services. We do not have to honour your request to the extent that the processing is necessary: (i) for exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation which requires processing, (iii) for reasons of public interest in the area of public health, (iv) for archiving purposes, or (v) for the establishment, exercise or defence of legal claims.


e) Right to object: You have the right to object to processing of your personal data where we are relying on legitimate interests as processing ground (see above). Insofar as the processing of your personal data takes place for direct marketing purposes, we will always honour your request. For processing for other purposes, we will also cease and desist processing, unless we have compelling legitimate grounds for the processing which override your interests, rights and freedoms or that are related to the institution, exercise or substantiation of a legal claim.


f) Right to restriction: You have the right to request restriction of processing of your personal data in case: (i) the accuracy of the personal data is contested by you, during the period we verify your request, (ii) the processing is unlawful and restriction is requested by you instead of erasure, (iii) we no longer need the personal data but they are required by you for the establishment, exercise or defence of legal claims, or (iv) in case you have objected to processing, during the period we verify your request. If we have restricted the processing of your personal data, this means that we will only store them and no longer process them in any other way, unless: (i) with your consent, (ii) for the establishment, exercise or defence of legal claims, (iii) for the protection of the rights of another natural or legal person, (iv) or for reasons of important public interest.


g) Right to data portability: You have the right to request to transfer of your personal data to you or to a third party of your choice (right to data portability). We will provide to you, or such third, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies if it concerns processing that is carried out by us by automated means, and only if the our processing ground for such processing is your consent or the performance of a contract to which you are a party (see above).


h) Automated decision-making: You have the right not to be subject to a decision based solely on automated processing, which significantly impacts you (“which produces legal effects concerning you or similarly significantly affects you”). In this respect, please be informed that when processing your personal data, we do not make use of automated decision-making.


i) Right to complaint: In addition to the above mentioned rights you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work or of an alleged infringement of the GDPR at all times. Please be referred to this webpage for an overview of the supervisory authorities and their contact details. However, we would appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us beforehand.

 

10.2. The exercise of the abovementioned rights is free of charge and can be carried out by phone or by e-mail via the contact details displayed below. If requests are manifestly unfounded or excessive, in particular because of the repetitive character, we will either charge you a reasonable fee or refuse to comply with the request.

10.3. We may request specific information from you to help us confirm your identity before we comply with a request from you concerning one of your rights.

10.4. We will provide you with information about the follow-up to the request without undue delay and in principle within one month of receipt of the request. Depending on the complexity of the request and on the number of requests, this period can be extended by another two months. We will notify you of such an extension within one month of receipt of the request. The applicable privacy legislation may allow or require us to refuse your request. If we cannot comply with your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

11. Contact details

For any questions, comments or requests, you may contact us via info@check6wealth.com.

12. Miscellaneous

12.1. Check6 is entitled at all times to delete your personal data without notice. In such a case, Check6 owes no compensation to you as a result of the termination of the account.

12.2. If provisions from this privacy policy are in conflict with the law, they will be replaced by provisions of the same purport that reflects the original intention of the provision, all this to the extent legally permissible. In that case, the remaining provisions remain applicable unchanged.

12.3. Check6 reserves the right to change this privacy policy on a regular basis. Where required, Check6 will inform you of updates made to this privacy policy. The current version is always available on our website. This privacy policy was last amended and revised in October 2020.

13. Definitions

13.1. In these privacy policy, the following definitions apply:

Applicable privacy legislation

All applicable privacy legislation, including the General Data Protection Regulation (“GDPR”) and the relevant national implementation acts.

Privacy policy

This present privacy policy.

Check6

CheckTech B.V.

Stationsplein 3

4811 BB Breda

The Netherlands

Chamber of Commerce number: 65776682

Website

www.check6wealth.com

13.2. Other terms that are defined in the applicable privacy legislation, such as ‘personal data’, (joint) controller, processor, data subject and processing will have the meaning as described in the applicable privacy legislation.

*****