Privacy Policy
This privacy policy (“Privacy Policy”) is applicable to all processing activities of Silverfin (as defined below) as a data controller.
Please read this Privacy Policy together with our Cookie Policy and our Terms of Use. Silverfin may update this Privacy Policy in the future: the latest version can always be found on our Website (as defined below).
You can find our archived Silverfin Privacy Policies in pdf format here.
ABOUT THIS PRIVACY POLICY
Due to, for example, your commercial relationship or recent contact with Silverfin or due to a visit to or action on our “Website” (i.e. www.silverfin.com; www.getsilverfin.com and www.silverfin.be), we may collect, store and otherwise process personal data relating to you or, if you are a company, your employees | representatives (“your personal data”).
This Privacy Policy describes (i) how we collect, treat and store your personal data; (ii) the rights you can exercise in relation to your personal data; and (iii) the measures we take to protect it and to secure your personal data.
Silverfin respects your privacy and we always strive to act in accordance with the applicable privacy legislation, such as (non-exhaustive): (i) the General Data Protection Regulation 2016/679 of April 27, 2016 (“GDPR”); (ii) the United Kingdom(UK) Data Protection Act 2018 (“UK GDPR”); (iii) the Belgian Privacy Law of 30 July 2018; (iv) the ePrivacy Directive 2002/58/EC of 12 July 2002, including future amendments and revisions thereof; and/or (v) (future) national legislation regarding the implementation of the GDPR (together: “Privacy Legislation”).
1. SILVERFIN IS THE DATA CONTROLLER
We are Silverfin NV, a limited liability company with registered office at Gaston Crommenlaan 12, 9050 Gent, registered with the Crossroads Database for Enterprises under number 0524.802.662 (“Silverfin” or “we | us”)
Silverfin is the developer and provider of the Silverfin platform as described and represented via www.silverfin.com (“Silverfin Platform”) and the corresponding online service of Silverfin (“Service”) and is the owner of the Website
In light of Privacy Legislation, Silverfin will act as the DATA CONTROLLER of your personal data for the purposes described in this Privacy Policy. This means, we are in control of (and thus, responsible for) your personal data.
2.SILVERFIN’S PROCESSING ACTIVITIES
Which personal data we collect, store and otherwise process and the purpose for which we process this data may differ depending on your relation with Silverfin. In particular, we identify five different scenarios:
- You are browsing on our Website;
- You (wish to) receive updates and newsletters relating to Silverfin services and products (incl. the Silverfin Platform);
- You are a prospect and/or seeking a commercial relationship with Silverfin;
- Your company is an active Silverfin customer and/or you are an authorized user of the Silverfin Platform; or,
- You are | your company is a partner or a supplier of Silverfin.
2.1 You are browsing on our Website
Contacting Silverfin via the contact form on the Website
Purpose: | To answer any questions you may have and/or to initiate a conversation | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company name | ❑ Country | |
❑ Nature of inquiry | ❑ Voluntarily provided information | |
Legal ground: | Consent | |
Retention period: | Until one (1) year following your contact with Silverfin |
Cookies
When browsing on our Website, we may also collect your personal data through cookies stored on your device(s) in order to optimize the functioning of the Website. Please consult our Cookie Policy for more information.
2.2. You (wish to) receive updates and newsletters relating to Silverfin services and products
The Silverfin newsletter | update
Purpose: | Providing more information on (new features of) the Silverfin Platform, our Service or related products/services | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ||
Legal ground: | Consent or, if you happen to be a customer or partner of Silverfin, legitimate interest | |
Retention period: | Until you have objected to the processing of your personal data for this purpose (cfr. Section 7 - “Right to object”) |
2.3 You are a prospect and/or seeking a commercial relationship with Silverfin
Requesting a personal demo
Purpose: | To schedule your personal demo of the Silverfin Platform | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company name | ❑ Country | |
❑ Type of industry | ❑ Preferred Language | |
Legal ground: | Consent | |
Retention period: | Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first ( + verification period of six months) |
General communication with Silverfin & prospecting by Silverfin
Purpose: | To have quality conversations (via mail, telephone or business social media channels) in which Silverfin provides more information on its Service and the Silverfin Platform | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company name | ❑ Country | |
❑ Type of industry | ❑ Preferred Language | |
❑ Social media / business channel | ❑ Voluntarily provided information | |
Legal ground: | Legitimate interest | |
Retention period: | Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first ( + verification period of six months) |
Registering for | attending a Silverfin (network) event
Purpose: | To have an overview of the participants to the event (e.g. Fast Forward; webinar | seminar; contest) as well as to have a follow-up communication after the event | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Company | |
Legal ground: | Consent | |
Retention period: | Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first ( + verification period of six months) |
2.4 Your company is an active Silverfin customer
Please note that your company is the data controller for all personal data which is provided or submitted to Silverfin by your company during the use of the Service / Silverfin Platform. In such a case, Silverfin is merely a facilitator of the Service / Silverfin Platform. In that light, please consult our Data Processing Addendum.
General communication and (technical) support
Purpose: | To enable communication with & to provide support to customers | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Preferred Language | |
❑ Job function | ❑ Voluntarily provided information | |
❑ Phone number | ||
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | Until one (1) year following the termination of the commercial relationship between your company and Silverfin |
Billing
Purpose: | To prepare invoices for the Service | use of the Silverfin Platform | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Preferred Language | |
❑ Address | ❑ VAT-number | |
❑ Job function | ||
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | Until one (1) following the termination of the commercial relationship between your company and Silverfin |
Quotes | proposals
Purpose: | To draw up (additional) quotes | proposals | |
Personal data: | ❑ First name | ❑ Company |
❑ Last name | ❑ Email address | |
❑ Address | ❑ VAT-number | |
Legal ground: | Legitimate interest | |
Retention period: | Until one (1) year following the termination of the commercial relationship between your company and Silverfin |
Creating your Silverfin account
Purpose: | To set up your Silverfin Platform account | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company | ❑ Login | |
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | Until one (1) year following the termination of the commercial relationship between your company and Silverfin |
2.5. You are | your company is a partner or supplier of Silverfin
General communication and provision of services
Purpose: | To communicate with you in the scope of our commercial relationship | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company | ❑ Preferred Language | |
❑ Job function | ❑ Voluntarily provided information | |
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | For the duration of your commercial relationship with Silverfin and in any event accordance with any (data processing) agreements concluded with Silverfin |
Billing
Purpose: | To pay your invoices for the services provided (incl. corresponding communication) | |
Personal data: | ❑ First name | ❑ Company |
❑ Last name | ❑ Email Address | |
❑ Address | ❑ VAT-number | |
❑ Job function | ||
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | For the duration of your commercial relationship with Silverfin and in any event accordance with any (data processing) agreements concluded with Silverfin |
3. LEGAL GROUNDS
You can find more information on the applicable ground for each of the identified processing activities in Section 2 above.
In case the legal ground for processing happens to be legitimate interest, Silverfin shall always (i) assess whether this is in proportion with the purpose for which your personal data was collected and used; and, (ii) take your reasonable expectations into account and ensure a balance with your fundamental rights and freedoms. If we cannot guarantee this, we will stop storing | using your personal data or we will determine a new legal ground.
4. RETENTION PERIODS
You can find more information on the retention period of your personal data for each of the identified processing activities in Section 2 above.
5. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
5.1 Silverfin affiliates. Silverfin may disclose your personal data to its affiliates in the scope of support(ing) services:
Name | Territory | Implemented Safeguards |
---|---|---|
Silverfin Software Ltd. | United Kingdom (London) | European Commission adequacy decision for UK |
Silverfin Software B.V. | The Netherlands (Amsterdam) | N/A (within EEA) |
Silverfin Software ApS | Denmark (Copenhagen) | N/A (within EEA) |
5.2 Other third parties
Silverfin shall not disclose your personal data to other third parties, unless it is necessary to achieve the purposes described in this Privacy Policy. In this respect, (some of) your personal data may be disclosed to:
- Payment providers (e.g. to process the payment or detect/prevent money laundering or fraud)
- Software and cloud providers (to facilitate hosting of (the data in) the Silverfin Platform | Service); and,
- Freelancers or other service providers (e.g. to help develop the Silverfin Platform | Service)
Of course we have made sure that the necessary contracts or similar legal binding acts are in place to ensure that these third parties treat your personal data in accordance with the Privacy Legislation (e.g. Article 28 GDPR).
In addition, we might transfer your personal data:
- to competent authorities: for instance, because (i) we are obliged to provide your personal data under law or in the scope of (future) legal proceedings, or (ii) this is necessary to safeguard our rights; or,
- in M&A context: meaning, if Silverfin or the majority of its assets, is taken over by a third party, in which case your personal data – which Silverfin has collected – may be one of the transferred assets.
6. CROSS-BORDER PROCESSING OF PERSONAL DATA
In case any of the above mentioned third parties or other recipients are located in a country outside the European Economic Area, Silverfin will ensure that one or more of the listed EU-approved safeguards are in place:
- European Commission adequacy decision;
- Data transfer agreement (cfr. the Standard Contractual Clauses as provided in the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, including the performance of a transfer impact assessment);
- Binding corporate rules; or,
- Certification mechanisms.
7. YOUR PRIVACY RIGHTS
The Privacy Legislation (e.g. (UK) GDPR) gives you certain rights over your personal data vis-à-vis Silverfin. You can exercise these rights by contacting us, as specified in Section 10, and by using the Data Subject’s Rights Form (see at the end of this Section 7).
Access: | you can ask for confirmation of whether or not personal data that relates to you is being processed. If so, you can ask us to give you copies of your personal data. We may charge you a small fee for this service; |
Rectification: | you can ask us to correct | complete any information you believe is inaccurate | incomplete; |
Erasure: | you can ask us to erase your personal data, under certain conditions. Please be aware that in this context certain services will no longer be accessible and/or can no longer be provided. |
Objection: | You can object to us processing your personal data, under certain conditions. |
Restriction of processing: | you can ask us to restrict the processing of your personal data, unless we have legitimate interests for the processing of your personal data that prevail over your interests |
Data portability: | you can ask us to transfer your personal data to another organization, or directly to you in a commonly used structured format readable by automatic device, under certain conditions. |
Updates | Newsletters. You can always change your communication preferences in the Silverfin Communication Preference Centre (you can find a unique link in the footer of every Silverfin communication). If you no longer wish to receive any of our Silverfin communications, you can object to these direct marketing communications by either (i) using the Data Subject’s Rights Form (as indicated above); or (ii) by indicating “Yes, I object” in our Communication Preferences Centre (as indicated above). Upon receipt of your objection, we will stop processing your personal data for Silverfin communications. This is done free of charge.
You can download the “Data Subject Rights Form” here.
You can find your unique link to the “Communication Preferences Centre” in the footer of every Silverfin communication.
8. SECURITY
Silverfin undertakes to take reasonable, physical, technological and organizational precautions in order to avoid (i) unauthorised access to your personal information, and (ii) loss, abuse or alteration of your personal data. Please consult Silverfin’s “Technical and organizational measures” below for more information on the security measures taken.
Notwithstanding Silverfin’s Security Policy, the checks it carries out and the actions it proposes in this context, an infallible level of security cannot be guaranteed. Since no method of transmission or forwarding over the internet, or any method of electronic storage is 100% secure, we are not in a position to guarantee absolute security.
Finally, the security of your account will also partly depend on the confidentiality and complexity of your password. Silverfin will never ask for your password, meaning that you will never be required to communicate it personally. Silverfin therefore strongly advises you, if you observe that someone has accessed your account, to immediately change your password and contact us.
9. UPDATES
We are entitled to update this Privacy Policy by posting a new version on the Website whereby we will indicate the revision date at the top of this Privacy Policy. As such, it is strongly recommended to regularly consult the Website and the page displaying the Privacy Policy, to make sure that you are aware of any changes.
10. NOTIFICATIONS AND QUESTIONS
Notifications under this Privacy Policy (such as, exercising your rights as a data subject) and/or any questions or concerns with regard to the provisions of this Privacy Policy must be directed at legal@silverfin.com.
11. COMPLAINTS?
You are not satisfied with the manner in which we collect, store or otherwise treat or secure your personal data? We are sorry to hear that, and are prepared to take all measures to remedy this situation. Please do contact us as specified above.
Relevant links to related documents
TECHNICAL AND ORGANIZATIONAL MEASURES
The provision of the Silverfin platform and the related services leads to the collection and processing of personal data by Silverfin, in its capacity as a data processor, on behalf of its customers. For more information, please consult our Data Processing Addendum.
Silverfin implements appropriate technical and organizational measures, as set forth below, to ensure, to the best of its abilities, the protection of (i) the personal data – including protection against careless, improper, unauthorized or unlawful use and/or processing and against accidental loss, destruction or damage; and (ii) the confidentiality and integrity of the personal data. When implementing said measures, Silverfin has taken into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
1. MANAGEMENT DIRECTION FOR INFORMATION SECURITY
(i) Silverfin has implemented an appropriate information security policy; (ii) Silverfin has suitably qualified information security specialists, supported by the Silverfin business leadership; (iii) Silverfin management requires employees and third-party contractors with access to customer information to commit to written, confidentiality, and privacy responsibilities with respect to that information. These responsibilities survive termination or change of employment or engagement.
2. HUMAN RESOURCE SECURITY
(i) Silverfin provides information security awareness information to employees and relevant third-party contractors.
3. ACCESS CONTROL
3.1. User Access Management (i) Silverfin implements access control policies to support creation, amendment and deletion of user accounts for systems or applications holding or allowing access to customer information; (ii) Silverfin implements a user account and access provisioning process to assign and revoke access rights to systems and applications; (iii) The use of “generic” or “shared” accounts is prohibited without system controls enabled to track specific user access and prevent shared passwords; (iv) Silverfin monitors and restricts access to utilities capable of overriding system or application security controls; (v) User access to systems and applications storing or allowing access to customer information is controlled by a secure logon procedure.
3.2. Physical Access Management (i) Physical access to facilities where customer information is stored or processed is protected in accordance with good industry practices.
4. COMMUNICATIONS SECURITY
4.1. Network Security (i) Silverfin logically segregates customer data within a shared service environment; (ii) Silverfin secures network segments from external entry points where customer data is accessible; (iii) External network perimeters are hardened and configured to prevent unauthorized traffic; (iv) Inbound and outbound points are protected by firewalls and intrusion detection systems (IDS). c. Ports and protocols are limited to those with specific business purposes; (v) Silverfin synchronizes system clocks on network servers to a universal time source (e.g. UTC) or network time protocol (NTP).
4.2. Cryptographic Controls (i) Customer data, including personal data, is encrypted at rest.
4.3. Cloud Controls (i) Silverfin encrypts data during transmission between each application tier and between interfacing applications.
5. OPERATIONS SECURITY
5.1. Service Management (i) Silverfin has implemented formal operating procedures for system processes impacting customer data. This notification may occur through generic change logs. Procedures must track author, revision date and version number, and must be approved by management; (ii) Silverfin monitors service availability.
5.2. Vulnerability Management (i) Silverfin performs annual penetration testing for systems and applications that store or allow access to customer data, including personal data. Identified issues must be remediated within a reasonable timeframe; (ii) Silverfin has implemented a patch and vulnerability management process to identify, report and remediate vulnerabilities by:
❑ performing security assessment of the application and underlying infrastructure on a regular basis;
❑ implementing vendor patches or fixes; and,
❑ developing a remediation plan for critical vulnerabilities.
(iii) Silverfin has implemented controls to detect and prevent malware, malicious code and unauthorized execution of code. Controls must be updated regularly with the latest technology available (e.g. deploying the latest signatures and definitions).
5.3. Logging and Monitoring (i) Silverfin generates administrator and event logs for systems and applications that store or allow access to customer data; (ii) Silverfin reviews system logs periodically to identify system failures, faults, or potential security incidents affecting customer information.
6. THIRD-PARTY SUPPLIER MANAGEMENT
(i) Silverfin has contractual agreements with third parties handling customer information which must include appropriate information security, confidentiality, and data protection requirements, as detailed in the agreement concluded. Agreements with such parties are reviewed periodically to validate that information security and data protection requirements remain appropriate; (ii) Silverfin reviews its third parties’ information security controls periodically and validates that these controls remain appropriate according to the risks represented by the third party’s handling of customer information, taking into account any state-of-the-art technology and the costs of implementation; (iii) Silverfin restricts third party access to customer data, including personal data. (iv) If requested by the customer, Silverfin provides the customer a list of third parties with required access to customer data, including personal data; (v) Silverfin permits access to customer data, including personal data, only as necessary to perform the services that the third party has contractually agreed to deliver.
7. RESILIENCE
(i) Silverfin performs business continuity risk assessment activities to determine relevant risks, threats, impacts, likelihood, and required controls and procedures; (ii) Based on risk assessment results, Silverfin documents, implements, annually tests and reviews its Business Continuity and Disaster Recovery (BC/DR) plans to validate the ability to restore availability and access to customer data in a timely manner, in the event of a physical or technical incident that results in loss or corruption of customer data.
8. AUDIT AND COMPLIANCE
(i) Silverfin periodically reviews whether its systems and equipment storing or enabling access to customer data, including personal data, comply with legal and regulatory requirements and contractual obligations owed to customer; (ii) Silverfin maintains current independent verification of the effectiveness of its technical and organizational security measures (e.g. ISO certification). The independent information security review are performed at least annually.
Questions
Any questions or concerns with regard to the provisions of this Security Policy must be directed at security@silverfin.com.