Privacy Policy
Please read this Privacy Policy together with our Cookie Policy and our Terms of Use. Silverfin may update this Privacy Policy in the future: the latest version can always be found on our Website (as defined below).
You can find our archived Silverfin Privacy Policies in pdf format here.
ABOUT THIS PRIVACY POLICY
This Privacy Policy describes (i) how we collect, treat and store your personal data; (ii) the rights you can exercise in relation to your personal data; and (iii) the measures we take to protect it and to secure your personal data.
Silverfin respects your privacy and we always strive to act in accordance with the applicable privacy legislation, such as (non-exhaustive): (i) the General Data Protection Regulation 2016/679 of April 27, 2016 (“GDPR”); (ii) the United Kingdom(UK) Data Protection Act 2018 (“UK GDPR”); (iii) the Belgian Privacy Law of 30 July 2018; (iv) the ePrivacy Directive 2002/58/EC of 12 July 2002, including future amendments and revisions thereof; and/or (v) (future) national legislation regarding the implementation of the GDPR (together: “Privacy Legislation”).
1. SILVERFIN IS THE DATA CONTROLLER
Silverfin is the developer and provider of the Silverfin platform as described and represented via www.silverfin.com (“Silverfin Platform”) and the corresponding online service of Silverfin (“Service”) and is the owner of the Website
In light of Privacy Legislation, Silverfin will act as the DATA CONTROLLER of your personal data for the purposes described in this Privacy Policy. This means, we are in control of (and thus, responsible for) your personal data.
2.SILVERFIN’S PROCESSING ACTIVITIES
Which personal data we collect, store and otherwise process and the purpose for which we process this data may differ depending on your relation with Silverfin. In particular, we identify five different scenarios:
- You are browsing on our Website;
- You (wish to) receive updates and newsletters relating to Silverfin services and products (incl. the Silverfin Platform);
- You are a prospect and/or seeking a commercial relationship with Silverfin;
- Your company is an active Silverfin customer and/or you are an authorized user of the Silverfin Platform; or,
- You are | your company is a partner or a supplier of Silverfin.
2.1 You are browsing on our Website
Contacting Silverfin via the contact form on the Website
Purpose: | To answer any questions you may have and/or to initiate a conversation | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company name | ❑ Country | |
❑ Nature of inquiry | ❑ Voluntarily provided information | |
Legal ground: | Consent | |
Retention period: | Until one (1) year following your contact with Silverfin |
Cookies
When browsing on our Website, we may also collect your personal data through cookies stored on your device(s) in order to optimize the functioning of the Website. Please consult our Cookie Policy for more information.
2.2. You (wish to) receive updates and newsletters relating to Silverfin services and products
The Silverfin newsletter | update
Purpose: | Providing more information on (new features of) the Silverfin Platform, our Service or related products/services | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ||
Legal ground: | Consent or, if you happen to be a customer or partner of Silverfin, legitimate interest | |
Retention period: | Until you have objected to the processing of your personal data for this purpose (cfr. Section 7 - “Right to object”) |
2.3 You are a prospect and/or seeking a commercial relationship with Silverfin
Requesting a personal demo
Purpose: | To schedule your personal demo of the Silverfin Platform | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company name | ❑ Country | |
❑ Type of industry | ❑ Preferred Language | |
Legal ground: | Consent | |
Retention period: | Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first ( + verification period of six months) |
General communication with Silverfin & prospecting by Silverfin
Purpose: | To have quality conversations (via mail, telephone or business social media channels) in which Silverfin provides more information on its Service and the Silverfin Platform | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company name | ❑ Country | |
❑ Type of industry | ❑ Preferred Language | |
❑ Social media / business channel | ❑ Voluntarily provided information | |
Legal ground: | Legitimate interest | |
Retention period: | Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first ( + verification period of six months) |
Billing
Purpose: | To prepare invoices for the Service | use of the Silverfin Platform | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Preferred Language | |
❑ Address | ❑ VAT-number | |
❑ Job function | ||
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | Until one (1) following the termination of the commercial relationship between your company and Silverfin |
Registering for | attending a Silverfin (network) event
Purpose: | To have an overview of the participants to the event (e.g. Fast Forward; webinar | seminar; contest) as well as to have a follow-up communication after the event | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Company | |
Legal ground: | Consent | |
Retention period: | Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first ( + verification period of six months) |
3. LEGAL GROUNDS
4. RETENTION PERIODS
5. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES
5.1 Silverfin affiliates. Silverfin may disclose your personal data to its affiliates in the scope of support(ing) services:
Name | Territory | Implemented Safeguards |
---|---|---|
Silverfin Software Ltd. | United Kingdom (London) | European Commission adequacy decision for UK |
Silverfin Software B.V. | The Netherlands (Amsterdam) | N/A (within EEA) |
Silverfin Software ApS | Denmark (Copenhagen) | N/A (within EEA) |
- Payment providers (e.g. to process the payment or detect/prevent money laundering or fraud)
- Software and cloud providers (to facilitate hosting of (the data in) the Silverfin Platform | Service); and,
- Freelancers or other service providers (e.g. to help develop the Silverfin Platform | Service)
- to competent authorities: for instance, because (i) we are obliged to provide your personal data under law or in the scope of (future) legal proceedings, or (ii) this is necessary to safeguard our rights; or,
- in M&A context: meaning, if Silverfin or the majority of its assets, is taken over by a third party, in which case your personal data – which Silverfin has collected – may be one of the transferred assets.
6. CROSS-BORDER PROCESSING OF PERSONAL DATA
- European Commission adequacy decision;
- Data transfer agreement ((cfr. the Standard Contractual Clauses as provided in the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, including the performance of a transfer impact assessment);
- Binding corporate rules; or,
- Certification mechanisms.
7. YOUR PRIVACY RIGHTS
The Privacy Legislation (e.g. (UK) GDPR) gives you certain rights over your personal data vis-à-vis Silverfin. You can exercise these rights by contacting us, as specified in Section 10, and by using the Data Subject’s Rights Form (see at the end of this Section 7).
Access: | you can ask for confirmation of whether or not personal data that relates to you is being processed. If so, you can ask us to give you copies of your personal data. We may charge you a small fee for this service; |
Rectification: | you can ask us to correct | complete any information you believe is inaccurate | incomplete; |
Erasure: | you can ask us to erase your personal data, under certain conditions. Please be aware that in this context certain services will no longer be accessible and/or can no longer be provided. |
Objection: | You can object to us processing your personal data, under certain conditions. |
Restriction of processing: | you can ask us to restrict the processing of your personal data, unless we have legitimate interests for the processing of your personal data that prevail over your interests |
Data portability: | you can ask us to transfer your personal data to another organization, or directly to you in a commonly used structured format readable by automatic device, under certain conditions. |
You can download the “Data Subject Rights Form” here.
You can find your unique link to the “Communication Preferences Centre” in the footer of every Silverfin communication.
8. SECURITY
Notwithstanding Silverfin’s Security Policy, the checks it carries out and the actions it proposes in this context, an infallible level of security cannot be guaranteed. Since no method of transmission or forwarding over the internet, or any method of electronic storage is 100% secure, we are not in a position to guarantee absolute security.
Finally, the security of your account will also partly depend on the confidentiality and complexity of your password. Silverfin will never ask for your password, meaning that you will never be required to communicate it personally. Silverfin therefore strongly advises you, if you observe that someone has accessed your account, to immediately change your password and contact us.
9. UPDATES
10. NOTIFICATIONS AND QUESTIONS
Notifications under this Privacy Policy (such as, exercising your rights as a data subject) and/or any questions or concerns with regard to the provisions of this Privacy Policy must be directed at legal@silverfin.com.
11. COMPLAINTS?
You also have the right to lodge a complaint with the authorized supervisory authority (i.e. the Belgian Data Protection Authority or the data protection authority of (i) your residence or (ii) your workplace) should you consider that the processing of your personal data infringes the Privacy Legislation. You can send an email to the Belgian Data Protection Authority at contact@apd-gba.be or any other email address provided by the Belgian Data Protection Authority (https://www.dataprotectionauthority.be/citizen/actions/contact).
Relevant links to related documents
You are not satisfied with the manner in which we collect, store or otherwise treat or secure your personal data? We are sorry to hear that, and are prepared to take all measures to remedy this situation. Please do contact us as specified above.
You also have the right to lodge a complaint with the authorized supervisory authority (i.e. the Belgian Data Protection Authority or the data protection authority of (i) your residence or (ii) your workplace) should you consider that the processing of your personal data infringes the Privacy Legislation. You can send an email to the Belgian Data Protection Authority at contact@apd-gba.be or any other email address provided by the Belgian Data Protection Authority (https://www.dataprotectionauthority.be/citizen/actions/contact).
1. MANAGEMENT DIRECTION FOR INFORMATION SECURITY
2. HUMAN RESOURCE SECURITY
(i) Silverfin provides information security awareness information to employees and relevant third-party contractors.
3. ACCESS CONTROL
3.1. User Access Management (i) Silverfin implements access control policies to support creation, amendment and deletion of user accounts for systems or applications holding or allowing access to customer information; (ii) Silverfin implements a user account and access provisioning process to assign and revoke access rights to systems and applications; (iii) The use of “generic” or “shared” accounts is prohibited without system controls enabled to track specific user access and prevent shared passwords; (iv) Silverfin monitors and restricts access to utilities capable of overriding system or application security controls; (v) User access to systems and applications storing or allowing access to customer information is controlled by a secure logon procedure.
3.2. Physical Access Management (i) Physical access to facilities where customer information is stored or processed is protected in accordance with good industry practices.
4. COMMUNICATIONS SECURITY
4.1. Network Security (i) Silverfin logically segregates customer data within a shared service environment; (ii) Silverfin secures network segments from external entry points where customer data is accessible; (iii) External network perimeters are hardened and configured to prevent unauthorized traffic; (iv) Inbound and outbound points are protected by firewalls and intrusion detection systems (IDS). c. Ports and protocols are limited to those with specific business purposes; (v) Silverfin synchronizes system clocks on network servers to a universal time source (e.g. UTC) or network time protocol (NTP).
4.2. Cryptographic Controls (i) Customer data, including personal data, is encrypted at rest.
4.3. Cloud Controls (i) Silverfin encrypts data during transmission between each application tier and between interfacing applications.
5. OPERATIONS SECURITY
5.1. Service Management (i) Silverfin has implemented formal operating procedures for system processes impacting customer data. This notification may occur through generic change logs. Procedures must track author, revision date and version number, and must be approved by management; (ii) Silverfin monitors service availability.
5.2. Vulnerability Management (i) Silverfin performs annual penetration testing for systems and applications that store or allow access to customer data, including personal data. Identified issues must be remediated within a reasonable timeframe; (ii) Silverfin has implemented a patch and vulnerability management process to identify, report and remediate vulnerabilities by:
❑ performing security assessment of the application and underlying infrastructure on a regular basis;
❑ implementing vendor patches or fixes; and,
❑ developing a remediation plan for critical vulnerabilities.
(iii) Silverfin has implemented controls to detect and prevent malware, malicious code and unauthorized execution of code. Controls must be updated regularly with the latest technology available (e.g. deploying the latest signatures and definitions).
5.3. Logging and Monitoring (i) Silverfin generates administrator and event logs for systems and applications that store or allow access to customer data; (ii) Silverfin reviews system logs periodically to identify system failures, faults, or potential security incidents affecting customer information.
6. THIRD-PARTY SUPPLIER MANAGEMENT
7. RESILIENCE
8. AUDIT AND COMPLIANCE
Questions
Any questions or concerns with regard to the provisions of this Security Policy must be directed at security@silverfin.com.
Privacy Policy
ABOUT THIS PRIVACY POLICY
1. SILVERFIN IS THE DATA CONTROLLER
2.SILVERFIN’S PROCESSING ACTIVITIES
- You are browsing on our Website;
- You (wish to) receive updates and newsletters relating to Silverfin services and products (incl. the Silverfin Platform);
- You are a prospect and/or seeking a commercial relationship with Silverfin;
- Your company is an active Silverfin customer and/or you are an authorized user of the Silverfin Platform; or,
- You are | your company is a partner or a supplier of Silverfin.
Purpose: | To answer any questions you may have and/or to initiate a conversation | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company name | ❑ Country | |
❑ Nature of inquiry | ❑ Voluntarily provided information | |
Legal ground: | Consent | |
Retention period: | Until one (1) year following your contact with Silverfin |
Cookies
2.2. You (wish to) receive updates and newsletters relating to Silverfin services and products
Purpose: | Providing more information on (new features of) the Silverfin Platform, our Service or related products/services | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ||
Legal ground: | Consent or, if you happen to be a customer or partner of Silverfin, legitimate interest | |
Retention period: | Until you have objected to the processing of your personal data for this purpose (cfr. Section 7 - “Right to object”) |
2.3 You are a prospect and/or seeking a commercial relationship with Silverfin
Requesting a personal demo
Purpose: | To schedule your personal demo of the Silverfin Platform | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company name | ❑ Country | |
❑ Type of industry | ❑ Preferred Language | |
Legal ground: | Consent | |
Retention period: | Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first ( + verification period of six months) |
Purpose: | To have quality conversations (via mail, telephone or business social media channels) in which Silverfin provides more information on its Service and the Silverfin Platform | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company name | ❑ Country | |
❑ Type of industry | ❑ Preferred Language | |
❑ Social media / business channel | ❑ Voluntarily provided information | |
Legal ground: | Legitimate interest | |
Retention period: | Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first ( + verification period of six months) |
Registering for | attending a Silverfin (network) event
Purpose: | To have an overview of the participants to the event (e.g. Fast Forward; webinar | seminar; contest) as well as to have a follow-up communication after the event | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Company | |
Legal ground: | Consent | |
Retention period: | Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first ( + verification period of six months) |
2.4 Your company is an active Silverfin customer
General communication and (technical) support
Purpose: | To enable communication with & to provide support to customers | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Preferred Language | |
❑ Job function | ❑ Voluntarily provided information | |
❑ Phone number | ||
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | Until one (1) year following the termination of the commercial relationship between your company and Silverfin |
Billing
Purpose: | To prepare invoices for the Service | use of the Silverfin Platform | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Preferred Language | |
❑ Address | ❑ VAT-number | |
❑ Job function | ||
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | Until one (1) following the termination of the commercial relationship between your company and Silverfin |
Quotes | proposals
Purpose: | To draw up (additional) quotes | proposals | |
Personal data: | ❑ First name | ❑ Company |
❑ Last name | ❑ Email address | |
❑ Address | ❑ VAT-number | |
Legal ground: | Legitimate interest | |
Retention period: | Until one (1) year following the termination of the commercial relationship between your company and Silverfin |
Purpose: | To set up your Silverfin Platform account | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company | ❑ Login | |
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | Until one (1) year following the termination of the commercial relationship between your company and Silverfin |
2.5. You are | your company is a partner or supplier of Silverfin
General communication and provision of services
Purpose: | To communicate with you in the scope of our commercial relationship | |
Personal data: | ❑ First name | ❑ Email address |
❑ Last name | ❑ Phone number | |
❑ Company | ❑ Preferred Language | |
❑ Job function | ❑ Voluntarily provided information | |
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | For the duration of your commercial relationship with Silverfin and in any event accordance with any (data processing) agreements concluded with Silverfin |
Purpose: | To pay your invoices for the services provided (incl. corresponding communication) | |
Personal data: | ❑ First name | ❑ Company |
❑ Last name | ❑ Email Address | |
❑ Address | ❑ VAT-number | |
❑ Job function | ||
Legal ground: | Necessary for the performance of the agreement | |
Retention period: | For the duration of your commercial relationship with Silverfin and in any event accordance with any (data processing) agreements concluded with Silverfin |
Name | Territory | Implemented Safeguards |
---|---|---|
Silverfin Software Ltd. | United Kingdom (London) | European Commission adequacy decision for UK |
Silverfin Software B.V. | The Netherlands (Amsterdam) | N/A (within EEA) |
Silverfin Software ApS | Denmark (Copenhagen) | N/A (within EEA) |
- Payment providers (e.g. to process the payment or detect/prevent money laundering or fraud)
- Software and cloud providers (to facilitate hosting of (the data in) the Silverfin Platform | Service); and,
- Freelancers or other service providers (e.g. to help develop the Silverfin Platform | Service)
- to competent authorities: for instance, because (i) we are obliged to provide your personal data under law or in the scope of (future) legal proceedings, or (ii) this is necessary to safeguard our rights; or,
- in M&A context: meaning, if Silverfin or the majority of its assets, is taken over by a third party, in which case your personal data – which Silverfin has collected – may be one of the transferred assets.
6. CROSS-BORDER PROCESSING OF PERSONAL DATA
In case any of the above mentioned third parties or other recipients are located in a country outside the European Economic Area, Silverfin will ensure that one or more of the listed EU-approved safeguards are in place:
- European Commission adequacy decision;
- Data transfer agreement (cfr. the Standard Contractual Clauses as provided in the European Commission Implementing Decision (EU) 2021/914 of 4 June 2021, including the performance of a transfer impact assessment);
- Binding corporate rules; or,
- Certification mechanisms.
7. YOUR PRIVACY RIGHTS
Access: | you can ask for confirmation of whether or not personal data that relates to you is being processed. If so, you can ask us to give you copies of your personal data. We may charge you a small fee for this service; |
Rectification: | you can ask us to correct | complete any information you believe is inaccurate | incomplete; |
Erasure: | you can ask us to erase your personal data, under certain conditions. Please be aware that in this context certain services will no longer be accessible and/or can no longer be provided. |
Objection: | You can object to us processing your personal data, under certain conditions. |
Restriction of processing: | you can ask us to restrict the processing of your personal data, unless we have legitimate interests for the processing of your personal data that prevail over your interests |
Data portability: | you can ask us to transfer your personal data to another organization, or directly to you in a commonly used structured format readable by automatic device, under certain conditions. |
You can download the “Data Subject Rights Form” here.
1. MANAGEMENT DIRECTION FOR INFORMATION SECURITY
2. HUMAN RESOURCE SECURITY
3. ACCESS CONTROL
4. COMMUNICATIONS SECURITY
5. OPERATIONS SECURITY
❑ performing security assessment of the application and underlying infrastructure on a regular basis;
❑ implementing vendor patches or fixes; and,
❑ developing a remediation plan for critical vulnerabilities.
6. THIRD-PARTY SUPPLIER MANAGEMENT