Bureau van Dijk has updated its privacy policy effective December 18, 2019. You can review the updated privacy policy now. Your continued use of the site constitutes your acknowledgement of the new privacy policy.

Free trial

Privacy Notice

Effective date: April 22, 2020

This Privacy Notice explains how Bureau van Dijk Editions Electroniques Sàrl ("Bureau van Dijk", "we", "us", "our"), a Moody’s Corporation company of Avenue Louise 250, 1050 Brussels, Belgium, processes personal data in connection with the following products:

Aida
Astree
Aurelia
Bel-first
Dafne
Diane
Fame
Markus
Markus Gewerberegister
Mint España
Mint Italy
Mint Netherlands
Mint UK
Orbis
Orbis Intellectual Property
Orbis Crossborder Investment
Odin
Reach 

Ruslana
Sabi
Sabina
Zephyr

     

 
(the "Product"). 

"Personal Data" means information which identifies, or can be used to identify, living individuals.

1. About the Products

Our clients include leading financial institutions, accounting companies and legal advisors, as well as companies in a variety of sectors and industries. Clients use the Products for legal compliance, risk assessment and business intelligence purposes, including:

  • Compliance with law and regulation, such as know-your-client (“KYC”) obligations, sanctions screening, and anti-money laundering (“AML”) and anti-corruption and bribery (“ABC”) checks.
  • Risk assessment purposes, such as corporate credit risk, supplier risk and procurement risk.
  • Business intelligence purposes, such as information on the latest M&A deals, foreign direct investment, and patents held by companies.
  • Additionally, some of the Products may be used by clients for business development purposes. 

We collect the Personal Data contained in the Products from a variety of sources, including third-party providers. Our clients are responsible for ensuring that their use of the Products complies with applicable laws and regulations. 

2. Personal Data in the Products

While the focus of the Products is corporate entities, they contain some information about key individuals connected with businesses, such as owners, directors, shareholders, managers and professional advisors, and patent holders, in the case of Orbis IP.

The types of Personal Data in the Products include:

  • Name
  • Contact details, as provided on company-related records. Typically, these are company contact details, but some may be personal contact details where these have been included in company-related records
  • Salutation (Mr/Mrs)
  • Positions held within companies
  • Age
  • Nationality and/or national ID numbers
  • Status as a disqualified director

For a full list of which types Personal Data may be included in each of the Products, please see below:

Aida

  • Name
  • Contact details
  • Gender
  • Date of birth
  • Link to LinkedIn profile
  • Directorships/roles
  • Country of residence
  • Place of birth
  • Tax code

Astree

  • Name
  • Contact details
  • Gender
  • Date of birth
  • Link to LinkedIn profile
  • Biography
  • Salary
  • Education
  • Disqualified as a director
  • Directorships/roles
  • Country of residence
  • Place of birth
  • Nationality
  • National IDs

Aurelia

  • Name
  • Contact details 
  • Gender
  • Year of birth
  • Disqualified as a director
  • Directorships/roles
  • Country of residence
  • Nationality
  • National IDs

Bel-first

  • Name
  • Contact details 
  • Gender
  • Date of birth
  • Biography
  • Directorships/roles
  • Country of residence
  • Place of birth
  • Nationality

Dafne

  • Name
  • Contact details 
  • Gender
  • Year of birth
  • Disqualified as a director
  • Directorships/roles
  • Country of residence
  • Nationality
  • National IDs

Diane

  • Name
  • Contact details
  • Gender
  • Date of birth
  • Link to LinkedIn profile
  • Biography
  • Salary
  • Education
  • Disqualified as a director
  • Directorships/roles
  • Country of residence
  • Place of birth
  • Nationality
  • National IDs

Fame

  • Name
  • Contact details
  • Gender
  • Date of birth
  • Link to LinkedIn profile
  • Biography
  • Salary
  • Education
  • Disqualified as a director
  • Directorships/roles
  • Country of residence
  • Place of birth
  • Business mortgage data, debts, loans & credit information
  • County Court Judgments

Markus

  • Name
  • Contact details 
  • Gender
  • Year of birth
  • Disqualified as a director
  • Directorships/roles
  • Country of residence
  • Nationality
  • National IDs

Markus Gewerberegister

  • Name
  • Contact details 
  • Gender
  • Year of birth
  • Directorships/roles
  • Country of residence
  • Nationality
  • National IDs

Mint España

  • Name
  • Contact details
  • Gender
  • Date of birth
  • Link to LinkedIn profile
  • Biography
  • Salary
  • Education
  • Disqualified as a director
  • Directorships/roles
  • Country of residence
  • Place of birth
  • Nationality
  • National IDs

Mint Italy

  • Name
  • Contact details
  • Gender
  • Date of birth
  • Link to LinkedIn profile
  • Directorships/roles
  • Country of residence
  • Place of birth

Mint NL

  • Name
  • Contact details (address, email address, telephone number)
  • Gender
  • Date of birth
  • Biography
  • Salary
  • Education
  • Directorships/roles
  • Country of residence
  • Place of birth
  • Nationality

Mint UK

  • Name
  • Contact details 
  • Gender
  • Date of birth
  • Link to LinkedIn profile
  • Biography
  • Salary
  • Education
  • Disqualified as a director
  • Directorships/roles
  • Country of residence
  • Place of birth
  • Nationality
  • National IDs

Odin

  • Name
  • Contact details (address, email address, telephone number)
  • Gender
  • Date of birth
  • Link to LinkedIn profile
  • Biography
  • Salary
  • Education
  • Disqualified as a director
  • Directorships/roles
  • Country of residence
  • Place of birth
  • Nationality

Orbis

  • Name
  • Contact details (address, email address, telephone number)
  • Gender
  • Date of birth
  • Link to LinkedIn profile
  • Biography
  • Salary
  • Education
  • Disqualified as a director
  • Directorships/roles
  • Country of residence
  • Place of birth
  • Nationality

Orbis Crossborder Investment

  • Name
  • Job title
  • Employing business

Orbis Intellectual Property

  • Name
  • Patents held
  • Contact details

Reach

  • Name
  • Contact details 
  • Gender
  • Date of birth
  • Biography
  • Country of residence
  • Nationality

Ruslana

  • Name
  • Contact details 
  • Gender
  • Year of birth
  • Directorships
  • Country of residence
  • Place of birth
  • Nationality
  • National IDs

Sabi

  • Name
  • Contact details
  • Gender
  • Date of birth
  • Link to LinkedIn profile
  • Directorships/roles
  • Country of residence

Sabina

  • Name
  • Contact details 
  • Gender
  • Year of birth
  • Directorships/roles
  • Country of residence
  • Nationality
  • National IDs

Zephyr

  • Name
  • Employing business

3. Why the Products contain Personal Data

For clients to perform basic checks such as KYC and AML, they need to be able to understand who they are dealing with and be able to verify information provided to them.

Each data field included in the Products is necessary for these basic purposes. 

For example:

  • without name and contact details, it would be impossible for clients to look up individuals to confirm who they are;
  • without year or date of birth, it would be easy to mix up individuals with the same or similar names, leading to cases of mistaken identity;
  • similarly, without nationality and/or national ID number, it would be easy to mix up individuals with the same or similar name, leading to cases of mistaken identity. National ID numbers are also used by clients to verify copies of ID documents provided to them by individuals for KYC purposes.

4. Sources of Personal Data in the Products

Below we explain the sources of Personal Data contained in the Products:

  • Publicly available sources: Most of the personal data is sourced from publicly-available information, such as national company information databases, companies’ own websites and their annual reports. The information is sourced both directly by us and indirectly via information aggregators. 
  • Directly interactions: Some information not in the public domain is sourced directly by us through correspondence with the businesses included in the Products.

5. Uses of Personal Data in the Products

Below we set out a description of the ways Personal Data is used in the Products:

  1. Use by clients: As described above, our clients use the Products for legal compliance, risk assessment, business development purposes. We are not responsible for how clients use Personal Data in the Products.
  2. Use within Moody’s Corporation: Bureau van Dijk is part of the Moody’s Corporation. Some Moody’s personnel working on the Products (such as IT support, sales, legal and compliance) have access to the Products and information within them as necessary for the completion of their job duties.
  3. Business transfers: If Bureau van Dijk is part of a business reorganisation, sale, merger or acquisition, Personal Data in the Products may be disclosed as part of the deal, safeguarded by contractual provisions to ensure confidentiality and use of the Personal Data only as described in this Privacy Notice.
  4. Legal or regulatory disclosures: We may disclose Personal Data contained in the Products where there is a reasonable requirement to do so, for example, to meet requirements of applicable law and regulation or in response to requests from regulators, courts or government agencies, or to establish or defend our legal rights.

6. Supplementary Information for the European Union and UK

We process Personal Data in the Products under the legitimate interests basis of the EU General Data Protection Regulation (“GDPR”) as it is within our and our clients’ legitimate interests to process limited Personal Data about company-related individuals:

  • The Personal Data, such as name, contact details, date of birth, and details of directorships/posts, is limited, relevant, proportionate and necessary for the processing purposes.
  • The affected data subjects, such as owners, directors, shareholders, managers, and professional advisors of the companies that are listed in the Products, are non-vulnerable adults acting in their professional capacity.
  • The Products are used by clients for extremely important purposes such as compliance with law and regulation and risk assessment purposes, including: compliance with KYC, AML and ABC laws and regulations, sanctions screening, transfer pricing, corporate credit risk, supplier risk and procurement. These uses have wider public benefits in supporting economic stability and reducing financial crime. Some of the Products may also be used for business development purposes. While not as important as compliance with law and risk assessment, this is recognised as a legitimate interest under the GDPR.
  • The processing is likely in affected data subjects’ reasonable expectations, given their professional roles in relation to the businesses listed in the Products.
  • The information is ultimately sourced from publicly-available information (such as national company information databases, companies’ own websites and their annual reports), or in some cases is otherwise sourced directly from the companies through direct correspondence.
  • We implement appropriate data accuracy measures to manage the accuracy and integrity of the data, including comparing data against multiple data sources, marking data as “historic” if it has not been updated within the last week, and the ability of affected data subjects to access and correct (if required) their personal data.
  • We implement appropriate data security safeguards to protect the personal data, including physical security measures, system hardening, patch management, vulnerability management, access controls, and implementing anti-virus and anti-malware protections, data breach policies and procedures.

Personal Data in stored in the Products for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure, and the applicable legal, regulatory, tax, accounting or other requirements.

The Personal Data are stored in the EU. To transfer Personal Data outside of the EEA within Moody’s Corporation, we use EU standard contractual clauses to ensure that an equivalent level of data protection applies. To request a copy of these clauses, please email us at privacy@bvdinfo.com.

To access your Personal Data contained in the Products and exercise your rights of correction, objection, restriction, erasure, and digital testament, please contact us by emailing us at privacy@bvdinfo.com

You may also have the right to complain to your local data protection authority if you have concerns about how we process your Personal Data. However, we hope we can solve any queries or concerns you may have, so please contact us directly in the first instance.

7. Supplementary Information for California

The California Consumer Privacy Act (“CCPA”) (Civil Code § 1798.100) provides residents of California with specific rights regarding their Personal Data. These include:

  • Requesting information about our collection and use of Personal Data over the past twelve (12) months, including: (i) the categories of Personal Data collected, (ii) the business or commercial purpose for collecting or selling their Personal Data, (iii) the categories of sources from which Personal Data is collected, and (iv) the categories of third parties with whom we share or sell their Personal Data. California residents can request two separate lists disclosing (a) the categories of their Personal Data we have sold and (b) the categories of their Personal Data we have shared in connection with a business purpose.
  • California residents can request to receive a copy of their Personal Data in a commonly used and machine-readable format.
  • California residents can request that we delete their Personal Data, subject to certain exceptions.
  • California residents can also request that we do not sell their Personal Data to third parties as described below.

To exercise the rights described above, it may be necessary for us to verify your identity or authority to make the request and confirm the Personal Data relates to you. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your Personal Data. We will not discriminate against you for exercising any of your privacy rights under CCPA or applicable law.

During the past twelve (12) months, we collected the categories of Personal Data described above from California residents. We also disclosed such Personal Data to third parties for the purposes specified above during the past twelve (12) months.

In the last twelve (12) months, we sold products and services that include Personal Data about residents of California who are executives, officers, managers, investors, and individual shareholders of organisations. California residents have the right to opt-out of the sale of their Personal Data to third parties. To exercise this right, please click www.bvdinfo.com/en-us/california-consumer-privacy-act to access the “Do Not Sell My Personal Information” webpage and follow the instructions on that page. A link to this webpage is also available on the Bureau van Dijk homepage.

8. Contacts & Queries

If you have any queries about our privacy practices or would like to contact us, please email us at privacy@bvdinfo.com.

9. Updates to this Privacy Notice

The most current version of this Privacy Notice will always be available here. You can check the “effective date” posted at the top to see when this Privacy Notice was last updated.