Graydon Incasso B.V. Privacy Statement

This Privacy Statement came into effect on 9 September 2014 and amended on 1 July 2015.

Graydon Incasso B.V. (‘Graydon’) is convinced that the protection and respect of the personal privacy of its stakeholders (such as employees, clients, debtors and other relations) are of great importance. Personal data are handled with the greatest possible care. 
We cannot perform our business activities without processing certain personal data. We consider it important to process personal data in a manner which corresponds with the existing guarantees for the protection of privacy. We comply herein with the existing statutory rules for the protection of personal data, namely the Dutch Personal Data Protection Act. 
Graydon complies with the requirements of the Personal Data Protection Act in all cases.

Notification requirements

The Personal Data Protection Act includes a notification requirement. This obligation means that in principle all fully or partially automated processing of personal data must be reported to the Dutch Data Protection Authority (‘Dutch DPA’) or to an official for data protection who is registered with the Dutch DPA. The Dutch DPA/official for data protection keeps a public register in which all (changes to the) processings are held, together with a number of characteristics of those processings, such as the purpose or objectives, the kind of persons involved and the categories of data. The public register of the Dutch DPA is available on the website: and Graydon’s registration number is 1321745. Comment added on 16 November 2017: per 6 November 2017 the notification register is no longer available on the website of the Dutch DPA;

Difference between the roles of controller and processor

To the extent that our client sets out the goals and means of the data processing of the personal data of its debtors itself, our client is the controller of its own personal data. If this has been laid down in writing, Graydon will process these personal data on the orders of its client as processor. As a processor, Graydon will make every effort to ensure appropriate technical and organisational measures to protect the personal data against loss or any form of unlawful processing. 
In this Privacy Statement, Graydon informs you of the method Graydon as controller uses to handle your personal data. 

Difference between personal data and anonymous data

Graydon makes a distinction between personal data and anonymous data. 
Personal data are those details which form the basis for tracing your identity, such as your name, address, e-mail address, telephone number and age. Graydon can obtain your personal data in several ways. In the first place, you may have provided these data yourself via this website or in another way. Furthermore, Graydon may have obtained your personal data from its clients or from data suppliers.
Anonymous data are details which cannot be used (anymore) to deduce your identity. One important and common example of anonymous data is the IP address. When you visit our website, certain information needs to be collected to ensure a good connection. When you request a web page, the web server must know where the page is to be sent. Your IP address is used for that purpose. This is a number series which your internet provider assigns to your computer automatically every time you log in on the internet, so that your computer can be identified. 

In addition Graydon uses a service in order to gather statistics about visits to our website. Graydon uses this data in anonymous form in order to develop and improve its services. 

Statistics are reported on an aggregated, company level – not in terms of the individual visitor. On the processing of possible personal data Graydon receives information from the browser of the visitor which the visitor’s browser sends as standard with the http-request (including the IP address) and in addition domain names, company names and company contact details are also processed.”

The objectives for which Graydon uses your personal data

We process personal data in order to: 

achieve collection of the debts for collection referred by our clients: 
on the basis of current and historical payment and other data relating to (the results of) collection among other things, create a database which can be used to establish a score value or risk profile, with which the chance of recoverability can be estimated; 
contribute by means of our services to the prevention of overextension of credit, the minimisation of payment risks and other problematic debt situations for parties concerned; and 
make it possible for you to react as fast and as easily as possible via the online forms (available on the website). 

Graydon processes the personal data exclusively for the above-mentioned objectives, which have also been registered with the Dutch DPA or, if applicable, with its official for data protection. Graydon can provide the data to third parties which are involved in the processing and performance of the objectives mentioned. Graydon has entered into processor agreements with these third parties. 
In addition, Graydon can, insofar as this is permitted on the basis of applicable national legislation, exchange the personal data with companies affiliated with it and other organisations which may also be established outside the EEA (European Economic Area), all this for the objectives as given in this Privacy Statement. 

Protection of personal data 

Graydon handles the personal data with the utmost care and, together with any processors, ensures an appropriate organisational and technical protection of its files in which the personal data are stored. We guarantee in this way that these data can only be accessed by persons who are authorised for that purpose by reason of their position, and that the data are only used for the objectives for which they were obtained. 

External links

This website can contain links to other websites. We are not responsible for the privacy policy or the contents of these other websites. We recommend you examine the privacy statements on these websites. 

Rights concerning the processing of personal data

Graydon notifies the person concerned, leaving aside (statutory) exceptions, about whether certain data are processed, and will cooperate with the request to improve or supplement these data. 
Requests to examine one’s own personal data can be submitted in writing to the address of Graydon given below, stating Examination of Personal Data and including a copy of a valid identification document (with citizen service number and photo covered by tape). The person making the request must further state their private postal address and the file number, as well as place their signature. If the request is complied with, within four weeks a full overview is provided of the personal data concerned in the processings which have been registered. If Graydon has complied with a request to improve or supplement data, it will report the changes made to third parties to whom these data have been provided. Graydon is not obliged to comply with the request if this is impossible or involves a disproportionate effort. 

Modification of privacy statement

We are entitled to change this Privacy Statement at all times, with or without notice. We therefore recommend you consult this Privacy Statement from time to time so that you are familiar with any changes to this Privacy Statement. 

Questions, remarks or complaints

If you have questions which are not answered in this Privacy Statement, if you have suggestions or remarks about its contents, or if you want to examine or change your personal data or you have complaints about the way Graydon has handled your personal data, you can check our website for extra information, or inform us by e-mail to or by post to Graydon Incasso B.V., Attn: Support Department, PO Box 12790, 1100 AT Amsterdam ZO, the Netherlands, stating ‘Privacy’. This allows Graydon to prevent problems or worries from continuing.