Welcome to AFS Commodities! We are committed to building a just and sustainable society by offering innovative solutions showcased on our website and through our client portal. Protecting your privacy is our priority, and this policy explains how we collect, use, and safeguard your personal data. We encourage you to read this document carefully to understand your rights and how we protect your information. You can contact us in case you have questions about privacy and/or your personal data processed by us.
1. Who are we?
AFS Commodities is a leading solution provider operating in the sustainability and renewable energy market. We value long-term relationships and guide organizations towards climate solutions.
We support our clients in understanding new regulations and compliance requisites. Through proactive cooperation, our advisors offer tailor-made solutions. We help organizations understand how the environmental commodity markets operate and how to reap the most benefits.
AFS Commodities provides organizations with market access, the latest products and market updates, all within the right regulatory and compliance frameworks.
2. Why do we process your personal data?
Provision of Services:
- To deliver our services to you, your company, or our clients, including training courses, consultations, and access to our client portal.
- To respond to your requests, inquiries, or complaints efficiently and effectively.
Procurement:
- To manage and maintain our relationships with suppliers and business partners, including performing due diligence to ensure ethical and legal compliance in our collaborations.
Compliance:
- To fulfill our legal and regulatory obligations, such as maintaining records for tax purposes, complying with anti-money laundering regulations, and ensuring adherence to industry standards.
Marketing and Relationship Management:
- To identify services or products that may interest you based on your preferences and past interactions with us.
- To communicate with you about our latest offerings, industry news, and upcoming events through newsletters or personalized messages.
- To build and maintain a professional relationship with you, ensuring you remain informed and engaged with our business.
Internet Analytics:
- To maintain, develop, and enhance our website, mobile apps, client portal and social media pages by analyzing usage data and user behavior.
- To generate statistical insights that help us improve user experience and optimize our digital platforms.
Security:
- To protect our offices, business assets, personnel, visitors, and digital infrastructure from threats such as misuse, fraud, or criminal activity.
- To implement and monitor security measures that safeguard our network, website, applications, and databases against unauthorized access and other vulnerabilities.
Business Development and Continuity:
- To continuously monitor, analyze, and enhance our services, business processes, and operational systems.
- To ensure the ongoing development and sustainability of our business, allowing us to serve you better.
Legal/Dispute Resolution:
- To protect our rights and interests by establishing, exercising, or defending legal claims.
- To manage and resolve disputes, complaints, or investigations involving us or our staff, ensuring fair and lawful outcomes.
Recruitment:
- To handle your subscriptions to our recruitment services or events, manage your job application, and assess your suitability for employment with us.
- To facilitate the recruitment process by evaluating your qualifications, conducting interviews, and potentially offering you a position.
3. What Personal Data Do We Process?
The personal data we process, in connection with the purposes outlined above, may include the following:
- Service-Related Data: Information collected during the provision of our services, which may include details on legal matters, disputes, convictions, sanctions, or fines. This also encompasses the names and contact details of individuals related to you, such as professional advisors, business contacts, or family members.
- Public and Private Records: Information obtained from trade registers and other public or private sources.
- Identification Information: Your national identification number, but only to the extent required or authorized by law.
- Payment Information: Details necessary for invoicing or payment purposes, such as your payment details.
- Feedback and Reviews: Any reviews or feedback you provide regarding our services.
- Visitor Data: Information collected during visits to our premises, including visitor registration details, camera footage, and license plate numbers.
- Communications: Records of interactions and correspondence with our firm.
- Transaction Data: Personal data related to the goods or services you provide, which may include financial information (such as invoices and VAT numbers) and details about the services or goods themselves.
- Website and App Usage Data: Information related to your visits to our website, such as your device type, IP address, and user-agent information.
- Client Portal Data: Details regarding your use of our client portal, including your email address, signup and login timestamps, platform used, behavioral metrics, heatmaps, and session replay.
- Video Communications: Recordings of video calls conducted through online communication and collaboration platforms, which may also include your name and photo.
- Event Participation: Information about your attendance at our events, training courses, or conferences.
- Marketing Interactions: Data on the services you are or may be interested in, as well as whether and when you opened our marketing emails.
- Compliance Data: Personal data required to meet our legal obligations, such as client identification data as part of customer due diligence.
- Newsletter Interactions: Information on your engagement with our newsletters, including opening statistics and reading times.
- Professional and Contact Information: Your name, gender, job title, and the company you work for, along with your contact details, such as your business email address, department, company or home address, and business phone number.
- Personal Identifiers: Your date of birth, place of birth, and nationality.
- Recruitment Data: Information related to your job application, including your resume, cover letter, details about the application process, and the outcomes. This may also involve assessments and pre-employment screenings.
- Background Information: Relevant details such as your skills, professional and educational background, and your relationship to our clients or suppliers.
4. On what basis may we process your personal data?
We process your personal data based on various legal grounds, depending on the specific purpose. Below is an outline of these legal bases:
Procurement
- Contractual Necessity: When we procure goods or services directly from you, processing your personal data is essential for fulfilling our contractual obligations.
- Legitimate Interests: If we procure goods or services from your company, we process your personal data to support our legitimate business interests, such as managing vendor relationships and ensuring quality services. We may also need your data to comply with legal obligations. If you choose not to provide the necessary data, we may be unable to engage with you or your company.
Compliance
- Legal Obligations: We process your personal data to comply with various legal requirements, including record-keeping, adhering to statutory retention periods, and fulfilling obligations related to fiscal matters, anti-money laundering regulations, and other legal mandates. Without this data, we may be unable to continue our business relationship with you or your company.
Marketing and Relationship Management
- Legitimate Interests: We may process your personal data to identify services that might interest you, communicate about our offerings (e.g., newsletters, targeted advertising, events), and maintain professional relationships. This may include profiling to tailor our communications based on your interests and behaviors.
- Consent: For certain marketing activities, we will explicitly request your consent. You can refuse or withdraw your consent at any time without adverse effects, aside from no longer receiving marketing communications. For email marketing, you can unsubscribe using the link at the bottom of any marketing email.
- Right to Object: If we process your data based on legitimate interests, you have the right to object. If you do so, we will cease processing your data for these purposes.
- Third-Party Sharing: We may share your data with third-party service providers, such as email service providers or data analytics companies, to assist with our marketing efforts. These providers are carefully vetted to ensure compliance with data protection regulations.
- Social Media and Online Advertising: If we use your data for targeted online marketing, we will inform you, and you can manage your preferences through the respective platform's privacy settings.
- Data Retention: We retain your personal data for marketing purposes only as long as necessary to achieve the intended objectives or as required by law. You have the right to access, correct, or delete your data and to restrict or object to its processing for marketing purposes.
Research and Insights
- Legitimate Interests: We process your personal data to gain insights into market trends and improve our services. For example, when sending newsletters, we may use third-party services to manage distribution. These third parties are contractually bound to keep your email address confidential. If you do not wish to receive these communications, you can opt out at any time without consequence by clicking the unsubscribe link in our emails.
Internet Analytics
- Legitimate Interests: We analyze data from our website, apps, and social media pages to improve user experience and optimize our platforms. If you prefer not to participate, you can opt out without any impact on your experience with our services.
Security
- Legitimate Interests: We use your personal data to prevent, detect, and combat fraudulent or criminal activities. This is crucial for protecting our offices, assets, personnel, visitors, networks, websites, apps, and databases from unauthorized access or misuse.
Business Development and Continuity
- Legitimate Interests: We process your personal data to ensure the ongoing development and resilience of our business, which helps us maintain high service standards and adapt to changing market conditions.
Legal/Dispute Resolution
- Legitimate Interests: We process your data to protect our rights, defend against legal claims, and manage disputes or investigations. This is necessary to safeguard our interests and those of our staff.
Recruitment
- Consent and Legitimate Interests: We process your personal data to assess your qualifications for employment and manage your application process. This includes considering your consent where applicable, as well as our legitimate interest in recruiting qualified professionals. This processing is also necessary when considering entering into an employment contract with you.
5. With whom do we share your personal data?
To fulfill the purposes outlined in this Privacy Statement and based on the corresponding legal bases, we may share your personal data with our AFS affiliates and other third parties. These third parties may include:
- Compliance Partners: Entities we engage with to ensure compliance with legal and regulatory requirements, such as supervisory authorities, financial institutions (including banks and insurance companies), the Chamber of Commerce, consultancy firms, accountancy firms, and auditors.
- Collaborative Institutions: Partners we work closely with throughout our operational chain, such as universities and educational institutions, to enhance our services and foster innovation.
- Service Providers: Third-party service providers who assist us in managing our operations, including those who ensure the confidentiality and security of our email distribution lists.
- We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement
- Google Analytics collects and processes data about your use of our website, including your IP address, browser type, operating system, pages visited, and time spent on the site. This information is used to generate reports and analyze user behavior. Google may use this data to provide other services related to website activity and internet usage. While Google Analytics data is generally considered pseudonymized, it's important to note that your information may be transferred to and stored on servers located outside your country. We have implemented Google Analytics in compliance with applicable data protection laws and Google's terms of service. You can learn more about Google's data practices by visiting their Privacy Policy.
We ensure that all third parties we engage with are carefully selected and comply with data protection regulations, maintaining the highest standards of data privacy and security.
6. How long do we keep your personal data?
We keep your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice or as required by applicable laws and regulations. After this period, your data will be securely deleted or anonymized, ensuring it is no longer identifiable or accessible.
7. How do we keep your personal data safe?
We are dedicated to safeguarding your personal data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. To achieve this, we have implemented a comprehensive information security framework aligned with industry best practices. Our security measures include:
- Firewalls: Protecting our networks from unauthorized access and potential threats.
- Access Controls: Restricting access to personal data only to authorized personnel.
- Virus Scanners: Regularly scanning our systems to detect and prevent malware and other harmful software.
- Encryption: Encrypting sensitive data on laptops, phones, and other devices to protect it from unauthorized access.
- Personnel Screening: Conducting background checks and providing confidentiality training to our employees.
- Confidentiality Provisions: Ensuring that all employees and third-party partners adhere to strict confidentiality agreements.
These measures are continuously reviewed and updated to ensure your personal data remains secure and protected.
8. What are cookies and what type of cookies do we use?
Cookies are small text files that are placed on your device when you visit our website. They help us improve your experience by remembering your preferences, enhancing site performance, and providing insights into how our services are used.
We use various types of cookies, including:
- Essential Cookies: These cookies are necessary for the website to function properly. They enable basic features such as page navigation and access to secure areas of the site. Without these cookies, certain parts of the website may not work.
- Analytical Cookies: These cookies allow us to understand how visitors interact with our website by collecting and reporting information anonymously. This helps us improve the overall user experience.
For IT purposes, we also use cookies from third-party providers such as StreetContext to track recipient interactions with our insights and research emails. This helps us analyze engagement and optimize our communications.
You can manage your cookie preferences at any time by adjusting your browser settings or by using the cookie management tool provided on our website.
9. What are your rights as a data subject?
As a data subject under the GDPR, you have several rights regarding your personal data:
- Right to Access: You have the right to request access to the personal data we hold about you and obtain a copy of this data.
- Right to Rectification: If you believe that any of the personal data we hold about you is inaccurate or incomplete, you have the right to request its correction.
- Right to Erasure: In certain circumstances, you may request the deletion of your personal data, also known as the 'right to be forgotten.'
- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
- Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another organization.
- Right to Object: You have the right to object to the processing of your personal data in certain situations, including processing based on legitimate interests or direct marketing.
If you wish to exercise any of these rights, please contact us at legal@afsgroup.nl. We may need to verify your identity to ensure that your request is handled securely.