Privacy Policy
Silverfin's Privacy Policy, last updated on 1 September, outlines how the company, as a data controller, collects, processes, stores, and protects personal data obtained through commercial relationships, website interactions, or contact, in compliance with GDPR and related privacy laws, detailing user rights and data handling practices across various scenarios including website browsing and subscription to updates.
Last update: 1 September
This privacy policy applies to all processing activities of Silverfin as a data controller.
Please read this Privacy Policy together with our Cookie Policy and our Terms of Use. Silverfin may update this Privacy Policy in the future: the latest version can always be found on our Website.
About This Privacy Policy
Due to your commercial relationship, recent contact with Silverfin, or a visit to or action on our Website (www.silverfin.com, www.getsilverfin.com, and www.silverfin.be), we may collect, store, and otherwise process personal data relating to you or, if you are a company, your employees or representatives ("your personal data").
This Privacy Policy describes:
- 1.How we collect, treat, and store your personal data
- 2.The rights you can exercise in relation to your personal data
- 3.The measures we take to protect and secure your personal data
Silverfin strives to act in accordance with applicable privacy legislation, including the General Data Protection Regulation (GDPR), UK Data Protection Act 2018 (UK GDPR), Belgian Privacy Law of 30 July 2018, the ePrivacy Directive 2002/58/EC, and future national legislation regarding the implementation of the GDPR (together: "Privacy Legislation").
1. Silverfin is the Data Controller
Silverfin NV is a limited liability company with registered office at Gaston Crommenlaan 12, 9050 Gent, registered under number 0524.802.662 ("Silverfin" or "we | us"). Silverfin is the developer and provider of the Silverfin platform and the corresponding online service, and is the owner of the Website.
Silverfin acts as the data controller of your personal data for the purposes described in this Privacy Policy.
2. Silverfin’s Processing Activities
The personal data we collect, store, and process, and the purpose for which we process this data, may differ depending on your relation with Silverfin. We identify five scenarios:
- You are browsing on our Website
- You (wish to) receive updates and newsletters relating to Silverfin services and products
- You are a prospect and/or seeking a commercial relationship with Silverfin
- Your company is an active Silverfin customer and/or you are an authorized user of the Silverfin Platform
- You or your company is a partner or a supplier of Silverfin
2.1 Browsing on Our Website
Contacting Silverfin via the contact form on the Website
- Purpose: To answer any questions you may have and/or to initiate a conversation
- Personal data: First name, last name, company name, nature of inquiry, email address, phone number, country, voluntarily provided information
- Legal ground: Consent
- Retention period: Until one (1) year following your contact with Silverfin
Cookies
When browsing on our Website, we may also collect your personal data through cookies stored on your device(s) to optimize the functioning of the Website. Please consult our Cookie Policy for more information.
2.2 Receiving Updates and Newsletters
The Silverfin newsletter / update
- Purpose: Providing more information on (new features of) the Silverfin Platform, our Service, or related products/services
- Personal data: First name, last name, email address
- Legal ground: Consent or, if you are a customer or partner of Silverfin, legitimate interest
- Retention period: Until you have objected to the processing of your personal data for this purpose
2.3 Prospecting and Commercial Relationships
Requesting a personal demo
- Purpose: To schedule your personal demo of the Silverfin Platform
- Personal data: First name, last name, company name, type of industry, preferred language, email address, phone number, country
- Legal ground: Consent
- Retention period: Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first (plus verification period of six months)
General communication with Silverfin & prospecting by Silverfin
- Purpose: To have quality conversations (via mail, telephone, or business social media channels) in which Silverfin provides more information on its Service and the Silverfin Platform
- Personal data: First name, last name, company name, type of industry, preferred language, email address, phone number, country, social media/business channel, voluntarily provided information
- Legal ground: Legitimate interest
- Retention period: Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first (plus verification period of six months)
Billing
- Purpose: To prepare invoices for the Service / use of the Silverfin Platform
- Personal data: First name, last name, address, job function, email address, preferred language, VAT-number
- Legal ground: Necessary for the performance of the agreement
- Retention period: Until one (1) year following the termination of the commercial relationship between your company and Silverfin
Registering for / attending a Silverfin (network) event
- Purpose: To have an overview of the participants to the event (e.g. Fast Forward; webinar/seminar; contest) as well as to have a follow-up communication after the event
- Personal data: First name, last name, company, email address
- Legal ground: Consent
- Retention period: Until you have requested to no longer be contacted by Silverfin or until one (1) year following your latest contact with Silverfin, whichever comes first (plus verification period of six months)
3. Legal Grounds
For each processing activity, the applicable legal ground is specified above. Where the legal ground is legitimate interest, Silverfin will assess proportionality, your reasonable expectations, and ensure a balance with your fundamental rights and freedoms. If this cannot be guaranteed, Silverfin will stop processing your personal data or determine a new legal ground.
4. Retention Periods
Retention periods for your personal data are specified for each processing activity above.
5. Disclosure of Personal Data to Third Parties
5.1 Silverfin Affiliates
Silverfin may disclose your personal data to its affiliates for support services:
- Silverfin Software Ltd. (United Kingdom, London) – European Commission adequacy decision for UK
- Silverfin Software B.V. (The Netherlands, Amsterdam) – within EEA
- Silverfin Software ApS (Denmark, Copenhagen) – within EEA
5.2 Other Third Parties
Silverfin will not disclose your personal data to other third parties unless necessary to achieve the purposes described in this Privacy Policy. Your personal data may be disclosed to:
- Payment providers (e.g., to process payments or detect/prevent money laundering or fraud)
- Software and cloud providers (to facilitate hosting of the Silverfin Platform/Service)
- Freelancers or other service providers (e.g., to help develop the Silverfin Platform/Service)
Contracts or similar legal binding acts are in place to ensure these third parties treat your personal data in accordance with Privacy Legislation.
Personal data may also be transferred:
- To competent authorities (if required by law or necessary to safeguard our rights)
- In the context of mergers and acquisitions (if Silverfin or its assets are taken over by a third party)
6. Cross-Border Processing of Personal Data
If any third parties or recipients are located outside the European Economic Area, Silverfin will ensure that one or more EU-approved safeguards are in place:
- European Commission adequacy decision
- Data transfer agreement (e.g., Standard Contractual Clauses)
- Binding corporate rules
- Certification mechanisms
7. Your Privacy Rights
Under Privacy Legislation, you have certain rights over your personal data:
- Access: Request confirmation of whether your personal data is being processed and obtain copies (a small fee may apply)
- Rectification: Request correction or completion of inaccurate/incomplete information
- Erasure: Request erasure of your personal data under certain conditions (some services may become inaccessible)
- Objection: Object to processing under certain conditions
- Restriction of processing: Request restriction of processing unless Silverfin has overriding legitimate interests
- Data portability: Request transfer of your personal data to another organization or to you in a commonly used, structured format
You can exercise these rights by contacting Silverfin as specified in Section 10 and by using the Data Subject’s Rights Form.
For updates/newsletters, you can change your communication preferences in the Silverfin Communication Preference Centre (link in the footer of every Silverfin communication). You can object to direct marketing communications by using the Data Subject’s Rights Form or by indicating "Yes, I object" in the Communication Preferences Centre. Upon receipt of your objection, Silverfin will stop processing your personal data for communications, free of charge.
8. Security
Silverfin undertakes to take reasonable physical, technological, and organizational precautions to avoid unauthorized access to your personal information and loss, abuse, or alteration of your personal data. Please consult Silverfin’s "Technical and organizational measures" below for more information on security measures.
No method of transmission or storage is 100% secure, so absolute security cannot be guaranteed. The security of your account also depends on the confidentiality and complexity of your password. Silverfin will never ask for your password. If you suspect unauthorized access to your account, change your password immediately and contact Silverfin.
9. Updates
Silverfin may update this Privacy Policy by posting a new version on the Website and indicating the revision date. It is recommended to regularly consult the Website and Privacy Policy page for changes.
10. Notifications and Questions
Notifications under this Privacy Policy (such as exercising your rights as a data subject) and any questions or concerns should be directed to legal@silverfin.com.
11. Complaints
If you are not satisfied with how Silverfin collects, stores, treats, or secures your personal data, please contact Silverfin as specified above. You also have the right to lodge a complaint with the authorized supervisory authority (e.g., the Belgian Data Protection Authority or the data protection authority of your residence or workplace) if you believe the processing of your personal data infringes Privacy Legislation. You can contact the Belgian Data Protection Authority at contact@apd-gba.be or via their website.
Technical and Organizational Measures
1. Management Direction for Information Security
- Silverfin has implemented an appropriate information security policy.
- Qualified information security specialists are supported by business leadership.
- Employees and third-party contractors with access to customer information commit to written confidentiality and privacy responsibilities, which survive termination or change of employment/engagement.
2. Human Resource Security
- Silverfin provides information security awareness information to employees and relevant third-party contractors.
3. Access Control
- User access management policies support creation, amendment, and deletion of user accounts for systems/applications holding customer information.
- User account and access provisioning processes assign and revoke access rights.
- Use of generic/shared accounts is prohibited without system controls to track specific user access and prevent shared passwords.
- Access to utilities capable of overriding security controls is monitored and restricted.
- User access is controlled by a secure logon procedure.
- Physical access to facilities is protected according to industry practices.
4. Communications Security
- Customer data is logically segregated within a shared service environment.
- Network segments are secured from external entry points.
- External network perimeters are hardened and protected by firewalls and intrusion detection systems.
- Ports and protocols are limited to those with specific business purposes.
- System clocks are synchronized to a universal time source.
- Customer data, including personal data, is encrypted at rest.
- Data is encrypted during transmission between application tiers and interfacing applications.
5. Operations Security
- Formal operating procedures for system processes impacting customer data are implemented, including change logs and management approval.
- Service availability is monitored.
- Annual penetration testing is performed for systems/applications storing customer data; issues are remediated in a reasonable timeframe.
- Patch and vulnerability management processes are in place.
- Controls to detect and prevent malware and unauthorized code execution are regularly updated.
- Administrator and event logs are generated and reviewed periodically.
6. Third-Party Supplier Management
- Contracts with third parties handling customer information include appropriate security, confidentiality, and data protection requirements.
- Third-party security controls are reviewed periodically.
- Third-party access to customer data is restricted and permitted only as necessary to perform contracted services.
7. Resilience
- Business continuity risk assessments are performed.
- Business Continuity and Disaster Recovery plans are documented, implemented, tested, and reviewed annually.
8. Audit and Compliance
- Systems and equipment are periodically reviewed for compliance with legal, regulatory, and contractual obligations.
- Independent verification of technical and organizational security measures is maintained (e.g., ISO certification), with annual reviews.
Questions regarding the Security Policy should be directed to security@silverfin.com.