Privacy statement

About Customs Support Group

Customs Support Group is Europe’s leading independent, digital, and neutral provider of customs services, employing 1900+ dedicated customs professionals. 

We have over 100 offices in The Netherlands, Belgium, Germany, Poland, France, United Kingdom, Ireland, Italy, Switzerland, Spain, Finland, Sweden, Norway, and Luxembourg.  All our locations in Europe | Customs Support.

About this privacy notice

Customs Support Group (CSG, we, our us) take your privacy very seriously and is committed to protecting and respecting your privacy and processing your personal information in accordance with applicable data protection law.

This privacy notice, cookie policy and any other documents referred to within this notice, are issued on behalf of  all entities of Customs Support Group.

Unless we inform you otherwise, the relevant entity processing and controlling your data is Customs Support Group BV. Reference to Customs Support, (‘we’ / ‘our’ / ‘us’) should be taken to include reference to all entities and subsidiaries.

Our data protection officer

Our nominated Group Data Protection Officer is Elena Beccheroni. Should you need to contact us about this privacy notice, make a request or raise a complaint, please contact via email DataProtectionOfficer@customssupport.com or by Post: FAO Data protection officer, Customs Support Group, Willem Barentszstraat 11-19 3165 AA Rotterdam, Albrandswaard, Netherlands.
 

Collection and use of your personal information

Due to the nature of our services, we primarily collect personal information relating to our clients, prospective clients and the personnel and applicants of the Customs Support Group entities, and those of any business who are in the mergers and acquisition process.

We use this information to fulfil our legal obligations, deliver contracted services, manage our business and operations, and for personnel management activities. 

To carry out these activities we may be required to transfer your personal information to other countries from where it was collected, such as between our entities or with other third parties.

We keep copies of your personal information within our secure systems and retain it for as long as appropriate to undertake the activities, and then for a sufficient retention period required to comply with a statutory obligation, for our business accountability purposes or to manage or defend potential disputes or legal claims. 

Our routine activities are explained below. We may also collect and use your information for other purposes, we provide you with additional privacy information when that takes place.

You are a client 

The information we may collect, and use are:

Purpose

Due diligence checks

Lawful basis 

To comply with legal obligations and for our legitimate interests

Information

Your name, business and personal email and postal address, date of birth, nationality, images, records of political exposure, adverse media, sanction designations and any other details held within identification and address verification documents.

Source

Direct from you, indirect, research, legal.

Activities

Fraud detection and prevention and financial checks, including the sharing of information with official bodies.

Retention

The duration of the relationship plus 10 years

‏‏‎ ‎

Purpose

Delivering our services

Lawful basis 

To fulfil your contract

Information

Your name, work credentials [email and business address and position]

Or personal email and postal address when you prefer to use them to communicate with us] 

The non- personal information generated during the delivery of the services you have instructed that may be attributed to you.

Source

Direct from you or your employer.

Activities

Service delivery including the sharing of information with our supply chain third parties and official bodies.

Retention

The duration of the relationship plus 10 years

 ‏‏‎ ‎

Purpose

Maintaining our relationship

Lawful basis 

To fulfil your contract and for our legitimate interests

Information

Your name, work credentials [email and business address and position]

Or personal email and postal address when you prefer to use them to communicate with us.

The non-personal information generated during the delivery of the services you have instructed that may be attributed to you.

Source

Direct from you or your employer.

Activities

Billing and finance

Providing industry updates and marketing materials

Client service improvements  

Retention

The duration of the relationship plus 10 years

 ‏‏‎ ‎

Purpose

Our business operations

Lawful basis 

To fulfil a legal obligation and our legitimate interests

Information

Your name, work credentials [email and business address and position]

Personal home and email address, date of birth, nationality, images, records of political exposure, adverse media, sanction designations and any other details held within identification and address verification documents.

The non-personal information generated during the delivery of the services you have instructed that may be attributed to you.

Source

Direct from you or your employer.

Activities

Hosting and securing information, maintaining operations, and conducting compliance audits. Producing and maintaining business management information. Fulfilling accountancy and tax obligations.

Retention

The duration of the relationship plus 10 years

 ‏‏‎ ‎

You have applied to work with us

Purpose

Application and interview information 

Lawful basis 

Our legitimate interests, 

Information

Your name, business and personal email and postal addresses, professional social media data. Your CV information [employment history, achievements, and background]

Your confirmation of right to work status, criminal convictions history, medical and disability information. Equality and diversity information you chose to disclose.

Information provided by you within your application or noted during your interview.

Source

CSG manage direct applications via Recruitee-platform https://customssupport.recruitee.com/

Other methods include direct from you or your recruitment agent, indirect research.

Activities

Assessments for employment suitability.

Complying with equality and diversity and equal opportunities requirements.

Retention

Unsuccessful applicants – 6 months

 ‏‏‎ ‎

Purpose

Due diligence checks

Lawful basis 

To comply with legal obligations and for our legitimate interests

Information

Your name, business and personal email and postal address, date of birth, nationality, images, records of political exposure, adverse media, sanction designations and any other details held within identification and address verification documents.

Source

Direct from you, indirect, research, legal.

Activities

Pre-offer checks to verify the application information you provide

Retention

Unsuccessful applicants – 6 months

 ‏‏‎ ‎

You work with us

Below is a summary internal workplace privacy notice that applies to our staff and is available via our intranet. 

Purpose

Personnel management 

Lawful basis 

To comply with legal obligations, to deliver and manage your contract and provide optional benefits, and for our legitimate interests

Information

Your pre-employment information 

Your onboarding information, such as your bank details, images and right to work documents.

Your employment terms and conditions, salary, and benefits

Your physical and mental health status and medical history and reasonable adjustments.

Your nominated beneficiaries and information about your dependants 

Your business credentials and workplace activities and achievements

Logging data of information, systems, websites, and door entry data of physical locations you have accessed.

Disciplinary and performance information.

Information you chose to provide about your race or ethnic origin, political opinions, religious or philosophical beliefs, health, sex life or sexual orientation that is intended for personnel management purposes or has been provided by you for other reasons. 

Opinions and other personal information that you chose to share within the workplace that are not related to your role [such as social or informal conversations] 

Source

Direct from you or your nominated representatives or via indirect research.

Stored within our records management systems [such as MS Email, Teams, and SharePoint]

Workplace audits and monitoring and CCTV.

Activities

Managing you and maintaining your personnel file within HR system,

Paying you and providing you with workplace benefits and assistance

Performance of your role and routine business activities

Your social interactions and activities

During our monitoring and compliance audits 

Retention

Periods vary according to the nature of the information and the reason we have it. Our HR retention policy is available to current and former employees upon request.

 ‏‏‎ ‎

Your employer is a company in our mergers and acquisition process

Your information may be provided by your employer during a merger or acquisition. Your employer is responsible for providing you with privacy information to let you know that has occurred. 

Website visitors

Cookies

We use website cookies and similar technologies that automatically collect technical information about your device and record your browsing actions and patterns. 

Our cookies are intended to improve your experience when you visit and navigate our website, help remember you, and manage your preferences. 

Cookies also allow us to understand the effectiveness of our website and to plan and manage its performance.

When you use your device to visit our website for the first time, we provide you with information relating to the cookies that we would like to apply, we gain your consent and ask you to confirm your preferences. You can withdraw your consent or change your preferences at any time.

When you reject our cookies, or when we make notable changes to those in use, you will receive current cookie information on subsequent visits. 

We may provide links to third-party platforms, such as news articles, we encourage you to review cookie and privacy information when prompted.

For further information about cookies and how to withdraw consent please visit Cookie Policy | Customs Support

Contact us

When you visit our website and add your personal information within sections: Contact us, ask a question, talk to an expert, we collect information you provide, such as identity, contact details and your query. 

A copy of the information is securely stored within our customer relationship management database, HubSpot. Our marketing team access and review to effectively manage and administer your contact. 

You subscribe to receive our marketing materials

Your marketing subscription will vary depending on the nature of our relationship and the purpose that we provide materials to you; these are explained within the subsections below. 

Subscription information is stored within our secure marketing database. 

Purpose

Provide industry updates and marketing materials 

Lawful basis 

Clients: Legitimate interests- [Delivering service updates] 

Prospective clients – Legitimate interests [Business growth]

Direct subscribers: Consent

Information

Your name, work credentials [email and business address and position] Professional networking credentials [such as LinkedIn]

And any personal home and email address that you provide

Subscription preferences

Source

Clients / Direct subscribers - Direct from you

Prospective clients - We may obtain your professional contact details when you make an enquiry with us, such as via our website contact us page or when you attend an event that we co-host. We may also use research tools to obtain your information indirectly from publicly available sources such as LinkedIn or your company website. 

Activities

Clients / Direct subscribers - We use software to manage and categorise your preferences and use this to provide with materials relevant to your subscription.

Prospective clients- We may add your contact information to our marketing database and send you an introductory email to confirm your preferences. However, if you have not responded to these communications, we will not make you active to receive materials and, we will remove your details from our system.

LinkedIn- We use professional networking tools for our marketing purposes

[we discourage the use personal information or communicating about your specific contracted or proposed services as we cannot guarantee the protection, security or content posted by unrelated third parties within these platforms.]

QR codes - We convert URLs to QR-codes with QR-code generators. QR codes are used in printed sales materials such as banners, business cards etc.

Suppression lists: When you unsubscribe, ‘opt out’ or withdraw consent to receive marketing materials, your email address is added our suppression list; this list is to ensure that you do not receive future materials. We delete suppression list contacts from the list after 2 years, you may need to unsubscribe again after this time.

Retention

For the duration of our relationship

 ‏‏‎ ‎

Manage marketing preferences 

You can change your subscription preferences by updating  Newsletter | Customs Support. If you would like to unsubscribe you can follow the link embedded within the email or contact the GDPO, and we will update our records accordingly.

Unless you provide us with your express consent, we limit the use of your subscription information for our marketing related purposes. We do not share, allow access to, or sell your information to third parties for additional marketing purposes.

You subscribe to, or attend an event

Customs Support Group delivers industry related events, both in person and via teams. We may exclusively deliver these events, with guest speakers or in partnership with another professional company. 

Purpose

Subscribe to, or attend an event

Lawful basis 

Clients and direct subscribers: Legitimate interests- [Delivering service updates] 

Third party subscribers – Legitimate interests [Business growth]

Information

Your name, work credentials [email and business address and position]

And any personal home and email address that you provide

Subscription preferences

Source

Clients / Direct subscribers - Direct from you

Prospective clients - We may obtain your professional contact details when you make an enquiry with us, such as via our website contact us page or when you attend an event that we co-host. We may also use research tools to obtain your information indirectly from publicly available sources such as LinkedIn or your company website. 

Activities

In person events: Information us used to manage your interest, attendance, logistics of an event that we host or co-host. Obtain and analyse your feedback and provide post event information. Where you tell us about any additional requirements, we may use this information to facilitate any reasonable adjustments. 

Photography is likely to take place, you can decline individual photos [by speaking directly to the photographer or event co-ordinator]. Your image may appear in group or wide shots with other attendees, it may not always be possible to remove or obscure your image. All photos are stored securely and may be shared on social and media platforms, website and with joint organisers. 

Online events: When events take place online, such as via Teams, your image, voice, or typed comments may be accessible to the host(s), facilitators, guest speakers and other attendees. An information banner will automatically appear within the screen advising when recordings are taking place. Prior to accessing the event, you can choose to turn off your camera and microphone.

If you were not our direct contact prior to the event, we may add your details to our marketing database and ‘soft opt’ you in to receive information that is relevant to the nature of the event. [you can ‘opt out’ or update your preferences at any time] See section: Manage marketing preferences

Information processed during events may be exchanged between the relevant event parties for the same purposes.

Retention

For the duration of our relationship 

 ‏‏‎ ‎

Office visitors

Purpose

Managing your visit

Lawful basis 

Legitimate interests: security and monitoring 

Information

Your name, work credentials [email and business address and position]

And any personal home and email address or special category [e.g. medical] that you provide

CCTV images

Source

Direct from you

Digital and electronic collection 

Activities

Maintaining security – For our security purposes, you may be asked to sign the visitors book and wear an ID badge. 

Access control - We may provide access control cards that provide door entry, this is likely to have an audit when it is used. This information may be used to confirm your activities, time management or other personnel management.

Health and safety – When you tell us about a medical need or request adjustments, we may use this information to manage your welfare. There may be a requirement to complete an individual risk assessment, implement reasonable adjustments or to investigate an accident or manage an incident. Your information may be processed and shared with relevant third parties such as a fire marshal, building manager, HR, or the Health and Safety Executive.

Detection and prevention of crime – We provide notices to let you know when CCTV is in operation. Access to images is restricted to limited authorised personnel for live monitoring purposes. Approval for access to retained footage is via the GDPO who oversees that extracted information is used, stored, or shared in accordance with the applicable regulations.

Guest and staff Wi-Fi– When you connect to our Wi-Fi you will be prompted to review the specific terms and conditions and provided with relevant privacy information, this includes the use of your IP address and audit logs that capture details of your browsing activities.

Retention

Retention periods may vary, a longer retention will be applied in the event of any incidents, accidents, or claims.

 ‏‏‎ ‎

Overseas / cross border transfer

The nature of our business requires some overseas or cross border transfers of personal information. Most of these transfers take place with countries that are subject to the same or similar data protection standards, for those that are not, we ensure appropriate technical or contractual security measures are in place.

Sharing your information

We use third party data processors and tools to store and secure our data, deliver aspects of our head office functions and for our service delivery. We use contracts that ensure compliance with our rules relating to the security and confidentiality of personal information, specific instructions for its use and, and prohibitions for access or use for other purposes. 

In certain circumstances, we may have legal obligations or professional obligations to share your personal information with other third parties, such as to comply with a court order, enter or defend a legal or civil claim, manage an information request or complaint.

Automated decision making

We do not solely rely automated decision-making tools to make decisions relating to your personal information.

Information about children

We do not target or provide our services to children.

However, we may be provided with information about children during other activities, such as personnel management. As such, this notice has been written in plain language terms.

Your data protection rights

Data protection regulations give individuals [you] a number of rights over the information that we collect and process about you [information rights requests].  

The extent to which you may exercise these rights will vary, according to the information that we have and the reason we have it.

The right of access.

You have the right to ask us for a copy of your personal information, also known as a DSAR or subject access request.

The right to rectification

You have the right to ask that we change, correct, or update inaccurate or incomplete personal information

The right of erasure

You have the right to ask us to delete your personal information, also known as the right to be forgotten.

The right to restriction of processing 

You have the right to ask that we stop or modify an activity relating to the use of your personal information.

Your right to object to processing

You have the right to object, to stop or prevent us from using your personal information. 

Your right of data portability

You have the right to ask us to transfer your personal information to another organization. 

The right to make a complaint

You have the right to make a complaint to us or to the information regulator about any aspects of our collection or use of your personal information or any dissatisfaction or concerns about how we have responded to your information rights request. 

Making an information rights request or complaint

If you have the first instance, we would like you to contact DataProtectionOfficer@customssupport.com

You can make a request or complaint or raise a concern to anyone within Customs Support Group, verbally, electronically or in writing. It is free to make a request and after you have made your request, we have one month to respond.

If you remain dissatisfied with our response, you can make a complaint to the information regulator, such as Duch Data Protection Regulator : Autoriteit Persoonsgegevens  or the information regulator in the country where the activity takes place. 

Data security notice
At Customs Support Group, we recognize the importance of cybersecurity in safeguarding our operations and the trust of our clients, partners, and stakeholders. In line with the evolving regulatory landscape, we are actively working to ensure full compliance with the NIS2 Directive.

Our efforts include strengthening our cybersecurity measures, enhancing risk management protocols, and implementing robust incident response and reporting processes. By aligning with NIS2, we aim to bolster the resilience and security of our network and information systems, ensuring the highest standards of data protection and operational continuity. 

We are committed to transparency and will continue to update our stakeholders on our progress toward achieving and maintaining compliance with this important regulation.

Version  Date  Change Description  
0.318 october 2024Full redraft
0.224 June 2024  Full redraft
01 First draft