Privacy statement
About Customs Support Group
Customs Support Group is Europe’s leading independent, digital, and neutral provider of customs services, employing 1900+ dedicated customs professionals.
We have over 100 offices in The Netherlands, Belgium, Germany, Poland, France, United Kingdom, Ireland, Italy, Switzerland, Spain, Finland, Sweden, Norway, and Luxembourg. All our locations in Europe | Customs Support.
About this privacy notice
Customs Support Group (CSG, we, our us) take your privacy very seriously and is committed to protecting and respecting your privacy and processing your personal information in accordance with applicable data protection law.
This privacy notice, cookie policy and any other documents referred to within this notice, are issued on behalf of all entities of Customs Support Group.
Unless we inform you otherwise, the relevant entity processing and controlling your data is Customs Support Group BV. Reference to Customs Support, (‘we’ / ‘our’ / ‘us’) should be taken to include reference to all entities and subsidiaries.
Our data protection officer
Our nominated Group Data Protection Officer is Mandy Ryan. Should you need to contact us about this privacy notice, make a request or raise a complaint, please contact via email DataProtectionOfficer@customssupport.com or by Post: FAO Data protection officer, Customs Support Group, Willem Barentszstraat 11-19 3165 AA Rotterdam, Albrandswaard, Netherlands.
Collection and use of your personal information
Due to the nature of our services, we primarily collect personal information relating to our clients, prospective clients and the personnel and applicants of the Customs Support Group entities, and those of any business who are in the mergers and acquisition process.
We use this information to fulfil our legal obligations, deliver contracted services, manage our business and operations, and for personnel management activities.
To carry out these activities we may be required to transfer your personal information to other countries from where it was collected, such as between our entities or with other third parties.
We keep copies of your personal information within our secure systems and retain it for as long as appropriate to undertake the activities, and then for a sufficient retention period required to comply with a statutory obligation, for our business accountability purposes or to manage or defend potential disputes or legal claims.
Our routine activities are explained below. We may also collect and use your information for other purposes, we provide you with additional privacy information when that takes place.
You are a client
The information we may collect, and use are:
Purpose | Due diligence checks |
Lawful basis | To comply with legal obligations and for our legitimate interests |
Information | Your name, business and personal email and postal address, date of birth, nationality, images, records of political exposure, adverse media, sanction designations and any other details held within identification and address verification documents. |
Source | Direct from you, indirect, research, legal. |
Activities | Fraud detection and prevention and financial checks, including the sharing of information with official bodies. |
Retention | The duration of the relationship plus 10 years |
Purpose | Delivering our services |
Lawful basis | To fulfil your contract |
Information | Your name, work credentials [email and business address and position] Or personal email and postal address when you prefer to use them to communicate with us] The non- personal information generated during the delivery of the services you have instructed that may be attributed to you. |
Source | Direct from you or your employer. |
Activities | Service delivery including the sharing of information with our supply chain third parties and official bodies. |
Retention | The duration of the relationship plus 10 years |
Purpose | Maintaining our relationship |
Lawful basis | To fulfil your contract and for our legitimate interests |
Information | Your name, work credentials [email and business address and position] Or personal email and postal address when you prefer to use them to communicate with us. The non-personal information generated during the delivery of the services you have instructed that may be attributed to you. |
Source | Direct from you or your employer. |
Activities | Billing and finance Providing industry updates and marketing materials Client service improvements |
Retention | The duration of the relationship plus 10 years |
Purpose | Our business operations |
Lawful basis | To fulfil a legal obligation and our legitimate interests |
Information | Your name, work credentials [email and business address and position] Personal home and email address, date of birth, nationality, images, records of political exposure, adverse media, sanction designations and any other details held within identification and address verification documents. The non-personal information generated during the delivery of the services you have instructed that may be attributed to you. |
Source | Direct from you or your employer. |
Activities | Hosting and securing information, maintaining operations, and conducting compliance audits. Producing and maintaining business management information. Fulfilling accountancy and tax obligations. |
Retention | The duration of the relationship plus 10 years |
You have applied to work with us
Purpose | Application and interview information |
Lawful basis | Our legitimate interests, |
Information | Your name, business and personal email and postal addresses, professional social media data. Your CV information [employment history, achievements, and background] Your confirmation of right to work status, criminal convictions history, medical and disability information. Equality and diversity information you chose to disclose. Information provided by you within your application or noted during your interview. |
Source | CSG manage direct applications via Recruitee-platform https://customssupport.recruitee.com/ Other methods include direct from you or your recruitment agent, indirect research. |
Activities | Assessments for employment suitability. Complying with equality and diversity and equal opportunities requirements. |
Retention | Unsuccessful applicants – 6 months |
Purpose | Due diligence checks |
Lawful basis | To comply with legal obligations and for our legitimate interests |
Information | Your name, business and personal email and postal address, date of birth, nationality, images, records of political exposure, adverse media, sanction designations and any other details held within identification and address verification documents. |
Source | Direct from you, indirect, research, legal. |
Activities | Pre-offer checks to verify the application information you provide |
Retention | Unsuccessful applicants – 6 months |
You work with us
Below is a summary internal workplace privacy notice that applies to our staff and is available via our intranet.
Purpose | Personnel management |
Lawful basis | To comply with legal obligations, to deliver and manage your contract and provide optional benefits, and for our legitimate interests |
Information | Your pre-employment information Your onboarding information, such as your bank details, images and right to work documents. Your employment terms and conditions, salary, and benefits Your physical and mental health status and medical history and reasonable adjustments. Your nominated beneficiaries and information about your dependants Your business credentials and workplace activities and achievements Logging data of information, systems, websites, and door entry data of physical locations you have accessed. Disciplinary and performance information. Information you chose to provide about your race or ethnic origin, political opinions, religious or philosophical beliefs, health, sex life or sexual orientation that is intended for personnel management purposes or has been provided by you for other reasons. Opinions and other personal information that you chose to share within the workplace that are not related to your role [such as social or informal conversations] |
Source | Direct from you or your nominated representatives or via indirect research. Stored within our records management systems [such as MS Email, Teams, and SharePoint] Workplace audits and monitoring and CCTV. |
Activities | Managing you and maintaining your personnel file within HR system, Paying you and providing you with workplace benefits and assistance Performance of your role and routine business activities Your social interactions and activities During our monitoring and compliance audits |
Retention | Periods vary according to the nature of the information and the reason we have it. Our HR retention policy is available to current and former employees upon request. |
Your employer is a company in our mergers and acquisition process
Your information may be provided by your employer during a merger or acquisition. Your employer is responsible for providing you with privacy information to let you know that has occurred.
Website visitors
Cookies
We use website cookies and similar technologies that automatically collect technical information about your device and record your browsing actions and patterns.
Our cookies are intended to improve your experience when you visit and navigate our website, help remember you, and manage your preferences.
Cookies also allow us to understand the effectiveness of our website and to plan and manage its performance.
When you use your device to visit our website for the first time, we provide you with information relating to the cookies that we would like to apply, we gain your consent and ask you to confirm your preferences. You can withdraw your consent or change your preferences at any time.
When you reject our cookies, or when we make notable changes to those in use, you will receive current cookie information on subsequent visits.
We may provide links to third-party platforms, such as news articles, we encourage you to review cookie and privacy information when prompted.
For further information about cookies and how to withdraw consent please visit Cookie Policy | Customs Support
Contact us
When you visit our website and add your personal information within sections: Contact us, ask a question, talk to an expert, we collect information you provide, such as identity, contact details and your query.
A copy of the information is securely stored within our customer relationship management database, HubSpot. Our marketing team access and review to effectively manage and administer your contact.
You subscribe to receive our marketing materials
Your marketing subscription will vary depending on the nature of our relationship and the purpose that we provide materials to you; these are explained within the subsections below.
Subscription information is stored within our secure marketing database.
Purpose | Provide industry updates and marketing materials |
Lawful basis | Clients: Legitimate interests- [Delivering service updates] Prospective clients – Legitimate interests [Business growth] Direct subscribers: Consent |
Information | Your name, work credentials [email and business address and position] Professional networking credentials [such as LinkedIn] And any personal home and email address that you provide Subscription preferences |
Source | Clients / Direct subscribers - Direct from you Prospective clients - We may obtain your professional contact details when you make an enquiry with us, such as via our website contact us page or when you attend an event that we co-host. We may also use research tools to obtain your information indirectly from publicly available sources such as LinkedIn or your company website. |
Activities | Clients / Direct subscribers - We use software to manage and categorise your preferences and use this to provide with materials relevant to your subscription. Prospective clients- We may add your contact information to our marketing database and send you an introductory email to confirm your preferences. However, if you have not responded to these communications, we will not make you active to receive materials and, we will remove your details from our system. LinkedIn- We use professional networking tools for our marketing purposes [we discourage the use personal information or communicating about your specific contracted or proposed services as we cannot guarantee the protection, security or content posted by unrelated third parties within these platforms.] QR codes - We convert URLs to QR-codes with QR-code generators. QR codes are used in printed sales materials such as banners, business cards etc. Suppression lists: When you unsubscribe, ‘opt out’ or withdraw consent to receive marketing materials, your email address is added our suppression list; this list is to ensure that you do not receive future materials. We delete suppression list contacts from the list after 2 years, you may need to unsubscribe again after this time. |
Retention | For the duration of our relationship |
Manage marketing preferences
You can change your subscription preferences by updating Newsletter | Customs Support. If you would like to unsubscribe you can follow the link embedded within the email or contact the GDPO, and we will update our records accordingly.
Unless you provide us with your express consent, we limit the use of your subscription information for our marketing related purposes. We do not share, allow access to, or sell your information to third parties for additional marketing purposes.
You subscribe to, or attend an event
Customs Support Group delivers industry related events, both in person and via teams. We may exclusively deliver these events, with guest speakers or in partnership with another professional company.
Purpose | Subscribe to, or attend an event |
Lawful basis | Clients and direct subscribers: Legitimate interests- [Delivering service updates] Third party subscribers – Legitimate interests [Business growth] |
Information | Your name, work credentials [email and business address and position] And any personal home and email address that you provide Subscription preferences |
Source | Clients / Direct subscribers - Direct from you Prospective clients - We may obtain your professional contact details when you make an enquiry with us, such as via our website contact us page or when you attend an event that we co-host. We may also use research tools to obtain your information indirectly from publicly available sources such as LinkedIn or your company website. |
Activities | In person events: Information us used to manage your interest, attendance, logistics of an event that we host or co-host. Obtain and analyse your feedback and provide post event information. Where you tell us about any additional requirements, we may use this information to facilitate any reasonable adjustments. Photography is likely to take place, you can decline individual photos [by speaking directly to the photographer or event co-ordinator]. Your image may appear in group or wide shots with other attendees, it may not always be possible to remove or obscure your image. All photos are stored securely and may be shared on social and media platforms, website and with joint organisers. Online events: When events take place online, such as via Teams, your image, voice, or typed comments may be accessible to the host(s), facilitators, guest speakers and other attendees. An information banner will automatically appear within the screen advising when recordings are taking place. Prior to accessing the event, you can choose to turn off your camera and microphone. If you were not our direct contact prior to the event, we may add your details to our marketing database and ‘soft opt’ you in to receive information that is relevant to the nature of the event. [you can ‘opt out’ or update your preferences at any time] See section: Manage marketing preferences Information processed during events may be exchanged between the relevant event parties for the same purposes. |
Retention | For the duration of our relationship |
Office visitors
Purpose | Managing your visit |
Lawful basis | Legitimate interests: security and monitoring |
Information | Your name, work credentials [email and business address and position] And any personal home and email address or special category [e.g. medical] that you provide CCTV images |
Source | Direct from you Digital and electronic collection |
Activities | Maintaining security – For our security purposes, you may be asked to sign the visitors book and wear an ID badge. Access control - We may provide access control cards that provide door entry, this is likely to have an audit when it is used. This information may be used to confirm your activities, time management or other personnel management. Health and safety – When you tell us about a medical need or request adjustments, we may use this information to manage your welfare. There may be a requirement to complete an individual risk assessment, implement reasonable adjustments or to investigate an accident or manage an incident. Your information may be processed and shared with relevant third parties such as a fire marshal, building manager, HR, or the Health and Safety Executive. Detection and prevention of crime – We provide notices to let you know when CCTV is in operation. Access to images is restricted to limited authorised personnel for live monitoring purposes. Approval for access to retained footage is via the GDPO who oversees that extracted information is used, stored, or shared in accordance with the applicable regulations. Guest and staff Wi-Fi– When you connect to our Wi-Fi you will be prompted to review the specific terms and conditions and provided with relevant privacy information, this includes the use of your IP address and audit logs that capture details of your browsing activities. |
Retention | Retention periods may vary, a longer retention will be applied in the event of any incidents, accidents, or claims. |
Overseas / cross border transfer
The nature of our business requires some overseas or cross border transfers of personal information. Most of these transfers take place with countries that are subject to the same or similar data protection standards, for those that are not, we ensure appropriate technical or contractual security measures are in place.
Sharing your information
We use third party data processors and tools to store and secure our data, deliver aspects of our head office functions and for our service delivery. We use contracts that ensure compliance with our rules relating to the security and confidentiality of personal information, specific instructions for its use and, and prohibitions for access or use for other purposes.
In certain circumstances, we may have legal obligations or professional obligations to share your personal information with other third parties, such as to comply with a court order, enter or defend a legal or civil claim, manage an information request or complaint.
Automated decision making
We do not solely rely automated decision-making tools to make decisions relating to your personal information.
Information about children
We do not target or provide our services to children.
However, we may be provided with information about children during other activities, such as personnel management. As such, this notice has been written in plain language terms.
Your data protection rights
Data protection regulations give individuals [you] a number of rights over the information that we collect and process about you [information rights requests].
The extent to which you may exercise these rights will vary, according to the information that we have and the reason we have it.
The right of access.
You have the right to ask us for a copy of your personal information, also known as a DSAR or subject access request.
The right to rectification
You have the right to ask that we change, correct, or update inaccurate or incomplete personal information
The right of erasure
You have the right to ask us to delete your personal information, also known as the right to be forgotten.
The right to restriction of processing
You have the right to ask that we stop or modify an activity relating to the use of your personal information.
Your right to object to processing
You have the right to object, to stop or prevent us from using your personal information.
Your right of data portability
You have the right to ask us to transfer your personal information to another organization.
The right to make a complaint
You have the right to make a complaint to us or to the information regulator about any aspects of our collection or use of your personal information or any dissatisfaction or concerns about how we have responded to your information rights request.
Making an information rights request or complaint
If you have the first instance, we would like you to contact DataProtectionOfficer@customssupport.com
You can make a request or complaint or raise a concern to anyone within Customs Support Group, verbally, electronically or in writing. It is free to make a request and after you have made your request, we have one month to respond.
If you remain dissatisfied with our response, you can make a complaint to the information regulator, such as Duch Data Protection Regulator : Autoriteit Persoonsgegevens or the information regulator in the country where the activity takes place.
Version | Date | Change Description |
0.2 | 24 June 2024 | Full redraft |
01 | First draft |