Privacy Statement

This Privacy Statement provides information on how TreasurUp in the Netherlands approaches the processing of your personal data.


1. What is the processing of personal data?

Because we refer to processing personal data in this privacy statement, we believe that it is important to specify to you what is understood when we use terms such as ‘personal data’ and ‘processing’.


Personal data

This entails data which is related directly or indirectly to you as a natural person. 



Anything which can be done with your personal data. This includes the collecting, the sorting, the using, passing on and deleting of personal data.


2. Whose personal data do we process?

We process personal data if we have, want to have, or have had a business relationship with you, or if we have had contact with you and/or your representatives. The people whose personal data we process include: 

  • people who show an interest in TreasurUp or its products and services; 
  • people who are connected in another way with a business or organisation with which TreasurUp has, wants to have, or has had a business relationship (e.g. clients, employees, executive directors or (ultimate) beneficial owners).


3. Who processes your personal data?

This Privacy Statement deals with the processing of personal data by TreasurUp B.V. in the Netherlands.


4. What type of personal data do we process?

Types of data What kinds of data might be involved? Examples of how TreasurUp uses this data
Information that allows an individual to be identified directly or indirectly Name, address, telephone number, e-mail address, information provided in your identity document. To draw up an agreement or to contact you.
Recorded calls, conversations with TreasurUp employees, recordings of video calls, online chat sessions, recorded e-mails and social media
  • Conversations we have with you, and you have with us, by telephone or through online chats and video.
  • Conversations we have with you in person that we register.
  • E-mails you send to us and which we receive from you.
  • Comments, video, photographs, likes, public posts that you post on our social media pages.
We may use the recorded (video)calls, e-mails and online chat conversations to combat fraud, to fulfil legal obligations, to monitor quality, to provide proof, to improve our services and to train, coach and assess our employees.
We use comments, video, photographs, likes, public posts that you post on our social media pages to answer questions and share information.
Recorded calls, conversations with TreasurUp employees, recordings of video calls, online chat sessions, recorded e-mails and social media Cookies, Pixels, IP address, Data relating to the device on which you use our services or our website.
  • To monitor your internet behaviour in our services and on our website
  • To enable our services to be used.
  • To improve our services and website.
  • To improve our website, we use analytical cookies (like Google Analytics and Hotjar).
  • If we use e-mail during a campaign, we might check if you opened this e-mail and if you clicked on a link within this e-mail. In order to find out if a campaign is successful, we might use this data. We will not use this data on a personal level but only on an aggregated level.
Data we share with other parties
  • Data we provide to other parties that we engage to help us provide services.
  • Data we have to share with our regulators.
  • We are required to provide specific data to our regulators, f.i. the Dutch Data Protection Authority (Dutch DPA).
  • Other parties that process data on our behalf because they are involved in the provision of our services.
Data we require to ensure your security and ours Cookies and IP address, data relating to the device on which you use online services We may use your IP address, device details and cookies to combat online fraud (DDoS attacks) and botnets.


5. How do we come into possession of your personal data?

In principle we receive your personal data because you provide it to us yourself. Examples include data you enter on our website yourself in order for us to contact you, and data arising from the services we provide. 

We may also receive your data from: 

  1. suppliers or other parties we work with. 
  2. public sources like newspapers, public registers, websites and open sources of social media. 
  3. another party in case you have given your consent to share data with us.


6. What do we use your personal data for?

We can only provide you our best service when we know you well. For that we need your personal data and have to process it. We do this because we have to carry out an agreement with you but also because we are obliged by law to do so. We process your data for the in 6a-6f mentioned purposes and legal basis.


Consideration legitimate interest 

We use the “legitimate interest” basis to process your personal data. We make a trade-off between the interests of TreasurUp or third parties and the violation of your privacy. Our interests are, for example, the following: 

  • We combat fraud to ensure your security and ours and to prevent damage. 
  • We need to improve our business processes, take measures in the context of company management and perform audits on our internal processes. 
  • We have an interest in direct marketing and we will keep you informed of new or existing products that we believe fit you. 


6a To execute agreements and carry out instructions 

When you are a client of ours, we want to be of service to you. We execute the instructions we receive from you and execute the agreements we have concluded. This is what we have agreed with you. We process personal data for this purpose.


Legal basis 

We process personal data because this is necessary in order to perform the agreement


6b To further develop and improve products and services 

In order for us to be of service to you and to innovate for your benefit, we develop and improve products and services on an ongoing basis. We do this for ourselves, our bank clients or other parties.


Legal basis 

We process your data because we have a legitimate interest in this.


6c For account management, promotional and marketing purposes 

We process your personal data for account management, promotional and marketing purposes. In doing so, we use data we have obtained from you, such as your activity on our website, as well information not obtained directly from you, including public registers (such as the Chamber of Commerce), publicly available sources (such as the internet) and other parties (such as data brokers).


Legal basis 

We process your data because we have a legitimate interest in this. 


6d To enter into and perform agreements with suppliers and other parties we work with 

If you have contact with TreasurUp for work-related reasons, we may process your personal data, for example for determining whether you are permitted to represent your business, or whether we can give you access to our offices and/or services. 


Legal basis 

We process your data so that we can perform the agreement we have concluded, or because we have a legitimate interest in this.


6e To carry out business processes and for the purpose of management reports and internal management

We also use data to analyse and improve our business processes so that we can help you more effectively or make our processes more efficient and create management reports.


Legal basis 

We process your data because we have a legitimate interest or is necessary for the performance of our agreement with you.


6f For archiving purposes, scientific or historic research purposes or statistical purposes 

We may also process your personal data if this is necessary for archiving purposes, scientific or historic research purposes or statistical purposes. 


Legal basis 

When processing personal data for archiving purposes, scientific or historic research purposes or statistical purposes, we process the data on the basis of the legitimate interest of TreasurUp, or our clients and employees, or on the basis of a legal obligation.


7. How long do we save your personal data?

We do not keep your data for any longer than necessary to fulfil the purposes for which we collected the data or the purposes for which data are being reused. We follow a data retention policy. This policy specifies how long we keep data. In the Netherlands, this is usually for seven years following the termination of the relevant agreement or the ending of your business relationship with TreasurUp. Data are sometimes kept for longer and in some cases, we use shorter retention periods. Once we no longer require the data for the purposes described in section 6 above, we may still keep the data for archiving purposes, in the event of legal proceedings, or for historic or scientific research purposes or statistical purposes.


8. Who has access to your personal data?

Within TreasurUp, only those people that require access to your personal data based on their function can actually access your personal data. All of these people are subject to a duty of confidentiality.


9. Do we pass on your personal data to others and to other countries outside the EU?

Your personal data can also be passed on to other parties outside of TreasurUp if we have a legal obligation to do so, if we have to fulfil an agreement with you, or because we decide to use a different service provider. If we transfer your personal data to parties outside the European Union (EU)/European Economic Area (EEA) ourselves, we will take extra measures to protect that personal data. Not all countries outside of the EU have the same rules and regulations to protect your personal data to the extent that countries within the EU have. In case the third party that we use is located outside the EU/EEA, and in case the country where this party is located does not have a sufficient level of protection when processing personal data according to the European Commission, then we only transfer personal data when there are sufficient guarantees, such as European Commission approved contractual obligations.


10. What rights do you have?

  • Right to information 

This Privacy Statement describes what TreasurUp does with your data. In certain cases, we provide additional or different information if there are reasons for providing you with information in addition to the Privacy Statement. We may do that by means of a letter, by leaving a message in your secure inbox or in another way to be determined by us. 


  • Right of access to and to rectification of personal data 

You may ask us whether we process data relating to you, and if so, which data this concerns. In that case, we can provide you with access to the data processed by us that relates to you. If you believe your personal data has been processed incorrectly or incompletely, you may request that we change or supplement the data (rectification). 


  • Right to erasure (‘right to be forgotten’) 

You may request that we erase data concerning yourself that we have recorded, for example if you object to the processing of your personal data. We don’t always have to do that. And sometimes we are not allowed to do this either. For example, if we still have to store your data due to legal obligations. 


  • Right to restriction of processing 

You may request that we temporarily restrict the personal data relating to you that we process. This means that we will temporarily process less personal data relating to you.


  • Right to data portability 

You have the right to request that we supply you with data that you previously provided to TreasurUp in the context of a contract with us or with your consent, in a structured, machine-readable format, or that we transfer such data to another party. If you ask us to transfer data directly to another party, we can do this only if this is technically feasible. 


  • Right to object to processing

If we process your data because we have a legitimate interest in doing so, you may object to this. In that case, we will reassess whether it is indeed the case that your data can no longer be used for that purpose. We will stop processing your data if your interest outweighs our interest. We will inform you of our decision, stating the reason. 


  • Right to object to direct marketing 

You have the right to request that we stop using your data for direct marketing purposes. 


11. How can you exercise your rights?

If you have a request, it can be made digitally to Have you made your request, and does this entail your personal data that we process, we will reply within one month after we have received your request. We can ask you to specify your request for review. In highly specific circumstances, we can extend the term we have to review and reply to your request to a maximum of three months. In that case, we will keep you informed on the progress of your request. It is possible that we cannot cater to your request. For example, due to harm done to the rights of others, or because we are not allowed to do so by law (including police, ministries and any other government authority). It could also be because we made a tradeoff where the interest of TreasurUp or others to process the data outweighs your interest. If so, we will inform you of this. If we rectify or delete data based on your request, we will inform you of this as well. Where possible, we will also inform the ultimate recipients of your data about this.


12. Do you have a complaint with regards to the processing of your personal data?

We would like our data subjects to be satisfied with our service provision, however, we understand that this might not always be the case. We are sorry for when such a situation occurs. Please feel free to ​contact​ ​us and inform us of your complaint, we will try to find a solution to your complaint together.


13. For what reasons can I approach the Privacy Officer?

If you are unsatisfied about the way in which your request or complaint has been handled by TreasurUp, or if you have any remaining questions regarding the processing of your personal data by TreasurUp after reading the Privacy Statement, please feel free to contact the Privacy Officer. Of course, you are always free to direct your questions to, or submit a formal complaint at, Autoriteit Persoonsgegevens (a Dutch government body).


14. Can we make changes to this Privacy Statement?

Yes, our Privacy Statement can change from time to time. This can occur when new forms of data processing are included in our services, and when this processing is of importance to you. The most actual version of our Privacy Statement can always be found on: