Privacy policy

CRIFVision-net Ltd, part of the CRIF S.p.A. group, is deeply committed to protecting your privacy. 


This privacy notice provides you with information regarding the management of this website and the services that we provide, describing the personal data that we might process about you, why we process it, where we might get your personal data from, and how we handle it. 


Where we provide links to other websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.


From time to time, we may provide you with additional privacy notices or information around the processing of personal data to supplement this notice.

  1. Contact details
  2. What information we collect, use, and why
  3. Lawful bases
  4. Your data protection rights
  5. How long we keep information
  6. Who we share information with
  7. Sharing information outside the Ireland or the EU
  8. How to complain
  9. Last Updated

 

1. Who are we and how to contact us:

CRIFVision-net Ltd is a company registered in Ireland (177790); 3rd Floor Block D, Adelphi Plaza, Dun Laoghaire, Co. Dublin, DUBLIN, A96 T927.

You can contact the Company’s DPO

  • Via email: DPO.IE@crif.com
  • Via post: Data Protection Officer, 3rd Floor Block D, Adelphi Plaza Dun Laoghaire Co. Dublin, Dun Laoghaire, Dublin

 

2. What information we collect, use, and why

CRIF Vision-net Ltd processes personal data both as a Data Controller and as a Data Processor on behalf of other entities. 

We act as Data Controller when:

  • The Website automatically collects and processes personal data directly from your device using standard internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses notation of the requested resources, the time of the request, the method used in submitting the request to the server and other parameters relating to the operating system and the user's IT environment.
  • We collect and process personal data directly through Contact Forms as indicated therein (e.g. name, surname, e-mail, telephone number, Company, VAT number, Address, Postcode, City, Province, Country), to enable us to respond to your requests.
  • We collect and process personal data indirectly (from commercial or public sources, from suppliers and other business partners) in the provision of our services to our clients
  • In running our business: we process the personal data of employees of our clients, suppliers and other third parties. This includes business contact details such as names, email addresses and phone numbers which may have been provided to us indirectly by your employer or our business partners rather than directly by you. These entities should provide you with an appropriate information notice. Such data can be used to enable us to:
    • provide you with the ability to use our services (for example provide you with username and password), provide support services such as a Helpdesk service, and to monitor such use for billing or security purposes;
    • administer your or your employer’s contract with us, including invoicing, debt recovery etc.
  • In and for promoting our services: we process personal data of persons to whom we wish to promote our services. This will include business contact data which we may have collected directly from you either in the course of provisioning you for our services, or from this web site or an industry information service, e.g. such as sponsored content on other websites. 

Depending on the service consumed, the electronic processing of personal data for which we are a Controller is generally undertaken by either CRIFVision-net or our parent company CRIF SpA. under a formal contract that provides protection appropriate to the personal data. CRIF SpA is accredited to ISO27001:2022, the international standard for information security management systems.

 

3. Our lawful bases for the collection and use of your data

Under GDPR, we must have a lawful basis for collecting and using your personal information.

Our lawful bases for collecting and processing your personal information for dealing with your queries (media, general, on solutions, news and events and resources) is:

  • Legitimate interest - for informing you of our services, unless you have specifically opted out from receiving marketing communications by email or by telephone.

Our lawful basis for collecting and processing your personal information for dealing with data subjects’ rights requests are:

  • Legal obligation [ex. Art 15 GDPR]

Our lawful bases for collecting and processing your personal information to run our business are:

  • Legitimate interest if we are dealing with your employer or client, they should be advising you as to why they are providing your personal data to their customers or service providers. 

Our lawful bases for collecting and processing your personal information to promote our services are:

  • Legitimate interests in promoting and developing our business. Such data can be used to enable us to keep you informed about developments at CRIF Decision Solutions Ltd and in our services, conducting market research and analysis, or determining your suitability for our services. A specific Legitimate Interests Assessment for these purposes is available on request.

 

4. Data Protection Rights
 
You can find out more about your data protection rights and the exemptions which may apply on the Data Protection Commission’s website Your Rights under the GDPR
More information on How to submit a data subject request is available at the end of this notice 

  • Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for.
  • Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete.
  • Your right to erasure - You have the right to ask us to delete your personal information.
  • Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information.
  • Your right to object to processing - You have the right to object to the processing of your personal data.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you.
  • Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time.

Please bear in mind that your rights in relation to your Personal Data are not absolute. Which lawful basis we rely on may affect your data protection rights.
In particular:

  • When we are processing your personal data as a Data Controller: you may have the right to request of us access to, and rectification or erasure, of personal data or the restriction of processing concerning your data or to object to processing as well as the right to data portability. Furthermore, to the extent that our processing may be based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before this withdrawal.
  • In circumstances where we have obtained your data from a third party we may need to confirm the accuracy of the data with that third party before rectification.
  • Marketing communications with you will be conducted in compliance with the Privacy and Electronic Communications which give you specific privacy rights in relation to electronic communications. We provide an opt-out in each communication which allows you express your preferences with regard to receiving subsequent communications.
  • In our role as Data Processor, we also hold personal data. In such cases, you would need to contact the respective “Data Controller” to exercise your data protection rights. If you have any requests we can direct you to the appropriate Data Controller.

 

5. How long we keep your personal data

  • Promoting our services: One year after termination of contract for clients and eighteen months for prospective clients who do not contract in that time period. If you unsubscribe before them, we will still need to retain some minimal personal data to ensure that your request is observed and not inadvertently revoked.
  • Assisting users of our services: One year after termination of contract.
  • Business contacts: One year after termination of contract.
  • Data Subject Rights Requests: Two years from last contact with the Data Subject.
  • Running our services: Seven years after the termination of the contract. All search records are anonymised after thirty seven months.

On a case-by-case basis, records may be retained for longer where required for the establishment, exercising or defending of actual or potential legal actions or investigations by supervisory authorities, or the management or mitigation of operational or strategic risks to the organisation.

Where we are a Data Processor, we keep your data for as long as the Data Controller asks us to.

 

6. Recipients of your data 
When we act as Data Controllers:

  • Promoting our services: External service providers, other CRIF companies
  • Assisting users of our services: External service providers
  • Business contacts: Other CRIF companies

 

7. Transfers outside the EU
Generally, the data provided by CRIF’s customer will not be transferred outside the European Union. However, it is possible that this transfer takes place in accordance with the type of service provided by CRIF. For each service asked by CRIF’s customer CRIF will provide a specific privacy notice with a detail of the Countries where the data are transferred. However, when personal data will be transfer outside the European Union, the transfer will be put in place in accordance with previsions of GDPR and all applicable laws (as specified in each privacy notice).

 

8. How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the DPC here https://www.dataprotection.ie/en/faqs/initial-contact-dpc/making-complaint-dpc .

If you wish to raise a concern or lodge a complaint with the Data Protection Commission (DPC), you can go to the ‘Contact the DPC’ section of the DPC website and complete the webform in full.

Alternatively, you can email the DPC at info@dataprotection.ie. You will need to clearly set out your data protection concern.

 

9. Last updated
September 2025

crif-logo