CRIF VisionNet Limited is committed to protecting your privacy, which is why we have set out this privacy notice describing the personal data that we might process about you, why we process it, where we might get your personal data from, and how we handle it. If cookies are your particular interest, you will find our separate cookie notice here. This notice also sets out how you can engage with us and how you can contact the Data Protection Commission, if you have any concerns about your personal data.
CRIF VisionNet Limited is registered in Ireland (Registration Number: 177790). Our Data Protection Officer is contactable at firstname.lastname@example.org or if you wish to write to us, please use the following address:
Data Protection Officer
CRIF VisionNet Limited
3rd Floor, Adelphi Plaza,
George's Street Upper,
Data subjects in the UK may wish to note that we have appointed a UK Representative as required under the UK GDPR whom they are welcome to contact if they prefer:
CRIF Decision Solutions
55 Old Broad Street
London EC2M 1RX
CRIF Vision-net Ltd ("We") processes personal data both as a Data Controller, for our own purposes, and as a Data Processor on behalf of other entities
1: DATA CONTROLLER ACTIVITIES
Provision of services
CRIF VisionNet Limited is an aggregator of business information in order to provide services to those striving to fulfil compliance requirements, reduce business risk and make informed business decisions. It does so through its vision-net.ie and solocheck.ie websites.
We provide information services, consumer reporting and cyber risk solutions to a broad range of clients, particularly in the financial services sectors (including insurance companies), which allow them to, amongst other things:
For many of these services, the personal data that we process is provided to us by third parties, rather than directly by you, the data subject.
Running our business
In the normal course of running our business we process the personal data of employees of our clients, suppliers and other third parties. This includes business contact details such as names, email addresses and phone numbers which may have been provided to us indirectly by your employer or our business partners rather than directly by you. These entities should provide their employees and associates with an appropriate information notice to cover how we process their data. In addition, we process personal data of our own employees, in which role we are a joint Data Controller with our parent company CRIF SpA, via M. Fantin, 1-3, 40131 Bologna, Italy.
Promoting our services
Finally, we process personal data of persons to whom we wish to promote our services. This will include business contact data which we may have collected directly from you either in the course of provisioning you for our services, or from this website or an industry information service.
2: DATA PROCESSOR ACTIVITIES
We act as a Data Processor in the provision of a number of services and in these roles, we process the data provided to us by the respective Data Controllers, and act solely on the instructions of the Data Controller:
Provision of services
We provide clients with information that allows them to check the identity of their customers or potential customers (e.g. information on directorships of companies or ownership of Registered Business Names, Politically Exposed Persons, Sanctions lists, court judgments, bankruptcies etc.) for Know Your Customer (KYC) and Anti-Money Laundering (AML) amongst other purposes. We may obtain this information from public sources such as the Companies' Registration Office, the Revenue Commissioners or the courts, or from commercial providers of business and risk intelligence data.
For these services, we process personal data on the basis of our legitimate interests in providing the services in question, and the legitimate interests of our clients who need to be able to know their customers, carry our anti-money laundering checks, detect fraud, avoid cyber security risks etc. These interests are set out in Legitimate Interests Assessments which are available on request.
Running our business
Your information may have been gathered from you or your employer, or through a reseller when your organisation was being set up for our services, or where you or your employer provides a service to us. Such data can be used to enable us to:
Our legal basis for processing this data is either for our legitimate interests, or for the performance of a contract if we are dealing directly with you. If we are dealing with your employer or client, they should be advising you as to why they are providing your personal data to their customers or service providers. We obtain information about current, past or prospective employees either directly from you, or from recruitment consultants and the like. This information is used for HR administration, including payroll and recruitment.
Promoting our services
Certain information will have been gathered from you or your employer when your organisation was being set up for our services. We may also have gathered your data through your interactions with this website or via email or telephone enquiries. Please see our separate Cookie Notice for more details on the cookies we are using in order to better understand your interests. Such data can be used to enable us to keep you informed about developments at CRIF VisionNet Limited and our services, conducting market research and analysis, or determining which of our services are most suitable for you. We are doing so on the basis of our legitimate interests in promoting and developing our business. A specific Legitimate Interests Assessment for these purposes is available on request.
Note however that by signing up for email updates, you are also consenting to us using a small pixel to see which of our emails you open. This helps us in developing messages that are appropriate to you in the future. If you have any reservations about the pixel being placed on your device(s), please do not subscribe.
As with any website, we interact with your device and browser to serve pages to you. This involves collecting certain information, but we do not use this data to identify you by connecting it to other data that we collect. Rather we might only do so for security and fraud prevention purposes. The type of data acquired includes IP addresses, the addresses of the resources requested in URI notation (Uniform Resource Identifier), the time the request was made, the method used in making the request to the server, and other parameters related to the operating system and the computer environment of the user.
The following table summarises the data we process as a Data Controller, the sources of that data and our legal basis:
|ACTIVITY||CATEGORIES OF DATA SUBJECTS||CATEGORIES OF PERSONAL DATA||SOURCE||LEGAL BASIS|
|Provision of information on Irish Directors and Owners of Registered Business Names||Directors (including Secretaries and disqualified or restricted Directors), shareholders, UBOs, Examiners, Receivers and Liquidators, Authorised Persons, Business Owners, Accountants, Company Presenters, Auditors.||Names, business and residential addresses and date of birth, shareholding, and directorships.||Companies Registration Office||Legitimate Interests|
|Provision of UK and International Search services||Directors (including Secretaries and disqualified or restricted Directors), shareholders, UBOs etc.||Names, business and residential addresses and date of birth, shareholding, and directorships.||Commercial providers||Legitimate Interests|
|Provision of Know Your Customer and Anti Money Laundering services||Directors (including Secretaries and disqualified or restricted Directors), shareholders, UBOs etc.||Names, business and residential addresses and date of birth, shareholding, and directorships.||Public Registers and commercial providers.||Legitimate Interests|
|Provision of Consumer Check (Individual) reports||Individuals||Names, residential addresses and dates of birth.||Public Registers and commercial providers.||Legitimate Interests|
|Provision of reports on Friendly Societies and International Companies||Members of governing group of friendly societies and directors of registered companies in certain overseas territories.||Names, residential or business addresses and dates of birth.||Public Registers||Legitimate Interests|
|Provision of Land Registry Document Service||Owners of registered properties||Names and residential or business addresses.||Public Register||Legitimate Interests|
|Running our services||Employees of client companies and individual subscribers||Names, business contact details, usage records including the IP address of the logged in user and partial credit card details. For our website: IP addresses, resources requested, time of request and computing environment.||Employees of clients and individuals||Legitimate Interests|
|Promoting our services||Employees of client companies, individual subscribers and enquirers about our services||Names, business contact details||Employees of clients and individuals||Legitimate Interests|
|Tracking of recipients' opening of our update emails||Recipients of our email updates||Open rates||Subscribers from website and employees of clients/individual clients||Consent|
|Data Subject Rights Requests||All data subjects seeking to establish and assert rights.||As and if necessary to verify identity of data subject.||Direct from data subject.||Legal obligation.|
In all cases we will also process data as required by applicable law.
As a Data Controller, we make information available to our clients to assist them in their decision-making. Our clients include financial and insurance services organisations and professional advisers (e.g. solicitors, accountants). This data is almost made available to similar organisations overseas through a network of affiliates. We use the services of a company based outside the EEA to assist us in preparing data from the Companies Registration Office so that it is accessible to our clients and international affiliates. We use Standard Contractual Clauses as a safeguard for these transfers.
For the management of some marketing contact data, we also use external services that are based outside the EEA. Again, we use Standard Contractual Clauses as a safeguard for such transfers to ensure they are made in compliance with data protection legislation.
|Irish Directors and Owners of Registered Business Names||Clients and international affiliates.|
|UK and International Search||Clients|
|Know Your Customer and Anti-Money Laundering||Clients|
|Consumer Check Individual||Clients|
|Reports on Friendly Societies and International Companies||Clients|
|Land Registry Document Service||Clients|
|Running our services||Running our services|
|Promoting our services||Electronic mailing service provider.|
|Data Subject Rights Requests||Data Subject Rights Requests|
Where we are the "data processor", we act on the instructions of the data controller.
Where we are the Data Controller, we retain personal data according to the following criteria:
|ACTIVITY||DATA RETENTION CRITERIA/PERIOD|
|Irish Directors and Owners of Registered Business Names||Data updated daily. Records of searches undertaken by clients are retained for thirty seven months. Ad hoc listings of companies that are generated in response to client queries are deleted after six months.|
|UK and International Search||Results of search enquiries performed by users are retained for thirty seven months.|
|Know Your Customer and Anti Money Laundering||Results of search enquiries performed by users are retained for thirty seven months|
|Consumer Check Individual||Results of search enquiries performed by users are retained for thirty seven months.|
|Reports on Friendly Societies and International Companies||Results of search enquiries performed by users are retained for six months.|
|Land Registry Document Service||Use of search facility is retained for thirty-seven months.|
|Employment||10 years from termination of employment relationship.|
|Running our services||Seven years after the termination of the contract. All search records are anonymised after thirty seven months.|
|Promoting our services||One year after termination of contract for clients and eighteen months for prospective clients who do not contract in that time period. If you unsubscribe before them, we will still need to retain some minimal personal data to ensure that your request is observed and not inadvertently revoked.|
|Tracking of recipients' opening of our update emails||Open history will be deleted in conjunction with the record on the individual.|
|Data Subject Rights Requests||Two years from last contact with Data Subject.|
Where we are a "data processor", we keep your data for as long as the Data Controller instructs us to.
Where we are processing your personal data as a Data Controller, you may have the right to request of us access to, and rectification or erasure, of personal data or the restriction of processing concerning your data or to object to processing as well as the right to data portability. Furthermore, to the extent that our processing may be based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before this withdrawal. Please bear in mind that your rights in relation to your Personal Data are not absolute. It is important to note that we are processing much of the data either on the basis of legitimate interests or performance of contract, rather than consent. This means there is no absolute right to have such data erased, but you may have rights to both object to such processing or to restrict it. In circumstances where we have obtained your data from a third party we may need to confirm the accuracy of the data with that third party before rectification. Marketing communications by electronic means with you will be conducted in compliance with Statutory Instrument 336 of 2011 which give you specific privacy rights in relation to electronic communications. We provide an opt-out in each communication which allows you express your preferences with regard to receiving subsequent communications. As mentioned above, the service we use places a small pixel on your device that allows us know which items you choose to open and we use this information to refine the content of the messages that we are sending to you. Please contact us at the email or postal addresses above if you wish to make a data subject request. In our role as Data Processor, we also hold personal data. In such cases, you would need to contact the respective "Data Controller" to exercise your data protection rights. If you have any requests we can direct you to the appropriate Data Controller.
You can report a concern to the Data Protection Commission using this form which is the DPC's preferred route for such communications.
If you have any issues using that route, you can communicate in writing to:
Data Protection Commission,
21 Fitzwilliam Square South
Date: November 2021