The Data Controller
The data controller is:
CRIF VisionNet Limited, with a registered office at:
22 Northumberland Road, Ballsbridge, Dublin 4, D04 4ED7, Ireland
Company number: 177790
Correspondence concerning personal data can be addressed to the Data Protection Officer or by emailing firstname.lastname@example.org.
Categories of Personal Data Collected
Personal data not collected directly from data subjects
- Names, job titles and addresses (postal and electronic) of directors and other office holders in registered companies (e.g. Secretary), date of birth, duration of directorships/offices held
- Names, job titles and addresses (postal and electronic) of sole traders, partners or other unincorporated entities, date of birth, duration of business arrangement
- Names, addresses (postal and electronic) of shareholders of companies, duration of shareholding
- Persons Entitled
- Names, postal addresses of Liquidators, Receivers and Examiners, date of appointment
- Authorised Persons, Business Owners
- Names and Addresses of individuals deemed to be "Politically Exposed Persons" classified by proximity
- Names, postal addresses of Auditors
- Date of adjudication of Bankrupts and date of their discharge
- Names and postal addresses of individuals with consumer/bad debt Judgments
- Names and postal addresses of individuals entering into Personal Insolvency arrangements
- Names and postal addresses of individuals entering into Debt Settlement arrangements
- Names and postal addresses of individuals entering into Debt Relief arrangements
- Names and postal addresses of those availing of Protective Certificates
- Names and postal addresses of Disqualified or Restricted Persons
- Names and postal addresses of individuals entering into Revenue Commissioner agreements
- Names and postal addresses of individuals deemed to be Beneficial Owners
- Names and postal addresses of individuals subject to international sanctions
Personal data not collected directly from data subjects
- Names, email addresses, phone numbers of individuals in client organisations
How Personal Data is Collected by Vision-net & SoloCheck
Personal data not collected directly from data subjects
Vision-net draws on a variety of publicly available data sources, in particular the Companies' Registration Office, but also Jordans, RTL, ISI Ireland, Revenue Commissioners (for defaulters) and the Irish Courts amongst others.
Personal data collected by use of this website
The information systems and software procedures involved in the operation of this site acquire certain personal data during their normal operation. The transmission of this data is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified parties, however, due to its very nature, it could make it possible to identify users through processing activity and association with data held by third parties. The type of data acquired includes IP addresses and the domain names of users' computers who connect to the site, the addresses of the resources requested in URI notation (Uniform Resource Identifier), the time the request was made, the method used in making the request to the server, and other parameters related to the operating system and the computer environment of the user.
The optional and voluntary sending of emails to the addresses indicated on the site, or by completing contact forms or other forms on the site, involves the acquisition of the user's personal data, necessary in order to respond to their requests. You are free to decide whether to provide the personal data necessary for CRIF VisionNet Limited to supply the requested services. There are specific Privacy Notices at such points that tell you what we will do with that data as required by Article 13 of the GDPR. Failure to provide this data may make it impossible for CRIF VisionNet Limited to supply the requested information or services.
Other ways in which we collect personal data
We can also collect such data from meetings with you, any client on-boarding forms you might complete or communications received from you or an intermediary acting on your behalf.
The data shall be processed in a lawful fashion, so as to ensure data security and confidentiality, as foreseen by GDPR provisions and all applicable laws. Personal data shall be processed using electronic or other automated means.
Purposes of Processing
CRIF VisionNet is an aggregator of business information in order to provide services to those striving to reduce business risk, fulfil compliance requirements and make informed business decisions. These can include searches on directorships, Know Your Customer (KYC), Anti-Money Laundering (AML) and Politically Exposed Persons (PEPs). In doing so, CRIF VisionNet necessarily processes data on individuals associated with companies or otherwise offering products or services.
The data gathered from users of this website shall be processed so that we can provide services to our clients, record visitors to our site, identify users who download reports or other material from the site and build up a contacts database for direct marketing purposes. This data may also be used to contact clients who may have breached our copyright or other terms and conditions.
Ground of Processing
The data shall be processed on the basis of our legitimate interests in:
- providing services to our clients, such as company searches, anti-money laundering (AML), know your customer (KYC) or other compliance searches, credit reports and risk ratings, business lists and related services;
- promoting our business;
- inviting you to events, seminars, webinars, etc;
- developing and maintaining business relationships;
- administrative and operational processes within our business;
- protecting the security and integrity of our IT systems and online platforms;
- managing and administering our relationship with business contacts, clients and potential clients;
- sending you marketing material, newsletters, and other information, unless you opt-out of receiving marketing communications which you will be offered on each occasion;
- monitoring and analysing your receipt of, and interest in, material we send you;
- analysing visitors to our website;
- analysing who is interested in material we publish on our site and what material is of most interest;
- ensuring clients comply with our Terms & Conditions
When we process your Personal Data based on our legitimate interests, we make sure to consider and balance any potential impact on you and your data protection rights.
We will not use your Personal Data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or
permitted by law).
In certain circumstances we may rely on your consent to send you electronic direct marketing communications.
Categories of Recipients of the Personal Data
Users of our services will have access to the personal data that forms part of our core services to allow them minimise business risk by informing themselves about parties with whom they might be engaging. While there are individuals working for companies across all sectors, there is a particularly high proportion of financial services companies as well as legal and financial practices.
We may disclose some or all of the Personal Data we collect from you to certain trusted third parties in accordance with contractual arrangements we have in place with these third parties, including:
- third parties who assist us in marketing and promoting the firm;
- suppliers and service providers to whom we outsource support services,
- IT service providers;
We may also share your data if it is a legal or regulatory requirement, e.g., if a law enforcement official asks us for information about you, we may disclose that information where necessary to do so.
In some circumstances, CRIF VisionNet Limited transfers personal data outside the European Union, particularly to companies who provide support services. However, when personal data will be transferred outside the European Union, the transfer will be put in place in accordance with provisions of GDPR and all applicable laws (as specified in each privacy notice).
Retention Periods for Personal Data
We will only keep data which we have received from other publicly available sources on our systems for as long as they are available from the originating sources.
We will keep and process your Personal Data where you have been a client or representative of a company with an active account with us for a period of one year after the last interaction or the closure of your account, after which we will keep aggregated information (which will not allow individuals to be identified) for analytics purposes.
If you wish to opt out of receiving marketing emails, newsletters or other such communications, you may do so at any time by emailing us at email@example.com. In addition, all electronic communications you receive from us will include clear instructions as to how you can withdraw your consent to receiving any further communications. However, we may need to retain some identifying information to enable us to ensure that we do indeed suppress any future communications.
Data Subject Rights
We also inform you that you may have the right to request of us access to, and rectification or erasure, of personal data or the restriction of processing concerning your data or to object to processing as well as the right to data portability. Furthermore, to the extent that our processing may be based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before this withdrawal. Please bear in mind that your rights in relation to your Personal Data are not absolute.
You may be asked for additional data to verify your identity in the event that you do request access to your personal data held by us. This will only be used for verification purposes, not stored, and securely destroyed once the request has been processed. For such Data Subject Access Requests we will provide the information requested within one month of receipt of a valid request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
You can exercise your rights in relation to your Personal Data by contacting:
Data Protection Officer, CRIF VisionNet Limited, 22 Northumberland Road, Ballsbridge, Dublin 4, D04 4ED7
For Subject Access Requests we will provide the information requested within one month of receipt of a valid request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. We will inform you of any such extension within one month of receipt of the request, together with the reasons for the delay.
Updates and Changes
We may amend this policy on occasion, in whole or part, at our sole discretion. Any changes will be effective immediately. You should check this page from time to time to take notice of any changes we make, as they will be binding on you.
Last updated: 10/01/2019