The Company
With this Privacy Policy, CRIBIS D&B S.r.l. intends to describe the methods of managing the Website with reference to the processing of the personal data of users who access it.
This is a general information notice provided to all visitors to the website (“Website”) in accordance with the EU Data Protection Regulation No. 679/2016 (GDPR) and all other applicable laws.
If users decide to use specific services, a specific and detailed privacy notice will be provided to them in accordance with articles 13 and/or 14 of the GDPR, and specific consent to the processing of personal data will be requested, if necessary.
1. Controller and contact details
Following access to and consultation of the Website, data relating to identified or identifiable persons may be processed.
The Controller for the processing of the collected personal data is CRIBIS D&B S.r.l., with registered office at Via dei Valtorta 48, Milan, 20127, Italy (“CRIBIS”).
Users can contact the Controller at the above mailing address or via the following e-mail address: cribisdnb@pec.crif.com
2. Location of data processing
The processing of data collected with reference to those who access the Website is mainly carried out at the CRIBIS head office, as communicated to the Italian Data Protection Authority and in accordance with the provisions of the GDPR and all other applicable laws.
In any case, personal data is processed only by specially trained employees or contractors with appropriate technical skills, and who are appointed and authorized to perform the processing.
3. Methods of data processing
The data will be processed lawfully and fairly, guaranteeing its security and confidentiality, according to the provisions of the GDPR and all other applicable laws. Personal data will be processed using electronic and in any case automated equipment.
Categories of personal data processed
With reference to browsing data, the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit to the use of Internet communication protocols. This information is not collected in association with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data category includes the IP addresses or domain names of computers used by users who connect to the Website, Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the server request, and other parameters related to the user’s operating system and computing environment.
The optional and voluntary sending of e-mails to the addresses indicated on the Website or by filling out the appropriate contact form involves the acquisition of the user’s personal data, as indicated therein (e.g., first name, last name, e-mail address, telephone number, company, VAT no., address, zip code, city, ), which is necessary to respond to user requests. In addition, business information may be processed for the purposes set out in (f) below.
In addition, specific social buttons/widgets are present on the Website in the form of social network icons (e.g., Facebook, LinkedIn, etc.) and icons for other web services (e.g., YouTube, GoogleMaps, etc.). These buttons allow users browsing the Website to access the specific social media sites in one click. In such cases, the social networks and web services acquire data regarding the user, while the Controller will not share any browsing information or user data acquired through its website with the social networks and web services that can be accessed through the social media buttons/widgets. These services create “third-party cookies”. Below are links to the privacy policies of the most commonly used social networks and of the websites that the buttons link to:
- Facebook social widgets (Facebook, Inc.)
Facebook social widgets provide ways of interacting with the Facebook social network, provided by Facebook, Inc.
Personal data collected: Cookies and Usage Data.
Privacy Policy https://www.facebook.com/privacy/explanation
- Twitter Tweet button and social widgets (Twitter, Inc.)
The Twitter Tweet button and social widgets provide ways of interacting with the Twitter social network, provided by Twitter, Inc.
Personal data collected: Cookies and Usage Data.
Privacy Policy https://twitter.com/it/privacy
- LinkedIn button and social widgets (LinkedIn Corporation)
The LinkedIn social buttons and widgets provide interaction with the LinkedIn social network, provided by LinkedIn Corporation.
Personal data collected: Cookies and Usage Data.
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
- YouTube
YouTube is a service managed by Google Inc. for displaying video content, enabling the Application to integrate this content into its pages (google.com/policies/privacy/)
The user can find more information on the data collected directly or by third parties through cookies in the relative Website Cookie Policy.
5. Use of the Website and purposes of the processing
User data may be processed for:
- the performance of operations that allow browsing of the Website pages. The Controller, like most web page owners, needs to process personal information relating to users collected automatically or provided by the users themselves through the navigation or use of the Website in order to allow them to browse and use the site. Therefore, this Privacy Policy refers exclusively to the Website and does not refer to any other online sites, pages or services that can be accessed through hyperlinks published on the Website.
- the performance of the operations strictly necessary to provide the services or to respond to and/or manage any requests made by the user through the appropriate contact form on the home page of the Website as well as making an appointment for the sales force if necessary.
- the Newsletter service. By specifically selecting the relevant check box, the user consents to receiving updates on the activities of the Controller through the Website; the user data will also be added to the Website mailing list so that the user can receive the relative Newsletter (see section 8 of this Privacy Policy).
- statistical processing of aggregated data in relation to the Website services.
- direct marketing activities and marketing communications for products and services of CRIBIS D&B S.r.l. and other CRIF Group companies. If, following specific selection of the relevant check box, the user consents to receiving information, marketing communications, direct sales, and market research on the products or services provided through the Website, the user’s information will be processed for this purpose. Such communications may be sent through the use of traditional tools (telephone/mail) or automated tools (e-mail, fax, SMS, etc.), always on the basis of the preferences previously expressed by the user. After the initial telephone/e-mail contact, if the user decides not to subscribe to any service or to purchase any product or states that he/she does not want to be contacted again, the Controller will cancel the user’s details. Likewise, users can decide not to receive any marketing communications at any time by using the opt-out link at the bottom of each message and in any case exercising the relative right to withdraw consent.
- verification purposes in the context of any relationships to be established, in particular in relation to legitimate related needs: start of new business relationships, establishment and management of pre-contractual relationships, and supply of goods and services to the data subject (see full privacy policy https://www.cribis.com/it/informativa-privacy/), in compliance with the “Code of conduct for the processing of personal data concerning business information”;
- the voluntarily issue of comments, and interviews (quotes) by the user on CRIBIS services and products. In this case, the Controller may process personal data such as first name/name, last name, image, company position, etc. For such processing, the Controller will issue a special disclaimer and privacy notice in advance.
6. Legal basis for data processing
The user's personal data will be processed on the basis of one or more of the following legitimacy conditions. In particular, processing carried out for the purposes referred to in:
letters (a) and (b) above, which have as their legal basis the need to fulfill the requests for the provision of a service or to respond to a user request. Such processing is therefore strictly necessary and connected to a pre-contractual phase at the request of the data subject and/or contractual or in order to provide feedback to a specific user request according to art. 6 par. 1(b) of the GDPR. In this regard, the personal information collected from time to time through the Website is necessary. If the user decides not to provide the information, it will not be possible to provide the service or proceed with the requests.
letter (c) above: the Newsletter service will be activated only after a quotation and specific consent of the user. This consent is optional and does not affect the provision of any additional services requested.
letter (d) above, which has as its legal basis, to a proportionate and necessary extent, the legitimate interests of the Controller in accordance with art. 6 (1)(f) of the GDPR, consisting of improving the performance and verifying the proper functioning of the Website. In this regard, we also invite you to consult the Website Cookie Policy.
letter (e) above, which requires the prior and specific consent of the user for use of the user’s details by the Controller. This consent is optional and does not affect the provision of any additional services requested.
The user has the right to withdraw consent for the marketing purposes referred to in letter (e) at any time without prejudice to the lawfulness of the processing based on the consent given before withdrawal and has the right to oppose the processing for marketing purposes referred to in letter (e), including in part, or with reference to the marketing information and offers, and the advertising and promotional material on services through automated methods.
letter (f) above, which will be carried out in full compliance with the Code of Conduct and applicable legislation and respecting the interests and rights and fundamental freedoms of the data subjects, pursuant to art. 6, (1)(f) of the Regulation.
letter (g) above, which is based on the explicit, optional, and voluntary consent of the data subject in accordance with article 6(1)(a) of the GDPR.
7. Categories of recipients of personal data
The Controller, for the same purposes specified in section 5 of this Privacy Policy and/or in any case for purposes strictly related to the services provided by the Website, may communicate the user’s data to subjects that act in the role of Processors pursuant to art. 28 of the GDPR, which will perform or provide specific services, including:
- Hosting and back-end infrastructure
This type of service has the function of hosting data and files that enable the Website to function and perform data processing in order to enable the Website to be browsed by users.
- Shipping and logistics
- Site Administration (administration, sales, marketing and legal personnel, and system administrators)
- Newsletter service
- Contact management: checks referred to in letter (f) in the context of any business relationships established and any appointments for the sales force and marketing communications
This type of service allows use of user data for marketing communication purposes in a variety of forms as specified above.
This does not mean that all user data is used for this purpose. Some of the services, indicated below, may use cookies to identify the user or use behavioral retargeting techniques, i.e., the display of advertisements tailored to the user’s interests and behavior, which are also detected outside the Website. To learn more about this, we suggest that users read our Cookie Policy and/or the privacy policies for the respective services.
In addition to the opt-out options offered by the services reported below, users may opt out of receiving cookies related to a third-party service as described below or by consulting the Website Cookie Policy.
- Google AdSense (Google Inc.)
Google AdSense is an advertising service provided by Google Inc.
This service uses the “Doubleclick” cookie, which tracks the use of the Website and user behavior in relation to advertisements, and to the products and services offered.
Users can choose not to use the Doubleclick cookie at any time by deactivating it: how to managing cookies.
- Facebook Audience Network (Facebook, Inc.)
Facebook Audience Network is an advertising service provided by Facebook, Inc. For an understanding of Facebook’s use of data, please refer to the Facebook Data Policy.
To allow Facebook Audience Network to work, the Website may use certain mobile device identifiers (including Android Advertising ID or Advertising Identifier for iOS) or cookie-like technologies.
One of the ways in which Audience Network proposes advertising messages to the user is to use the latter’s advertising preferences. Users can control the sharing of their advertising preferences within the Facebook Ad settings.
Users can opt out of certain features of Audience Network targeting through their device settings. For example, you can change the advertising settings available for mobile devices, or follow any instructions that apply to Audience Network included in this privacy policy.
- Facebook Remarketing (Facebook, Inc.)
Facebook Audience Network is a remarketing and behavioral targeting service provided by Facebook, Inc. that links user activity on the Website with the Facebook advertising network.
- Statistics
The services contained in this section allow the Controller to monitor and analyze the traffic data for the Website. The Controller uses this service in order to perform aggregated analysis of its users in anonymous form and thus improve Website performance. All statistical services are used by the Controller through an integration that anonymizes the IP address of the user, including:
Google Analytics with IP anonymization, which is a free statistical service provided by Google Inc.
Personal data collected: Cookies and Usage Data.
The user can ask the Controller for an up-to-date list of Processors at any time.
8. Newsletter and contact form
The Website will periodically send users who have given their prior consent, or made an express request in this regard, a Newsletter to:
- send updates, information materials, communicate initiatives of CRIBIS D&B S.r.l. and other CRIF Group companies, etc.
The Newsletter is managed by Diennea Magnews, appointed by the Controller as Processor pursuant to art. 28 of the GDPR, and the e-mail address is stored on the servers of CRIF S.p.A. (parent company of CRIF Group of which CRIBIS D&B S.r.l. is part of) and Diennea Magnews, and, periodically, in the backups made by the Website.
Diennea Magnews will share information with the Controller about users who open the Newsletter and click on the links contained within it. This information is used to verify whether or not the content of the Newsletter is of interest to users. However, the user e-mail addresses are not transferred to any other party, for any reason (unless the user has authorized it).
Users can decide not to receive the Newsletter at any time through the opt-out link at the bottom of each message and/or by exercising the right to withdraw consent.
9. Transfer of personal data
Personal data may be transferred to a non-EU country, subject to the conditions set out in the GDPR. Specifically, the above transfer may be put in place, without specific authorizations, if the third country to which the data is transferred falls under those which guarantee an adequate level of protection according to the European Commission. In the absence of such an adequacy decision adopted by the European Commission, this transfer to third countries can be carried out by adopting the adequate guarantees referred to in art. 46 of the Regulation, based on which the above-mentioned personal data transfer occurs. In the absence of an adequacy decision or additional guarantees, the transfer of personal data to third countries can be carried out if the terms are met and the additional conditions set out by the GDPR exist, including the possibility to make use of the derogations for specific situations in art. 49 of the GDPR. In addition, this transfer may occur on the basis of the individual service provided by CRIBIS or as a result of the installation of third-party cookies. For each service requested by the CRIBIS customer, a special information notice will be provided with the details of the countries to which the data will be transferred, and within the Cookie Policy the user is also given the opportunity to check the information notices of third-party controllers and to opt-out if desired. In any case, in relation to services provided by CRIBIS, if personal data is transferred outside the European Union, the transfer will be carried out in accordance with the provisions of the GDPR and all other applicable laws (as will be specified in the specific information notices).
10. Retention period
For each service or initiative requested by the CRIBIS client, a special information notice will be provided with details of the data retention period or the criteria used to determine this period.
CRIBIS shall process and retain the browsing data for the time required by the purposes for which the data was collected. As regards the purposes of the processing, the following retention periods shall apply:
- any data collected for purposes essential to the execution of a contract between the Controller and the user will be retained until the execution of the contract/request is complete and for the duration of the contractual relationship.
- when the processing is based on user consent, such as for the subscription to marketing communications, the Controller can retain the personal data for a maximum period of 5 years unless such consent is withdrawn;
- when the processing is based on user consent, such as for subscription to the Newsletter, the Controller can retain the personal data for a maximum period of 12 months unless consent is withdrawn;
- in addition, the Controller may be obliged to retain the personal information for a longer period in compliance with a legal obligation or to retain it based on its legitimate interests for the management of any ongoing litigation or pre-litigation.
As for browsing data, the Controller will delete this information 12 months after the last online interaction that occurred in relation to the Controller’s communications or the content published on the Website for which the Controller has direct evidence of this interaction (e.g. clicks, opening, response).
11. Cookies
For details about the use of cookies on this Website, please refer to the Cookie Policy.
12. Data subject rights
We hereby inform you that, pursuant to articles 15 – 22 of the GDPR, users can exercise the following rights: the right to access their personal data, ask for the amendment or deletion of the data, or restriction of the processing. User also have the right to oppose the processing, as well as the right to portability. In addition, the user can withdraw his or her consent at any time, it being understood that the withdrawal of consent does not affect the lawfulness of the processing carried out up to the point of withdrawal. In any case, for each service requested by the CRIBIS client, a special information notice will be provided with details of the rights that can be exercised and the ways in which to exercise them.
In such cases, you can exercise your rights by contacting the Controller using the following contact details: CRIBIS D&B Srl, via dei Valtorta 48, 20127, Milan, Italy or writing to the following e-mail address: cribisdnb@pec.crif.com
The data subject can also submit a complaint to the Italian Data Protection Authority, following the instructions through the link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524
Data Protection Officer
For any questions regarding the processing of your personal data, you can contact the Data Protection Officer by e-mailing:
dirprivacy@cribisdnb.com; certified e-mail: cribisdnb@pec.crif.com
13. Amendments to this Privacy Policy
The Controller reserves the right to amend this Privacy Policy at any time, informing users on this page and, if possible, on the Website. Therefore, please consult this page regularly, referring to the date of updating at the bottom of the page.
Do you have any questions or want to receive a quotation?
Ask for information immediately