Privacy Policy and General Data Protection Notice (according to the Code of Ethics and Conduct in Processing Personal Data for Business Information Purposes)

Last Revision Date: May 2018
This website is administered by Kroll, Inc. (“Kroll”). Kroll recognizes the importance of protecting your privacy. The following Privacy Policy (“Privacy Policy”) provides important information about your privacy in connection with your use of Kroll’s website relating to the submission of your personal information via the website. Please review it carefully. It describes what information Kroll collects, how Kroll collects that information and how Kroll stores, uses, transfers, and discloses (collectively “Uses”) the collected information. Your continued use of this website constitutes your agreement with this Privacy Policy and any subsequent updates. This Privacy Policy is subject to Kroll’s Website Terms of Use ("TOU"), and/or any other such agreement that governs your relationship with Kroll subsidiaries, affiliates, partners, or other third-parties.

Subsidiary, Affiliate, Partner and Third-Party Websites 
This Privacy Policy applies to this website only. To the extent that this website permits you to link to or otherwise access the websites of Kroll’s subsidiaries, affiliates, partners, or other third-parties, separate privacy policies may apply to those linked websites. Those separate privacy policies may contain terms different than those contained in this Privacy Policy, and your access to and use of such linked websites are not governed by this Privacy Policy. Kroll expressly disclaims any and all responsibility for your access to and use of such linked websites, as well as for any use of the Personal Information (defined below) that you may provide, or any Personal Information that may be collected about you (including via cookies) at such linked websites.

Purpose of Collection of Personal Information 
While visiting the Kroll website you may be asked to voluntarily provide certain personal information such as your name, contact details, age, biographical information or other personal details (“Personal Information”). For example, if you visit the Careers section of the website to explore employment opportunities, you may be asked to provide your email address, residence, education, work experience, and other similar information. Or if you access one or more of Kroll’s web-based technology platforms, you may be asked to provide certain Personal Information in order to access those web-based services. Such Personal Information is provided by you on a voluntary basis, and by submitting your Personal Information you consent to its use in a manner consistent with this Privacy Policy. Failure to provide such Personal Information may entail the failure to be provided with the web-based services requested.

Information Collected from Navigation, Cookies and Other Technologies 

Navigation Data

The information systems and software procedures operating this website acquire personal data as part of their standard functioning; the transmission of such data is an inherent feature of Internet communication protocols.

Such information (including IP addresses and/or the domain names of the computers used by any user connecting with this website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of such requests) might allow user identification per se after being processed and matched with data held by third parties.

These data may be used to extract anonymous statistical information on website use as well as to check its functioning; they are erased immediately after being processed. The data might be used to establish liability in case computer crimes are committed against the website; except for this circumstance, any data on web contacts is currently retained for no longer than is necessary.

Kroll’s website, online services, applications, platforms, email messages, and advertisements, if any, may use “cookies” and other technologies such as pixel tags and web beacons to collect information about you (pixel tags and web beacons are also known as clear GIFs, action tags or web tags). Please see our Cookies Policy for further information.

Disclosure of Personal Information to Third Parties

Kroll will not share Personal Information collected from you with third parties for purposes other than those in support of Kroll’s operations and as necessary to facilitate the purpose for which you provided it. In some cases Kroll may share the Personal Information with its affiliated companies, clients, or with third party service providers retained by Kroll to provide services on its behalf. These affiliated companies, clients, or third party service providers will use your Personal Information only to accomplish the purposes for which the Personal Information was collected. The transfer of your Personal Information to our affiliated companies may also be done to allow these entities to offer you information about their businesses, products or services that may be of interest to you, or for other lawful business purposes.

Your Personal Information may also be shared under the following circumstances: (i) if Kroll is required to do so by law enforcement authorities or government agencies or for other regulatory purposes; and (ii) in connection with investigations or other efforts to prevent illegal activities or pertaining to public safety.

Kroll may disclose and transfer your Personal Information during a merger or during the divestiture of company assets. However, we will require the acquiring organization to agree to protect the privacy of your Personal Information consistent with this Privacy Policy. We transfer your Personal Information to other countries, including those countries which may have a lower standard of data protection laws than your home country, for the purposes described in this Privacy Policy. You consent to this transfer is signified by your use of this website and your submission of any Personal Information through the website.

Integrity, Protection and Retention of Your Personal Information 
Kroll endeavors to protect your Personal Information. Kroll uses commercially reasonable efforts and security practices to safeguard your Personal Information and to employ security measures designed to protect your Personal Information from access by unauthorized persons. Some of those measures include, but may not be limited to, encryption, firewalls and use of Secure Socket Layers (SSL). Kroll retains your Personal Information for the period necessary to fulfil the purpose for which it was collected, as outlined in this Privacy Policy, unless a longer retention period is mandated or permitted by law. Kroll generally retains Personal Information for no longer than the statute of limitations period mandated in your country of residence plus one year.

Access to Personal Information
There may be times that you wish to access your Personal Information. Kroll makes commercially reasonable efforts to provide you with access to your Personal Information in accordance with your legal entitlements so you can instruct us to correct or update the Personal Information if it is inaccurate, or delete your Personal Information if Kroll is not required to retain it by law, for legal purposes, including claims management, or for a legitimate business purpose. To receive a copy of your Personal Information, or to provide instructions to us on what you want corrected or updated, send us an e-mail at: information@kroll.com.

Opting Out: How You Control the Use of Your Personal Information
In the event you have consented to Kroll using your Personal Information and you later decide that you want to opt out from Kroll’s use of your Personal Information, you may do so by notifying Kroll by email at: information@kroll.com.

Children

Kroll does not knowingly collect information from children under the age of 13 (or such legally required higher age) and does not target its websites to children under 13 (or such legally required higher age). Kroll encourages parents and guardians to take an active role in their children’s online activities and interests. If Kroll learns that a child under the age of 13 (or such legally required higher age) has submitted Personal Information online without parental consent, we will take all reasonable steps to delete such information from our databases and not to use such information for any purpose (except where necessary to protect the safety of the child or others as required or as allowed by law). If you become aware of any Personal Information we have collected from children under 13 (or such legally required higher age), please contact us at information@kroll.com.

Changes to this Privacy Policy and Notification to You
Kroll reserves the right, in its sole discretion, to make changes to this Privacy Policy. When changes are made to the Privacy Policy, the “Last Revision Date” field at the top of the Privacy Policy will be updated accordingly. Changes to the Privacy Policy become effective upon posting and updating the “Last Revision Date”. Kroll encourages you to periodically review the Privacy Policy to be informed of any changes.

 

General Data Protection Notice (according to the Code of Ethics and Conduct in Processing Personal Data for Business Information Purposes)


During the course of our activities we, Kroll (the “Company”), as data controller, will process personal information (which may be held on paper, electronically, or otherwise) in connection with the performance, on the clients' behalf, of operations consisting in the collection, analysis, evaluation, processing and communication of information from public sources or sources that are publicly and generally available, or information that is obtained directly from the data subjects, in such a way as to provide added knowledge value to third parties.
Kroll processes personal data in accordance with the following principles:

  • lawfully and fairly;
  • collected and recorded for specific and lawful purposes and processed in a manner compatible with those purposes;
  • accurate and, where necessary, kept up to date;
  • adequate, relevant and not excessive in relation to the purpose or purposes for which they have been collected;
  • kept for no longer than is necessary for the purpose for which the data were collected;
  • processed in accordance with the rights of data subjects; and
  • secure

1. How the Company Uses Personal Information

The Company processes personal Information for 'business information purposes' meaning the purposes of providing information to clients on natural persons' economic and financial situation and/or assets and liabilities as well as on the said persons' soundness, creditworthiness and reliability for the requirements arising from the establishment and management of business relations whether prior to entering into a contract or not, as well as from the protection of the relevant rights on the clients' part.

2. The Personal Information Collected by the Company

The types of personal information that the Company processes are personal data and, possibly, special categories of personal data such as data relating to offences, criminal convictions or security measures.
The Company collects personal information directly from data subjects or from public or publicly and generally accessible sources, or from other entities that are authorized by law to disseminate and provide such information.

  • The following sources may be used:
    • Public sources, meaning public registers, lists, instruments or records that are publicly accessible based on the applicable legislation in force pursuant to the limitations and arrangements set forth in such legislation as for access to, usage and disclosure of the data in question. This category includes, but is not limited to, the following:
      • The companies' register; financial statements and shareholders' or partners' lists;  extracts and/or records from the registers held at Chambers of Commerce; records and events relating to bankruptcy or other insolvency proceedings; and the computerized register of protested bills of exchange held by Chambers of Commerce and the related consortium called InfoCamere;
      • Real estate transactions, documents containing prejudicial information (such as mortgage registrations or cancellations, attachment order registrations or cancellations, injunctions or judicial orders with the respective registrations) as kept by the Revenue Agency (including the former Land Registrar's Offices and the Public Cadaster), the Public Register of Motor Vehicles and the Census Register.
    • Publicly and generally accessible sources including the following:
      • Paper dailies and newspapers providing they are registered under the law;
      • Business (so-called 'Yellow Pages') or general phone directories;
      • Internet websites belonging to:
        • Target entities and other entities connected to the latter;
        • Public, governmental, regional or local bodies; public agencies and supervisory and regulatory authorities with regard to lists, registers instruments and records posted on such websites and containing information on business activities performed;
        • Trade and professional associations with regard to lists or registers of businesses or enterprises as disseminated on the respective websites;
        • At least three online dailies and newspapers, duly registered, confirming the information that is being provided. Account shall not be taken in this regard of online newspapers where the corresponding paper edition has already been considered, or of news features that are merely the same text published by different newspapers;
        • Online business or general phone directories.

The Company may collect  the personal information from the above public or publicly and generally accessible sources also by means of electronic tools and electronic networks, whether directly or indirectly, whether by relying on public bodies or other private sector providers, on the basis of ad-hoc agreements with the latter providers and in accordance with the formalities and limitations set forth in the legislation that regulates access to, usage and disclosure of the instruments and the data contained therein.

3. How the Company Protects Personal Information

The Company will take all steps reasonably necessary to ensure that there are appropriate security measures in place to safeguard personal information. In determining the appropriate security the Company takes into account technological developments and assesses the measures in place against the risk of harm that may result from a security breach. The security measures implemented by the Company are appropriate to protect against the risks presented by the processing and are put in place to prevent unauthorised or unlawful disclosure as well as to protect against accidental loss, destruction or damage to your personal information.


4. Disclosure of Personal Information to Third Parties
Kroll will not share Personal Information collected from you with third parties for purposes other than those in support of Kroll’s operations and as necessary to the purpose for which you provided it. In some cases Kroll may share the Personal Information with its affiliated companies, clients, or with third party service providers retained by Kroll to provide services on its behalf. These affiliated companies, clients, or third party service providers will use your Personal Information only to accomplish the purposes for which the Personal Information was collected.
Any information that is processed in order to provide business information services shall be communicated by the Company to its clients, also via electronic networks, in accordance with the public security legislation in force (Consolidated Statute on Public Security, TULPS).
Personal Information may also be shared under the following circumstances: (i) if Kroll is required to do so by law enforcement authorities or government agencies or for other regulatory purposes; and (ii) in connection with investigations or other efforts to prevent illegal activities or pertaining to public safety.
We transfer your Personal Information to other countries, including those countries which may have a lower standard of data protection laws than your home country, for the purposes described in this Privacy Policy. Your consent to this transfer is signified by your use of this website and your submission of any Personal Information through the website. We exercise particular care where Personal Information is transferred across international borders, to ensure that the transfers comply with relevant country or regional laws and regulations, in particular we ensure that appropriate contractual and operational safeguards are put in place.

5. Retention of Personal Information
Any personal data collected for business information services purposes is kept for as long as it remains necessary and/or is published in the respective public source pursuant to the applicable sector-specific legislation.
The Company may take appropriate measures for updating the business information provided in the light of the personal data recorded in the respective public sources; in this respect, the limitations and arrangements set forth in the applicable sector-specific legislation shall have to be abided by as for the access to, use and publicity of the data in question including their updates.

6. Rights of Access and Correction

In accordance with applicable laws, the Company shall facilitate the reasonable and timely access to personal information upon request, as well as complying with requests to correct or amend any incorrect or inaccurate personal information. In some cases and on legitimate grounds, personal information can be erased, anonymized or blocked in accordance with applicable legislation.

7. Questions About Your Personal Data

If you have any questions about the processing of your personal data as described in this notice, please contact information@kroll.com. The Company will take appropriate steps to address any enquiries or complaints. The Company also cooperates with relevant data protection authorities for complaints concerning its handling of personal data.

 


Kroll - Informativa sulla Privacy