Privacy policy

With this Privacy Policy, CRIF Gulf DWC LLC (“CRIF Gulf”) intends to describe the methods of managing this website ( with reference to the processing of the personal data of users who access it. This is a general information notice provided to all visitors to the website in accordance with the UAE Data Protection Law No. 45 of 2021 (“UAE DP Law”) and all other applicable laws. If users decide to sign up to the ESG Initiative, a specific consent to the processing of personal data will be requested, if necessary. CRIF S.p.A. will process the data according to the information notice published at the following link:

Data controller

Following access to and consultation of this website, data relating to identified or identifiable persons may be processed. The Data Controller for the processing of the collected personal data is CRIF Gulf DWC LLC, with registered office located at 15th floor, '48 Burj Gate', Downtown Burj Khalifa, PO Box 72478, Dubai, UAE (“CRIF Gulf”). You can contact the Data Controller at the above mailing address or via the following e-mail address:

Location of data processing

The processing of data collected with reference to those who access the website is carried out at the CRIF Gulf office, in accordance with the provisions of the UAE DP Law and all other applicable laws. Personal data is processed only by specially trained employees or contractors with appropriate technical skills, and who are appointed and authorized to perform the processing.

Methods of data processing

The data will be processed lawfully and fairly, guaranteeing its security and confidentiality, according to the provisions of the UAE DP Law and all other applicable laws. Personal data will be processed using electronic and, in any case, automated equipment.

Purpose of data processing

User data may be processed for:

  1. the performance of the operations strictly necessary to provide the services or initiatives that may be requested by the user, including navigating the website;
  2. the provision of technology services (remote or on-site assistance and maintenance, etc.), including by specifically authorized third parties;
  3. statistical processing of aggregated data in relation to website services.

On the website pages where your personal data is explicitly collected, you will find, where necessary, any additional privacy specifications, as well as the methods for acquiring your consent and/or identifying any further basis for the legitimacy of the processing pursuant to the UAE DP Law.

The data is processed by our Company, as the independent Controller, in order to provide third parties who request the information (our clients) with business information services for the assessment of the activities, stability and capacity in economic and business terms of a person, and to perform checks in relation to any existing or prospective business relationships (which in the absence of accurate and complete information could be blocked) and for the protection of the related rights.

Business information can also be requested by our clients, including in the form of lists (by sector or category), for use in marketing activities, telephone contact, and communications for commercial, promotional, and advertising purposes, and in compliance with the regulations in force, with specific reference to the use of automated systems, including e-mail, fax, prerecorded telephone messages, and SMS.

The personal data acquired by our Company can also be subject to additional processing or statistical analysis, both automated and through experts, in order to assign an assessment or opinion, including in summary form or as a score, on the level of reliability, solvency and capacity in economic and business terms of the company or person concerned and/or on the probability of insolvency of a company, taking into account, for example, its overall economic and financial standing, as well as current and past receivables and payables, including in reference to subjects with significant responsibilities and positions.

Personal information may also be processed by our Company for the purposes of supporting the compilation of the ESG questionnaire and for customer satisfaction purposes via telephone contact.

Furthermore, during these telephone calls, if the data subject has given consent, he or she may receive a proposal for the Synesgy Company List Management Service.

Personal data may also be processed by our Company whenever the data subject has given consent for marketing purposes, including via automated calling systems (e.g., SMS, MMS, e-mail, fax). The provision of personal data for this purpose is optional, and the related processing requires the consent of the data subject; any refusal to provide consent will not give rise to any consequences.

Legal basis for data processing

Your personal data will be processed on the basis of one or more of the following conditions. In particular, processing carried out for the purposes referred to in points: no. 1 and 2 above, have as their legal basis the need to fulfill the requests for the provision of a service or to participate in an initiative directly available through the website: therefore, this type of data processing is strictly necessary and connected to a pre-contractual and/or contractual phase or designed to respond to a specific request according to the UAE DP Law, and as such, the personal data collected is necessary. If the data is not provided, it will not be possible to provide the service or to respond to your request; no. 3 above, has as its legal basis the legitimate interest of the Controller in accordance with the UAE DP Law, consisting of improving the performance and verifying the proper functioning of the Website. In this regard, we also invite you to consult the Website Cookie Policy.

Categories of recipients of personal data

The data may be communicated to different categories of recipients, according to the service/initiative requested by the CRIF Gulf client.

Transfer of personal data

Generally, the data provided by CRIF Gulf clients will not be transferred outside the UAE. However, this transfer may occur according to the individual service provided by CRIF Gulf. However, should personal data be transferred outside the UAE, the transfer will be carried out in accordance with the provisions of the UAE DP Law and all other applicable laws. CRIF Gulf may transfer or provide the information collected through the Website to other companies of the CRIF Group outside the UAE, and to third parties such as contractors or other entities that provide services (or products) demanded by the CRIF Gulf client. CRIF Gulf may also provide these companies with aggregate statistics on visitors, transactions and other activities on the Website. Information on users may also be disclosed to other entities if it is required by the relevant law or necessary to safeguard the rights and legally protected interests of the GRIF Group members or another entity.

Type of personal data processed

With reference to browsing data, the computer systems and software procedures used to operate this Website acquire, during their normal operation, some personal data whose transmission is implicit to the use of Internet communication protocols. This information is not collected in association with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data category includes the IP addresses or domain names of computers used by users who connect to the Website, Uniform Resource Identifier (URI) addresses of the requested resources, the time of the request, the method used to submit the server request, and other parameters related to the user’s operating system and computing environment. The optional and voluntary sending of e-mails to the addresses indicated on the website involves the acquisition of the user’s personal data which is necessary to respond to user requests.

Data provision

The user is free to provide the personal data necessary to allow CRIF Gulf to provide services or to participate in the requested initiatives. Failure to provide the data may result in the inability of the company to provide the requested information or services.

Retention period

CRIF Gulf retains the navigation data as specified in the UAE DP Law.


For details about the use of cookies on this Website, please refer to the Cookie Policy.

Data subject rights

We hereby inform you that, pursuant to the UAE DP Law, the user can exercise the following rights: the right to access his or her personal data, ask for the amendment or deletion of the data, or restriction of the processing. Users also have the right to oppose the processing, as well as the right to portability. In addition, users can withdraw their consent at any time, it being understood that the withdrawal of consent does not affect the lawfulness of the processing carried out up to the point of withdrawal. In such cases, you can exercise your rights by contacting the Controller using the following contact details: CRIF Gulf DWC LLC, 15th floor, '48 Burj Gate', Downtown Burj Khalifa, PO Box 72478, Dubai, UAE,  or writing to the following e-mail address: The data subject can also submit a complaint to the UAE Data Office.

For any questions regarding the processing of your personal data, you can contact the Data Protection Officer by e-mailing:

Last update: 18 – April - 2023