This information is provided pursuant to and for the purposes of article 13 of Regulation 679/2016 (EU) to those who access and navigate the website indicated below: www.prowebconsulting.net

Cerved Group S.p.A (“Cerved”) processes the personal data of its stakeholders (customers, employees, suppliers, partners, web surfers, etc. – hereinafter, in general, “data subjects”) as independent data controller and in the ordinary management of existing relationships, acquiring, where necessary, consent.

The information also illustrates the processing of personal data collected by Cerved through forms, interviews, software or other channels in the performance of its activities and in compliance with the purposes indicated.

We inform you that in compliance with the Regulation, all data provided by users on this website are provided voluntarily and that the entire processing will be carried out in accordance with the principles of accountability, fairness, legality and transparency.



Data controller

Type of personal data processed

Methods of collecting personal data

Purposes, legal bases of the treatment, retention period and mandatory provision of data

Processing Methods

Data communication and dissemination


Personal data: means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, mailing address, e-mail, phone number, browsing data, IP address, elements characterising his/her identity;

Aggregate data: means information on groups or categories of users, which does not identify you and cannot be used to identify an individual user.

Anonymous data: Means information that does not identify directly or indirectly and that cannot be used to identify an individual user.

Usage data:

Means information automatically collected through this website, including: IP addresses or domain names of computers used by the user who connects to this site, the URI (Uniform Resource Identifier) addresses, time of the request, the method used to forward the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) the country of origin, the characteristics of the browser and the operating system used by the visitor, the various temporal connotations of the visit (such as the time spent on each page), with particular reference to the sequence of pages viewed, the parameters relating to the operating system and the user’s IT environment.

Data Subject: means the person to whom the personal data refer and who may be identified or identifiable, even indirectly, through information, specific factor or the cross-matching of several personal data items.

Data Controller: Any natural or legal person who determines the purposes and means of processing personal data;

Data Processor: means a natural or legal person who is in charge of the processing of personal data on behalf of one or more data controllers and is authorised to carry out the processing of the data only in accordance with the instructions of the data controller.

IP address: The IP address is associated with the access point through which you connect to the Internet and is usually controlled by the user’s Internet Service Provider (ISP).

Website. The company website www.prowebconsulting.net/en


The Data Controller is Cerved Group S.p.A., with registered office in Via dell’Unione Europea 6A/6B, San Donato Milanese, Italy.


  • Personal contact data (such as, by way of example, name, surname, e-mail address, telephone number, etc.) that the data subject provides us by communicating by telephone, e-mail or through registration forms on our Website;
  • Personal contact details provided during industry events organized and managed by Cerved;
  • Contact data collected, with the prior consent of the data subject for third parties to use these and in compliance with applicable laws, during events organized by third parties;
  • Personal data entered when using the Website, our Applications on third party platforms or websites, such as social networking sites;
  • Information about your location when you visit our Website relating to your IP address, where the processing of such data is permitted by applicable law;
  • Usage, display and technical data, including the device identifier or IP address of the user, the time the user visits the Website;
  • Cookies: small text file in which short information about a user’s activity on a website is collected and stored on the device that accessed the website. For the complete discipline (prowebconsulting.net/en/cookie-policy/).


Access to and consultation of the Website are free.

However, if the user wishes to receive information from Cerved, the voluntary release of some personal data will be requested.

In particular, the Company:

  • It collects personal data provided by the Data Subject when services or information are requested, or when s/he voluntarily fills out registration forms on our Website, communicates with our contact center, or interacts with us in another way;
  • When the Data Subject provides personal data on Cerved’s pages on third-party platforms or websites, the data sent may be collected separately from the third-party website or platform. Personal Data collected from third party sites and platforms is subject to the privacy policies of those third-party websites and platforms. Your privacy choices on third-party websites and platforms do not apply to our use of personal information collected by us directly through our Applications;
  • The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users connecting to the Websites, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters relating to the operating system and computer environment. These data are used only to obtain anonymous statistical information on the use of the Websites and to check their proper functioning and are kept for the time defined by the legal regulations of reference. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Websites.
  • It collects personal data by means of cookies, when the user visits our Website. (prowebconsulting.net/en/cookie-policy/ )


The processing of personal data is aimed at achieving the following:

Primary Purposes

  • for all those purposes inherent and necessary to the performance of its activities, to ensure the proper provision of services sold by Cerved, to detect any requests from users of the Website and, more generally, to fulfil in a timely and complete manner any obligation arising from the contractual relationship established between the data subject and the Company.

The legal basis for this processing is the need to execute a request from the data subject or to fulfil contractual or legal obligations.  The data will be kept for ten years from the date of termination of the contractual relationship;

  • for administrative and accounting purposes.

The legal basis for this processing is the performance of contractual or legal obligations. The data will be kept for ten years from the date of collection;

  • to comply with legal and regulatory provisions, including fiscal provisions, or to execute an order from judicial or police authorities or supervisory bodies. The legal basis for this processing is the execution of legal obligations to which Cerved is subject. The data will be kept for ten years from the date of collection;
  • finally, the primary purposes also include certain technical processing carried out by means of so-called “technical cookies” based on what is described in more detail in the Cookie Policy (prowebconsulting.net/en/cookie-policy/).

The legal basis for this processing is the need to execute a request from the data subject. The data will be used for the time strictly necessary to manage the functions provided by the cookies.

In all the above cases, Cerved is not obliged to obtain the specific consent of the data subject. All the types of processing described above pursue primary purposes for which current legislation excludes the need to obtain a specific consent of the data subject, either because the processing is necessary to fulfil an obligation under the law or a Community regulation, or because processing is necessary to perform obligations arising from a contract to which the data subject is a party, or to fulfil, before the conclusion of the contract, specific requests of the data subject.

If the user does not intend to provide the personal data requested and necessary on the basis of the above, the consequence may be the impossibility to process the information and/or services requested from Cerved.

In compliance with current legislation on personal data and the choices of the data subject, personal data may also be processed for the following additional purposes

Secondary Purposes

  • to subscribe to the mailing lists held by Cerved, to carry out market surveys, to send in-depth content (such as, for example, white papers, ebooks, digital guides) advertising and information material on the services offered by Cerved, to invite to promotions and events, for retargeting campaigns, through automated systems, such as e-mail, fax, SMS or MMS, or through traditional methods (e.g.: paper mail).

The legal basis for this processing is the consent of the data subject.

The data will be kept for the time needed to manage the relationship with the data subject, taking every care to avoid indefinite retention and to facilitate the exercise of his/her rights.

  • for analysis and profiling activities, aimed at sending information and/or advertising material of specific interest to the client.

The legal basis for this processing is the consent of the data subject.

The data will be kept for the time needed to manage the relationship with the data subject, taking every care to avoid indefinite retention and to facilitate the exercise of his/her rights.

In the latter two cases described in the subcategory ‘secondary purposes’, data may only be processed if specific consent has been given.

Failure to indicate the consent will correspond to refusal.

It is specified that, in any case, even where the data subject has given his/her consent to pursue the purposes mentioned, s/he will still be free to revoke it at any time, by sending a clear communication to Cerved at the e-mail address dpo@cerved.com.

Any refusal will not result in any consequence except for the inability to be included in statistical and/or profiling analyses and receive promotions, discounts and targeted communications, based on the data provided, or to be informed about any marketing, promotional or advertising initiatives.


The data will be processed mainly by electronic and automated means provided with appropriate security measures, such as personalised passwords with exclusive access, personal identification code and control over access to the archive and in any case through appropriate methods and tools to prevent the loss, illicit or irrelevant use of data and access to them without authorisation.

In any case, the Data Controller, whose data are indicated in point a) of this information notice, will process the Data according to the principles of lawfulness, correctness, transparency, purpose and retention limitation, data minimisation, accuracy, integrity and confidentiality.

More in detail, the data are:

  1. telematically collected;
  2. recorded in digital format and kept in electronic archives to which only the Data Controller, the Data Processor and the Persons in Charge may have access, by means of a password;
  3. protected from the risks of destruction, alteration, deletion and unauthorised access by effective physical, logical and organisational security measures;
  4. further processed, possibly also in paper form, to the extent and within the time strictly needed to carry out the purposes indicated above.


For the purposes indicated above, the data collected may be made accessible or communicated:

  • to the employees and collaborators of Cerved, in their capacity as data processors, within the scope of their respective duties and in accordance with the instructions received. Such persons are in any case bound by the obligations of confidentiality and privacy;
  • To all those subjects (including Public Authorities) who have access to personal data by virtue of legislative or administrative measures and in any case within the limits of the legislative, regulatory or contractual provisions;
  • To the IT system administrator and technician;
  • to all those subjects (such as law firms, administrative and tax consultancy firms, Chambers of Commerce, etc.), if communication is necessary or functional to the correct fulfilment of the obligations deriving from the law for the Company;

Personal data is not collected for resale or transfer to third parties for marketing purposes.


The management and storage of personal data takes place on servers located in the European Union.

Where our business involves the transfer of personal data to third parties located in different locations around the world, for the purposes described in this privacy policy, wherever personal data is transferred, stored or processed by us, we shall take appropriate organisational and contractual measures to safeguard personal data and impose similar, but no less restrictive, requirements on cloud service providers, including the obligation to process personal data only for the purposes stated above.

A complete list of countries that provide adequate data protection guarantees is available on the website of the Personal Data Protection Authority.


Within the limits and conditions set out by law, the data controller is under an obligation to reply to the requests of the data subject concerning him/her.

In particular, based on current legislation, the data subject has the right to obtain from the Data Controller:

  • confirmation of whether or not processing of personal data concerning him/her is in progress and, in this case, obtain access to his/her personal data and information relating thereto;
  • rectification of inaccurate personal data concerning him or her or having incomplete personal data completed;
  • erasure of personal data concerning him or her (should one of the conditions indicated in article 17(1) of the GDPR occur and in compliance with the exceptions set out in paragraph 3 of said article);
  • restriction of the processing of personal data (should one of the events set out in article 18(1) of the GDPR occur)

The data subject may also:

  • object at any time to the processing of your personal data for the use of particular situations concerning him or her;
  • revoke your consent at any time, limited to cases in which processing is based on consent;
  • lodge a complaint with the supervisory authority (authority for the protection of personal data).


In consideration of future changes that may affect applicable privacy legislation, Cerved may integrate and/or update all or part this Policy in whole or in part. It is understood that any relevant change, addition or update will be communicated to you in accordance with local regulations including via publication on the company’s website www.prowebconsulting.net/en.

In order to exercise the rights listed above with the Data Processor, the data subject must submit a request using the following contact points: dpo@cerved.com.