Introduction
It should be noted that this website is the CRIF Developer Portal, which is provided to you by CRIF. On the CRIF Developer Portal you can view documentation and other relevant Materials, test connectivity in our Sandbox environment, and request support. CRIF may in its discretion grant you access to certain APIs and to certain Materials and certain test connectivity.
With this Privacy Policy CRIF intends to describe the methods adopted in the management of this website with reference to the processing of its users' personal data.
This is a general notice, issued to all those who consult the website, in compliance with the provisions of the General Data Protection EU Regulation 679/2016 (GDPR) and all applicable laws.
When using certain services, users will be provided with specific and detailed privacy notice in accordance with articles 13 and/or 14 of GDPR and requested specific consent for their personal data to be processed, if necessary.
The Data Controller
Following access and consultation of this site, data relative to identified or identifiable persons may be processed.
The data controller is CRIF SpA, with registered offices in Via Della Beverara, 21 - 40131 Bologna.
Data Processing Location
The personal data collected from those who access the site will be processed at the CRIF offices, in the manner set out by the Garante per la protezione dei dati personali (the Italian Authority which deals with the protection of personal data) and in compliance with GDPR provisions and all applicable laws. Personal data shall be handled by persons with relative adequate technical skills; employees or associates, who have been specifically trained and assigned data processing roles.
Processing Methods
Personal data shall be processed in a lawful, correct manner, so as to ensure data security and confidentiality, as provided by GDPR provisions and all applicable laws. Personal data shall be processed using electronic, or at any rate, computerized devices.
Purposes of processing
Personal data shall be processed for the purposes time to time needed on the basis of the service asked by CRIF’s customer. For each service asked by CRIF’s customer CRIF will provide a specific privacy notice with a detail of the applicable purposes of processing.
With specific regard to this Privacy Policy, CRIF informs you that your personal data will be processed for the sole purpose of enabling you to create an account and register on CRIF Developer Portal, so that you can view documentation and other relevant Materials, test connectivity in our Sandbox environment, and request support as specified above.
Ground of processing
Providing your personal data for the account creation is necessary to be able to access the CRIF Developer Portal and its content. Therefore, your account data will be processed on the grounds of the performance of a contract, as per Article 6, par. 1, lett. b) of the GDPR.
With reference to other services asked by CRIF’s customer, CRIF will provide a specific privacy notice with a detail of the applicable ground of processing.
Recipients of the personal data
Personal data could be communicated to different kind of recipients, in accordance with the type of service provided by CRIF. For each service asked by CRIF’s customer CRIF will provide a specific privacy notice with a detail of the recipients of the personal data.
Data transfer
Generally, the data provided by CRIF’s customers will not be transferred outside the European Union. However, it is possible that this transfer takes place in accordance with the type of service provided by CRIF. For each service asked by CRIF’s customers, CRIF will provide a specific privacy notice with a detail of the Countries where the data are transferred. However, when personal data is transferred outside the European Union, the transfer will be put in place in accordance with the provisions of Chapter V of the GDPR and all applicable laws (as specified in each privacy notice).
Processed Data Types
The information systems and software procedures involved in the operation of this site acquire certain personal data during their normal operation. The transmission of this data is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified parties, however, due to its very nature, it could make it possible to identify users through processing activity and association with data held by third parties. The type of personal data acquired includes IP addresses and the domain names of users' computers who connect to the site, the addresses of the resources requested in URI notation (Uniform Resource Identifier), the time the request was made, the method used in making the request to the server, and other parameters related to the operating system and the computer environment of the user. The optional and voluntary sending of emails to the addresses indicated on the site, involves the acquisition of the user's personal data, necessary in order to respond to their requests.
Data Submission
Users are free to decide whether to provide the personal data necessary for CRIF to supply the requested services. Failure to provide this data may make it impossible for CRIF to supply the requested information or services.
Data storage
CRIF operates in order to store the personal data for the minor period of time as needed by the service provided to CRIF’s customers or as asked by the applicable law. For each service asked by CRIF’s customers, CRIF will provide a specific privacy notice, with a detail of the period for which the personal data will be stored or the criteria used to determine that period.
With specific regard to this Privacy Policy and the personal data processing activities described therein, CRIF informs you that your personal data will be processed for the duration of the service. Inactive accounts will be deleted two (2) years after the last interaction with the Developer Portal.
User Rights
We also inform you that, under provisions of GDPR, on the basis of lawfulness of processing and of the modalities of processing, if the conditions are met, you have the following rights: access to and rectification or erasure of personal data or the restriction of processing concerning your data or to object to processing as well as the right to data portability.
In these cases, requests should be sent to CRIF SpA, Via della Beverara, 21, 40131 Bologna.
The data subject can lodge a complaint with supervisory authority, using the following link
Data Protection Officer
For any questions regarding the processing of your personal data, please contact our Data Protection Officer, using the following contact details:
e-mail: dirprivacy@crif.com
pec: crif@pec.crif.com