Privacy Policy

Introduction

It should be noted that this website is the CRIF Developer Portal, which is provided to you by CRIF. On the CRIF Developer Portal you can view documentation and other relevant Materials, test connectivity in our Sandbox environment, and request support. CRIF may in its discretion grant you access to certain APIs and to certain Materials and certain test connectivity.

With this Privacy Policy CRIF intends to describe the methods adopted in the management of this website with reference to the processing its users' personal data.

This is a general notice, issued to all those who consult the website, in compliance with the provisions of the General Data Protection EU Regulation 679/2016 (GDPR) and all applicable laws.

When using certain services, users will be provided with specific and detailed privacy notice in accordance to articles 13 and/or 14 of GDPR and requested specific consent for their personal data to be processed, if necessary.

The Data Controller

Following access and consultation of this site, data relative to identified or identifiable persons may be processed.
The data controller is CRIF SpA, with registered offices in Via M. Fantin 1-3, 40131 Bologna.

Data Processing Location

The data collected from those who access the site will be processed at the CRIF offices, in the manner set out by the Garante per la protezione dei dati personali (the Italian Authority which deals with the protection of personal data) and in compliance with GDPR provisions and all applicable laws. The data shall be handled by persons with relative adequate technical skills; employees or associates, who have been specifically trained and assigned data processing roles.

Processing Methods

The data shall be processed in a lawful, correct fashion, so as to ensure data security and confidentiality, as foresees by GDPR provisions and all applicable laws. Personal data shall be processed using electronic, or at any rate, computerized devices.

Purposes of processing

The data shall be processed for the purposes time to time needed on the base of the service asked by CRIF’s customer. For each service asked by CRIF’s customer CRIF will provide a specific privacy notice with a detail of the applicable purposes of processing.

If you are interested you can give your consent for the processing of your personal data for direct marketing purposes by CRIF and other entities of CRIF Group. Your consent for such purposes is not mandatory and if you don’t give CRIF your consent it won’t be possible to send you advertisings. Where personal data are processed for direct marketing purposes, you’ll have the right to object at any time to processing of your personal data concerning for such marketing.

Ground of processing

The data shall be processed on the base of different ground of processing, in accordance with the type of service provided by CRIF. For each service asked by CRIF’s customer CRIF will provide a specific privacy notice with a detail of the applicable ground of processing.

Recipients of the personal data

The data could be communicated to different kind of recipients, in accordance with the type of service provided by CRIF. For each service asked by CRIF’s customer CRIF will provide a specific privacy notice with a detail of the recipients of the personal data.

Data transfer

Generally, the data provided by CRIF’s customer will not be transferred outside the European Union. However, it is possible that this transfer takes place in accordance with the type of service provided by CRIF. For each service asked by CRIF’s customer CRIF will provide a specific privacy notice with a detail of the Countries where the data are transferred. However, when personal data will be transfer outside the European Union, the transfer will be put in place in accordance with previsions of GDPR and all applicable laws (as specified in each privacy notice).

Processed Data Types

The information systems and software procedures involved in the operation of this site acquire certain personal data during their normal operation. The transmission of this data is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified parties, however, due to its very nature, it could make it possible to identify users through processing activity and association with data held by third parties. The type of data acquired includes IP addresses and the domain names of users' computers who connect to the site, the addresses of the resources requested in URI notation (Uniform Resource Identifier), the time the request was made, the method used in making the request to the server, and other parameters related to the operating system and the computer environment of the user. The optional and voluntary sending of emails to the addresses indicated on the site, involves the acquisition of the user's personal data, necessary in order to respond to their requests.

Data Submission

Users are free to decide whether to provide the personal data necessary for CRIF to supply the requested services. Failure to provide this data may make it impossible CRIF to supply the requested information or services.

Data storage

CRIF operates in order to store the personal data for the minor period of time as needed by the service provided to CRIF’s Customer or as asked by the applicable law. For each service asked by CRIF’s customer CRIF will provide a specific privacy notice, with a detail of the period for which the personal data will be stored or the criteria used to determine that period.

User Rights

We also inform you that, under provisions of GDPR, on the base of lawfulness of processing and of the modalities of processing, if the conditions are met, you have the following rights: access to and rectification or erasure of personal data or the restriction of processing concerning your data or to object to processing as well as the right to data portability. Furthermore, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before this withdrawal.

In these cases, requests should be sent to CRIF SpA, Via M. Fantin, 1-3, 40131 Bologna​

The data subject can lodge a complaint with supervisory authority, using the following link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

Data Protection Officer

For any questions regarding the processing of your personal data, please contact our Data Protection Officer, using the following contact details:

e-mail: dirprivacy@crif.com

pec: crif@pec.crif.com