CRIF Identity Server - Privacy Policy

Crif S.p.A.

Privacy Policy

With this Privacy Policy CRIF intends to describe the methods adopted in the management of this website with reference to the processing its users' personal data. This is a general notice, issued to all those who consult the website, in compliance with the provisions of the General Data Protection EU Regulation 679/2016 (GDPR) and all applicable laws.When using certain services, users will be provided with specific and detailed privacy notice in accordance to articles 13 and/or 14 of GDPR and requested specific consent for their personal data to be processed, if necessary.

The Data Controller

Following access and consultation of this site, data relative to identified or identifiable persons may be processed. The data controller is CRIF SpA, with registered offices in Via della Beverara, 21, 40131 Bologna.

Data Processing Location

The data collected from those who access the site will be processed at the CRIF SpA offices, in the manner set out by the Garante per la protezione dei dati personali (the Italian Authority which deals with the protection of personal data) and in compliance with GDPR provisions and all applicable laws. The data shall be handled by persons with relative adequate technical skills; employees or associates, who have been specifically trained and assigned data processing roles.

Processing Methods

The data shall be processed in a lawful, correct fashion, so as to ensure data security and confidentiality, as foresees by GDPR provisions and all applicable laws. Personal data shall be processed using electronic, or at any rate, computerized devices.

Ground of processing

The data shall be processed on the base of different ground of processing, in accordance with the type of service provided by CRIF. For each service asked by CRIF's customer CRIF will provide a specific privacy notice with a detail of the applicable ground of processing.

Recipients of the personal data

The data could be communicated to different kind of recipients, in accordance with the type of service provided by CRIF. For each service asked by CRIF's customer CRIF will provide a specific privacy notice with a detail of the recipients of the personal data.

Data transfer

Generally, the data provided by CRIF's customer will not be transferred outside the European Union. However, it is possible that this transfer takes place in accordance with the type of service provided by CRIF. For each service asked by CRIF's customer CRIF will provide a specific privacy notice with a detail of the Countries where the data are transferred. However, when personal data will be transfer outside the European Union, the transfer will be put in place in accordance with previsions of GDPR and all applicable laws (as specified in each privacy notice).

Processed Data Types

The information systems and software procedures involved in the operation of this site acquire certain personal data during their normal operation. The transmission of this data is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified parties, however, due to its very nature, it could make it possible to identify users through processing activity and association with data held by third parties. The type of data acquired includes IP addresses and the domain names of users' computers who connect to the site, the addresses of the resources requested in URI notation (Uniform Resource Identifier), the time the request was made, the method used in making the request to the server, and other parameters related to the operating system and the computer environment of the user. The optional and voluntary sending of emails to the addresses indicated on the site, involves the acquisition of the user's personal data, necessary in order to respond to their requests.

Data Submission

Users are free to decide whether to provide the personal data necessary for CRIF SpA to supply the requested services. Failure to provide this data may make it impossible CRIF to supply the requested information or services.

Data storage

CRIF operates in order to store the personal data for the minor period of time as needed by the service provided to CRIF's Customer or as asked by the applicable law. For each service asked by CRIF's customer CRIF will provide a specific privacy notice, with a detail of the period for which the personal data will be stored or the criteria used to determine that period.

Cookies

For more information on our cookie policy, please click here

Web chat policy

It is available a Support Service through Web Chat. For the use of this service it is not needed the communication of personal data by the Customers. However, since this Service makes it possible for the Customer to text freely in the appropriate text field, the Customer could communicate personal data. In this case, the data will be processed in compliance with this privacy notice only to provide support to users who request it, as well as to improve the services provided and for statistical purposes. The data will be recorded and stored for the purposes indicated above for a maximum period of six months. We provide the main rules of conduct for the use of the service: maintain an educated behavior; avoid writing too many messages or too long messages; it is forbidden to use a language that hurts religious sensibility, traditions and culture, the common sense of decency or public decency, threatening, offending, defaming and / or insulting operators and / or third parties; it is forbidden to incite to violence, racism and xenophobia, illegality, pedophilia, pornography and terrorist proselytism are forbidden; it is forbidden to disclose personal data to other users, to spread false information about other users, in order to denigrate them or to create damage, to pass themselves off another user in order to create damage; political and / or religious propaganda and the promotion of products and / or services in any form and manner are prohibited.

User Rights

We also inform you that, under provisions of GDPR, on the base of lawfulness of processing and of the modalities of processing, if the conditions are met, you have the following rights: access to and rectification or erasure of personal data or the restriction of processing concerning your data or to object to processing as well as the right to data portability. Furthermore, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before this withdrawal.

In these cases, requests should be sent to CRIF SpA, Via della Beverara, 21, 40131 Bologn

The data subject can lodge a complaint with supervisory authority, using the following link: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.

Data Protection Officer

For any questions regarding the processing of your personal data, please contact our Data Protection Officer, using the following contact details:

E-mail: dirprivacy@crif.com
Telephone: (+39) 051 417 5084
Pec: crif@pec.crif.com