Privacy policy for individuals interested in the services of CRIF Sp. z o.o., whose data has been provided to CRIF Sp. z o.o. by companies from the CRIF Capital Group.

Information on the processing of personal data of individuals interested in the services of CRIF Sp. z o.o., whose data has been provided to CRIF Sp. z o.o. by companies from the CRIF Capital Group.

Controller The controller of your personal data is CRIF Sp. z o.o. with its registered office in Kraków, ul. Lublańska 34, 31-476 Kraków, registered in the Register of Entrepreneurs of the National Court Register kept by the District Court for Kraków-Śródmieście in Kraków, XI Commercial Division of the National Court Register under the number KRS 0000185908, NIP: 5251556766, with a share capital of PLN 3,163,500.00, email address: bok.pl@crif.com, hereinafter referred to as CRIF.

To the extent that your data is processed within the CRM systems used by CRIF, the Joint Controllers of the data are CRIF and CRIF S.p.A. with its registered office in Bologna (Italy), via della Beverara 21, 40131 Bologna, email address: dirprivacy@crif.com, hereinafter collectively referred to as the Joint Controllers. The Joint Controllers have jointly determined the purposes and means of data processing by entering into an appropriate agreement, which regulates the responsibilities of both companies regarding the fulfillment of obligations under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as GDPR. CRIF S.p.A. is responsible for administrative management, management and support in marketing services, communication and events, and IT systems integration. On the other hand, CRIF is responsible for collecting information, updating it, and managing customer relationships on an ongoing basis. Additionally, CRIF has been designated as the contact point for matters related to the processing of your data.

Source of your data Your data, including identification data (name, surname) and contact data (email address, phone number), has been provided to CRIF by another company from the CRIF Capital Group, to which you have expressed interest in the CRIF services offer.

Data Protection Officer For all matters related to data processing by CRIF, you can contact the Data Protection Officer by mail at CRIF Sp. z o.o., ul. Lublańska 34, 31-476 Kraków, or electronically at dpo@crif.com.

Purposes of data processing Your data will be processed for the purpose of:

1. conducting electronic correspondence or telephone contact, including responding to your inquiries. The legal basis for processing is the legitimate interest of the controller (Article 6(1)(f) GDPR), which involves enabling contact with you, including the ability to respond to your inquiries regarding CRIF's activities and ensuring continuity of communication,
2. establishing cooperation with you or your employer/entity you represent. The legal basis for processing is the legitimate interest of the controller (Article 6(1)(f) GDPR), which involves establishing and maintaining relationships within CRIF's business activities,
3. managing customer relationships within the CRM systems used by CRIF. The legal basis for processing is the legitimate interest of the controller (Article 6(1)(f) GDPR), which involves enabling CRIF to manage its contact database,potentially establishing and pursuing claims or defending against claims. The legal basis for processing is the legitimate interest of the controller (Article 6(1)(f) GDPR), which involves protecting CRIF's rights.

Data retention period The data will be processed for the duration of maintaining the relationship (e.g., responding to inquiries, presenting offers, exchanging correspondence), and then for a period of 5 years.

Recipients of the data The recipients of your personal data may be entities supporting CRIF in business processes (so-called processors), such as IT service providers.

Your rights You have the following rights: the right to request access to personal data, its rectification, deletion, or restriction of processing, as well as the right to lodge a complaint with the supervisory authority (in Poland, the supervisory authority is the President of the Personal Data Protection Office). Additionally, you have the right to object, on grounds related to your particular situation, to the processing of personal data if CRIF processes it based on the legitimate interest of the controller or a third party. If such an objection is raised, CRIF will cease processing your data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms or grounds for the establishment, exercise, or defense of legal claims.

Requests regarding the exercise of rights can be sent by mail to CRIF Sp. z o.o., ul. Lublańska 34, 31-476 Kraków, or electronically to dpo@crif.com. To the extent that your data is processed by Joint Controllers, you can exercise the rights arising from the GDPR with respect to each of the controllers.