Privacy Policy

1. Scope of application

These duties to provide information apply to the processing of personal data by us as the controller with regard to visits to our webpages at
CRIF Credit Solutions GmbH
Friesenweg 4, Haus 12
22763 Hamburg
Telephone: +49 40 89803 730

2. Name and contact details of the company data protection officer

The company data protection officer of CRIF Credit Solutions GmbH can be contacted at the above address, FAO Data Protection department or by email to

3. Purposes of data processing, legal bases, retention period

When you visit our website, we collect, process and use personal data to the extent permitted by law or necessary for processing or if you have given your consent for this. Personal data within the meaning of Article 4 sec. 1 of the EU General Data Protection Regulation (GDPR) are all information that can be personally related to you as a so-called data subject, e.g. name, address, e-mail addresses, user behavior.

a.) Visiting our website

When you visit our homepage, the web server of our website automatically processes information every time you visit it. The following data is recorded during this:
The name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type along with version, the operating system of the user, referrer URL (the site previously visited), IP address and the requesting provider. This data is only used for statistical evaluations for the purpose of running, securing and optimising the offering.
The legal basis for the collection of data via log files is article 6 para. 1 clause 1 letter b GDPR (for the fulfilment of the contract for the use of the homepage) and article 6 para. 1 clause 1 letter c GDPR (for the security of data processing). Furthermore, we have a legitimate interest within the meaning of article 6 para. 1 clause 1 letter f GDPR to continually improve and optimise the offering on our homepage in the interests of the users.
The data collected and stored via server log files are deleted after 7 days at the latest or – in the case of IP addresses – made anonymous by truncation.

b.) Use of our online contact form

For further information about our services, please contact us via our online contact form. Your data will be stored in our Customer Relationship Management system (“CRM system”) and forwarded internally for further processing. All personal data with which you provide us in connection with this contact request will be used only for the purposes of responding to your enquiry or making contact with you, and for the associated technical administration.
The legal basis for data processing is article 6 para. 1 clause 1 letter a GDPR (consent) or article 6 paragraph 1 clause 1 letter b GDPR (implementation of pre-contractual measures).
The enquiries will be deleted after two years at the latest. Legal retention periods shall be observed accordingly.

4. Disclosure to third parties, processors, categories of recipients

a.) Third parties

The transmission of your personal data to third parties, i.e. natural or legal persons other than the data subject, the controller, the data processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or the processor, only takes place for the purposes listed below:

  • You have given your express and voluntary consent under article 6 para. 1 letter a GDPR to do so
  • According to article 6 para. 1 clause 1 letter b GDPR, the disclosure is necessary for the processing of contractual relationships with you, e.g. to suppliers or recipients of goods or services named by you.
  • There is a legal obligation to pass on data in accordance with article 6 para. 1 clause 1 letter c GDPR, e.g. to financial or criminal prosecution authorities.
  • The disclosure is required under article 6 para. 1 clause 1 letter f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data; such disclosure may take place to government institutions and law enforcement authorities, for example, in the event of attacks on our IT systems.

b.) Processors

We have commissioned the following processors in connection with the offering of our websites and related services pursuant to article 28 GDPR:
Our websites are hosted by 77Agency, Srl Via Solari 11, 20144 Milano, Italy, as processors according to Article 28 GDPR. The data protection regulations of the 77Agency are available under
Our websites are also technically operated and administered by Seeweb, Via Caldera, 21/edificio B, 20153 Milano, Italy. Seeweb’s privacy policy is available under

We remain the controller for data protection even if processors are involved. We do not intend to transfer your personal data to a third country .

5. Cookies

We use cookies on our websites. Cookies are small text files that are automatically stored locally in the cache of your web browser on your end device when you visit our site. The cookie stores information that is created in conjunction with the specific end device used, or the saved language settings or screen resolutions. However, this does not provide us with direct information about your identity.
Cookies are used, among other things, for the purposes of enabling certain functions of the websites and for managing the session on a technical level. We use so-called session cookies to recognise that you have already visited individual webpages of our website within a session and to enable session control, e.g. to save form entries or shopping baskets during the session. Session cookies are deleted at the latest when you close your web browser.
In addition, we use temporary cookies that are stored in the web browser of your end device for a defined period of time to optimise and guarantee user-friendliness. If you visit our site again, it is automatically recognised that you have already visited our web pages and which settings you have stored so you do not need to deal with these again.
Furthermore, we use tracking cookies to statistically record the use of our website and to evaluate it for the purpose of optimising and advertising our offering. These cookies enable us to automatically recognise your end device the next time you visit our site and to localise it to a certain extent via IP addresses. These cookies are also automatically deleted after a defined time, at the latest after 365 days. More details can be found in the following chapter on web analysis.
The cookies necessary for the functioning of the website, the cookies for session control and the session cookies are processed in accordance with article 6 para. 1 clause 1 letter b GDPR (contract fulfilment). Data processing by means of cookies to optimise the websites and to ensure user-friendliness is carried out in accordance with article 6 para. 1 clause 1 letter f GDPR (legitimate interest) and for advertising purposes and web analysis of tracking cookies in accordance with article 6 para. 1 sentence 1 letter a GDPR (consent).
You can also view our web site without the use of cookies. However, most web browsers automatically accept cookies. You can set your web browser settings to prevent cookies from being saved or to display a message before a new cookie is stored. You can also delete cookies at any time through your web browser. However, deleting or deactivating cookies may mean that you may not be able to use all the functions of our website equally.
The following links show how to adjust the settings of the most commonly used browsers: Chrome Firefox Internet Explorer Safari

6. Web analysis

a.) Google Analytics

We use the web analysis service Google Analytics, which is provided by Google Inc. (“Google”) in the USA.
This service collects and stores data for marketing and optimisation purposes. Usage profiles under a pseudonym can be created from this data. Cookies can be used to do this. Information generated by the cookie about your use of the homepage is usually transmitted to and stored on a Google server in the USA. We have activated IP anonymisation on our homepage, i.e. Google will shorten your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases shall the full IP address be transferred to a Google server in the USA and truncated there. Based on our order, Google will use this information to evaluate your use of the offering, to compile reports on website activities and to provide the website operator with further services associated with website and Internet use. The IP address provided by your browser as part of Google Analytics will not be combined with other data from Google.
We wish to point out that, on this offering, Google Analytics has been extended with the code “gat._anonymizeIp();” in order to ensure the anonymous collection of IP addresses (IP masking).
You can also find more information on this at You can prevent Google from collecting data generated by the cookie and relating to your use of the offering (including your IP address) and processing this data by downloading and installing the browser plug-in available at the following link .

b.) Google AdWords

We use the online advertising program Google AdWords, which was developed by Google Inc. (“Google”) in the USA, and in the context of this, conversion tracking.
Cookies can be used to do this. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website when the cookie has not yet expired, we and Google can detect that the user clicked on the ad and proceeded to this website. Each Google AdWords customer has a different cookie. Thus, cookies cannot be tracked using the website of an Adwords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted into conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to identify users personally. Users who do not wish to participate in tracking can easily disable the cookie of Google conversion tracking on their web browser under user settings. These users will not be included in the conversion tracking statistics.
For more information, see

7. Plug-ins and social media

Social plug-ins are also used on our websites, e.g. “like” buttons. Some of these plug-ins are technically operated in countries outside Germany and the European Union, although some are offered through national companies in the EU. If you open a page of our website in your web browser containing such a plug-in, your web browser will create a direct connection to the servers of the provider in the country concerned. By incorporating the plug-ins, the provider is given, as a minimum, the information that you have visited a certain page on our website, and perhaps also other information that your web browser or the device you use also discloses. The content of the plug-in is loaded by your web browser directly from the provider and incorporated into our website. If you are registered and/or have logged in with the provider concerned, your visit can also be assigned to your user account. If you interact with a plug-in, e.g. access up a route description, this information is also transmitted directly from your web browser to the provider and stored there and used further if necessary. The purpose and scope of the data collection and use primarily relate to marketing measures by the provider. You can read details about this and about your rights and setting options to protect your privacy first-hand in the privacy policy of the provider in question. The legal basis of this data processing on our websites is article 6 para. 1 clause 1 letter f GDPR (legitimate interests). We do not store data regarding interactions with plug-ins. If you do not wish a provider to collect data on you through our website, you must deactivate the plug-ins in your web browser. Certain functions, such as viewing maps, will then no longer be available. If you wish to avoid a link to any existing user account, you must log out before your visit to our website.
a.) LinkedIn
Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn features is accessed, your browser establishes a connection to the LinkedIn servers. LinkedIn is informed that you have visited our websites from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these web pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.
The LinkedIn plug-in is used on the basis of art. 6 para. 1 letter f GDPR. The website operator has a justified interest in the widest possible visibility on social media.
For more information, please see the LinkedIn privacy policy at:

b.) YouTube
Our website uses plug-ins from the YouTube site, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plug-in, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
Further information about handling user data can be found in YouTube’s privacy policy at

8. Rights of the data subject

You have the right:

  • to request information about your personal data processed by us in accordance with article 15 GDPR. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period as far as possible, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if this has not been collected from you, and requires the existence of automated decision-making including profiling and, where appropriate, meaningful information about its detail.
  • to request the immediate rectification of incorrect or complete personal data stored by us in accordance with article 16 GDPR;
  • to request the erasure of your personal data stored by us in accordance with article 17 GDPR, if
    • it is no longer needed for the purposes for which it was collected or otherwise processed,
    • you withdraw your consent on which the processing referred to in article 6 para. 1 clause 1 letter a or article 9 para. 2 letter a is based and there is no other legal basis for processing,
    • you object to the processing pursuant to article 21 para. 1 and there are no overriding legitimate grounds for the processing, or you object to processing for the purpose of direct marketing including related profiling pursuant to article 21 para. 2,
    • the personal data has been processed unlawfully,
    • the personal data must be erased for compliance with a legal obligation under European Union or Member State law to which the controller is subject.
    • the personal data was collected relating to information society services provided pursuant to article 8 para. 1 GDPR (consent of a child).

The right to erasure does not exist to the extent that the processing is necessary

  • to exercise the right to freedom of expression and information,
  • to fulfil a legal obligation, for reasons of public interest in the field of public health or for archiving purposes in the public interest, or
  • to assert, exercise or defend legal claims.
    • pursuant to article 18 GDPR, the right to obtain the restriction of the processing of your personal data, insofar as
  • you dispute the accuracy of the data,
  • it is being processed unlawfully, but you refuse to have it erased,
  • we no longer need the data, but you do need it to assert, exercise, or defend legal claims or
  • you have lodged an objection to the processing pursuant to article 21 GDPR.
  • to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another controller in accordance with article 20 GDPR,
  • to revoke your consent provided to us at any time pursuant to article 7 para. 3 GDPR. As a consequence, we will no longer be permitted to continue the processing of data based on this consent in the future if there is no other legal basis for it and
  • to lodge a complaint with a supervisory authority according to article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our headquarters.

9. Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with article 6 para 1 clause 1 letter f GDPR, you have the right to object to the processing of your personal data in accordance with article 21 GDPR if there are reasons which arise from your particular situation, or if the objection is directed against direct advertisement. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to make use of your right of revocation or objection, you can contact us using the above contact details and send us an email, for example.

10. Data security

During the visit to our website, we use the most common SSL (Secure Socket Layer) method together with the highest level of encryption supported by your browser. Usually, this is 256-bit encryption. Whether an individual page of our website is transmitted in encrypted form can be seen from the key or lock symbol in the status bar of your web browser appearing in closed form.
In addition, we use suitable technical and organisational measures for security of data processing appropriate to the level of risk, in particular to protect your data against manipulation or unauthorised access. In doing so, we take latest technology into account. Our security measures are adapted to keep up with technological developments.

11. Updates, validity and amendment of this Privacy Policy

By using our websites, you agree to the data processing described above. This Privacy Policy is currently valid and dated September 2019 . Due to changes in the legal framework, the further development of our websites and offering, the implementation of new technologies or due to changes in legal or official requirements, it may become necessary to amend this Privacy Policy with effect for the future. You can access and save or print out the current data protection declaration at any time from our website.

12. Severability clause

Should individual provisions of this Privacy Policy be or become invalid or impracticable in whole or in part, this shall not affect the validity of the remaining provisions. The same applies in the case of omissions.