Privacy Notice and Consent – SkyMinder Services

1. In compliance with the provisions of article 13 of EU Regulation 679/2016 (GDPR), CRIF informs the CLIENT that the personal data relating to the CLIENT which have already been acquired or that will be communicated, will be processed by CRIF S.p.a., via della Beverara 21 - 40131 Bologna as Data Controller for the purpose of providing the SkyMinder Service and for the compliance with obligations under the law.
2. Specifically, personal data provided by the CLIENT will be processed, in order to undertake CRIF activities, for the following purposes:
   • in order to fulfill legal obligations arising from, inter alia, statutory, tax and accounting laws;
   • for the administrative management of the relationship and to evaluate the regularity occurred in the registration process;
   • for the fulfillment of obligations deriving from contractual obligations, including transfer of personal data to CRIF Group subsidiaries either into and out the European Union;
   • to assert or defend a right in court or out of court;
   • for anything that may arise directly or indirectly from the existing or future relationship with CRIF;
   • as well as for statistical and market analysis purposes, sales information and/or promotional and/or marketing purposes, or initiatives related to the activities of CRIF, via e-mail, SMS or phone;
   • as well as for statistical and market analysis purposes, sales information and/or promotional and/or marketing purposes, or initiatives related to the activities of CRIF, via e-mail, SMS or phone, by other companies within the corporate group that CRIF belongs to, including extra-EU countries.

   The data shall be processed on the base of at least one of the lawful grounds pursuant to the article 6 of GDPR. In particular, the processing for the purposes indicated in article 2 points a), b), c), d) and e) does not required the data subject’s consent, because it is based on the article 6, lett. b (performance of a contract) and c (legal obligation) of GDPR. The processing pursuant article 2 points f) and g) is based on the article 6, lett. a (data subject’s consent).

3. These data will be stored partly in paper archives and partly in digital archives, in respect of the security measures set out in GDPR.
4. Generally, the data provided by CRIF’s customer will not be transferred outside the European Union. However, with the objective of fulfilling this Contract, the data may be communicated to other companies within the corporate group that CRIF belongs to and to external companies whose work CRIF has to rely on in order to perform specific services, all, however, for the purposes of carrying out the work detailed in the Contract. The data in question can also be communicated and/or disclosed: a) in cases and to subjects provided for in the legislation; b) to external subjects that carry out specific tasks on behalf of CRIF in relation to the purposes detailed above; c) to law firms or external consultants in order to assert or defend a right in a court of law or out of court; d) to companies which CRIF control, are associated with, partly own, or companies which are shareholders in or control CRIF, or to its sales network (agents, dealers, distributors etc.) in relation to the purposes detailed above; e) to third party market operators that use the SkyMinder Service in relation to the objectives detailed above. For each service asked by CRIF’s customer CRIF will provide a specific privacy notice with a detail of the Countries where the data are transferred. However, when personal data will be transfer outside the European Union, the transfer will be put in place in accordance with previsions of GDPR and all applicable laws.
5. Where, in order to carry out CRIF activities for the CLIENT, it is necessary to process information and personal data of third parties other than the CLIENT itself, but communicated by the CLIENT to CRIF, the CLIENT warrants that the communication to CRIF of such information or personal data of third parties takes place in full and total compliance with the provisions of GDPR and on the base of at least one of the lawful grounds pursuant to the article 6 of GDPR. If such communication to CRIF requires the consent of the parties concerned, it will be the responsibility of the CLIENT to obtain such consent also for the benefit of CRIF.
6. The provision of CLIENT data to CRIF is mandatory only when stated by the law. However, the unavailability of data which is relevant to the correct and complete execution of CRIF activities related to the SkyMinder Service, may make CRIF activities more difficult, more expensive and sometimes impossible.
7. The provision of CLIENT data for the purposes indicated in article 2 points a), b), c), d) and e) is instrumental and necessary to the execution of orders and contracts and for administrative, commercial, tax and accounting management of the relationship that has been established or is being established, and therefore failure to provide these data could result in the impossibility of establishing, continuing or implementing the relationship.
8. The provision of data for the purposes outlined in article 2 points f) and g) is optional and important to everything that could directly or indirectly result from the existing relationship or relationship that is being established with CRIF, and therefore any refusal to provide the data for these purposes could result in the impossibility of improving the quality of the services and initiatives of CRIF in relation to the CLIENT, and the impossibility of giving adequate information about these services and initiatives.
9. The Data Controller for the processing of the CLIENT's data for the performance of the SkyMinder Service is CRIF. The full list of the data processors appointed by CRIF is available upon request from CRIF headquarters.
10. We also inform you that, under provisions of GDPR, on the base of lawfulness of processing and of the modalities of processing, if the conditions are met, you have the following rights: access to and rectification or erasure of personal data or the restriction of processing concerning your data or to object to processing as well as the right to data portability. Furthermore, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before this withdrawal. In these cases, requests should be sent to CRIF SpA, Via M. Fantin, 1-3, 40131 Bologna. The data subject can lodge a complaint with supervisory authority, using the following link: https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.
11. For any questions regarding the processing of your personal data, please contact our Data Protection Officer, using the following contact details: e-mail: dirprivacy@crif.com; pec: crif@pec.crif.com.