General Terms and Conditions for Services in Risk and Opportunity Management

The following terms and conditions apply to all information provided by CRIF GmbH (hereinafter referred to as CRIF)

I. General

The following General Terms and Conditions in the version valid at the time of the conclusion of the contract shall apply exclusively to all current and future business relationships between CRIF and the customer. Deviating general terms and conditions of the customer shall not be recognized unless CRIF expressly agrees to their validity. The same applies if CRIF, with knowledge of conflicting or deviating conditions of the customer, executes the delivery and service without reservation.
CRIF expressly reserves the right to change these general terms and conditions at any time and to adapt them to changed technical conditions or changes in the legal situation or in the presence of a regulatory gap. This list is exemplary and not exhaustive and is intended to include other equivalent reasons. A change shall only be possible if the customer is not disadvantaged contrary to good faith. Changes to these general terms and conditions will be communicated to the customer at least six weeks before they come into effect in writing by letter, fax or e-mail. After receipt of the adjusted general terms and conditions, the customer has six weeks to object to the change notification in writing by letter, fax or e-mail. If the customer does not object, this shall be deemed to be consent to the change notification and the amended general terms and conditions shall become part of the contract.

II. Services in Risk and Opportunity Management

CRIF offers its customers business information in various forms about individuals and companies located domestically or abroad for their business purposes.
An information request is considered an order to provide business information based on what CRIF, at its reasonable discretion, considers essential for assessing the circumstances. Business information is also provided based on the data available in the database without additional research or verification of its currency.
CRIF does not verify the existence or identity of individuals. If the customer realizes that there is no match between the requested person and the person reported on, the customer may not use the transmitted data.
CRIF is entitled to expand and change the scope of services as part of the further development and improvement of the products, provided that the purpose of the contract for the customer is not or only insignificantly impaired.
CRIF provides its information and products in the current version and expressly reserves the right to make content and technical changes with reasonable notice. Product configurations, such as score bands, score configurations or data interfaces, may be adapted by CRIF to the latest version. Any adjustment effort on the customer’s side resulting from a new configuration or version must be borne by the customer. If the customer wishes a separate configuration by CRIF or cannot make necessary adjustments themselves, CRIF is only obliged to do so if a separate written agreement is concluded between the customer and CRIF, including a provision on the remuneration of the effort incurred by CRIF in this context. CRIF reserves the right to make technical adjustments, particularly regarding the interface, with a notice period of at least three months and no more than once per calendar year.
If CRIF provides the customer with copyrighted works (e.g., software or interfaces) in connection with the offered service, CRIF grants the customer a non-exclusive license to use them for the duration of the contract.
Business information from other credit agencies is expressly excluded from the scope of services.
CRIF may reject an information request for justified reasons, which do not need to be disclosed in detail.
CRIF is not obliged to disclose the sources of its information. This only applies differently if statutory information rights require disclosure.

III. Conditions for the Use of Online Services

CRIF enables the customer to access CRIF’s central database via an automated retrieval process. This database stores, among other things, information on names, company names, addresses, dates of birth, marital status, professional activity, financial circumstances, any liabilities, and indications of payment behavior.
The customer can access the database via an internet portal or through an interface. If the parties agree on access via the interface, CRIF shall provide the customer with an interface description free of charge. The customer is obliged to program and maintain the interface independently and at their own expense in accordance with the interface description. The customer is advised that CRIF does not check the established interface or the accuracy of the transmission of data delivered by or to CRIF. CRIF assures that the interface has been professionally set up at CRIF and that the data provided has been checked with commercial diligence. CRIF is not liable for incorrect programming or maintenance of the interface and any resulting damages, particularly due to the delivery of incorrect data. CRIF retains the copyright to the interface description.
The customer will be provided with one or more access authorizations for the use of the online service, which must be treated confidentially. The access authorization consists of a multi-digit user ID and a multi-digit personal password. The personal password must be changed by the customer upon first login and must be changed at the latest every 90 days.
CRIF ensures that retrievals are recorded independently, whereby the data used during the retrievals, the date and time of the retrievals, the authentication, the database ID, and the retrieved data are recorded. If the retrieval is not properly recorded, the retrieval process will be interrupted. These records are used only for data protection control, in particular to check the legality of the retrievals, to ensure proper operation of the data processing system, and in legal proceedings.
a) A separate access authorization must be requested for each user. The customer must ensure that only the individually authorized database user can access the database.
The customer is responsible for taking appropriate security measures to prevent unauthorized persons from misusing the access authorizations and the retrieved data.
If the customer has reason to believe that an unauthorized employee or third party has gained access to the access authorization, CRIF must be informed immediately. In this case, the access authorization will be blocked and a new access authorization will be provided to the customer.
When an authorized employee leaves, the customer must immediately change the previously used password or have it blocked by CRIF.
CRIF provides its services online. CRIF does not guarantee the functionality of the customer’s technical equipment and IT programs for data retrieval.
CRIF is not liable for the constant availability of the online service. The online services are generally designed for round-the-clock access. Exceptions are periods of temporary unavailability due to routine or necessary maintenance, data backup, and update measures or downtimes caused by missing technical requirements for access to the online services that must be provided by the customer, errors in the general telecommunications infrastructure, or within the responsibility of the data transmission company, or due to force majeure beyond CRIF’s control.

IV. Prices, Payment Terms

The customer must pay CRIF the prices specified in the respective contracts by the agreed due date. If no specific due date is agreed, invoices are payable immediately by default. In such a case, default occurs on the 15th calendar day after receipt of the invoice and receipt of the service.
In the event of late payment, CRIF is entitled to exclude the customer from further use of the agreed service or from further receipt of the agreed products until full payment is made.
If the customer purchases a specific product quota, it must be used within one year. Unused information from a quota expires without replacement unless otherwise agreed in writing between the contracting parties.
The customer may only offset claims against CRIF or assert a right of retention if and to the extent that their claim is undisputed or legally established.

V. Prohibition of Disclosure

The transfer of acquired data or making it available for retrieval or viewing by group companies, subsidiaries, or other third parties in unchanged or processed form, in excerpts, summaries, or partial datasets is not permitted. Exceptions apply only if mandatory legal provisions stipulate otherwise.
In the event of an intentional or grossly negligent violation of this prohibition of disclosure, the customer shall pay a contractual penalty for each case of infringement, to be determined by CRIF at its reasonable discretion and subject to review by the competent court in the event of a dispute. The assertion of further damages remains reserved.
The customer alone is liable for damages incurred by themselves, group companies, subsidiaries, or other third parties due to unauthorized disclosure or further processing. If CRIF is held liable by a third party because the customer violated the prohibition of disclosure, the customer shall fully indemnify CRIF in this regard.
If there are justified reasons to believe that the customer is violating the prohibition of disclosure, CRIF is entitled to conduct an audit regarding the contractual use of the data by the customer through its data protection officer or a professional bound to confidentiality by professional law.

VI. Liability

CRIF is liable for damages – regardless of the legal basis – in cases of intent and gross negligence.
In cases of slight negligence, CRIF is only liable for damages resulting from the breach of a material contractual obligation, the fulfillment of which enables the proper execution of the contract in the first place, the breach of which endangers the achievement of the contract’s purpose, and on the compliance with which the customer regularly relies.
In the case of slight negligence, liability is limited to 50% of the turnover generated with the customer per calendar year. However, this limitation only applies if the limitation corresponds to the typically expected damage. The limitation of liability is independent of the number of damage cases.
The above provisions also apply in favor of CRIF’s legal representatives and vicarious agents.
The agreed exclusions and limitations of liability do not apply to damages resulting from culpable injury to life, body, or health by CRIF or its legal representatives and vicarious agents. The limitations of liability do not apply if CRIF has fraudulently concealed a defect or has assumed a guarantee for the quality of the service.
The services provided by CRIF to the customer, including the provision of probability values, are components of the customer’s risk assessment process. The decision to enter into a legal transaction and its economic conditions is always made by the customer. CRIF is not liable for the suitability of the provided service for the customer’s intended use.
CRIF is not liable for damages incurred by the customer due to misuse or loss of the password or other login credentials. Any costs and fees incurred in this context shall be borne by the customer. Furthermore, damages originating from the customer’s sphere of responsibility shall be borne by the customer.
CRIF assumes no liability for the proper functioning of transmission lines, including data security and the availability of data lines.
If the customer violates data protection regulations, CRIF is entitled to immediately block the online connection, even before receipt of a termination notice. Any claims for damages remain unaffected.

VII. Data Protection

CRIF processes personal data based on the provisions of the General Data Protection Regulation (GDPR) and the applicable data protection regulations.
The customer is obliged to credibly and demonstrably present their legitimate interest. The existence of a legitimate interest can particularly be assumed if a transaction involves a financial default risk.
When using regular updates (so-called monitoring), the customer assures that a permanent business relationship with their contractual partner is maintained and thus the existence of a continuing creditor or economic risk. Furthermore, the customer undertakes to inform CRIF immediately upon termination of the permanent business relationship, as the legitimate interest in the information about the contractual partner’s financial circumstances ceases simultaneously with the termination of the contract.
CRIF is entitled to verify the existence of a legitimate interest without stating reasons. The customer undertakes to provide relevant information in this context and to submit proof to CRIF. The necessary documents must be retained and kept available by the customer for at least 12 months.
The customer may only use or process the transmitted data for the purpose for which it was transmitted. Processing or use for other purposes is only permitted under the conditions of the GDPR.
The customer must adequately obligate their employees or third parties who necessarily have access to the transmitted data to confidentiality and ensure that the transmitted data is handled in accordance with data protection regulations.
If CRIF becomes aware that the customer is using the data for purposes not permitted by law or is using it in an unauthorized or contractually non-compliant manner, CRIF is obliged to exclude the customer from the retrieval process.

VIII. Confidentiality

The content of this contract must be treated confidentially by CRIF and the CUSTOMER. All documents, data, and other information (hereinafter “confidential information”) related to this contract must be treated by CRIF and the CUSTOMER as their own trade secrets. All exchanged confidential information may only be used for the execution of this contract.
This confidentiality obligation does not apply to confidential information that was already known to one party before the start of the business relationship or that became generally known during the term of this contract without violating this agreement. The same applies if the confidential information was independently developed by one party or if one party has agreed to the disclosure or in the case of disclosure to persons bound to confidentiality by professional law.

IX. Final Provisions

The law of the Federal Republic of Germany shall apply exclusively, excluding the UN Convention on Contracts for the International Sale of Goods.
For merchants, Karlsruhe is agreed as the place of jurisdiction. Karlsruhe shall also be deemed the agreed place of jurisdiction if the customer relocates their registered office abroad after the conclusion of the contract or if their registered office is unknown at the time the action is filed. Furthermore, CRIF is entitled to bring an action at the customer’s place of business.
Amendments and additions to the contract must be made in text form to be effective.
Should individual provisions of this contract be or become invalid, the validity of the remaining provisions shall remain unaffected. The parties undertake to replace the invalid contractual provision with a legally valid provision that comes closest to the original legal and economic intentions of the parties. The same applies if the contract contains a gap that needs to be filled.

X. Special Conditions for the Product “Company Reports Online”

By completing the ordering process, the customer submits an offer to conclude a contract for the selected product package. Shortly thereafter, the customer receives a corresponding order confirmation from CRIF by email. The contract is concluded with this order confirmation.
The contract has a fixed term of 12 months. It is automatically extended by another 12 months unless it is terminated with three months’ notice before the end of the contract term; text form is sufficient.
The product package can be used for 12 months from the receipt of the order confirmation. Unused company reports expire after this period.
The price for the ordered product package is displayed during the ordering process and is stated in the order confirmation. CRIF will issue an invoice to the customer via a separate email. Payment for the ordered product package is due immediately upon receipt of the invoice.
The prices stated in the respective order confirmation apply. As part of each contract renewal, additional company reports may be ordered, but not another product package.

 

Status: 04/07/2024