General Terms and Conditions for Services in Risk and Opportunity Management

The following Terms and Conditions shall apply for all information provided by CRIF GmbH (hereinafter CRIF).

I. General provisions

  1. For all current and future business relationships between CRIF and the Customer, the following General Terms and Conditions shall exclusively apply in the version valid on the date of concluding the contract. Different general terms and conditions of the Customer shall not be recognized unless CRIF expressly consents to their applicability. The same shall apply if CRIF, aware of contrary or different conditions of the Customer, carries out the delivery and service without any reservation.
  2. CRIF expressly reserves the right at any time to amend these General Terms and Conditions, and to adapt them to technological conditions or changes in the legal situation, or where there is a contractual gap. This enumeration is by way of example and not exhaustive and is meant to include other, comparable reasons. Furthermore, an amendment should only be possible provided that the Customer is not disadvantaged in a manner contrary to good faith. Amendments to these General Terms and Conditions shall be communicated to the Customer in writing by way of a letter, fax, or e-mail at a minimum of six weeks prior to taking effect. After receiving the adapted General Terms and Conditions, the Customer has six weeks to object to the notice of an amendment in writing via a letter, fax, or e-mail. If the Customer does not object, this is to be viewed as consent to the notice of an amendment, and the amended General Terms and Conditions shall become an integral component of the contract.

II. Services in risk and opportunity management

  1. CRIF offers its Customers, for their business purposes, economic information in various forms about persons and companies domiciled domestically or abroad.
  2. An information inquiry shall be considered to be an order to provide economic information on the basis of information that has become known to CRIF and that (in its reasonable discretion) is material for assessing the circumstances. Economic information shall also be provided on the basis of the data stock available in the database without additional research and verification of the up-to-date status.
  3. CRIF does not verify the existence or identity of individuals. If the Customer recognizes that there is not a match between the person inquired about and the person to whom the information relates, the Customer may not use the transmitted data.
  4. CRIF is entitled to expand and modify the scope of services within the framework of further development and improving the products, provided that the Customer‘s contractual purpose is not, or is only immaterially affected.
  5. CRIF makes its information and products available in the respective up-to-date version status, and expressly reserves the right to make content and technical changes with a reasonable notice period. Product configurations, such as for example, score bands, score configurations or data interfaces can be adapted by CRIF to the respective newest version status. Any expenditures incurred by the Customer for an adaptation due to a new configuration or a new version status must be borne by the Customer. If the Customer desires a special configuration by CRIF or if the Customer cannot itself undertake the necessary adaptations, CRIF is only obligated for this if a separate written agreement between the Customer and CRIF is concluded in this regard, including a regulaton concerning the remuneration of CRIF connected with the expenses incurred. CRIF reserves the right to undertake technical adjustments, in particular, with respect to the interface, observing a notice period of at least three months, and not more frequently than one time per calendar year.
  6. If CRIF provides to the Customer copyright-protected works (for example, software or interfaces) in connection with the services offered, CRIF grants to the Customer during the contract term a nonexclusive license to use the works that is limited to the duration of the contract.
  7. Economic information concerning other credit agencies is expressly excluded from the scope of services.
  8. CRIF can refuse an information inquiry for legitimate reasons that do not have to be disclosed.
  9. CRIF is not obligated to disclose from where CRIF obtains its information. Anything different shall only apply if statutory claims for providing information require this disclosure.

III. Conditions for using online services

  1. CRIF enables the Customer’s access to the central CRIF database by means of an automated search process. Stored in this database are, among other things, information concerning names, company names, addresses, birth dates, marital status, professional occupation, financial circumstances, any liabilities and payment history indicators.
  2. The Customer can access the database with the aid of an Internet portal or by way of an interface. If the parties agree to access by means of an interface, CRIF shall provide the Customer an interface description free of charge. The Customer is obligated to program and maintain the interface on its own responsibility and at its own expense according to the interface description. The Customer is advised that CRIF does not undertake an inspection of the established interface and the accuracy of the data supplied by CRIF. However, CRIF shall ensure that the interface was set up by CRIF in a professional manner and that CRIF evaluated the data made available with the due diligence of a prudent merchant. CRIF shall not be liable for faulty programming or maintenance of the interface and any damages caused thereby, in particular, on account of delivering incorrect data. CRIF retains the copyrights in the interface description.
  3. For using the online services, the Customer shall be provided with multiple access authorizations that must be handled in a confidential manner. The access authorization consists of a multi-digit user identification (user ID) and a multi-digit personal password. The personal password must be changed by Customer at the initial login and changed not later than after 90 days.
  4. CRIF shall ensure that processing requests are independently recorded, in which case when performing the processing request, the data used, the date and the time of the processing request, the authentication, the database identifier and the data retrieved shall be recorded. When the recording is not properly carried out, the retrieval process will be interrupted. These recordings shall only be used for data protection monitoring, in particular, for monitoring the permissibility of the processing requests, to ensure the proper operation of the data processing system, as well as in the case of judicial proceedings.
  5. a) A request must be made for an access authorization for every user. The Customer shall ensure that only the respectively authorized database user can get access to the database.
  6. b) It is the Customer‘s obligation to ensure, through suitable security precautions, that an improper use of the access authorizations and the retrieval of data by unauthorized individuals is precluded.
    1. If the Customer has reason to assume that an unauthorized employee or a third party has obtained access to the access authorization, CRIF must immediately be made aware of this. In this case, the access authorization will be disabled and the Customer will be provided a new access authorization.
    2. Upon the departure of an employee with access authorization, the Customer must immediately change the previously used password and/or have it blocked by CRIF.
  7. CRIF shall make its services available online. CRIF does not assume any guarantee for the functionality of the Customer‘s technical equipment and the Customer‘s EDP programs for retrieving data.
  8. CRIF is not liable for the availability of the online service at any time. The online services are basically designed for access around the clock. Excluded are periods of temporary unavailability due to routine or necessary maintenance, data backup and update measures or downtimes, which are due to missing technical prerequisites to be provided by the Customer for the access to the Online Services, which are based on errors of the general telecommunication infrastructure or are within the area of responsibility of the data transmission company or which are due to force majeure beyond CRIF's sphere of influence.

III. Prices, payment conditions

  1. The Customer must pay CRIF the prices set out in the respective contract on the agreed due date. If no special due date is agreed, in case of doubt the invoices are due for payment immediately. In such a case, the account is in default as of the 15th calendar day after receiving the invoice and receiving the services.
  2. In the event of a late payment, CRIF is entitled to preclude the Customer from continuing to obtain the agreed services and/or continuing to obtain the agreed products until full payment is made.
  3. If the Customer purchases a certain product contingent, this must be called up within one year. Information of a contingent that has not been called up shall be forfeited without substitution, unless the parties to the contract agree otherwise in writing.
  4. Against CRIF's claims the Customer may only set off or assert a right of retention if and to the extent his claim is undisputed or legally binding.

IV. Prohibition on transfer

  1. It is not permitted to transfer the data acquired, or to store it for download or for access by companies of the group, subsidiaries, or other third parties in an unmodified or further processed form, in extract, as summaries, or partial data inventories. Exceptions to this shall only apply if compulsory statutory provisions otherwise dictate.
  2. In the event of an intentional or grossly negligent violation of this prohibition on transfer, the Customer must pay a contractual penalty for each occurrence of a violation to be determined in the reasonable discretion of CRIF, and in the case of a dispute, to be reviewed by a court having jurisdiction over the matter. The right to assert additional damages remains reserved.
  3. The Customer shall be solely liable for damages arising to the Customer, companies of the group, subsidiaries, or other third parties owing to a transfer or further processing contrary to agreement. If a claim is asserted against CRIF by a third party because the Customer has violated the prohibition on transfer, the Customer must fully indemnify CRIF with respect to this claim.
  4. If there are justified reasons to believe that the Customer is in breach of the prohibition on transfer, CRIF is entitled to have an audit carried out by its data protection officer or by a professional who is bound by professional law to maintain secrecy with regard to the contractual use of the data at the Customer's premises.

VI. Liability

  1. CRIF shall be liable for compensatory damages—irrespective of the legal grounds—in the case of intentional actions and negligence.
  2. For simple negligence, CRIF shall only be liable for damages arising from violating an essential contractual obligation the fulfillment of which allows for the proper implementation of the contract in the first place, the violation of which jeopardizes achieving the purpose of the contract, and compliance with which Customer may regularly rely.
  3. In the event of simple negligence, the liability is limited to 50 % of the sales generated with the Customer per calendar year. However, this limitation shall only apply if the limitation corresponds with the damages that may typically be anticipated. The liability limitation shall apply regardless of the number of claims.
  4. The proceeding provisions shall also apply in favour of the legal representatives and vicarious agents of CRIF.
  5. The agreed liability exclusions and limitations shall not apply for damages arising from the culpable injury to life, the body or health on the part of CRIF or its legal representatives and vicarious agents. The liability limitations shall not be taken into account insofar as CRIF has fraudulently concealed a defect or has assumed a guarantee for the quality of the performance.
  6. The services provided to the customer by CRIF, including the provision of probability values, represent components in the risk assessment process of our customers. The decision to enter into a legal transaction and its economic framework is always made by the customer. CRIF is not liable for the suitability of the service provided for the customer's intended purpose.
  7. CRIF shall not be liable for damages accruing to the Customer due to misuse or loss of the password or other login identifiers. Any costs and fees incurred in this connection shall be borne by the Customer. Furthermore, the Customer shall be liable for damages originating from Customer‘s sphere of responsibility.
  8. CRIF shall not assume any liability for the proper functioning of the transmission lines, including data security and the availability of data cables.
  9. If the Customer violates data protection law provisions, CRIF is authorized to immediately disable access to the online connection, also prior to the receipt of a termination declaration. Possible compensatory damage claims shall remain unaffected thereby

VII. Data protection

  1. CRIF processes personal data on the basis of the provisions of the General Data Protection Regulation (GDPR) in the respective, valid provisions under data protection law.
  2. The Customer is obligated to credibly and verifiably state its legitimate interest. The existence of a legitimate interest can in particular be assumed if a business transaction is associated with the financial risk of default.
  3. When using routine report updates (so-called monitoring), the Customer shall assure the maintenance of a sustained business relationship to its contractual partner and thus, the existence of a continuing credit or economic risk. Furthermore, the Customer commits to immediately inform CRIF upon the termination of the sustained business relationship, given that contemporaneously with the end of the contract, the legitimate interest in the information concerning the economic circumstances of the contractual partner is also eliminated.
  4. CRIF is authorized to verify the existence of a legitimate interest without stating any reasons. In this connection, the Customer commits to providing relevant information and submitting proof to CRIF. The documents required for this must be stored and kept available by the Customer for a minimum of 12 months.
  5. The Customer may only use or process the transmitted data for the purpose for which the data was transmitted to the Customer. Processing or use for other purposes is only permissible under the prerequisites of GDPR.
  6. The Customer must sufficiently obligate his employees or third parties, who necessarily have access to the transmitted data, to maintain confidentiality and to ensure that the transmitted data is handled in accordance with the provisions of data protection law.
  7. If CRIF becomes aware that the Customer uses the data for purposes not permitted by law, or uses the data in an impermissible or non-contractual manner, CRIF is obligated to exclude the Customer from the retrieval process.

VIII. Confidentiality

  1. The content of this contract has to be kept in confidence by CRIF and the Customer. CRIF and the Customer have to treat all documents, data and other information (hereinafter “confidential information”) which are linked to this contract like their own business secrets. All confidential information exchanged may only be used for the management of this contract.
  2. This confidentiality obligation shall not apply to confidential information which was already known to one party before the beginning of the business relationship or which became generally known during the term of this contract without violation of this agreement. The same applies if the confidential information has been developed independently by one party or if one party has consented to its publication or if it has been passed on to persons bound to secrecy under professional law.

IX. Closing provisions

  1. The law of the Federal Republic of Germany shall apply exclusively, excluding the UN sales law (CISG).
  2. For merchants, the venue location is agreed to be Karlsruhe. Karlsruhe shall also then be deemed to be the agreed venue if the Customer relocates its domicile to a foreign country subsequent to concluding the contract, or if the Customer’s domicile is unknown at the time that the suit is filed. CRIF is also entitled to file the suit at the location of the Customer‘s domicile.
  3. All amendments and supplementation related to the contract require textform to be valid.
  4. If individual provisions of this contract are or become invalid, the validity of the remaining provisions shall remain unaffected thereby. The parties commit to replace the invalid contractual provision by a legally valid provision that most closely approximates the original legal and economic intentions of the parties. The same applies in the event that the contract should have a gap requiring supplementation.

X. Special conditions for the product "Company information online“

  1. By completing the order process, the Customer makes an offer to conclude a contract for the product package selected by him. Shortly thereafter, CRIF will send the Customer a corresponding order confirmation by e-mail. With this order confirmation the contract is concluded.
  2. The contract has a fixed term of 12 months. Thereafter, it shall be extended by a further 12 months in each case unless it is terminated with a notice period of three months before the end of the contract; text form shall suffice.
  3. The product package can be used for a period of 12 months after receipt of the order confirmation. Unused company information expires after this period.
  4. The price for the ordered product package will be displayed during the ordering process and is stated in the order confirmation. CRIF will issue an invoice to the Customer with a separate e-mail. The payment for the ordered product package is due immediately upon receipt of the invoice.
  5. The prices stated in the order confirmation shall apply to orders for further company information exceeding the number ordered in the product package. Within the scope of the respective contract extension, further company information can also be ordered, but not a new product package.


Status 04/07/2024