CSP Rules

CSP Rules of CRIF Services Sp. z o.o. with its registered seat in Kraków

§ 1
These CSP (CRIF SOLUTION PLATFORM) Rules are the terms and conditions for the provision of electronic services within the meaning of the Act of 18 July 2002 on the provision of services by electronic means, consolidated text: Journal of Laws of 2016 item 1030, as amended, and shall set forth in particular:
1. the types and range of services provided by electronic means by CRIF Services Sp. z o.o. with its seat in Kraków via CSP;
2. terms and conditions for the provision of services by electronic means, including:
a) technical requirements for working with CSP;
b) ban on delivery by the customer of illegal content;
3. terms of use of the CSP;
4. terms and conditions for the conclusion and termination of agreements for the provision of services by electronic means;
5. rights and obligations of parties to agreements for the provision of services by electronic means;
6. complaint procedure.

§ 2
Terms used in the Rules shall have the following meaning:
1. Rules – these CSP Rules.
2. Service –
a) “CSP Portal” service available at: www.crif.pl;
b) XML service;
c) file sharing by other electronic means;
via which services available at CSP may be used.
3. CRIF — CRIF Services Sp. z o.o. with its registered office in Kraków, ul. Lublańska 38, 31–476 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under KRS number: 0000156341, Tax Identification Number (NIP): 5272400006, Statistical Identification Number (REGON): 015294671, with share capital of: PLN 50,000.00.
4. Partner – an entrepreneur that concluded an Agreement with CRIF.
5. User – Partner and a natural person acting on its behalf, holding a system account for access to the Service.
6. Co-operator - an entity that under an agreement with CRIF makes data available to CRIF’s Partners via the Service.
7. Agreement – Agreement on the provision of “CSP” Services as concluded by CRIF with a Partner, under which the Partner gains access to the Service.
8. Login – a unique string of characters assigned to the User by CRIF, uniquely identifying the User.
9. Password – a string of characters that is used to authenticate the User in the Service when trying to log in.
10. Act – the Act of 9 April 2010 on disclosure of economic information and exchange of economic data, consolidated text: Journal of Laws of 2014 item 1015, as amended.
11. P.D.P.A. – the Act od 29 August 1997 on the personal data protection, consolidated text: Journal of Laws of 2016 item 922.
12. P.S.E.M.A. – the Act of 18 July 2002 on the provision of services by electronic means, consolidated text: Journal of Laws of 2016 item 1030, as amended.
13. Economic information – economic information within the meaning of Article 2(1) of the Act.
14. Economic data – data within the meaning of Article 9 and Article 13 of the Act.

§ 3
1. Via the Service the Partner may use CRIF Services set out in the Agreement.
2. Services referred to in item 1 may include in particular:
a) making available of economic entities searching;
b) making available to placing orders for:
• preparing reports on Polish economic entities;
• preparing reports on foreign economic entities;
• access to data of Co-operators and processing this data (including economic information and economic data obtained from economic information offices, institutions created on the basis of Article 105(4) of the Act of 29 August 1997 – banking law, or foreign institutions and data providers).
3. The number of searches of entities referred to in item 2(a) in a calendar month may not exceed twice the number of orders referred to in item 2(b) placed in the same calendar month.
4. Under the terms and conditions specified in the Agreement, the Partner may entrust CRIF with processing of personal data in accordance with Article 31(1) of the P.D.P.A.
5. Within the framework of the services provided, CRIF keeps a history of searches and reports ordered in a private electronic archive of the Partner, hereinafter referred to as the archive, and allows the Partner to access the archive via the Service.
6. Economic information and economic data must be deleted by the Partner within 90 days of its receipt. If the Partner fails to delete economic information and economic data from its archive by the deadline referred to in the preceding sentence, CRIF shall delete it automatically.
7. Providing reports and individual data contained in reports obtained via the Service to third parties is prohibited.
8. CRIF shall not be liable for the accuracy, validity and completeness of the information made available to the Partner, including reports.
9. CRIF shall not be liable for the decisions and actions or omissions made on the basis of the information, including reports, disclosed to the Partner.

§ 4
1. Service is owned by CRIF.
2. The name of the Service, its idea, the graphical layout, software and database are protected by law.
3 .Use of the Service shall be under the principles defined in these Rules.
4. Technical requirements necessary for the proper use of the Service, and in particular necessary for the cooperation with CRIF ICT system, are as follows:
a) “KBIG Portal” website – web browser Internet Explorer ver. 7 or higher, FireFox ver. 4 or higher, with connections encrypted according to TLS 1.0 or SSL 3.0 protocol, using RC4 SHA (128 bit), AES 256 (256 bit) or AES 128 (128 bit) encryption algorithms;
b) XML service – SOAP client ver. 1.1. in conformity with WS-I specification and supporting connection encryption according to TLS 1.0 or SSL 3.0 protocol, using RC4 SHA (128 bit), AES 256 (256 bit) or AES 128 (128 bit) encryption algorithms;
c) file sharing – SFTP client ver. 6 or FTPS client supporting connection encryption according to TLS 1.0 or SSL 3.0 protocol, using encryption algorithms using RC4 SHA (128 bit), AES 256 (256 bit) or AES 128 (128 bit) encryption algorithms; all files supplied by the Partner should be compressed in popular format (e.g. ZIP), provided, however, that the size of a single archive file should be no larger than 2GB; in other cases, file sharing is only possible using secure encryption mechanisms, such as PGP.
5. Partner is registered in the Service by CRIF after the conclusion of the Agreement.
6. The Service may be used after activation of User account by first logging in to the Service by the User, authorised in accordance with § 5 of the Terms.
7. It is forbidden to enter any illegal content to the Service.

§ 5
1. Partner shall provide CRIF with a User registration by e-mail sent to the address designated by CRIF.
2. Partner may register more than one User.
3. User registration shall include the following personal data of the User: name, surname, business mobile phone number and business e-mail address.
4. CRIF shall process personal data of the User included in a User registration for the proper performance of the Agreement and the proper use of the Service.
5. Before providing CRIF with the User`s personal data, Partner is obliged to gain the User`s consent on providing CRIF with the User`s data for the purpose as provided for in paragraph 4 and to fulfill towards the User information obligaton resulting from legal regulations in force, especially to inform the User that data controller of the User`s personal data is CRIF Services Sp. z o.o. with its registered office in Kraków, ul. Lublańska 38, 31–476 Kraków, entered into the Register of Entrepreneurs of the National Court Register kept by District Court for Kraków-Śródmieście in Kraków, 11th Commercial Division of the National Court Register under KRS number: 0000156341, as well as that the User shall have the right to access to his personal data, to correct personal data and that the consent is voluntary and could be revoked at any time. Partner is exclusively liable for performance of this obligation.
6. CRIF shall assign the User a system account, which is connected to a Login and a temporary Password.
7. After receipt of a User registration, CRIF shall send the Login to the User by e-mail to the e-mail address indicated in a User registration.
8. CRIF shall send a temporary Password via a text message (SMS) to each User at a mobile phone number indicated in a User registration.
9. Upon first login, User changes the temporary Password to a new Password known only to the User;
10. At the written request of the Partner, CRIF shall immediately block User’s access to the Service, thereby preventing logging in and further use of the Service.
11. CRIF may block User’s access to the Service in the event of User’s breach of the provisions of these Rules.
12. CRIF may block access to the Service to all Users of the Partner in the event of a breach by the Partner of the Agreement or the Rules, and in particular in the event of delay in payments due to CRIF.

§ 6
1. CRIF is authorised to send to the Partner to the e-mail address provided in the Agreement any information for the proper performance of the Agreement.

§ 7
1. CRIF represents that:
a) it applies high standards to ensure the security of provision services by electronic means;
b) it has the resources to correctly process personal data;
c) its IT system allows the organisation of automatic circulation and exchange of information by electronic means;
d) its IT system conforms with a high level of security of personal data processing, specified in the Ordinance of the Minister of Internal Affairs and Administration of 29 April 2004 on the personal data processing documentation and technical and organisational conditions which should be met by devices and IT systems used for the processing of personal data, Journal of Laws of 2004 No. 100, item 1024;
e) it has taken measures to safeguard the data sets referred to in Articles 36-39 of the P.D.P.A., in particular it has developed and implemented security policy and information system management instruction for the processing of personal data, in accordance with the requirements contained in the Ordinance referred to in item (d).
2. Notwithstanding the provisions of paragraph 1, in the performance of the obligations arising under Article 6(1) of the P.S.E.M.A., CRIF hereby informs that using electronic services can potentially involve risks caused by, in particular, the activities of internet hackers, such as receiving unsolicited commercial information (spam), loss of data or the possibility of having the ICT system “infected” by various types of software – malware, spyware, worm, cracking, phishing, and more. To minimize these risks, User should have an up-to-date antivirus program running on their computer, and use caution when installing any software, opening e-mail and attachments, etc. and keep logins and passwords strictly confidential.

§ 8
1. CRIF’s liability shall be strictly limited to the obligations contained in these Rules.
2. CRIF shall not be liable for the disturbance to the functioning of the Service and for any interruption in the provision of services.
3. CRIF shall have the right to disable the Service or limit its availability in order to carry out the necessary maintenance.
4. CRIF shall not be liable for any damage resulting from events beyond the control of CRIF, including as a result of an act or omission by the User or a third party.
5. CRIF shall not be liable in the event of the occurrence of the force majeure event. The term force majeure shall be understood as any circumstance that is independent of CRIF, unpredictable and, in the given circumstances, impossible to avoid, e.g. in particular: flood, fire, earthquake, other natural disasters, acts of terrorism, war or acts of war, martial law, riots.

§ 9
1. Any complaints should be addressed by registered mail to the following address of CRIF: ul. Lublańska 38, 31–476 Kraków.
2. Any complaint should contain, in particular, identification details of the Partner, as well as indicate the basis for the complaint.
3. CRIF shall consider complaints within 30 days from the date of complaint delivery to CRIF.

§ 10
1. If the Agreement has been concluded for an indefinite period of time, each Party may terminate the Agreement in writing with the effect at the end of the calendar month with a three-month notice period.
2. If the Agreement has been concluded for a definite period of time, it shall be terminated upon the expiry of the period for which it has been concluded.
3. The Parties may provide in the Agreement for different notice periods than those provided for in paragraphs 1 and 2, and specify the conditions justifying the Agreement termination with immediate effect due to each Party.

§ 11
1. These Rules shall enter into force on the day of their announcement at www.crif.pl.
2. CRIF shall have the right to make amendments to the Rules at any time, without giving any reason. CRIF shall inform of the amendment made by posting the relevant information at the address referred to in paragraph 1.
3. The invalidity, in whole or in part, of any provision of these Rules – for any reason – shall not affect the validity of the remaining provisions of the Rules. In such a case, the relevant provisions of the law shall apply.