Data Protection Information

1. Scope of application
These duties to provide information apply to the processing of personal data by us as the controller with regard to visits to our webpages at


CRIF Bürgel GmbH,
Leopoldstraße 244, 80807 Munich
Telephone: +49 40 898030,

Legally independent and responsible partners of CRIF Bürgel GmbH

  1. CRIF Bürgel Wirtschaftsinformationen Aachen Dammers & Bittner GmbH, address for the website at
  2. BÜRGEL Wirtschaftsinformationen Georg Leimeister, address for the website at
  3. CRIFBÜRGEL Hannover Bielefeld GmbH & Co. KG, address for the website at
  4. "CRIF Bürgel-Chemnitz" Richter GmbH & Co. KG, address for the website at
  5. CRIF Bürgel Coburg GmbH, address for the website at
  6. BÜRGEL DRESDEN SCHARF GMBH, address for the website at
  7. Bürgel Wirtschaftsinformationen Duisburg Inh. Marko Freche e.K., address for the website at
  8. BÜRGEL ESSEN Schaltmann GmbH & Co. KG; address for the website at
  9. CRIF Bürgel Frankfurt (Oder) GmbH; address for the website at
  10. CRIFBÜRGEL Regina Walzel-Loos & Ralph Krödel GbR; address for the website at
  11. Wanke KG. Handels- und Wirtschaftsinformationsdienst, Inkassobüro; address for the website at
  12. CRIF Bürgel Grünzig GmbH & Co. KG; address for the website at
  13. CRIF Bürgel Iserlohn Jürgen Vogt e.K.; address for the website at
  14. Martin Kirch KG; address for the website at
  15. Bürgel Kassel Kilian & Wojacek GbR; address for the website at
  16. Bernd Wefelscheid Bürgel Rheinland; address for the website at
  17. CRIF BÜRGEL Potsdam GmbH; address for the website at
  18. CRIF Bürgel Ressmann GmbH & Co. KG; address for the website at
  19. CRIF Bürgel Saar Yvonne Böhm e.K.; address for the website at
  20. Elmar Dömer Inh. Claudia Dömer e.K. Bürgel Siegen; address for the website at
  21. Dr. Linde & Co. KG BÜRGEL Suhl; address for the website at
  22. CRIF Bürgel Ressmann Ulm e.K.; address for the website at
  23. Buck KG; address for the website at

2. Name and contact details of the company data protection officer
The company data protection officer of CRIF Bürgel GmbH can be contacted at the above address, FAO Data Protection department or by email to

3. Purposes of data processing, legal bases, retention period
When you visit our website, we collect, process and use personal data to the extent permitted by law or necessary for processing or if you have given your consent for this.

a) Visiting our website
When you visit our homepage, the web server of our website automatically processes information every time you visit it.  The following data is recorded during this:
The name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type along with version, the operating system of the user, referrer URL (the site previously visited), IP address and the requesting provider. This data is only used for statistical evaluations for the purpose of running, securing and optimising the offering.
The legal basis for the collection of data via log files is article 6 para. 1 clause 1 letter b GDPR (for the fulfilment of the contract for the use of the homepage) and article 6 para. 1 clause 1 letter c GDPR (for the security of data processing). Furthermore, we have a legitimate interest within the meaning of article 6 para. 1 clause 1 letter f GDPR to continually improve and optimise the offering on our homepage in the interests of the users.
The data collected and stored via server log files is deleted after 7 days at the latest or - in the case of IP addresses - made anonymous by truncation.

b) Newsletter
You can subscribe to our free newsletter on our website. To subscribe to the newsletter, simply enter your email address. You also have the option to enter your name and address. The actual registration takes place via a "double opt-in procedure". This means that after registration you will receive another email with a confirmation link. This validation is necessary to verify your email address.

The legal basis for sending the email is article 6 paragraph 1 letter a GDPR (consent).

You can unsubscribe from our newsletter at any time. You will find a link to unsubscribe at the end of each newsletter. Deregistration is also seen as revocation of your consent. In this case, the data you have provided will be deleted.

c) Use of our online contact form
For further information about our services, please contact us via our online contact form. Your data will be stored in our Customer Relationship Management system ("CRM system") and forwarded internally for further processing. All personal data with which you provide us in connection with this contact request will be used only for the purposes of responding to your enquiry or making contact with you, and for the associated technical administration.

The legal basis for data processing is article 6 para. 1 clause 1 letter a GDPR (consent) or article 6 paragraph 1 clause 1 letter b GDPR (implementation of pre-contractual measures).

The enquiries will be deleted after two years at the latest. Legal retention periods shall be observed accordingly.

d.) Order for address determination
You can place an order for address determination via our homepage. In such a case, the data provided by you will be used by our subsidiary, EURO-PRO Gesellschaft für Data Processing mbH, Lindenhof 1-3, 61279 Grävenwiesbach, for contract processing and will not be passed on to other third parties. EURO-PRO is responsible for the further processing of this data. EURO-PRO's Privacy Policy can be found at the following link:

e.) Data processing for online enquiries from data subjects
Personal data is collected, processed and used by us to the extent necessary to process your request for a data copy according to Art. 15 GDPR. We also use your information as part of this process to update our CRIF Bürgel GmbH database. For more information on the CRIF Bürgel process, please visit


4. Disclosure to third parties, processors, categories of recipients
a) Third parties
The transmission of your personal data to third parties, i.e. natural or legal persons other than the data subject, the controller, the data processor and the persons who are authorised to process the personal data under the direct responsibility of the controller or the processor, only takes place for the purposes listed below:


  • You have given your express and voluntary consent under article 6 para. 1 letter a GDPR to do so
  • According to article 6 para. 1 clause 1 letter b GDPR, the disclosure is necessary for the processing of contractual relationships with you, e.g. to suppliers or recipients of goods or services named by you.
  • There is a legal obligation to pass on data in accordance with article 6 para. 1 clause 1 letter c GDPR, e.g. to financial or criminal prosecution authorities.
  • The disclosure is required under article 6 para. 1 clause 1 letter f GDPR to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data; such disclosure may take place to government institutions and law enforcement authorities, for example, in the event of attacks on our IT systems.

b) Processors
We have commissioned the following processors in connection with the offering of our websites and related services pursuant to article 28 GDPR:
Our newsletter is sent by the dispatch service Newsletter2Go GmbH, Köpenicker Strasse 126, 10179 Berlin as a processor under article 28 GDPR. The data protection provisions of Newsletter2Go can be viewed at
Our websites are hosted by pop-interactive GmbH, Wendenstraße 408, 20537 Hamburg as processor under art. 28 GDPR. The data protection provisions of pop-interactive GmbH can be viewed at
Our websites are also operated and administered by redRobin. Brand Marketing Communications GmbH Virchowstraße 65b, 22767 Hamburg. The data protection provisions of redRobin. Brand Marketing Communications GmbH can be viewed at
We remain the controller for data protection even if processors are involved. We do not intend to transfer your personal data to a third country.

5. Cookies
We use cookies on our websites. Cookies are small text files that are automatically stored locally in the cache of your web browser on your end device when you visit our site. The cookie stores information that is created in conjunction with the specific end device used, or the saved language settings or screen resolutions. However, this does not provide us with direct information about your identity.
Cookies are used, among other things, for the purposes of enabling certain functions of the websites and for managing the session on a technical level. We use so-called session cookies to recognise that you have already visited individual webpages of our website within a session and to enable session control, e.g. to save form entries or shopping baskets during the session. Session cookies are deleted at the latest when you close your web browser.
In addition, we use temporary cookies that are stored in the web browser of your end device for a defined period of time to optimise and guarantee user-friendliness. If you visit our site again, it is automatically recognised that you have already visited our web pages and which settings you have stored so you do not need to deal with these again.
Furthermore, we use tracking cookies to statistically record the use of our website and to evaluate it for the purpose of optimising and advertising our offering. These cookies enable us to automatically recognise your end device the next time you visit our site and to localise it to a certain extent via IP addresses. These cookies are also automatically deleted after a defined time, at the latest after 365 days. More details can be found in the following chapter on web analysis.
The cookies necessary for the functioning of the website, the cookies for session control and the session cookies are processed in accordance with article 6 para. 1 clause 1 letter b GDPR (contract fulfilment). Data processing by means of cookies to optimise the websites and to ensure user-friendliness is carried out in accordance with article 6 para. 1 clause 1 letter f GDPR (legitimate interest) and for advertising purposes and web analysis of tracking cookies in accordance with article 6 para. 1 sentence 1 letter a GDPR (consent).
You can also view our web site without the use of cookies. However, most web browsers automatically accept cookies. You can set your web browser settings to prevent cookies from being saved or to display a message before a new cookie is stored. You can also delete cookies at any time through your web browser. However, deleting or deactivating cookies may mean that you may not be able to use all the functions of our website equally.
The following links show how to adjust the settings of the most commonly used browsers: Chrome Firefox Internet Explorer Safari

6. Web analysis
a) Etracker

We use the web analysis service etracker, which is operated by etracker GmbH ("etracker") in Germany. This service collects and stores data for marketing and optimisation purposes. Usage profiles under a pseudonym can be created from this data. Cookies can be used to do this. Etracker's cookies do not contain any information that enables a user to be personally identified. More information can be found at Data collection and storage can be objected to at any time at with effect for the future.

b) Google Analytics
We use the web analysis service Google Analytics, which is provided by Google Inc. ("Google") in the USA.
This service collects and stores data for marketing and optimisation purposes. Usage profiles under a pseudonym can be created from this data. Cookies can be used to do this. Information generated by the cookie about your use of the homepage is usually transmitted to and stored on a Google server in the USA. We have activated IP anonymisation on our homepage, i.e. Google will shorten your IP address within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases shall the full IP address be transferred to a Google server in the USA and truncated there. Based on our order, Google will use this information to evaluate your use of the offering, to compile reports on website activities and to provide the website operator with further services associated with website and Internet use. The IP address provided by your browser as part of Google Analytics will not be combined with other data from Google.
We wish to point out that, on this offering, Google Analytics has been extended with the code "gat._anonymizeIp();" in order to ensure the anonymous collection of IP addresses (IP masking).
You can also find more information on this at You can prevent Google from collecting data generated by the cookie and relating to your use of the offering (including your IP address) and processing this data by downloading and installing the browser plug-in available at the following link.

7. Google AdWords
We use the online advertising program Google AdWords, which was developed by Google Inc. ("Google") in the USA, and in the context of this, conversion tracking.
Cookies can be used to do this. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. These cookies expire after 30 days and are not used for personal identification. If the user visits certain pages of our website when the cookie has not yet expired, we and Google can detect that the user clicked on the ad and proceeded to this website. Each Google AdWords customer has a different cookie. Thus, cookies cannot be tracked using the website of an Adwords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted into conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to identify users personally. Users who do not wish to participate in tracking can easily disable the cookie of Google conversion tracking on their web browser under user settings. These users will not be included in the conversion tracking statistics.
For more information, see

8. Plug-ins and social media
Social plug-ins are also used on our websites, e.g. "like" buttons. Some of these plug-ins are technically operated in countries outside Germany and the European Union, although some are offered through national companies in the EU. If you open a page of our website in your web browser containing such a plug-in, your web browser will create a direct connection to the servers of the provider in the country concerned. By incorporating the plug-ins, the provider is given, as a minimum, the information that you have visited a certain page on our website, and perhaps also other information that your web browser or the device you use also discloses. The content of the plug-in is loaded by your web browser directly from the provider and incorporated into our website. If you are registered and/or have logged in with the provider concerned, your visit can also be assigned to your user account. If you interact with a plug-in, e.g. access up a route description, this information is also transmitted directly from your web browser to the provider and stored there and used further if necessary. The purpose and scope of the data collection and use primarily relate to marketing measures by the provider. You can read details about this and about your rights and setting options to protect your privacy first-hand in the privacy policy of the provider in question. The legal basis of this data processing on our websites is article 6 para. 1 clause 1 letter f GDPR (legitimate interests). We do not store data regarding interactions with plug-ins. If you do not wish a provider to collect data on you through our website, you must deactivate the plug-ins in your web browser. Certain functions, such as viewing maps, will then no longer be available. If you wish to avoid a link to any existing user account, you must log out before your visit to our website.

a) Facebook
This offering uses a plug-in from the social network Facebook (1601 South California Avenue, Palo Alto, CA 94304, USA). You can recognise this by the "like" button and the Facebook logo.
For more information on Facebook plug-ins, visit
When you visit this website, the plug-in establishes a connection between the Facebook server and your browser. In doing so, Facebook is informed that the IP address you used was used to visit this website. You can link content from this website to your Facebook profile if you are logged into your Facebook account and click the "like" button. Facebook will then associate your visit to this site with your account. Only Facebook has knowledge of the content of the data transmitted as well as how it is used.
Learn more about Facebook's privacy policy at

b) Twitter
This offering uses a plug-in from the service Twitter. This service is provided by Twitter Inc. (1355 Market St, Suite 900, San Francisco, CA 94103, USA). Through the use of Twitter and the "re-tweet" function, the web pages which you visit will be linked to your Twitter account and made known to other users. In the process, data will also be transferred to Twitter. The provider has no knowledge of the content of the transmitted data and its use by Twitter.
You can find more information on this at
Your privacy preferences on Twitter can be modified in your account settings at

c.) XING
Our site uses functions that are offered by the XING network. The provider is XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany.
Each time one of our pages containing XING features is accessed, your browser establishes a direct connection to the XING servers. To the best of our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored nor is usage behaviour evaluated.
The XING plug-in is used on the basis of art. 6 para. 1 letter f GDPR. The website operator has a justified interest in the widest possible visibility on social media. For more information about data protection and the XING Share button, please see the XING privacy policy at:

d.) LinkedIn
Our site uses functions from the LinkedIn network. The service is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn features is accessed, your browser establishes a connection to the LinkedIn servers. LinkedIn is informed that you have visited our websites from your IP address. If you use the LinkedIn “Recommend” button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website to your user account. We would like to point out that, as the provider of these web pages, we have no knowledge of the content of the data transmitted or how it will be used by LinkedIn.
The LinkedIn plug-in is used on the basis of art. 6 para. 1 letter f GDPR. The website operator has a justified interest in the widest possible visibility on social media.
For more information, please see the LinkedIn privacy policy at:

e.) YouTube
Our website uses plug-ins from the YouTube site, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plug-in, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you're logged in to your YouTube account, YouTube allows you to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account.
Further information about handling user data can be found in YouTube's privacy policy at

9. Rights of the data subject
You have the right:

  • to request information about your personal data processed by us in accordance with article 15 GDPR. In particular, you may obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period as far as possible, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if this has not been collected from you, and requires the existence of automated decision-making including profiling and, where appropriate, meaningful information about its detail.
  • to request the immediate rectification of incorrect or complete personal data stored by us in accordance with article 16 GDPR;
  • to request the erasure of your personal data stored by us in accordance with article 17 GDPR, if

– it is no longer needed for the purposes for which it was collected or otherwise processed,

– you withdraw your consent on which the processing referred to in article 6 para. 1 clause 1 letter a or article 9 para. 2 letter a is based and there is no other legal basis for processing,

– you object to the processing pursuant to article 21 para. 1 and there are no overriding legitimate grounds for the processing, or you object to processing for the purpose of direct marketing including related profiling pursuant to article 21 para. 2,

– the personal data has been processed unlawfully,

– the personal data must be erased for compliance with a legal obligation under European Union or Member State law to which the controller is subject.

– the personal data was collected relating to information society services provided pursuant to article 8 para. 1 GDPR (consent of a child).

The right to erasure does not exist to the extent that the processing is necessary

– to exercise the right to freedom of expression and information,

– to fulfil a legal obligation, for reasons of public interest in the field of public health or for archiving purposes in the public interest, or

– to assert, exercise or defend legal claims.

  • pursuant to article 18 GDPR, the right to obtain the restriction of the processing of your personal data, insofar as

– you dispute the accuracy of the data,
– it is being processed unlawfully, but you refuse to have it erased,
– we no longer need the data, but you do need it to assert, exercise, or defend legal claims or
– you have lodged an objection to the processing pursuant to article 21 GDPR.

  • to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another controller in accordance with article 20 GDPR,
  • to revoke your consent provided to us at any time pursuant to article 7 para. 3 GDPR. As a consequence, we will no longer be permitted to continue the processing of data based on this consent in the future if there is no other legal basis for it and
  • to lodge a complaint with a supervisory authority according to article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our headquarters.

10. Right of objection
If your personal data is processed on the basis of legitimate interests in accordance with article 6 para 1 clause 1 letter f GDPR, you have the right to object to the processing of your personal data in accordance with article 21 GDPR if there are reasons which arise from your particular situation, or if the objection is directed against direct advertisement. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you would like to make use of your right of revocation or objection, you can contact us using the above contact details and send us an email, for example.

11. Data security
During the visit to our website, we use the most common SSL (Secure Socket Layer) method together with the highest level of encryption supported by your browser. Usually, this is 256-bit encryption. Whether an individual page of our website is transmitted in encrypted form can be seen from the key or lock symbol in the status bar of your web browser appearing in closed form.
In addition, we use suitable technical and organisational measures for security of data processing appropriate to the level of risk, in particular to protect your data against manipulation or unauthorised access. In doing so, we take latest technology into account. Our security measures are adapted to keep up with technological developments.

12. Updates, validity and amendment of this Privacy Policy
By using our websites, you agree to the data processing described above. This Privacy Policy is currently valid and dated July 2018. Due to changes in the legal framework, the further development of our websites and offering, the implementation of new technologies or due to changes in legal or official requirements, it may become necessary to amend this Privacy Policy with effect for the future. You can access and save or print out the current data protection declaration at any time from our website.

13. Severability clause
Should individual provisions of this Privacy Policy be or become invalid or impracticable in whole or in part, this shall not affect the validity of the remaining provisions. The same applies in the case of omissions.



Information according to Art. 14 GDPR of CRIF Bürgel GmbH regarding the credit bureau and information services

1. Name and contact data of the responsible office as well as of the company's data protection officer

CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Tel.: +49 40 89803-0

The data protection officer of CRIF Bürgel GmbH can be reached at the above address ("For the attention of Data Protection Department"), or by e-mail at:

2. Data processing by CRIF Bürgel GmbH
2.1 Purposes of data processing and valid interests that are pursued by CRIF Bürgel GmbH or a third party

CRIF Bürgel GmbH processes personal data in order to provide authorized recipients with information for assessment of the creditworthiness of individuals and legal entities. To this end, scores are also calculated and transferred. CRIF Bürgel GmbH makes the information available only if a legitimate interest in it has been credibly demonstrated and processing is permissible
after consideration of all interests. There is a legitimate interest especially before engagement in business transactions involving a risk of financial default. The purpose of the creditworthiness check is to protect recipients against losses in credit business. The check simultaneously makes it possible to advise borrowers in order to protect them against excessive indebtedness. Data are also processed for purposes of fraud prevention, money laundering prevention, integrity assessment, identity and age verification, address location, customer service or risk management as well as tariff classification and assessing conditions and engage in direct product marketing. Pursuant to Art. 14 (4) GDPR, CRIF Bürgel GmbH will provide information regarding any changes to the purposes for which it processes data.

2.2 Legal basis of data processing

CRIF Bürgel GmbH processes personal data based on the stipulations of the EU General Data Protection Regulation. Processing is carried out based on consent and Art. 6 Para. 1 Letter f GDPR, in so far as such processing is necessary in order to preserve the legitimate interests of the responsible person (controller) or a third party, and these interests do not outweigh the basic rights and basic freedoms of the person in question that require the protection of personal data. There is a legitimate interest especially before any business transactions involving a risk of financial default.  Consent can be withdrawn from the contracting partner at any time. This also applies to consent already given before GDPR came into force. A withdrawal of consent does not affect the legality of the personal data processed before the withdrawal.

2.3 Data sources

CRIF Bürgel GmbH obtains its data from its contracting partners. These are companies located in the European Economic Area or in Switzerland in the areas of trade, service provision, leasing, energy supply, telecommunications, insurance or debt collection as well as credit institutes, providers of financial and payment services and other contracting partners that use products of CRIF Bürgel GmbH for the purposes indicated in Section 2.1. In addition, CRIF Bürgel GmbH processes information from generally accessible sources such as public records and official announcements (commercial registers, debtor lists, bankruptcy declarations).

2.4 Categories of personal data that are processed

  • Personal data, e.g. surname (if applicable prior names that may be provided upon special request), given name, date of birth, place of birth, address, prior addresses
  • Information regarding the initiation and execution of a transaction in accordance with the contract (e.g. Giro accounts, instalment loans, credit cards, garnishment-exempt accounts, basic accounts)
  • Information regarding undisputed, past-due claims subject to repeated dunning or reduced to
    judgement and their resolution
  • Information regarding abusive or otherwise fraudulent activities such as identity theft or credit rating
  • Information from public registries and official publications
  • Scores
  • Probabilistic values

2.5 Categories of recipients of personal data

Recipients are contracting partners of the branches of industry and commerce indicated in Section 2.3. In countries outside the European Economic Area, data are transmitted according to the requirements of the European Commission. We may transfer your personal data to EURO-PRO Gesellschaft für Data Processing mbH, Lindenhof 1-3, D-61279 Grävenwiesbach (EURO-PRO) for the purpose of address identification. The legal basis for these transmissions is article 6 paragraph 1 lit. f DSGVO. EURO-PRO processes the data received and also uses them to provide its contractual partners in the European Economic Area and in Switzerland as well as other third countries (under the precondition that  there is a decision on adequacy by the European Commission) with address information of natural persons. More detailed information on the activities of EURO-PRO can be found in the EURO-PRO information sheet or online at".

Further recipients can be agents of CRIF Bürgel GmbH in accordance with Art. 28 GDPR.

2.6 Duration of data retention

CRIF Bürgel GmbH stores information on persons only for a certain length of time. Necessity is the primary criterion for how long this time is. The storage periods are indicated in a Code of Conduct of the association "Die Wirtschaftsauskunfteien e. V.". The code can be viewed on the Internet at According to this code, the basic storage duration of data relating to a person is three years to the day after the person's debt has been settled. The following information, for example, is different to this and is deleted:

  • Data from debtor lists/records of central courts competent for execution are deleted after three years to the day, but are deleted prematurely if it is verified to CRIF Bürgel GmbH that the data have been deleted by the central court competent for execution.
  • Information on consumer/bankruptcy proceedings or proceedings for the discharge of residual debt is deleted exactly three years to the day after completion of the bankruptcy proceedings or discharge from residual debt. In special individual cases, earlier deletion is also possible.
  • Information on the rejection of a bankruptcy application for lack of assets, the cancellation of stipulations imposed regarding the provision of collateral or the disallowance of discharge of residual debt is deleted after three years to the day.
  • Previous addresses are stored for exactly three years to the day. After this, a check is made to find out whether it is necessary to continue storing the data for a further three years. Following this, they are deleted to the day exactly unless longer storage is necessary for the purpose of identification.

3. Rights of the data subject

In relation to CRIF Bürgel GmbH, every person concerned has the right to information according Art. 15 GDPR, the right to correction according to Art. 16 GDPR, the right to deletion according to Art. 17 GDPR and the right to limitation of data processing according Art. 18 GDPR. Moreover, persons concerned have recourse to the supervisory authority that is responsible for CRIF Bürgel GmbH, namely the Bavarian Data Protection Authority. Consent can be withdrawn from the contracting partner in question at any time.

According to Art. 21 (1) GDPR, it is possible to object to data processing for reasons arising from the special situation of the person concerned (for example witness protection, women’s shelter). The objection can be made informally and is to be
addressed to CRIF Bürgel GmbH, Data Protection, Leopoldstr. 244, 80807 Munich.

4. Profile development (scoring)

Before any business transactions involving a financial risk, business partners would like to be able to estimate as reliably as possible whether the obligations to pay can be fulfilled. By providing information and by means of so-called probability values (scores), CRIF Bürgel GmbH helps companies to make decisions and to quickly process everyday credit transactions. Based on
collected information and experience from the past, a prognosis is made of future events. At CRIF Bürgel GmbH, probability values are primarily calculated based on the information on a person that CRIF Bürgel GmbH has stored and that can be shown in future as part of the information provided in accordance with Article 15 GDPR. In addition, address data are used. Based on the stored entries relating to a person and the other data, the person is assigned to statistical groups of people who have demonstrated similar payment behavior in the past. The method used is called "logistic regression" and is a solidly based, field-tested, statistical method that is used to forecast risk probabilities. CRIF Bürgel GmbH uses the following data to calculate scores, whereby not every kind of data is used for every individual score calculation: date of birth, sex, shopping basket value, address data and duration of residence, previous payment problems, public negative attributes such as non-issuing of information on assets, creditor satisfaction ruled out, creditor satisfaction not demonstrated, debt collection proceedings and debt collection monitoring procedures.

The probability if a person will repay a mortgage loan does not need necessarily to correspond with the probability if they will pay an invoice for a mail order purchase on time. For this reason, CRIF Bürgel GmbH offers its business partners a variety of industry-specific score models: so-called CRIF Bürgel Industry Scores. For specific industries, the period may differ in order to better address the peculiarities of the business models customary in the sector (e.g.telecommunications, mortgage lending). Scores are constantly changing given that the information stored about a person by CRIF Bürgel GmbH is subject to change as well. For example, new information is added whereas other information is deleted in line with applicable retention periods. In addition, information itself changes over time (e.g. the duration of a business relationship), so that changes may occur even without considering new information.

Please note: CRIF Bürgel GmbH itself does not make any decisions; it only supports its affiliated business partners by providing information for their respective decision-making process. The specific business partner is solely responsible for risk assessment and evaluating creditworthiness due to the circumstance that only they have access to a wide variety of additional information, e.g. information contained in the credit application. This applies even if they rely solely on the information and score values supplied by CRIF Bürgel GmbH.

You can also visit our website to read the latest status of our information sheet according to Art. 14 GDPR.