CRIF processes the data contained in its credit reporting system in full compliance with regulations for the sector, which consist in the following:

1. Personal Data Protection Code (Legislative Decree no. 196 of 30 June 2003)
2. Code of Conduct and Professional Practice for privately managed information systems regarding consumer credit, reliability, and timeliness of payment, published in Official Journal no. 300 of 23/12/2004 and entered into force on 1 January 2005, later supplemented by the Privacy Authority Provision regarding time limits for the retention of personal data published in Official Journal no. 54 of 6 March 2006
3. Privacy Authority Provision of 16/11/2004 regarding the balancing of interests

The above regulations can be consulted on the website www.garanteprivacy.it