|
The bank or financial institution transmits data about a credit application or relationship only if the individual has authorized his or her data to be processed within the credit reporting system, or, if even there has been no such authorization, if loan payments have been irregular.
The bank or financial institution provides customers with a privacy statement explaining how data is processed, giving information on the company that manages the reporting system, and indicating how long data is kept, the kinds of companies that can access it, and the individual's primary rights. If applicant or borrower is a business, the bank or financial institution need only provide this privacy statement in order to send data to the credit bureau.
Data on loans that have been granted is updated on a monthly basis by banks and financial institutions. Information is retained in CRIF's credit reporting system for the period provided for under current regulations set by the Privacy Authority, i.e.:
- Loan applications: 6 months, should it be necessary for examination of the application, or 1 month if the application is turned down or withdrawn
- Credit relationships with a positive outcome (no late payments or other negative circumstances): data is retained for 36 months
- Delays not in access of two installments/months, subsequently remedied: 12 months from the time of payment
- Delays in excess of 2 installments/months, subsequently remedied (even through settlement): 24 months from payment
- Negative events (delays, default, delinquency) that have not been remedied: 36 months from the date of contract expiration or the date in which the last update was necessary (in the case of subsequent agreements or other relevant circumstances related to repayment).
Access to data is strictly regulated by CRIF procedures. The use of information contained in the credit reporting system for other purposes, such as market research, marketing, publicity, or direct sale of products and services, is strictly prohibited. |