Privacy Policy
Our privacy policy is very important to us. In our privacy policy section, you will find all the essential
information on the topic.
DenizBank AG offers transparency, security and integrity regarding the handling of your personal data. We are
committed to processing your data with the utmost care and to protecting them against any misuse. Due to the EU
General Data Protection Regulation – which has entered into force on 25 May 2018 – and the Data Protection
Adjustment Act 2018, special provisions will apply in addition to the existing statutory regulations with regard
to the
processing of personal data.
Below you will find an overview on how we process your personal data as well as information about your rights under the EU General Data Protection Regulation.
We kindly ask you to share this information with current and future authorised representatives as well as with any co-debtors.
Our privacy notices (pursuant to Articles 13 and 14 of the General Data Protection Regulation) provide you with detailed information. Upon your request, we can send them to you in paper form as well.
Below you will find an overview on how we process your personal data as well as information about your rights under the EU General Data Protection Regulation.
We kindly ask you to share this information with current and future authorised representatives as well as with any co-debtors.
Our privacy notices (pursuant to Articles 13 and 14 of the General Data Protection Regulation) provide you with detailed information. Upon your request, we can send them to you in paper form as well.
Contact details of the data controller and the data protection officer
Data controller:
DenizBank AG
Münchener Straße 7
60329 Frankfurt am Main
Tel: +49 69 - 4272 603-0
Fax: +49 69 - 4272 603-4629
servicecenter@denizbank.de
DenizBank AG
Münchener Straße 7
60329 Frankfurt am Main
Tel: +49 69 - 4272 603-0
Fax: +49 69 - 4272 603-4629
servicecenter@denizbank.de
Data protection officer:
DenizBank AG
Mag. Andreas Waberer
Thomas-Klestil-Platz 1
1030 Wien
datenschutzDE@denizbank.de
DenizBank AG
Mag. Andreas Waberer
Thomas-Klestil-Platz 1
1030 Wien
datenschutzDE@denizbank.de
Information on the data we process
We process the personal data provided by customers,
potential customers and/or interested parties within the
framework of our business relationships.
Pursuant to GwG (Anti-Money-Laundering-Act), DenizBank AG is obliged to prove, amongst other things, the identity, the beneficial owner or the trustor of the customer, to check the purpose pursued by the customer, to evaluate the intended nature of the business relationship, to obtain and check information on the origin of the funds used, and to continuously monitor both the business relationship and the transactions carried out within its scope.
Where necessary for providing our services, personal data we have legitimately obtained from the group companies of DenizBank AG or other third parties (e.g. service providers, Scoring-Agencies) are rightfully processed as well (e.g. for the fulfilment of contracts or due to your declaration of consent). Data we have legitimately obtained from publicly available sources (e.g. land registers, company registers and registers of associations, press, media, or the internet) are rightfully processed as well.
The personal data we process include, inter alia, the following details:
Pursuant to GwG (Anti-Money-Laundering-Act), DenizBank AG is obliged to prove, amongst other things, the identity, the beneficial owner or the trustor of the customer, to check the purpose pursued by the customer, to evaluate the intended nature of the business relationship, to obtain and check information on the origin of the funds used, and to continuously monitor both the business relationship and the transactions carried out within its scope.
Where necessary for providing our services, personal data we have legitimately obtained from the group companies of DenizBank AG or other third parties (e.g. service providers, Scoring-Agencies) are rightfully processed as well (e.g. for the fulfilment of contracts or due to your declaration of consent). Data we have legitimately obtained from publicly available sources (e.g. land registers, company registers and registers of associations, press, media, or the internet) are rightfully processed as well.
The personal data we process include, inter alia, the following details:
Basic data (first and last name, academic degree,
address and contact data (telephone number, email
address)) and further personal data (date and place of
birth, gender, nationality, marital status, legal capacity,
professional title/nature of employment (employed/selfemployed))
Identification data (such as ID card data) und
authentication data (such as specimen signature)
Legally relevant data in accordance with the KYC
principle (e.g. customer profile, documentation about the
purpose and nature of the business relationship, proof of
source of funds, PEP check);
Tax-related data (e.g. tax ID, FATCA status and/or CRS
status)
Information relevant to creditworthiness (e.g. SCHUFA)
Our correspondence with you (such as written
communications, consultation records, memos)
Information derived from electronic communications with
DenizBank AG (e.g. apps or cookies)
In general, the contents and the scope of the personal data
we collect depend on the respective products/services. Apart
from the data mentioned above, we are allowed to collect
process and retain further personal data. These primarily
include:
Account and payment transactions (incl. internet banking)
Data resulting from the fulfilment of our contractual
obligations (e.g. payment transaction data) or data relating to
the order or the payee (e.g. payment orders/standing orders).
Savings and deposits
Data resulting from the fulfilment of our contractual
obligations (e.g. turnover), direct debits, documentation data
(e.g. memos, consultation records).
Securities transactions
Information on knowledge and/or experience with regard to
securities (MiFID II status), investment behaviour/strategy
(scope, frequency, risk-taking), profession, financial situation
(assets, liabilities, income from salaried employment/selfemployment/commercial operations, expenses), foreseeable
changes in the financial circumstances (e.g. beginning of
retirement), specific objectives/essential concerns in the
future (e.g. planned acquisitions, settlement of liabilities), tax-related information, documentation data (e.g. suitability
statement).
Brokerage of insurance policies/home purchase savings products/private loans
Product data, documentation data (e.g. memos).
Consumer financing (consumers)
Documents relating to the customer's creditworthiness (proof
of income (e.g. payslips, third-party statements)),
professional situation (employer, nature and duration of the
employment relationship), marital status and number of
dependent children, scoring/rating data, purpose of use,
documentation data (e.g. memos).
Customer contact details
In the course of the establishment of the business
relationship as well as for its duration, we may contact you –
personally, by phone or in writing – and collect further
personal data (e.g. information about the contact channel,
date, occasion and result) as well as information on the
participation in marketing measures.
Purpose and legal basis of the processing of personal data and their retention periods
The aforementioned data are processed in accordance with
the data protection regulations. Moreover, our data
processing is based on the justifications stipulated in Article
6 Section 1 GDPR only. The main purposes are as follows:
Fulfilment of contractual obligations
Personal data are processed for the execution of banking
transactions and for the brokerage of insurances, building
society savings plans and private loans. These transactions
and activities are carried out within the framework of the
performance of the contracts entered into with you or for the
implementation of precontractual measures.
The specific details concerning the purpose of the processing of your personal data primarily depend on the specific product/service (see section 2). They can be looked up in the corresponding contractual documents and in our terms and conditions.
The specific details concerning the purpose of the processing of your personal data primarily depend on the specific product/service (see section 2). They can be looked up in the corresponding contractual documents and in our terms and conditions.
Fulfilment of legal obligations or grounds of public interest
Processing of personal data may be necessary for the
purpose of fulfilling various legal obligations (e.g. from the
Banking Act, the Financial Market Money Laundering Act,
the Securities Supervision Act, the Stock Exchange Act,
etc.) as well as for prudential requirements (e..B the
European Central Bank, the European Banking Supervision,
the Austrian Financial Market Supervisory Authority, etc.) to
which the Bank is subject as an Austrian credit institution.
Examples of such cases are:
We may process your personal data for the following purposes (non-exhaustive list):
Notifications to the Money Laundering Reporting Office in
certain suspected cases (GWG)
providing information to the BaFin in accordance with the
WpHG and the BörseG, e.B. to monitor compliance with the
provisions on the market misuse of inside information
providing information to financial criminal authorities in the
context of a financial criminal procedure for an intentional
financial offence
Disclosure of information to federal tax authorities in
accordance with Section 8 of the Account Register and
Account Inspection Act
EBA Guidelines for loan origination and monitoring
Assessment and management of risks as well as validation
and improvements of the models
Credit scoring and affordability in lending
This credit scoring uses statistical comparison groups to
assess the default risk of loan seekers. The calculated
"score value" is intended to provide a forecast of the
probability of a requested loan being repaid. The
affordability calculation esimates the financial ability to repay
a loan. If the risk of default is too high or financial ability to
repay a loan is too low, the loan application is rejected.
We may process your personal data for the following purposes (non-exhaustive list):
Verification of your identity
Measures for the prevention of money laundering
and terrorism financing
Compliance with the provisions concerning market
abuse and insider information
Compliance with the fiscal control and reporting
obligations (exchange of information with tax or
financial crime authorities)
Measures for risk assessment and management at
both the bank and the parent company
Based on your consent
If you have given your consent to the processing of your
personal data for specific purposes (e.g. for email
advertising), the processing activity performed on the basis
of your consent is deemed lawful. Your personal data will be
processed exclusively for the purposes and within the scope
defined in your declaration of consent. You may revoke your
declaration of consent at any time with effect for the future.
This also applies to declarations of consent given before
entry into force of the GDPR (25 May 2018).
Safeguarding of legitimate interests
If required for the safeguarding of our legitimate interests or
those of third parties, we will process your data beyond the
actual fulfilment of the contract based on the balancing of
interests. Data processing for the safeguarding of legitimate
interests occurs, for instance, in the following cases:
Personal data will only be processed and retained for as long as necessary for the fulfilment of the aforementioned purposes and, in any case, for the duration of the entire business relationship as well as beyond this period in compliance with the supervision requirements or statutory retention periods, the statutory warranty periods or contractual guarantee periods or whenever there are any other lawful reasons that justify the retention on a case-bycase basis.
Your data will be deleted upon fulfilment of the purpose as well as upon termination of the statutory retention periods, the statutory warranty periods or the contractual guarantee periods. In case of legal disputes, however, when the data are needed as evidence, they will not be deleted before the disputes are settled. The retention and documentation obligations result, inter alia, from the Commercial Code, the Federal Tax Code, the Banking Act, the Financial Market Anti-Money Laundering Act and the Securities Supervision Act 2018.
Within the scope of our due diligence obligations relating to the prevention of money laundering and terrorism financing, we are obliged to obtain and retain certain personal documents and information at the time the business relationship is entered into or whenever occasional transactions are to be executed. In particular, we will retain copies of the documents and information required for the fulfilment of the due diligence obligations described. The same applies to the transaction slips and records required for the tracing of transactions.
The statutory limitation periods pursuant to the Civil Code of Austria (ABGB) are to be considered as regards the retention and storage periods. The ABGB stipulates a general limitation period of up to 30 years (from the date of damage/occurrence of the damage) and, in certain cases, a special limitation period of three years (from the date on which the damage and the injuring party are known). Where processing is based on your consent, the data will not be deleted until you have revoked your consent.
Consultation of and data exchange with credit agencies
(e.g. SCHUFA) in order to identify credit and/or default
risks
Recording of telephone calls (e.g. in the context of
complaint management)
Assertion of legal claims and defence in the event of
legal disputes
Safeguarding of the Bank's IT security and the smooth
running of the Bank's IT operations
Prevention and investigation of criminal offences
Measures concerning the safety of buildings and
facilities and the protection of customers, employees and
the Bank's property (e.g. video recordings inside/in front
of branch offices)
Measures for the prevention of money laundering and
terrorism financing
General risk and business management measures as
well as measures for the development of products and
services
Personal data will only be processed and retained for as long as necessary for the fulfilment of the aforementioned purposes and, in any case, for the duration of the entire business relationship as well as beyond this period in compliance with the supervision requirements or statutory retention periods, the statutory warranty periods or contractual guarantee periods or whenever there are any other lawful reasons that justify the retention on a case-bycase basis.
Your data will be deleted upon fulfilment of the purpose as well as upon termination of the statutory retention periods, the statutory warranty periods or the contractual guarantee periods. In case of legal disputes, however, when the data are needed as evidence, they will not be deleted before the disputes are settled. The retention and documentation obligations result, inter alia, from the Commercial Code, the Federal Tax Code, the Banking Act, the Financial Market Anti-Money Laundering Act and the Securities Supervision Act 2018.
Within the scope of our due diligence obligations relating to the prevention of money laundering and terrorism financing, we are obliged to obtain and retain certain personal documents and information at the time the business relationship is entered into or whenever occasional transactions are to be executed. In particular, we will retain copies of the documents and information required for the fulfilment of the due diligence obligations described. The same applies to the transaction slips and records required for the tracing of transactions.
The statutory limitation periods pursuant to the Civil Code of Austria (ABGB) are to be considered as regards the retention and storage periods. The ABGB stipulates a general limitation period of up to 30 years (from the date of damage/occurrence of the damage) and, in certain cases, a special limitation period of three years (from the date on which the damage and the injuring party are known). Where processing is based on your consent, the data will not be deleted until you have revoked your consent.
Disclosure of your data
Within the Bank, only those departments and/or employees
that require your data for the fulfilment of our contractual,
statutory and supervisory obligations as well as for our
legitimate interests will be given access to your data. Apart from that, we may disclose your personal data to processors
(service providers) if these comply with the data protection
requirements stipulated in writing in the order processing
agreements and if these are bound by confidentiality
obligations. In case we commission a processor, we remain
responsible for the protection of your personal data.
As regards the disclosure of data to recipients outside the Bank, we point out that contractualy, we are obliged not to disclose any customer-related information confided or made available to us due to the business relationship. We are not entitled to disclose your personal data unless required by legal and/or supervisory provisions. Besides, we may disclose your personal information if you have given your consent or released us from our secrecy obligation in writing.
Where this is strictly necessary for the aforementioned purposes, we will disclose your personal data to the categories of recipients mentioned below. However, this only occurs to the extent necessary.
As regards the disclosure of data to recipients outside the Bank, we point out that contractualy, we are obliged not to disclose any customer-related information confided or made available to us due to the business relationship. We are not entitled to disclose your personal data unless required by legal and/or supervisory provisions. Besides, we may disclose your personal information if you have given your consent or released us from our secrecy obligation in writing.
Where this is strictly necessary for the aforementioned purposes, we will disclose your personal data to the categories of recipients mentioned below. However, this only occurs to the extent necessary.
Parent company
Branch offices of our bank
Information services providers
Financial institutions, financial companies and financial
services providers
Society for Worldwide Interbank Financial
Telecommunication (S.W.I.F.T.)
Insurance companies
Building societies
(Supervisory) authorities
German Federal Bank
Ministry of Finance
Administrative authorities, courts and public corporations
External legal representatives, notaries, tax consultants,
auditors and annual auditors
US tax authorities
Pension authorities
Creditor protection associations
IT services providers
Other service providers and partners
Collection agencies for the purpose of debt recovery
Data transmission to third countries
Data is not transmitted outside the European Union (to socalled third countries) unless required to execute your orders,
stipulated by law (e.g. due to fiscal reporting obligations) or
allowed due to your consent.
If required in individual cases, we may transmit your data to an IT services provider (processor) established in a third country in order to ensure the smooth running of the Bank's IT operations. However, this is done in compliance with the European level of data protection. In this respect, we would like to point out that we do not use processors outside the European Union unless the European Commission has taken an adequacy decision with regard to the third country concerned, or unless we have agreed upon EU standard contractual terms or binding internal data protection regulations which oblige the processor to comply with the European level of data protection.
If required in individual cases, we may transmit your data to an IT services provider (processor) established in a third country in order to ensure the smooth running of the Bank's IT operations. However, this is done in compliance with the European level of data protection. In this respect, we would like to point out that we do not use processors outside the European Union unless the European Commission has taken an adequacy decision with regard to the third country concerned, or unless we have agreed upon EU standard contractual terms or binding internal data protection regulations which oblige the processor to comply with the European level of data protection.
Security of your data
Appropriate technical and organisational measures have
been implemented in order to ensure the protection and
security of your personal data. These technical and
organisational measures protect your personal data against
access by unauthorised third parties. They include, in
particular, an authorisation concept as well as procedural,
organisational and digital protective measures concerning
our IT infrastructure.
These measures are updated on a continuous basis using state-of-the-art technology. Besides, they are regularly checked within the framework of internal and external audits.
These measures are updated on a continuous basis using state-of-the-art technology. Besides, they are regularly checked within the framework of internal and external audits.
Automated decision-making and profiling
The processing of your personal data is automated with the
objective of evaluating certain personal aspects (so-called
profiling). Should we use these processes in individual cases,
we will inform you accordingly if required by law.
In particular, profiling is used in the following cases:
In particular, profiling is used in the following cases:
Due to statutory and regulatory provisions, we are
obliged to fight money laundering and terrorism
financing. To this end, we evaluate, for instance, your
payments and transactions. At the same time, these
measures are intended to protect you.
In the course of the granting of credits, we assess your
creditworthiness (credit assessment) using a scoring
system. This system uses recognised and proven
mathematical and statistical procedures. We use
statistical comparison groups in order to calculate the
default risk and/or the probability of the customers'
fulfilment of their contractual payment obligations. In
order to calculate this score value, we use, for instance,
the following data:
Basic data (e.g. marital status, number of children,
profession, employer, duration of employment)
Financial circumstances (e.g. income, assets,
expenses, existing liabilities, collaterals)
Payment behaviour and experience from previous
business relationships (e.g. credit history,
reminders, information provided by credit
agencies)
Moreover, we may evaluate your data in order to
appropriately inform and advise you on products. This is
done using evaluation systems (e.g. statistical
procedures). We use the results in order to be able to
contact you in a needs-based and target-oriented way.
Your rights and obligations
Provision of your data
Within the framework of our business relationship, you are
required to disclose the personal data necessary for the
establishment and implementation of a business relationship
and compliance with the associated contractual obligations.
The same applies to data the collection of which is required
by law.
If you fail to provide us with the requisite information and documents, we are not allowed to establish the desired business relationship, enter into the contract and/or execute the order
If you fail to provide us with the requisite information and documents, we are not allowed to establish the desired business relationship, enter into the contract and/or execute the order
Your data protection rights, especially your rights of access, rectification and deletion
Every person whose data are or were processed by us has
the following rights, provided that these are not subject to
statutory limitations and do not infringe any statutory
provisions:
Right to receive information on whether personal data
are processed and, if so, on the nature of the data and
the extent of their processing
Right to rectification, completion and/or deletion of
the personal data
Right to restrict the processing of personal data
Right to transfer personal data
Right to object to a processing activity (under certain
conditions)
Right to revoke the declaration of consent at any
time. This revocation does not affect the lawfulness of
the processing activities that occurred as a result of the
consent up to the date of its revocation.
Moreover, the person concerned has the right to file a
complaint with the data protection authority.
Information on your right to object
Right to object on a case-by-case basis
You are entitled to object to the processing of your personal
data if it serves grounds of public interest and the balancing
of interests.
If you file an objection, we will no longer process your personal data unless we provide compelling legitimate grounds for the processing that outweigh your interests, rights and liberties. The same applies if the processing occurs for the purpose of asserting, exercising or defending any legal claims.
If you file an objection, we will no longer process your personal data unless we provide compelling legitimate grounds for the processing that outweigh your interests, rights and liberties. The same applies if the processing occurs for the purpose of asserting, exercising or defending any legal claims.
Right to object to the processing of personal data for marketing purposes
If, within the scope of direct advertising measures, you have
given your consent to the processing of your personal data
for marketing purposes, you are entitled to object to this type
of processing at any time without stating any reasons.
If you object to the processing for marketing purposes, we will no longer use your personal data for these purposes.
The withdrawal of your consent can be addressed without a form requirement via mail to DenizBank AG, Münchener Straße 7, 60329 Frankfurt am Main or via datenschutzDE@denizbank.de .
If you object to the processing for marketing purposes, we will no longer use your personal data for these purposes.
The withdrawal of your consent can be addressed without a form requirement via mail to DenizBank AG, Münchener Straße 7, 60329 Frankfurt am Main or via datenschutzDE@denizbank.de .
Further information
Supervisory authority responsible for monitoring
compliance with data protection regulations :
Der Hessische Datenschutzbeauftragte
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Postfach 31 63
Telefon: +49 611 140 80
Fax: +49 611 140 89 900
E-Mail: poststelle@datenschutz.hessen.de
Website:http://www.datenschutz.hessen.de
Der Hessische Datenschutzbeauftragte
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Postfach 31 63
Telefon: +49 611 140 80
Fax: +49 611 140 89 900
E-Mail: poststelle@datenschutz.hessen.de
Website:http://www.datenschutz.hessen.de
Contact details of the data controller and the data protection officer
Data controller:
DenizBank (Wien) AG
Münchener Straße 7
60329 Frankfurt am Main
Tel: +43 (0) 505-105 2000
Fax: +43 (0) 505-105/2029
servicecenter@denizbank.de
DenizBank (Wien) AG
Münchener Straße 7
60329 Frankfurt am Main
Tel: +43 (0) 505-105 2000
Fax: +43 (0) 505-105/2029
servicecenter@denizbank.de
Data protection officer:
DenizBank AG
Mag. Andreas Waberer
Thomas-Klestil-Platz 1
1030 Wien
datenschutzDE@denizbank.de
DenizBank AG
Mag. Andreas Waberer
Thomas-Klestil-Platz 1
1030 Wien
datenschutzDE@denizbank.de
The sources and data we use
We process the personal data you disclosed to us in your
capacity as the authorised representative or beneficial owner
of the legal entity (interested parties and/or customers). Data
we have legitimately obtained from publicly available sources
(e.g. land registers, commercial registers and registers of
associations, press, media, or the internet) are rightfully
processed as well.
The representative's personal data we process include, inter alia, the following details:
The representative's personal data we process include, inter alia, the following details:
Basic data (first and last name, academic degree,
address and contact data (telephone number, email
address)) and further personal data (date and place of
birth, gender, nationality, marital status, legal capacity,
professional title/nature of employment (employed/selfemployed))
Identification data (such as ID card data) and
authentication data (such as specimen signature)
Legally relevant data in accordance with the KYC
principle (e.g. customer profile, documentation about
the purpose and nature of the business relationship,
proof of source of funds, PEP check) Our corresponddence with you (e.g.written communications,
consultation records, memos)
Information derived from electronic communications
with DenizBank (Wien) AG (e.g. apps or cookies)
In general, the contents and the scope of the personal data
we collect depend on the respective products/services. Apart
from the data mentioned above, we are allowed to collect,
process and retain further personal data.
Purpose and legal basis of the processing of personal data and their retention periods
The aforementioned personal data are processed in
accordance with the data protection regulations. Moreover,
our data processing is based on the justifications stipulated in
Article 6 Section 1 GDPR only. The main purposes are as
follows:
Fulfilment of contractual obligations
Personal data are processed for the execution of banking
transactions and brokering activities involving insurances.
These transactions and activities are carried out within the
framework of the performance of the contracts entered into
with you or for the implementation of precontractual
measures.
The specific details concerning the purpose of the processing of your personal data primarily depend on the respective product/service (see section 2). They can be looked up in the corresponding contractual documents and in our terms and conditions.
The specific details concerning the purpose of the processing of your personal data primarily depend on the respective product/service (see section 2). They can be looked up in the corresponding contractual documents and in our terms and conditions.
Fulfilment of legal obligations or grounds of public interest
As a bank, we are subject to different legal provisions (e.g.
Kreditwesengesetz – Banking Act, Börsegesetz – Stock
Exchange Act, Geldwäschegesetz – Anti-Money Laundering
Act, Wertpapierhandelsgesetz – Securities Trading Act,
Zahlungsdiensteaufsichtsgesetz – Payment Services
Supervision Act and tax laws) and banking regulations (such
as those stipulated by the European Central Bank, the
European Banking Supervisors, the Deutsche Bundesbank
and the BaFin – Federal Financial Supervisory Authority).
We may process your personal data for the following
purposes (non-exhaustive list):
Verification of your
identity
Measures for the prevention of money laundering
and terrorism financing
Compliance with the provisions concerning
market abuse and insider informationCompliance with
the fiscal control and reporting obligations (exchange
of information with tax or financial crime authorities)
Measures for risk assessment and management at both
the bank and the parent company
Based on your consent
If you have given your consent to the processing of your
personal data for specific purposes (e.g. for email
advertising), the processing operation performed on the basis
of your consent is deemed lawful. Your personal data will be
processed exclusively for the purposes and within the scope
defined in your declaration of consent. You may revoke your
declaration of consent at any time with effect for the future.
This also applies to declarations of consent given before entry
into force of the GDPR (25 May 2018).
Safeguarding of legitimate interests
If required for the safeguarding of our legitimate interests or
those of third parties, we will process your data beyond the
actual fulfilment of the contract based on the balancing of
interests. Data processing for the safeguarding of legitimate
interests occurs, for instance, in the following cases:
Consultation of and data exchange with credit agencies
(e.g.SCHUFA) in order to identify credit and/or default
risks
Recording of telephone calls (e.g. in the context of
complaint management)
Assertion of legal claims and defence in the event of
legal disputes
Safeguarding of the Bank's IT security and the smooth
running of the Bank's IT operations
Prevention and investigation of criminal offences
Measures concerning the safety of buildings and
facilities and the protection of customers, employees
and the Bank's property (e.g. video recordings inside/in
front of branch offices)
Measures for the prevention of money laundering and
terrorism financing
General risk and business management measures as
well as measures for the development of products and
services
Personal data will only be processed and retained for as long
as necessary for the fulfilment of the aforementioned
purposes and, in any case, for the duration of the entire
business relationship as well as beyond this period in
compliance with the supervision requirements or statutory
retention periods, the statutory warranty periods or
contractual guarantee periods or whenever there are any other
lawful reasons that justify the retention on a case-by- case
basis.
Your data will be deleted upon fulfilment of the purpose as well as upon termination of the statutory retention periods, the statutory warranty periods or the contractual guarantee periods. In case of legal disputes, however, when the data are needed as evidence, they will not be deleted before the disputes are settled. The retention periods and documentation obligations result, inter alia, from the Handelsgesetzbuch – Commercial Code, the Abgabenordnung – Tax Code, the Kreditwesengesetz – Banking Act, the Geldwäschegesetz – Anti-Money Laundering Act, Wertpapierhandelsgesetz – Securities Trading Act.
Within the scope of our due diligence obligations relating to the prevention of money laundering and terrorism financing, we are obliged to obtain and retain certain personal documents and information at the time the business relationship is entered into or whenever occasional transactions are to be executed. In particular, we will retain copies of the documents and information required for the fulfilment of the due diligence obligations described. The same applies to the transaction slips and records required for the tracing of transactions.
The statutory limitation periods pursuant to the Bürgerliches Gesetzbuch – Civil Code (BGB) are to be considered as regards the retention periods. The BGB stipulates an absolute limitation period of up to 30 years (from the date of damage/occurrence of the damage) and a general limitation period of three years (from the date on which the damage and the injuring party are known). Where processing is based on your consent, the data will not be deleted until you have revoked your consent.
Your data will be deleted upon fulfilment of the purpose as well as upon termination of the statutory retention periods, the statutory warranty periods or the contractual guarantee periods. In case of legal disputes, however, when the data are needed as evidence, they will not be deleted before the disputes are settled. The retention periods and documentation obligations result, inter alia, from the Handelsgesetzbuch – Commercial Code, the Abgabenordnung – Tax Code, the Kreditwesengesetz – Banking Act, the Geldwäschegesetz – Anti-Money Laundering Act, Wertpapierhandelsgesetz – Securities Trading Act.
Within the scope of our due diligence obligations relating to the prevention of money laundering and terrorism financing, we are obliged to obtain and retain certain personal documents and information at the time the business relationship is entered into or whenever occasional transactions are to be executed. In particular, we will retain copies of the documents and information required for the fulfilment of the due diligence obligations described. The same applies to the transaction slips and records required for the tracing of transactions.
The statutory limitation periods pursuant to the Bürgerliches Gesetzbuch – Civil Code (BGB) are to be considered as regards the retention periods. The BGB stipulates an absolute limitation period of up to 30 years (from the date of damage/occurrence of the damage) and a general limitation period of three years (from the date on which the damage and the injuring party are known). Where processing is based on your consent, the data will not be deleted until you have revoked your consent.
Disclosure of the data
Within the Bank, only those departments and/or employees
that require your data for the fulfilment of our contractual,
statutory and supervisory obligations as well as for our
legitimate interests will be given access to your data. Apart
from that, we may disclose your personal data to processors
(service providers) if these comply with the data protection
requirements stipulated in writing in the order processing
agreements and if these are bound by confidentiality
obligations. Even though we commission a processor, we
remain responsible for the protection of your personal data.
As regards the disclosure of data to recipients outside the Bank, we point out that as a bank, we are obliged not to disclose any customer-related information confided or made available to us due to the business relationship (banking secrecy according to § 38 BWG, Austrian Banking Act and according to our General Terms and Conditions). We are not entitled to disclose your personal data unless required by legal and/or supervisory provisions. Besides, we may disclose your personal information if you have given your consent or released us from our secrecy obligation in writing. Where this is strictly necessary for the aforementioned purposes, we will disclose your personal data to the categories of recipients mentioned below. However, this only occurs to the extent necessary.
As regards the disclosure of data to recipients outside the Bank, we point out that as a bank, we are obliged not to disclose any customer-related information confided or made available to us due to the business relationship (banking secrecy according to § 38 BWG, Austrian Banking Act and according to our General Terms and Conditions). We are not entitled to disclose your personal data unless required by legal and/or supervisory provisions. Besides, we may disclose your personal information if you have given your consent or released us from our secrecy obligation in writing. Where this is strictly necessary for the aforementioned purposes, we will disclose your personal data to the categories of recipients mentioned below. However, this only occurs to the extent necessary.
Parent company
Branch offices of our bank
Information services providers
Financial institutions, financial companies and financial
services providers
Society for Worldwide Interbank Financial
Telecommunication (S.W.I.F.T.)
Insurance companies
(Supervisory) authorities
Deutsche Bundesbank
Ministry of Finance
Administrative authorities, courts and public corporations
External legal representatives, notaries, tax consultants,
auditors and annual auditors
US tax authorities
Creditor protection associations
IT services providers
Other service providers and partners
Collection agencies for the purpose of debt recovery
Will mydata be transmitted to third countries or to an international organisation?
Data are not transmitted outside the European Union (to socalled third countries) unless required to execute
your orders,
stipulated by law (e.g. due to fiscal reporting obligations) or
allowed due to your consent.
If required in individual cases, we may transmit your data to an IT services provider (processor) established in a third country in order to ensure the smooth running of the Bank's IT operations. However, this is done in compliance with the European level of data protection. In this respect, we would like to point out that we do not use processors outside the European Union unless the European Commission has taken an adequacy decision with regard to the third country concerned, or unless we have agreed upon EU standard contractual terms or binding internal data protection regulations which oblige the processor to comply with the European level of data protection.
If required in individual cases, we may transmit your data to an IT services provider (processor) established in a third country in order to ensure the smooth running of the Bank's IT operations. However, this is done in compliance with the European level of data protection. In this respect, we would like to point out that we do not use processors outside the European Union unless the European Commission has taken an adequacy decision with regard to the third country concerned, or unless we have agreed upon EU standard contractual terms or binding internal data protection regulations which oblige the processor to comply with the European level of data protection.
Security of your data
Appropriate technical and organisational measures have
been implemented in order to ensure the protection and
security of your personal data. These technical and
organisational measures protect your personal data against
access by unauthorised third parties. They include, in
particular, an authorisation concept as well as procedural,
organisational and digital protective measures concerning
our IT infrastructure
These measures are updated on a continuous basis using state-of-the-art technology. Besides, they are checked on a regular basis within the framework of internal and external audits.
These measures are updated on a continuous basis using state-of-the-art technology. Besides, they are checked on a regular basis within the framework of internal and external audits.
Automated decision-making and profiling
In general, we do not use automated decision-making when
entering into business relationships or during established
business relationships. In certain cases, the processing of your
personal data is automated with the objective of evaluating
certain personal aspects (so-called profiling). Should we use
these processes in individual cases, we will inform you
accordingly if required by law.
In particular, profiling is used in the following cases:
In particular, profiling is used in the following cases:
Due to statutory and regulatory provisions, we are obliged
to fight money laundering and terrorism financing. To this
end, we evaluate, for instance, your payments and
transactions. At the same time, these measures are
intended to protect you.
Moreover, we may evaluate your data in order to
appropriately inform and advise you on products. This is
done using evaluation systems (e.g. statistical procedures).
We use the results in order to be able to contact you in a
needs-based and target-oriented way.
Your rights and obligations
Provision of your data
Within the framework of our business relationship, you are
required to disclose the personal data necessary for the
establishment and implementation of a business relationship
and compliance with the associated contractual obligations.
The same applies to data the collection of which is required
by law
If you fail to provide us with the requisite information anddocuments, we are not allowed to establish the desired business relationship, enter into the contract and/or execute the order.
If you fail to provide us with the requisite information anddocuments, we are not allowed to establish the desired business relationship, enter into the contract and/or execute the order.
Your data protection rights, especially your rights of access, rectification and deletion
Every person whose data are or were processed by us has
the following rights, provided that these are not subject to
statutory limitations and do not infringe any statutory
provisions:
Right to receive information on whether personal
data are processed and, if so, on the nature of the
data and the extent of their processing
Right to rectification, completion and/or deletion
of the personal data
Right to restrict the processing of personal data
Right to transfer personal data
Right to object to a processing activity (under
certain conditions)
Right to revoke the declaration of consent at any
time. This revocation does not affect the lawfulness of
the processing activities that occurred as a result of
the consent up to the date of its revocation.
Moreover, the person concerned has the right to file a
complaint with the Data Protection Authority.
Information on your right to object
Right to object on a case-by-case basis
You are entitled to object to the processing of your personal
data if it serves grounds of public interest and the balancing
of interests
If you file an objection, we will no longer process your personal data unless we provide compelling legitimate grounds for the processing that outweigh your interests, rights and liberties. The same applies if the processing occurs for the purpose of asserting, exercising or defending any legal claims.
If you file an objection, we will no longer process your personal data unless we provide compelling legitimate grounds for the processing that outweigh your interests, rights and liberties. The same applies if the processing occurs for the purpose of asserting, exercising or defending any legal claims.
Right to object to the processing of personal data for marketing purposes
If, within the scope of direct advertising measures, you have
given your consent to the processing of your personal data
for marketing purposes, you are entitled to object to this type
of processing at any time without stating any reasons.
If you object to the processing for marketing purposes, we will no longer use your personal data for these purposes.
The withdrawal of your consent can be addressed without a form requirement to DenizBank (Wien) AG, Münchener Straße 7, 60329 Frankfurt am Main or datenschutzDE@denizbank.de
If you object to the processing for marketing purposes, we will no longer use your personal data for these purposes.
The withdrawal of your consent can be addressed without a form requirement to DenizBank (Wien) AG, Münchener Straße 7, 60329 Frankfurt am Main or datenschutzDE@denizbank.de
Further information
Supervisory authority responsible for monitoring
compliance with data protection regulations:
Der Hessische Datenschutzbeauftragte
(Hessian Data Protection Commissioner)
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Postfach 31 63
Telefon: +4961114080
Fax: +49 611 140 89 900
Website: http://www.datenschutz.hessen.de
poststelle@datenschutz.hessen.de
Der Hessische Datenschutzbeauftragte
(Hessian Data Protection Commissioner)
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Postfach 31 63
Telefon: +4961114080
Fax: +49 611 140 89 900
Website: http://www.datenschutz.hessen.de
poststelle@datenschutz.hessen.de
Cookie Policy – Information on the collection of personal data when visiting our website
Scope of the data processing activity
Our website uses cookies. Cookies are small scripts that are sent by us to the browser of your personal device
during your visit to our website and are then stored there. Some functions of our website cannot be offered
without the use of technically necessary cookies or the use of optional cookies. Other cookies let us to perform
various analyses. Cookies are, for example, able to recognize the browser you are using when you revisit our
website and to transmit various information to us. With the cookies, we can also make our website more
user-friendly and effective for you, e.g. by tracking your use of our website and determining your preferred
settings (e.g. country and language settings). If third parties process information via cookies, they collect
the information directly via your browser. Cookies do not cause any damage to your end device. They cannot
execute programs or contain viruses. Various types of cookies are used on our website. Their type and function
are explained in detail below:
Our website uses transient cookies that are automatically deleted as soon as you close your browser. This type of cookies allows for recording your session ID. Thereby, different requests of your browser can be assigned to a common session and we can recognize your end device during subsequent website visits within a session.
Persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and transmit information to us. The respective retention period differs depending on the cookie. You can delete persistent cookies independently via your browser settings.
Our website uses transient cookies that are automatically deleted as soon as you close your browser. This type of cookies allows for recording your session ID. Thereby, different requests of your browser can be assigned to a common session and we can recognize your end device during subsequent website visits within a session.
Persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and transmit information to us. The respective retention period differs depending on the cookie. You can delete persistent cookies independently via your browser settings.
Essential Cookies
These cookies are required for technical reasons so you can visit our website and use functionalities offered by
us, in particular: language settings, the use of our online forms and information we need for billing partner
services and to store your settings regarding your consent to the processing purposes.
Statistical and marketing cookies (optional cookies)
Statistical cookies enable us to analyze website usage and improve the performance and functionality of our
website. For example, information is collected about how users utilize our website, which pages are accessed
most frequently, or whether error messages are displayed on certain pages. In addition, these cookies contribute
to a secure and compliant use of the
Furthermore, we might use marketing cookies for advertising and for analysis of our marketing measures. In this case, we monitor your user behavior in order to be able to offer you personalized advertising. We process marketing cookies for a maximum period of three years or until earlier withdrawal of consent. Such withdrawal of consent does not impact the lawfulness of the processing carried out up to the time of withdrawal.
In connection with optional cookies, we also use tracking and analysis tools to ensure the continuous optimization and customized design of our website. With the help of tracking tools, it is also possible for us to statistically record the use of our website by users and to further develop our online services for you using the experience gained.
For detailed information on each of the Cookie Services as well as the tracking and analysis tools and our partner services within and outside the EU please see the Cookie Preferences.
Furthermore, we might use marketing cookies for advertising and for analysis of our marketing measures. In this case, we monitor your user behavior in order to be able to offer you personalized advertising. We process marketing cookies for a maximum period of three years or until earlier withdrawal of consent. Such withdrawal of consent does not impact the lawfulness of the processing carried out up to the time of withdrawal.
In connection with optional cookies, we also use tracking and analysis tools to ensure the continuous optimization and customized design of our website. With the help of tracking tools, it is also possible for us to statistically record the use of our website by users and to further develop our online services for you using the experience gained.
For detailed information on each of the Cookie Services as well as the tracking and analysis tools and our partner services within and outside the EU please see the Cookie Preferences.
Cookie Preferences and legal basis for the use of cookies and tracking and analysis tools and data transfer outside the EU
You can change your cookie preferences at any time in the Cookie Preferences.
We use optional cookies and related tracking and analysis tools only on the basis of your consent. You may withdraw your consent in whole or in part at any time in the Cookie Preferences. The revocation does not affect the lawfulness of the processing already carried out. We process technically necessary cookies and related data on the basis of our legitimate interest in ensuring the proper functionality of this website.
If you agree only to the use of technically necessary cookies, the functionality of our website may be limited.
Considering the purposes of processing described above under lit. a., the legal basis for the processing of personal data using essential cookies is Art. 6 (1) lit. f GDPR. If you have given us your consent to the use of optional cookies and tracking and analysis tools based on the notices we provide on the website ("Cookie Banner" or Cookie Preferences), the lawfulness of the use is based on Art. 6 para. 1 lit. a GDPR.
Please note that our website is hosted by our service provider Intertech Bilgi İşlem ve Pazarlama Ticaret A.Ş. in Turkey. For this purpose, appropriate safeguards in form of the applicable version of the standard contractual clauses of the European Commission pursuant to Art. 46 para. 2 lit. c DSGVO together with corresponding technical and organizational measures have been implemented.
We use optional cookies and related tracking and analysis tools only on the basis of your consent. You may withdraw your consent in whole or in part at any time in the Cookie Preferences. The revocation does not affect the lawfulness of the processing already carried out. We process technically necessary cookies and related data on the basis of our legitimate interest in ensuring the proper functionality of this website.
If you agree only to the use of technically necessary cookies, the functionality of our website may be limited.
Considering the purposes of processing described above under lit. a., the legal basis for the processing of personal data using essential cookies is Art. 6 (1) lit. f GDPR. If you have given us your consent to the use of optional cookies and tracking and analysis tools based on the notices we provide on the website ("Cookie Banner" or Cookie Preferences), the lawfulness of the use is based on Art. 6 para. 1 lit. a GDPR.
Please note that our website is hosted by our service provider Intertech Bilgi İşlem ve Pazarlama Ticaret A.Ş. in Turkey. For this purpose, appropriate safeguards in form of the applicable version of the standard contractual clauses of the European Commission pursuant to Art. 46 para. 2 lit. c DSGVO together with corresponding technical and organizational measures have been implemented.
Cookie related data retention period
As soon as the data transmitted to us via cookies is no longer required to achieve the purposes described above
or, in case of optional cookies, you have revoked your consent to the use of individual or all cookies or, in
case of advertising cookies, the storage period specified above has expired, the related data will be deleted
within GDPR-compliant erasure periods. Longer retention periods may apply in individual cases if required by
law.
Browser Configurations
Most browsers are set to accept cookies by default. Anyway, you can configure your respective browser so that it
only accepts certain cookies or no cookies at all. However, please note that you may no longer be able to use
all the functions of our website if your browser settings disable cookies on our website. You can also delete
cookies already stored in your browser via your browser settings or have the storage period displayed.
Furthermore, it is possible to set your browser to notify you before cookies are stored. Since the various types
of browsers can differ in their respective functionalities, please refer to the respective help menu of your
browser for the configuration options.
If you want a comprehensive overview of all third-party accesses to your browser, we recommend installing specially developed plugins for this purpose.
If you want a comprehensive overview of all third-party accesses to your browser, we recommend installing specially developed plugins for this purpose.