Data protection
Privacy policy
The protection of your personal data is of great importance to us. In the following, we will inform you about which personal data is collected within the framework of the Deutsche Kreditwirtschaft website, for what purposes and on what legal basis we process this data and what rights you have as a data subject.
I. Name and address of the data controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Association of German Banks
Burgstraße 28, 10178 Berlin
+49 (30) 1663-0
II. Name and address of the data protection officer
You can reach our data protection officer at:
datenschutzbeauftragter@bdb.de
III. SSL encryption (HTTPS protocol)
In order to protect your transmitted data in the best possible way, we use SSL encryption. You can recognise such encrypted connections by the prefix "https://" in the page link in the address line of your browser. Unencrypted pages are marked with "http://". All data that you transmit to this website - for example when making enquiries or logging in - cannot be read by third parties thanks to SSL encryption.
IV. Data processing when visiting our website
1. Description and scope of data processing
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. This data and information is stored in the server's log files.
The following data is collected:
- IP address of the terminal device used by you
- Name of the retrieved file
- date and time of the retrieval
- Volume of data transferred
- Status of the retrieval (successful / unsuccessful)
- browser type and version as well as the operating system you are using
- URL of the previously accessed page (so-called "referrer URL")
This data cannot be assigned to a specific person and does not allow us to draw any conclusions about the identity of the user. It is not stored together with other personal data of the user.
2. Legal basis for data processing
The processing of the data is carried out to protect legitimate interests on the basis of a balancing of interests in accordance with Art. 6 para. 1 p. 1 lit. f GDPR.
3. Purpose of the data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Furthermore, the data is stored in order to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes.
These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 S. 1 lit. f GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
V. Use of cookies and use of session IDs
1. Description and scope of data processing
a) Cookies
This website uses cookies. A cookie is a standardised text file that is stored by your browser for a set period of time. Cookies enable the local storage of information such as language settings and temporary identifiers, which can be retrieved by the server that set the cookie on subsequent website visits. We also use cookies on our websites that allow us to analyse the surfing behaviour of users. The user data collected in this way is pseudonymised by technical precautions. Therefore, it is no longer possible to assign the data to the calling user. The data is not stored together with other personal data of the user.
When accessing our website for the first time, a cookie manager will
- Inform about the use of necessary/technical cookies. (These cookies are required for the basic functions and security of the website). The necessary/technical cookies cannot be deselected.
- Ask for user consent for the use of cookies for statistics, marketing and third-party providers. As these cookies are not necessary for the functionality of the website, users can deselect them via the "Customise selection" button and thus refuse their consent for the use of the cookies.
- Refer to this data protection declaration.
In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings. While the Cookie Manager is displayed, all far-reaching scripts on the website that could potentially collect your user data are initially blocked. Access to the imprint and the privacy policy is not prevented by the Cookie Manager.
Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. Only as soon as you have given your consent by an active, voluntary action, such as placing a check mark in the Cookie Manager or clicking on a button, the data processing requiring consent can be carried out in accordance with Art. 7 GDPR. Cookies can be deactivated in the system settings of browsers. It is also possible to view our web pages without the use of cookies. Cookies that have already been saved can be deleted in the system settings of the browser. However, the exclusion of cookies can lead to functional restrictions of our offer. Please note that after deleting all browser cookies, previously set opt-out cookies are also deleted and must be set again.
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change. The user data collected through technically necessary cookies is not used to create user profiles. Analysis cookies are used to improve the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus continuously optimise our offer.
The legal basis for the processing of personal data using cookies is Art. 6 (1) f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) a) GDPR if the user has consented to this.
Note: It is possible to manage many online ad cookies from companies via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/ .
b) Google Analytics
The website uses Google Analytics, a web analytics service provided by Google, Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about - if available - socio-demographic data, your use of this website (including your IP address, which is shortened with the _anonymizeIp() method, so that it can no longer be assigned to a connection) is transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website operator. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser.
You can object to the collection of data by Google Analytics as well as the processing of the data by Google with future effect by installing a deactivation add-on for your browser (http://tools.google.com/dlpage/gaoptout?hl=de).
We use Google Analytics to analyse and regularly improve the use of our websites. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google relies on the so-called Standard Contractual Clauses (SCC). The European Commission has approved the use of standard contractual clauses as ensuring adequate protection when transferring data outside the European Economic Area (EEA).
Google Analytics falls within the scope of the Google Advertising Products Commissioned Data Processing Terms for Google Services. Google is entitled to update the list in accordance with the provisions of the Google Advertising Products Order Data Processing Terms. In relation to the Google Advertising Products Order Data Processing Terms (and depending on which processor services are used under the relevant agreement), the following types of personal data may be processed:
Online identifiers (including cookie identifiers), Internet Protocol addresses and device identifiers, customer-assigned identifiers. See here
The order data processing terms and conditions for Google advertising products can be found here. (Point 10. Data transfer - standard contractual clauses).
The data we send will be automatically deleted after 14 months. Deletion after expiry of the retention period takes place automatically once a month.
Information of the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions:
http://www.google.com/analytics/terms/de.html , overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html , and data protection declaration: http://www.google.de/intl/de/policies/privacy.
2. Legal basis for data processing
The processing of data by means of cookies is carried out to protect our legitimate interests on the basis of a balancing of interests, which always also takes your interests into account (Art. 6 para. 1 p. 1 lit. f GDPR).
3. Purpose of the data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. The user data collected through technically necessary cookies are not used to create user profiles.
Google Analytics is used to analyse and regularly improve the use of this website. The statistics obtained can be used to improve the offer to you and make it more interesting for you as a user.
These purposes are also our legitimate interest in the processing of personal data according to Art. 6 para. 1 p. 1 lit. f GDPR.
4. Deactivation and removal options
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
VI. Integration of social media plugins
So-called social media plugins ("plugins") of the social networks Facebook and Xing and the microblogging service Twitter are used on our website. These services are provided by the companies Facebook Inc. ("Facebook"), Xing SE ("Xing") and Twitter Inc. ("Twitter").
You can find an overview of the Facebook plugins here:
https://developers.facebook.com/docs/plugins
An overview of the plugins from Xing can be found here:
An overview of the Twitter buttons can be found here:
https://about.twitter.com/en_us/company/brand-resources.html
The embedded plugins do not automatically establish a connection with the servers of Facebook, Xing and Twitter when our website is called up. Only when the user actively clicks the share button of the desired social media service is the collection of user data and the transmission to the service operator also triggered.
The content of the respective plugin is then transmitted directly to your browser by the associated operator and integrated into the page. By integrating the plugins, the operators receive the information that your browser has called up the corresponding page of our website. This information (including your IP address) is transmitted by your browser directly to a server of the respective operator in the USA and stored there.
If you are logged into one of the social networks at the same time, the operators can directly assign your visit to our website to your profile on Facebook or Google+. If you interact with the plugins, for example by clicking the "Like", "+1" or "Tweet" button, the corresponding information is also transmitted directly to a server of the operators and stored there. The information will also be published on the social network or on your Twitter account and displayed there to your contacts.
The purpose and scope of the data collection and the further processing and use of the data by the operators as well as your rights in this respect and setting options for protecting your privacy can be found in the data protection information of the operators:
- Data protection information from Facebook: http://www.facebook.com/policy.php
- Data protection information from Xing: https://www.xing.com/privacy
- Data protection information from Twitter: https://twitter.com/privacy
If you do not want Facebook, Xing or Twitter to assign the data collected via our website directly to your profile in the respective service, you must log out of the corresponding service before activating the share button.
VII. Integration of our Twitter feed
The websites operated by the German Banking Industry use content created on Twitter. This is provided by Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). The content is made visible by embedding it on our website. Further information can be found in Twitter's privacy policy at http://twitter.com/privacy. By visiting the website, these providers receive the information that you have accessed the corresponding sub-page of our website. In addition, further data is transmitted.
This takes place regardless of whether there is a user account there via which you are logged in or whether there is no user account. If you do not wish to be associated with your profile, you must log out before activating the respective button. You have the right to object to the creation of these user profiles, whereby you must contact the respective provider to exercise this right. With the embeddings, we pursue the interest of showing you content that is of interest to you in order to make our website more interesting for you. The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f GDPR.
VIII. Integration of Google Maps
For this website, Google Maps is used to display maps. This allows interactive maps to be displayed directly on the website and enables the use of the map function. The map function of Google Maps uses persistent cookies. By visiting the sub-page of this website on which Google Maps is used, Google receives the information that you have called up the corresponding sub-page. In addition, at least the data mentioned under IV. 1. will be transmitted to Google.
This takes place regardless of whether you are logged in via a Google user account. If you are logged in to Google, your data will be assigned to your Google user account. If you do not wish such an assignment, you must log out before calling up the map function. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on this website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
Further information on the purpose and scope of data collection and processing by Google can be found in the provider's privacy policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy.
Your data is processed on the basis of a balance of interests that always takes your interests into account (Art. 6 para. 1 p. 1 lit. f GDPR).
IX. Registration for an information event
1. Description and scope of data processing
We regularly offer you the opportunity to register for one of our information events on our website. If a user takes advantage of this opportunity, the following personal data is collected from him/her in an online form:
- Title
- Name
- First name
- E-mail address
- Institute/ Company
- Department (optional)
- Telephone/ fax number
- Street
- POSTCODE
- City
- Different billing address (optional)
- Affiliation to a certain group of interested parties (optional)
The data will only be used for processing your event registration and will only be forwarded to the respective organiser.
The respective organiser is solely responsible for the further processing of the data.
2. Legal basis for data processing
The legal basis for the processing of the data is the initiation and fulfilment of a contract pursuant to Art. 6 para. 1 p. 1 lit. b GDPR.
3. Purpose of the data processing
The processing of the personal data from the input mask is solely for the purpose of processing the registration for an information event. No other personal data is collected.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is regularly the case six weeks after the event.
X. Registration for the newsletter
1. Description and scope of data processing
Our website offers the possibility to subscribe to our newsletter free of charge. To subscribe to the newsletter, it is sufficient to enter your e-mail address.
The newsletter service is provided by our processor Mailjet (SAS Mailjet, 13-13bis, rue de l'Aubrac - 75012 Paris, FRANCE), which uses your email address exclusively for sending the newsletter. You can find Mailjet's privacy policy at https://www.mailjet.de/privacy-policy/ . Beyond that, your e-mail address will not be passed on to third parties.
Registration for our newsletter takes place in a so-called double opt-in process. This means that when you register for the newsletter, you expressly agree to receive the newsletter, after which you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address.
The newsletters themselves contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the Mailjet server when the newsletter is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, but also your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Furthermore, it is registered whether the newsletters are opened, when they are opened and which links are clicked.
2. Legal basis for data processing
The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 p. 1 lit. a GDPR if the user has given his consent.
The performance of statistical surveys and analyses as well as the logging of the registration process are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR.
3. Purpose of the data processing
The collection of the user's e-mail address serves to send the user a copy of his request as well as the newsletter.
Furthermore, the processing of your data serves to technically improve the services and to analyse the reading habits of our users in order to adapt our content to them or to send different content according to the interests of our users. This is also our legitimate interest according to Art. 6 para. 1 p. 1 lit. f GDPR.
4. Duration of storage
Subject to legal retention periods, your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, they will be stored as long as the newsletter subscription is active.
5. Possibility of objection and removal
The subscription to the newsletter can be cancelled by the user at any time. A link to cancel the newsletter can be found at the end of each newsletter.
XI. Data processing in the event of contact
1. Description and scope of data processing
On our website, we offer users the opportunity to contact us in writing, by telephone, by fax or by e-mail. If a user makes use of this option, all personal data transmitted to us will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
2. Legal basis for data processing
The legal basis for the processing of data transmitted to us in the course of contacting us is Art. 6 para. 1 p. 1 lit. f GDPR. If the contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
3. Purpose of the data processing
The processing of personal data is solely for the purpose of processing the contact. This is also the necessary legitimate interest in processing the data.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is regularly the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
XII. Disclosure to third parties
Under no circumstances will the responsible party disclose personal data to third parties for advertising or marketing purposes without prior express consent. However, it may be necessary to make your data available to third parties to the extent that this is necessary for the operation of the website and the services offered, e.g. to a service provider who hosts the website and the data generated via it. These companies are obliged by the data controller to comply with the relevant data protection laws.
The controller may also be legally obliged to pass on data to third parties, e.g. investigating authorities.
Except to the extent mentioned above, your personal data will not be disclosed to third parties without your prior consent.
XIII. Rights of the data subject
Insofar as we base the processing of your personal data on Art. 6 (1) sentence 1 lit. f GDPR ("legitimate interests"), you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR.
Insofar as the processing of your personal data is based on your consent, you have the right to revoke your declaration of consent under data protection law at any time in accordance with Art. 7 (3) GDPR. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
In addition, as a data subject within the meaning of the GDPR, you have the following rights vis-à-vis the controller:
1. Right of information
You have the right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
2. Right of rectification
You have a right to rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you is inaccurate or incomplete. The controller must make the rectification without undue delay.
3. Right of restriction of processing
You have the right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful but you object to its erasure, we no longer require the data but you need it to assert, exercise or defend legal claims, or you have objected to the processing in accordance with Art. 21 GDPR.
4. Right of deletion
You have the right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
5. Right of data portability
You have the right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer of your personal data stored by us to another controller.
6. Right to complain to a supervisory authority
You have the right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
Status: June 2021
