The protection of your personal data is of great importance to us. In the following, we will inform you about which personal data is collected within the framework of the Deutsche Kreditwirtschaft website, for what purposes and on what legal basis we process this data and what rights you have as a data subject.
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Association of German Banks
Burgstraße 28, 10178 Berlin
+49 (30) 1663-0
You can reach our data protection officer at:
In order to protect your transmitted data in the best possible way, we use SSL encryption. You can recognise such encrypted connections by the prefix "https://" in the page link in the address line of your browser. Unencrypted pages are marked with "http://". All data that you transmit to this website - for example when making enquiries or logging in - cannot be read by third parties thanks to SSL encryption.
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. This data and information is stored in the server's log files.
The following data is collected:
This data cannot be assigned to a specific person and does not allow us to draw any conclusions about the identity of the user. It is not stored together with other personal data of the user.
The processing of the data is carried out to protect legitimate interests on the basis of a balancing of interests in accordance with Art. 6 para. 1 p. 1 lit. f GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
Furthermore, the data is stored in order to ensure the functionality of the website. In addition, we use the data to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes.
These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 S. 1 lit. f GDPR.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
When accessing our website for the first time, a cookie manager will
The legal basis for the processing of personal data using cookies is Art. 6 (1) f) GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) a) GDPR if the user has consented to this.
Note: It is possible to manage many online ad cookies from companies via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/ .
You can object to the collection of data by Google Analytics as well as the processing of the data by Google with future effect by installing a deactivation add-on for your browser (http://tools.google.com/dlpage/gaoptout?hl=de).
We use Google Analytics to analyse and regularly improve the use of our websites. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google relies on the so-called Standard Contractual Clauses (SCC). The European Commission has approved the use of standard contractual clauses as ensuring adequate protection when transferring data outside the European Economic Area (EEA).
Google Analytics falls within the scope of the Google Advertising Products Commissioned Data Processing Terms for Google Services. Google is entitled to update the list in accordance with the provisions of the Google Advertising Products Order Data Processing Terms. In relation to the Google Advertising Products Order Data Processing Terms (and depending on which processor services are used under the relevant agreement), the following types of personal data may be processed:
Online identifiers (including cookie identifiers), Internet Protocol addresses and device identifiers, customer-assigned identifiers. See here
The order data processing terms and conditions for Google advertising products can be found here. (Point 10. Data transfer - standard contractual clauses).
The data we send will be automatically deleted after 14 months. Deletion after expiry of the retention period takes place automatically once a month.
Information of the third party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions:
http://www.google.com/analytics/terms/de.html , overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html , and data protection declaration: http://www.google.de/intl/de/policies/privacy.
The processing of data by means of cookies is carried out to protect our legitimate interests on the basis of a balancing of interests, which always also takes your interests into account (Art. 6 para. 1 p. 1 lit. f GDPR).
The purpose of using technically necessary cookies is to simplify the use of websites for users. The user data collected through technically necessary cookies are not used to create user profiles.
Google Analytics is used to analyse and regularly improve the use of this website. The statistics obtained can be used to improve the offer to you and make it more interesting for you as a user.
These purposes are also our legitimate interest in the processing of personal data according to Art. 6 para. 1 p. 1 lit. f GDPR.
So-called social media plugins ("plugins") of the social networks Facebook and Xing and the microblogging service Twitter are used on our website. These services are provided by the companies Facebook Inc. ("Facebook"), Xing SE ("Xing") and Twitter Inc. ("Twitter").
You can find an overview of the Facebook plugins here:
An overview of the plugins from Xing can be found here:
An overview of the Twitter buttons can be found here:
The embedded plugins do not automatically establish a connection with the servers of Facebook, Xing and Twitter when our website is called up. Only when the user actively clicks the share button of the desired social media service is the collection of user data and the transmission to the service operator also triggered.
The content of the respective plugin is then transmitted directly to your browser by the associated operator and integrated into the page. By integrating the plugins, the operators receive the information that your browser has called up the corresponding page of our website. This information (including your IP address) is transmitted by your browser directly to a server of the respective operator in the USA and stored there.
If you are logged into one of the social networks at the same time, the operators can directly assign your visit to our website to your profile on Facebook or Google+. If you interact with the plugins, for example by clicking the "Like", "+1" or "Tweet" button, the corresponding information is also transmitted directly to a server of the operators and stored there. The information will also be published on the social network or on your Twitter account and displayed there to your contacts.
The purpose and scope of the data collection and the further processing and use of the data by the operators as well as your rights in this respect and setting options for protecting your privacy can be found in the data protection information of the operators:
If you do not want Facebook, Xing or Twitter to assign the data collected via our website directly to your profile in the respective service, you must log out of the corresponding service before activating the share button.
This takes place regardless of whether there is a user account there via which you are logged in or whether there is no user account. If you do not wish to be associated with your profile, you must log out before activating the respective button. You have the right to object to the creation of these user profiles, whereby you must contact the respective provider to exercise this right. With the embeddings, we pursue the interest of showing you content that is of interest to you in order to make our website more interesting for you. The legal basis for the processing of your data is Art. 6 para. 1 p. 1 lit. f GDPR.
For this website, Google Maps is used to display maps. This allows interactive maps to be displayed directly on the website and enables the use of the map function. The map function of Google Maps uses persistent cookies. By visiting the sub-page of this website on which Google Maps is used, Google receives the information that you have called up the corresponding sub-page. In addition, at least the data mentioned under IV. 1. will be transmitted to Google.
This takes place regardless of whether you are logged in via a Google user account. If you are logged in to Google, your data will be assigned to your Google user account. If you do not wish such an assignment, you must log out before calling up the map function. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on this website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
Your data is processed on the basis of a balance of interests that always takes your interests into account (Art. 6 para. 1 p. 1 lit. f GDPR).
We regularly offer you the opportunity to register for one of our information events on our website. If a user takes advantage of this opportunity, the following personal data is collected from him/her in an online form:
The data will only be used for processing your event registration and will only be forwarded to the respective organiser.
The respective organiser is solely responsible for the further processing of the data.
The legal basis for the processing of the data is the initiation and fulfilment of a contract pursuant to Art. 6 para. 1 p. 1 lit. b GDPR.
The processing of the personal data from the input mask is solely for the purpose of processing the registration for an information event. No other personal data is collected.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is regularly the case six weeks after the event.
Our website offers the possibility to subscribe to our newsletter free of charge. To subscribe to the newsletter, it is sufficient to enter your e-mail address.
Registration for our newsletter takes place in a so-called double opt-in process. This means that when you register for the newsletter, you expressly agree to receive the newsletter, after which you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the subscription process in accordance with legal requirements. This includes the storage of the registration and confirmation time as well as the IP address.
The newsletters themselves contain a so-called "web beacon", i.e. a pixel-sized file that is retrieved from the Mailjet server when the newsletter is opened. Within the scope of this retrieval, technical information such as information on the browser and your system, but also your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times. Furthermore, it is registered whether the newsletters are opened, when they are opened and which links are clicked.
The legal basis for the processing of the data after the user has registered for the newsletter is Art. 6 para. 1 p. 1 lit. a GDPR if the user has given his consent.
The performance of statistical surveys and analyses as well as the logging of the registration process are carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR.
The collection of the user's e-mail address serves to send the user a copy of his request as well as the newsletter.
Furthermore, the processing of your data serves to technically improve the services and to analyse the reading habits of our users in order to adapt our content to them or to send different content according to the interests of our users. This is also our legitimate interest according to Art. 6 para. 1 p. 1 lit. f GDPR.
Subject to legal retention periods, your personal data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, they will be stored as long as the newsletter subscription is active.
The subscription to the newsletter can be cancelled by the user at any time. A link to cancel the newsletter can be found at the end of each newsletter.
On our website, we offer users the opportunity to contact us in writing, by telephone, by fax or by e-mail. If a user makes use of this option, all personal data transmitted to us will be stored. In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
The legal basis for the processing of data transmitted to us in the course of contacting us is Art. 6 para. 1 p. 1 lit. f GDPR. If the contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 p. 1 lit. b GDPR.
The processing of personal data is solely for the purpose of processing the contact. This is also the necessary legitimate interest in processing the data.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is regularly the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified.
Under no circumstances will the responsible party disclose personal data to third parties for advertising or marketing purposes without prior express consent. However, it may be necessary to make your data available to third parties to the extent that this is necessary for the operation of the website and the services offered, e.g. to a service provider who hosts the website and the data generated via it. These companies are obliged by the data controller to comply with the relevant data protection laws.
The controller may also be legally obliged to pass on data to third parties, e.g. investigating authorities.
Except to the extent mentioned above, your personal data will not be disclosed to third parties without your prior consent.
Insofar as we base the processing of your personal data on Art. 6 (1) sentence 1 lit. f GDPR ("legitimate interests"), you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR.
Insofar as the processing of your personal data is based on your consent, you have the right to revoke your declaration of consent under data protection law at any time in accordance with Art. 7 (3) GDPR. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
In addition, as a data subject within the meaning of the GDPR, you have the following rights vis-à-vis the controller:
You have the right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
You have a right to rectification and/or completion vis-à-vis the data controller if the personal data processed concerning you is inaccurate or incomplete. The controller must make the rectification without undue delay.
You have the right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful but you object to its erasure, we no longer require the data but you need it to assert, exercise or defend legal claims, or you have objected to the processing in accordance with Art. 21 GDPR.
You have the right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
You have the right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request the transfer of your personal data stored by us to another controller.
You have the right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.
Status: June 2021