We, DZB BANK GmbH, welcome you to our Internet presence (hereinafter also referred to as “Internet Service”). We are pleased about your interest and would like to make your visit to our Internet presence as pleasant as possible. For us, this also includes responsible handling of your data, which complies with the legal provisions in Germany in every respect.
Insofar as we refer to the regulations of the General Data Protection Regulation (GDPR), you can access this here [http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=OJ:L:2016:119:FULL&from=DE]. You can find the text of the Federal Data Protection Act (BDSG) here dsgvo-gesetz.de/bdsg-neu/
For the processing of your personal data on this Internet presence, we are the “Controller” within the meaning of Art. 4 No. 7 GDPR.
You can reach us as follows:
DZB BANK GmbH
Nord-West-Ring Straße 11
Tel: +49 (0) 6182/928-0
Our Data Protection Representative can be reached as follows:
1. Processing of data with and without a personal reference
1.1 Surfing on our website
You can basically visit our Internet presence without letting us know who you are. In this case, we only find out
· your IP address,
· the name of the accessed website/retrieved file and the time of the access/retrieval,
· the transferred data volume and
· whether the access/retrieval was successful.
The data are used exclusively for the administration and optimisation of the Internet Service.
The IP address may be an item of personal data, because under specific preconditions, it is possible to find out the identity of the owner of the use Internet access by asking the respective Internet provider.
We only evaluate the IP address in the case of attacks on our Internet infrastructure. In this case, we have a legitimate interest in processing the IP address, within the meaning of Art. 6 Subsection 1 f) GDPR. This legitimate interest arises from the requirement to defend the attack on the Internet structure, to determine the origin of the attack, to take criminal-law and civil-law action against the responsible person and to prevent additional attacks effectively.
The IP address will be deleted, if we can rule out that no attack on our Internet structure has originated from it. This usually occurs after 7 days.
Cookies are also used within our Internet Service. Cookies are small data packages, which are filed on the hard disk of your computer via the browser. Their purpose is to control the Internet connection during your visit or during a later visit to our website and thereby make the visit more convenient.
Some browsers already allow cookies in the basic setting. If you do not want this, you can change the settings of your browser. Please see the instructions of the browser producer to find out how this works. If you decide against cookies, it may occur that parts of this Internet Service cannot be used.
1.3 Tracking and web analysis services
Furthermore, the processing and use of the data, as well as the operation of the website analysis took, exclusively occurs with the aid of systems of the data centres of the Volksbanken Raiffeisenbanken. No data disclosure takes place to third parties.
You can prevent the evaluation of your data by Piwik either by activating the Piwik opt-out plug-in or using the do-not-track setting in your browser. Please see the instructions of the respective browser producer to find out how to activate the do-not-track setting. This Internet presence uses Piwik with the “AnonymizeIP” extension. This way, the further processing of IP addresses occurs in an abbreviated form, so that a direct personal reference can be excluded. The IP address sent by your browser within the using Piwik will not be combined with other data collected by us.
The Piwik program is an open source project. You can obtain information from the Third-Party Provider on data privacy at http://piwik.org/privacy/policy.
1.3.2 Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”).
Google Analytics also uses "cookies". The information created by the Cookie concerning your use of this website is generally transmitted to a Google server in the USA and stored there. This website uses Google Analytics with the “_anonymizeIp()” extension. This way, your IP address will be previously abbreviated by Google within Member States of the European Union or in other Contracting States of the Treaty on the European Economic Area. Therefore, a direct personal reference can be excluded within the scope of further processing. The full IP address will only be transferred to a Google server in the USA and abbreviated there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to produce reports concerning the website activities for the website operator and to produce additional services associated with the use of the Internet and website. The IP address sent by your browser within the context of Google Analytics will not be combined with other data of Google.
You can prevent the cookies from being stored by means of an appropriate setting in your browser software; however, we must point out that in this case not all functions of the website will be available to you in their full capacity.
Furthermore, you can prevent the storing of data generated by the cookies and related to your use of the website (incl. your IP address) to Google and processing of these data by Google by downloading and installing the available browser plug-in at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
The use of Google Analytics occurs in accordance with the preconditions, on which the German data protection authorities have agreed with Google.
Information of the third-party provider:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
User terms and conditions: http://www.google.com/analytics/terms/de.html,
Data privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html
and the data protection policy: http://www.google.de/intl/de/policies/privacy.
1.4 Making contact and communication
On several web pages, you can enter personal data for the purpose of correspondence with us, in input fields.
These data are only processed for this correspondence with you and for the purpose that you have provided us with the data within the scope of this communication, e.g. to process your enquiries or in order to contact you, upon request. In this case, the processing of the personal data occurs with your consent and is then admissible in accordance with Art. 6 Subsection 1 a) GDPR. We delete your relevant data, if the purpose for which you have disclosed your data to us is fulfilled or settled and we are not authorised or obligated to continue storage for legal reasons.
1.5 Creation and retrieval of a profile
In specific areas of our Internet presence, you also have the opportunity to voluntarily create a profile for yourself, store data there and retrieve it again, if necessary. The data entered by you and the results of the actions instigated by you (e.g. calculations), which you have entered, are then stored and are available for you to retrieve.
If you provide all of the information, the following details can be stored within the scope of our Internet Service:
First name and surname,
Date of birth,
Calculator functions and calculation results; Furthermore, we offer the use of calculators, with which you can perform an analysis on various topics (e.g. old-age pension or real estate financing), which is customised to your personal situation. By entering the data in the respective prescribed input field and then clicking on the colour-shaded “Continue” button placed at the end of the input mask, the data are exclusively transferred for the purpose of a one-off evaluation in our data processing system. The use of the calculator is voluntary. However, several of the queried data are marked as so-called mandatory details, because they are urgently necessary for the calculation of the analysis result. After the input process, the result of the data analysis is summarised in a PDF document, in some cases, which you generate by clicking on the corresponding link or button and can then save locally on your devices or print out. As a general rule, the data are completely deleted by us afterwards and are not sent to third parties or disclosed to third parties in any other way. With some calculators, you have the opportunity to save the data, which you have provided in the input fields for an evaluation later on, provided that you would like to do so and confirm this by activating the corresponding check box. In this case, we file a cookie on your device, which is stored beyond the browser session. You must allow the storage of cookies in your browser settings. As long as the cookie is stored on your device, we can receive the data stored in it when you access our calculator again and pre-fill the input fields of the calculator for your automatically. Furthermore, with some calculators, you have the opportunity to send the entered data and the calculation results to a bank advisor within the scope of a contact request, if you would like to.
In no event, does the storage of utilisation data occur during the course of this. Your profile is exclusively based on your details. Automated profile formation does not take place by us on the basis of your behaviour or other information. The access to your respective profile is protected by a password and is only accessible to third parties, if you arrange for the transfer yourself.
If you create a profile on our Internet presence, a contract is thereby concluded between us for the storage and availability of the respective profile. The processing of your personal data is therefore legitimised in accordance with Art. 6 Subsection 1 b) GDPR. Independent deletion of your personal data in the profile does not take place by us, as a general rule. However, you have the opportunity at any time to change or delete individual items of data in your profile, as well as completely deleting the created profile, as a result of which, all personal data stored there are deleted at the same time.
1.6 Information applications of other providers
Furthermore, information applications (e.g. financing calculator, stock exchange information, real estate database) provided by third parties (“Partners”) are integrated into our Internet presence. The applications are hosted on servers of the Partners and operated by these Partners. Personal data are only processed to the extent necessary for performing the services offered with the respective information application. Please note that the use of such an application is subject to the data protection policy, which is filed there, of the respective Partner, who is the controller for this processing within the meaning of Art. 4 No. 7 GDPR. Insofar as we send your personal data to a Partner in this context, this only occurs on the basis of your consent and is therefore admissible in accordance with Art. 6 Subsection 1 a) GDPR.
1.7 Google Maps
This Internet presence uses Google Maps for displaying maps and creating travel directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you use the further functions of Google, by clicking on the displayed map, for example, you are using a Google service that is outside of our sphere of interest. In this case, the specifications and instructions from Google apply in this context.
On the website accessible at www.google.de, you can find additional information on
· the Google terms and conditions ("general terms and conditions"),
· supplemental terms and conditions of use for Google Maps/Google Earth (“supplemental terms and conditions of use for Google Maps/Google Earth”),
· the legal notice for Google Maps/Google Earth (“legal notice”) and
· the Google data protection policy (“data protection policy”). In the Google data protection policy [http://www.google.de/intl/de/privacy/], you can find information about which data is recorded for which purpose and what Google does with these data.
So-called social media plug-ins (“plug-ins”) are used on out account for the Facebook and Google+ social networks and the Twitter microblogging service, as well as the YouTube, Xing and WhasApp services.
Our website uses functions of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. You can find an overview of the Facebook plug-ins and their appearance here:
Google+ is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). You can find an overview of the Google plug-ins and their appearance here:
Twitter is operated by Twitter Inc., 1355 Market St., Suite 900, San Francisco, CA 94103, USA (“Twitter”). You can find an overview of the Twitter buttons and their appearance here:
YouTube is a service of Google Inc., San Bruno/California, USA. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
Xing is operated by XING AG, Gänsemarkt 43, 20354 Hamburg.
WhatsApp is a service of WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA.
The aforementioned companies shall also be hereinafter referred to as “providers”.
To increase the protection of your data when visiting our Internet Service, the plug-ins are integrated into the website using the so-called “2-click solution” of Heise Online. This integration ensures that when a page of our Internet presence is accessed, which contains such plug-ins, no connection is established with the servers of the respective providers. Only once the plug-ins are activated and you thereby grant your consent, does your browser establish a direct connection to the servers of the activated providers. The content of the respective plug-in is then sent by the relevant provider directly to your browser and integrated into the website. Through the integration of the plug-ins, the provider receives the information that your browser has accessed the respective page of our Internet presence, even if you do not have a profile with the respective provider or are not currently logged into respective provider’s service. This information (including your IP address) is sent by your browser directly to a server of the respective provider in the USA and stored there.
If you are logged into one of the services of the providers, the providers can directly allocate the visit to our Internet presence to your profile/account of the respective provider. If you interact with the plug-ins, for example, click on the “Like” button, the “+1” button or the “Tweet” button, the corresponding information is also sent directly to a Twitter server and stored there. The information is also published in the social network/on your social media account and displayed to your contacts there. The purpose and scope of data collection and the further processing and use of the data by the providers, as well as your relevant rights and setting options for the protection of your privacy, please refer to the data protection policies of the providers:
If you do not want the providers to allocate the data collected via our Internet presence directly to your profile/account in the respective service, you must log out from the respective service prior to activating the plug-ins.
As a general rule, processing of your personal data over and above this only occurs, if you have granted us a consent for this and we are therefore authorised to process your personal data in accordance with Art. 6 Subsection 1 a) GDPR. In several areas of this Internet presence, you have the opportunity to grant such explicit consent. You will be informed by us about the respective purpose for which your data are being processed in the event of your consent, and how long we store these personal data.
1.10 Other processing on the basis of a legitimate interest
Where necessary, we process your data concerning the actual fulfilment of a contract concluded with your or over and above a consent granted by you, to preserve our legitimate interests or those of third parties, insofar as a consideration on a case-by-case basis does not does not conclude that your legitimate interests and basic freedoms prevail, which require the protection of personal data (cf. Art. 6 Subsection 1f GDPR). These may include:
· Review and optimisation of procedures for requirements analysis and direct addressing of customers;
· Advertising or market and opinion research, insofar as you have not objected to the use of your data;
· Assertion of legal claims and defence in legal disputes;
· Assurance of the IT security and IT operation of the bank;
· Prevention and clarification of felonies;
· Measures for business management and further development of services and products.
2.1 Every data subject has a right to disclosure in accordance with Art. 15 GDPR, the right to correction in accordance with Art. 16 GDPR, the right to deletion in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR and the right to data transferability from Art. 20 GDPR. With the disclosure right and deletion right, the restrictions in accordance with Sections 34 and 35 BDSG [German Data Protection Act] apply. Furthermore, a right of complaint exists with a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).
2.1.1 Revocation of granted consents
You may revoke any consent, which you have explicitly or implicitly granted to us, with effect for the future.
2.1.2 Information about your right to object in accordance with Art. 21 of the General Data Protection Regulation (GDPR)
a. For reasons, which arise from your specific situation, you have the right to file an objection to the processing of personal data relating to you at any time, on the basis of Article 6 Subsection 1 Letter e GDPR (data processing in the public interest) and Article 6 Subsection 1 Letter f of the General Data Protection Regulation (data processing on the basis of a consideration of interests); this also applies to profiling based on this provision, within the meaning of Article 4 No. 4 GDPR, which we use for a creditworthiness assessment or for marketing purposes.
If you file an objection, we will no longer process your personal data, unless we can provide evidence of mandatory protectable reasons for the processing, which outweigh your interests, rights and freedoms, or are for the purpose of processing the assertion, exercising or defence of legal claims.
b. In individual cases, we process your personal data, in order to perform direct marketing. You have the right to object to the processing of personal data relating to you at any time for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
If you object to processing for the purpose of direct marketing, we will no longer process your personal data for these purposes.
The objection can occur informally and should ideally be aimed at:
DZB Bank GmbH, Nord-West-Ring-Straße 11, 63533 Mainhausen
2.2 The assertion of all rights referred to in Clause 2.1 is generally free of charge.
However, with apparently unjustified or - particularly in the case of frequent repetition - excessive applications, on the basis of Art. 12 Subsection 5 GDPR, we can either
a. demand appropriate compensation, for which the administration costs are taken into consideration for the information or the notification or the execution of the measure applied for, or
b. refuse to take action on the basis of the application.
2.3 To exercise your rights, please contact our Data Protection Representative referred to above. You can also obtain additional information about data privacy.
As of: Mai 2018