Guidelines on data protection for to For what purposes do we process your data (what is 1 the purpose of processing) and on what legal customers and other data subjects grounds? The following information is intended to inform you about We process personal data in accordance with the EU our processing operations of your personal data and your General Data Protection Regulation (GDPR) and the Ger- rights under the data protection law. The scope of data to man Federal Data Protection Act (BDSG). be processed and used depends primarily on the services requested or agreed upon, so not all the information pro- a. in order to fulfil our contractual obligations (Article 6, vided below will be relevant to you. Clause 1b of GDPR) Who is responsible for data processing and who may Data processing is conducted in order to provide and in- I contact? termediate in the provision of banking and financial ser- vices under our agreements with customers and in order The following entity shall be responsible for your data pro- to perform pre-contractual activities on request. The pur- cessing: pose of data processing is primarily related to a specific product (e.g. a bank account, credit, savings for building Commerz Services Holding GmbH works, securities, deposits, brokerage) and may include, Neue Börsenstraße 1 but is not limited to demand analysis, consultancy, asset 60487 Frankfurt am Main management and transactions. Further details on the pur- [email protected] pose of data processing can be found in the relevant agreements, contracts and terms of business. You can contact our Data Protection Officer at the follow- ing address: b. in order to balance interests (Article 6 Clause 1f of GDPR) Uwe Deppisch Commerzbank AG If necessary, we process your data for the proper perfor- 60261 Frankfurt am Main mance of the agreement in our / third party's justified in- [email protected] terest. Examples: Which sources and data do we use? - consultancy or exchange of data with the relevant in- formation institutions (e.g. SCHUFA) to identify sol- We process personal data received from our customers vency or default risks in the credit sector and to spec- or others as part of our business operations. Moreover, if ify demand for a bank account exempt from attach- it is required to provide our services, we also process per- ment (Pfändungsschutzkonto) or a regular bank ac- sonal data which we collect from generally available count, sources in an manner (e.g. lists of debtors, land and mort- - control and optimisation of demand analysis methods gage registers, commercial registers, registers of associ- for direct contact with customers, ations, press releases and Internet) or which was lawfully - advertising, market research studies and opinion sur- transmitted to us by other companies in the Com- veys, unless you have objected to the use of your merzbank group or other third parties (e.g. credit bu- data, reaus). - pursue of legal claims and defence in the case of le- gal disputes, The following details are considered relevant: personal - provision of IT security and bank IT operations, data (name, surname and address as well as other con- - prevention and investigation of criminal offences, tact details, date and place of birth and nationality), iden- - video-monitoring under the housing owner's rights in tification data (e.g. identity card data) and authentication order to collect evidence in case of robberies, of- data (e.g. specimen signature). In addition, it may also in- fences, fraud or to prove evidence on giving orders clude transaction data (e.g. payment orders), data relat- and making payments, e.g. at ATMs (cf. also § 4 of ing to the fulfilment of our contractual obligations (e.g. the BDSG), payments, turnovers), information on your financial stand- - measures to ensure safety in buildings and plants ing (e.g. solvency details, scoring and rating data, assets (e.g. access control), and their sources, credit details (e.g. receipts and ex- - measures to ensure the homeowner's rights, penses), advertising and distribution data (e.g. - operations aimed at the business management and "Werbescores"), documentation details (e.g. consultation further development of services and products, reports, datasheets) and other data being comparable to - risk management in the Commerzbank Group. the categories listed. c. by virtue of your consent (Article 6 Clause 1a of GDPR) 1 e.g. proxies, persons interested in the products, non-custom- ers such as e.g. transferring entities Page 1/ 4 Guidelines on data protection in regard to customers and other data subjects and mortgage registers) in the event of a statutory or If you have given us your consent to the processing of official obligation, your personal data for specific purposes (e.g. transfer of - other credit institutions and financial service provid- data within the Commerzbank Group, analysis of payment ers or comparable entities to which we transfer per- details for marketing purposes, event photos, newsletter sonal information for the purpose of conducting busi- dispatch), the legality of such processing operations is ness with you (depending on the type of agreement, based on your consent. Your given consent may be with- e.g. correspondent banks, depository banks, stock drawn at any time. It also applies to the withdrawal of exchanges, information offices), statements of consent which were given to us before the - other companies in the Commerzbank group for the entry of GDPR, i.e. prior to 25 May 2018. Such withdrawal purpose of managing risk based on statutory or offi- of consent shall be effective henceforward without preju- cial obligations, dice to the legality of data processed up to the time of this - creditors or insolvency administrators making inquir- withdrawal. ies as part of enforcement proceedings, - card providers or vendors making enquiries in case d. on the basis of statutory guidelines (Article 6 Clause of rejected card payments, 1c of GDPR) or in the public interest (Article 6 Clause - third parties engaged in the crediting process (e.g. 1e of GDPR) insurance companies, building savings banks, in- vestment companies, trustees, appraisers), In addition, as a bank, we are obliged to fulfil various legal - credit card partners (e.g. American Express, Tchibo, obligations, i.e. statutory requirements (e.g. defined in the Deutsche Bahn, TUI), Act on credit institutions and transactions, the Act on - service providers engaged by us in order processing. money laundering, the Act on securities trading, other reg- ulations) as well as banking supervision guidelines (e.g. Further recipients may include entities with regard to the European Central Bank, the European Banking Au- which you have given us your consent to provide your per- thority, the German Federal Bank and the Federal Institu- sonal data, or with regard to which you have granted us a tion for the Supervision of Financial Services). These pro- waiver under a bank secrecy agreement or consent, or cessing purposes include, but are not limited to, verifica- with regard to which we are authorised to provide your tion of credit standing, identity and age, prevention of personal details. fraud and money laundering, compliance with tax laws, control and reporting obligations, risk analysis in the bank Are my personal details transferred to a third country / in the Commerzbank Group and risk management. or to an international organisation? Who will get my data? The transfer of your data to institutions in any countries beyond the European Union (so-called third countries) At our bank, access to your data will be provided to those takes place if departments which need it in order to fulfil their contrac- tual and statutory obligations. Also our service providers - it is necessary for the execution of your orders (e.g. and contractors may receive your data for this purpose, in payment orders and securities orders), particular if they keep banking secrecy. These include - it stays in line with the law (e.g. tax obligations) or companies which provide services in the following fields: - you have given us your consent. business and credit scoring, IT, logistics, printing, tele- communications, debt collection, consulting, distribution In addition, such transfers to institutions in third countries and marketing. are provided for in the following cases: With regard to the further transfer of data to recipients be- - If required in specific cases, your personal data may yond our bank, it should first be stressed that we, as a be transferred to an IT service provider in the United bank, are obliged to maintain discretion with regard to all States or another third country in order to ensure the information, facts, evaluations and assessments relating bank IT functions while still maintaining a European to our customers of which we become aware (bank se- level of data protection. crecy in line with Section 2 of our General Terms and Con- - Personal data of persons interested in banking prod- ditions). As a general rule, we may only provide infor- ucts may be also - with their consent - processed in mation about our clients if it is required by any contractual the United States in the CRM system. provisions, if the customer consents to it or if we are au- - With the consent of data subjects or on the basis of thorised to do so under banking secrecy. Under these the statutory law on anti-money laundering, anti-ter- conditions, your personal data may be received, for ex- rorist financing and other punitive measures as well ample, by: as on the grounds of balancing of interests, personal data (e.g. ID card data) are transferred on a case-by- - public authorities and institutions (e.g. the European case basis with a level of data protection being equiv- Central Bank, the European Banking Authority, the alent to the one applicable in the European Union.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages4 Page
-
File Size-