Data Protection Notice

The responsible party is:

UniCredit Bank GmbH
Arabellastr. 12
81925 München
Telefon: +49 (0)89 378 – 0
E-Mail-Adresse: info@unicredit.de 

You can reach our Corporate Data Protection Officer at:

UniCredit Bank GmbH
Datenschutzbeauftragter
Postfach
80311 München
Telefon: +49 (0)89 378 – 0
E-Mail-Adresse: datenschutzrechte@unicredit.de

We process the personal data that we obtain from you, if you are interested in our products, sign up for a web service, contact us by E-Mail, Chat, or a contact form. Relevant personal data of prospective customers, applicants or customers can include:

• Personal details (e.g. name, address, e-mail address and other contact data)
• Order-related data (e.g. your banking account, tax identification number (TIN))
• Information regarding your financial situation (such as your monthly expenses)
• And other data comparable to the above categories.

When visiting the website we obtain by our IT systems technical data, as for example information about the internet browser, the operating system or the time of page view, in order to ensure an accurate provision of the website. The collection of data takes place, as soon as you open the website and is indispensable for the operation of the site.

In the context of our Internet presence we collect in additional data as for instance IP addresses and unique identifiers of devices as well as anonymous data about your online habits. This helps us to realize, whether and how you are on the way to our websites, in order to configure our web presence user-oriented and in line with demand.

Further information can be found on COOKIES.

In the context of our Internet presence we process various types of personal data in the following way:

• If you enroll for a service and give your personal details (as for example your name, address or email-address) we use your data only in order to communicate with you and for the purpose you dedicated your data to us respectively as far as this is necessary for the implementation of the service. If you enroll for a newsletter subscription, we use your data only for the newsletter-subscription.
• If you use our Internet presence in order to forward a message directly to us or place an order, we use your data after processing your order or your message in order to inform you about the subject you addressed in your message or about other subjects. This doesn’t apply if you objected to the use and the processing of data for purposes of direct advertising.

Any processing and use of your personal data extending beyond takes only place - except for the cases where we are legally bound - if you have given us your consent. On some sides of this website you have the opportunity to provide your consent (e.g. in order to contact you by telephone). In case of providing consent the purpose of data processing is predetermined. It goes without saying that consent is freely given and that your consent can be revoked at any time by telephone on 0800/1090903 or alternatively by forwarding an email to info@unicredit.de.

For the purpose of meeting contractual obligations (Art. 6 para. 1 b GDPR)

Data are processed to conduct banking business and provide financial services under the contracts with our customers and to implement pre-contractual measures, upon request (e.g. product and advisory inquiries of prospective customers and customers). The purposes for which data processing is used primarily depend on the specific product (e.g. consumers financing, account, loan) and can include requirements analysis and product selection, among other things. You can find additional details regarding the purposes for which data processing is utilized in the relevant contract documents and standard terms of business.

As part of balancing of interests (Art. 6 para. 1 f GDPR)

In addition to processing your data for the actual performance of the contract or for pre-contractual measures, we process your data to the extent necessary to protect our legitimate interests and those of third parties. Examples:

• Consulting and exchanging data with credit bureaus (e.g. SCHUFA) to determine the credit risk or risk of default in the lending transaction and the need for an attachment protection account or a basic account,
• Examining and optimizing requirements analysis procedures for the purpose of direct customer contact,
• Advertising or market-and-opinion research, to the extent that you have not objected to this use of your data,
• Analysis of information we obtain for quality improvement upon visiting our website,
• Analysis of results of marketing efforts in order to measure the efficiency and the relevance of our campaigns,
• Ensuring IT security and the security of the Bank’s IT operations,
• Taking measures to manage the business and further develop services and products

With your consent (Art. 6 para. 1 a GDPR)

To the extent that you have given us your consent to process your personal data for specific purposes (e.g. telephone contact and promotional approach), such processing is lawful based on your consent. Once given, your consent can be revoked at any time. This also applies to declarations of consent provided to us before the GDPR takes effect, i.e. before 25 May 2018. The revocation of consent does not affect the lawfulness of data processed before the revocation.

Based on legal obligations (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

Moreover, as a bank, we are subject to various legal obligations, i.e. statutory requirements (e.g. the German Banking Act [Kreditwesengesetz], the Money-Laundering Act [Geldwäschegesetz], the Securities Trading Act [Wertpapierhandelsgesetz], and the tax laws) as well as bank regulatory requirements (e.g. those imposed by the European Central Bank, the European banking regulator, the German Central Bank and the German Federal Financial Supervisory Authority). The purposes for which processing is used include fraud and money-laundering prevention and the fulfilment of control and reporting obligations under tax laws.

Within the Bank, those parties that need access to your data to meet our contractual and statutory obligations receive such access. Service providers and agents utilised by us can also receive data for these purposes if they maintain banking secrecy and data protection. With regard to this website we utilise companies in the categories of IT services as well as marketing and online audience measurement. We only engage selected service providers which are contractually obliged to process data solely in line with our instructions.

With respect to the disclosure of data to recipients outside of our Bank, it should first be noted that, as a bank, we are obliged to maintain confidentiality with respect to all customer-related facts and assessments of which we obtain knowledge (banking secrecy in accordance with No. 2 of our Standard Terms of Business[OH(-U1] [LK(-U2] ). We may only disclose information regarding you when statutory provisions so require or when you have consented to this or we are authorised to issue a bank reference. Under these conditions, the following parties may receive your personal data, e.g.:

• Public bodies and institutions (e.g. the German Central Bank, the German Federal Financial Supervisory Authority, the European Banking Authority, the European Central Bank, financial authorities, prosecuting authorities) if there is a statutory or regulatory obligation.
• Other banks and financial services institutions or comparable institutions to which we send personal data in the pursuit of our business relationship with you (depending on the contract, e.g. correspondent banks, custodian banks, stock exchanges, credit bureaus)

Data will only be transferred to countries outside the EU and the European Economic Area (so-called third countries), if this is required for the execution of your orders (e. g. payment orders and orders for securities), prescribed by law (e. g. reporting obligations under tax law), if you have given us your consent or in the context of commissioned data processing.

If service providers in a third country are used, data transfer is permissible, if the European Commission has decided that there is an adequate level of protection in the third country (Art. 45 GDPR). If the Commission has not made such a decision, UniCredit Bank GmbH or the service provider may only transfer personal data to a service provider in a third country if suitable guarantees have been provided (e. g. EU Standard Contractual Clauses) as well as enforceable rights and legal remedies are available.

In addition, UniCredit Bank GmbH has contractually agreed with its service providers that privacy principles with due observance of the European level of data protection, must always be ensured by their contract partners.

We process and store your personal data for as long as this is necessary for the relevant processing purposes.

If the data are no longer necessary to meet contractual or statutory obligations, they are deleted on a regular basis, unless there is a need to further process the data – for a limited period of time – for the following purposes: To meet retention obligations under commercial and tax law: Such laws include the German Commercial Code (HGB), the Tax Code (AO), the Banking Act (KWG), the Money-Laundering Act (GwG) and the Securities Trading Act (WpHG). These laws prescribe two- to ten-year retention or documentation periods. 

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions in §§ 34 and 35 BDSG apply to the right to information and the right of erasure. In addition, there is a right to lodge a complaint with a competent data protection authority (Article 77 GDPR in conjunction with § 19 BDSG).

In the case that you claim your data protection rights please contact our Corporate Data Protection Officer by reference to the Internet Presence www.hypovereinsbank.de. You can find further information about the processing of personal data by UniCredit Bank GmbH and your rights under data protection law at hvb.de/eu-gdpr-information.

This Internet presence doesn’t contain social plugins of social networks such as Facebook, Google+ or Twitter, but only hyperlinks to social networks. Hence these networks have no way of reconstructing your activities on our websites.

On our Internet presence www.hypovereinsbank.de we deploy YouTube on a few pages. YouTube is a videoportal of YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as „YouTube“. YouTube is a subsidiary company of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as „Google“. 

We utilise YouTube in connection with a 2-click-solution in order to show videos to you. By using this solution for the integration of YouTube videos, we ensure that by starting the video you agree and consent with loading the YouTube player and therefore make a connection with YouTube’s server and transfer data. Before your video start, a YouTube connection is not made automatically. You will know a YouTube connection has been started when you see start screen „starting YouTube Video“. By clicking on YouTube Video information (including your IP-Address, the date, the time as well as the webpage visited by you) is transferred to the server of YouTube resp. Google in US. Moreover a connection is established to the commercial network „DoubleClick“ of Google. By starting the video further data processing operations can be initiated. Please note, that we have no influence on this.

Videos without designation within the start screen „starting YouTube Video“ are on our servers and don’t establish a connection to YouTube.

In case you are logged on YouTube at the same time, YouTube allocates the connection information to your YouTube-account. If you want to prevent this, you need to log off on YouTube or to adjust the settings in your YouTube-user account before you visit our Internet presence. For the purpose of functionality and analysis of user behaviour YouTube stores permanently cookies over your internet browser on your device. If you disagree with the processing, you can adjust the settings in your internet browser, in order to hamper the storage of cookies. You can find further information of Google about the collection and use of data, your rights in this regard and protection measures on https://www.google.de/intl/de/policies/privacy/

Absolutely necessary functional cookies, without these cookies our website cannot function correctly. These cookies are set by HypoVereinsbank directly and therefore are so called First Party cookies. Furthermore, these cookies are part of a functionality which enables the switch from unencrypted http to encrypted https, therefore enabling higher security standards. Last but not least functional cookies are also used to save your decision, which cookie categories you allowed or not.

Absolutely necessary functional cookies cannot be turned off. But you can deny all cookies by using your browser settings if you like to do so. But we like to point out, that if you do so, our website may not work correctly in some parts or not work at all.

In addition to cookies, we also use a local storage of your browser on selected pages, e.g. account application sections. A web browser can store page-related data and information in a local storage, which it can retrieve at a later time. In contrast to cookies, that data is only transmitted and accessed/read when required and not every time the website is called upon.

Every web browser has this kind of storage area in two different forms:

• the local storage (stored information has no predefined expiration date),
• and the session storage (process with end of a session, usually when closing the browser). 

We use the local storage to save selected products and technical allocation characteristics, such as an OrderID, in order to reuse them in further user guidance course.

In this case we do not process personal data. Data stored in local storage cannot be accessed by third parties, they will neither be transferred to third parties nor used for advertising purposes.

You are able to delete the Local Storage at any given time through your browser settings. It is possible that any initiated account application processes must be restarted afterwards. 

These are cookies, which are only set after your explicit consent them. You can give this consent if you tick the category "Statistics" in the cookie banner and accept the selection. The selection via the button "Accept all" includes this consent too. 

To be able to analyse the usage of our website, we use the analytics provider Adobe (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland). Website usage is not recorded in the Online Banking section of our page. The website is analysed by using the tool “Adobe Analytics”. Adobe Analytics saves a shortened version of your IP address, therefore it is not possible to use your original IP address in any way.

In general, we don’t transfer any clear text personal identifiable information to Adobe Analytics. Such data fields will be converted to a pseudonym by using the SHA-256 hashing algorithm. By that Adobe and other external service providers cannot get and save clear text personal identifiable information of our users.

Data is collected and calculated for the sole purpose of creating statistical reports, by using these reports we can monitor and optimise our webpage to create a better user experience.

Withdrawal:

Even after active consent on your part, you have the right to object to this type of recording at any given time by revoking your consent.

You are able to change your settings through the cookie banner for the category "statistics" or you can do this directly with our partner Adobe – to change your setting, please click HERE and use the opt out / exclusion link "Click here".

After that a blocking cookie will be saved on your device. Please note: If you delete the blocking cookie or use a different web browser, you will have to withdraw your consent again.

To give your renewed consent to the creation and analysis of records, you can do this through the cookie banner after a reset. Please click HERE

These cookies are opt-in-only, this means data and cookies will only be transferred in this category, if you explicitly give us your consent. This consent is given when you check the corresponding category entry in the cookie banner and then click “Accept selection” in the details layer or when you click on “Accept all” / “Accept” in the standard layer (both of these option opt in for all categories).

By doing our marketing campaigns we work sometimes with the external company named Salesfeeder to track certain pages on hypovereinsbank.de. These sites are for example contact request pages as well as online orders of our offered products. By getting data from us, this company is not enabled to get a direct relation to you as a person. We use the data to get a statistical reporting how well our marketing campaigns are performing considering different details about online orders made. As an example: We measure which ad placement leads to an online product sale.

The following cookies are set from marketing related tags:

Even when you opted in and gave your consent, you have the right to revoke this consent. Your opt out will also take an effect on the fact that no relation can be made between your contact request and the ad you clicked before to come to the site.

If you decide to disagree to the recording of statistical data, a special blocking-cookie will be set on your device. Please note: If you delete this blocking-cookie or use another web browser or device, you have to activate the opt out / blocking-cookie again.

Revocation:

Next to the possibility to revoke within the cookie banner, you can also explicitly use the option of our partner Salesfeeder. Therefor please click here.

You can give your renewed consent to the creation and analysis of records by our partner Salesfeeder via the cookie banner after resetting. Please click HERE.

These are cookies subject to approval, which are only set after your explicit consent. You can grant this consent by checking the "Personalization" category in the cookie banner and accepting the selection. Selecting "Accept All" includes this consent. When it comes to both product recommendations and proactive service, customers expect a response tailored to their personal needs. We focus on individualized interaction in the right context and the enhancement of the customer experience. For real-time interaction management, we utilize a tool of an external provider.

You can find more detailed information on dealing with external service providers and data transfers in this privacy policy.

By selecting the "Personalization" category, you declare your consent to use the following described data:

• Information about you that you provide to us when registering for a service. This includes information provided during your registration for HVB Online Banking or other services (e.g., newsletter subscription).
• Personal records of your use of our internet services: among others, we collect detailed behavioral information based on your activities when using digital channels (e.g., hypovereinsbank.de including subdomains, online and mobile banking) in order to determine your personal interests.
• Personal records of your use of our email services: among others, we can deduce from your click behavior how our email offerings resonate with you and which products or services you are interested in.
• Bank-internal data about the customer relationship (e.g., information about whether you hold a current account or a securities account with us).

We use this data for the following purposes:

• Targeted, needs-based customer communication in our digital channels.
• Optimization of needs-based advice, advertising, and market research.
• Improved design and functionality of our website.

If you have additionally granted consent for the use of your data in the logged-in area ("Online Banking / Mobile Banking"), we combine this information to display even more tailored offers to you. However, we do this only if both declarations of consent are available. For personalization, we use a cookie from our third-party service provider to identify you.  This cookie is valid for one year.

We provide you a convenient solution, which you can use to opt in or opt out certain cookie categories. The different third party cookies are grouped into these categories. You can use the different sliders in the cookie banner, to opt in or opt out of these different categories.

Your current cookie settings can be viewed in the footer of our website under "Cookie-Einstellungen".

Please click  here to reset your settings and reopen the cookie banner again, to be able to change your settings.

If a category is turned off and this setting is confirmed, all third party cookies of this category will not be activated and therefore blocked. In this case no data will be transmitted to those third parties.

If a category is turned on again by you or if the setting is already activated and the default setting is not changed, all third party cookies out of the category will be loaded and therefore data will be transferred to the third parties.

You can also block or delete cookies entirely by using your browser settings. Most browsers provide dedicated settings to manage your cookies to be able to accept, deny them or only accept a certain kind of cookies. You can find the documentation about these settings in the integrated help function of your browser. If you deny all or certain cookies on our website, some functional features may not work correctly.