"George" data protection declaration

Erste Bank and Sparkassen take Data Protection very seriously. Your personal data are fully protected during the recording and processing, and while using our services. The General Data Protection Regulation (GDPR) and the Austrian Federal Act concerning the Protection of Personal Data ("DSG 2018") serve as legal basis for this protection. For detailed information, please refer to our general Information on Data Protection and Data Processing (https://www.sparkasse.at/erstebank-en/about-us/privacy). This information is also valid for "George".

Please find information on the special functions of this service in the following.

In order to be able to access your personal bank data, you will be authenticated by our authorisation service. This authentication and all other data transmissions will take place via an encrypted HTTPS connection. 

This connection is secured by an extended validation certificate by the company Verisign (shown in the green bar in the URL line). The certificate is issued to our IT service provider sIT-Solutions AT Spardat GmbH for "sparkasse.at". The fingerprint can be verified at www.sparkasse.at/ssl-security-certificate or by the Call Center (05 0100 + bank routing no. of your Sparkasse as extension). 

a) Session Cookies provide the server with necessary information in order to permit unequivocal authentication. The data is transmitted using secure 128-bit encryption and can therefore not be accessed by other persons. Another security feature is that the session cookies which are not relevant in terms of security are deleted from your computer memory after termination of the "George" session.

b) All log information collected in the Erste Bank and Sparkassen infrastructure, is processed only in the internal infrastructure provided for this purpose.

c) The "George" application technically analyses and processes data provided to Erste Bank and Sparkassen (personal information, account balances, entries, transaction data, ...) for the purpose of better presentation in George. This includes the full indexing of your data and the categorisation of transactions. This also includes data that you uploaded to the system yourself.

d) Sensitive information and orders are delivered safely only via the service inbox. Orders via other channels (e.g. by e-mail or SMS) are not accepted. 

e) For the statistical analysis of the navigation behaviour of visitors to the websites, data which cannot be traced back to individuals (= "pseudonymized" data) shall be entrusted to the service provider Webtrekk GmbH for the production of statistics. You have the option of prohibiting the transfer of your pseudonymized data.

f) Usersnap is a browser-based screenshot tool for the easy transmission of your feedback to us. It serves the purpose of taking shots of and sending screen contents, and offers various comment and highlighting functions. You transmit the selected screen shot and text information to an internal error management system belonging to "George". The transfer is routed to us via Usersnap GmbH (server in Austria), so not directly. 
All your personal data and bank data (balances, IBAN, transaction data, etc.) are completely anonymised before the screen shot is created.

g) Profile pictures, user pictures and account pictures are stored in the Azure Cloud at Microsoft Microsoft Ireland Operations - Limited, Atrium Building Block B, Carmenhall Road, Sandyford Industrial Estate, Dublin 18, Ireland. This data transfer outside of the Erste Bank and Sparkasse infrastructure is effected only after the data has been securely encrypted. The external operator cannot access your data or your identity.

h) Ready-made maps by Open Street Map are used to display the geographic position of a card transaction in a (city) map. If you click on this map for more information, Google Maps is used for further display, which is why this position is entrusted to Google Inc. headquartered in the USA.