Information on Data Protection and Data Processing

From 25 May 2018 onwards, the General Data Protection Regulation, also known as the GDPR, will apply throughout the European Union. The GDPR stipulates the way in which personal data are to be processed and how they must be protected. This document contains a summary of the basic information regarding this matter.


What is the GDPR?

The GDPR is a regulation of the European Union. It applies directly in all of the member states including Austria. Every person whose data are processed is able to refer to and invoke the GDPR. Detailed explanations are provided here.


What is regulated by the GDPR?

The GDPR contains legal provisions regarding the processing of your personal data. Whether it concerns your name, your telephone number, your bank account transactions or even your hobbies – all are protected by the GDPR. The principles which it stipulates regulate the ways in which your personal data are permitted to be saved and processed. Detailed explanations are provided here.


Why does the Austrian Data Protection Act continue to apply (DSG 2018)?

The European Union hasn't just enacted the GDPR, it has also enacted a full “data protection package”. This package also included a new data protection directive. How does a directive differ from a regulation? In contrast to a regulation, it is necessary for a directive to be implemented into national law first. In addition to this, the GDPR provides the member states with the scope to structure certain aspects on a more detailed basis than the GDPR itself.

Both of these have taken place in Austria with the Data Protection Amendment Act 2018, in short, the DSG or DSG 2018. Insofar as it is relevant to you and your relationship to us, we shall always take the DSG 2018 into account as well.


Why is the protection of my data so important?

Data protection is a fundamental right. The same as your right to liberty or security, your right to the protection of your data is anchored in the Charter of Fundamental Rights of the European Union. The EU Charter of Fundamental Rights covers your relationship with governmental institutions.

It is legally acknowledged, however, in both the private and commercial spheres, that there must also be a balancing of interests between the Data Processor and what are referred to as the “data subjects” – i.e. between you and your bank, for example. This is stipulated in both the GDPR and the DSG 2018.

Our personal data contains a lot of information about us: it can also refer to our hobbies, our preferences and our aspirations. Such things are naturally worthy of protection. Yet we can only improve our individual service for you if we are aware of your preferences. A key element of data protection is that we work with you to find a way of being able to process your data in your interests and under your supervision. Detailed information is provided here.


Isn’t it the case that the principle of banking confidentiality anyway applies in Austria?

Yes, information of which we become aware due to the business relationship is generally protected by the Austrian banking confidentiality rules - according to Art. 38 of the Austrian Banking Act. The GDPR also applies.

Good to know: The banking confidentiality arrangements can only be dispensed with in writing – refer to Art. 38 para. 2, clause 5, Austrian Banking Act. In this case, “in writing means”:

  • the provision of a handwritten signature on “ink and paper” for example, or
  • a qualified electronic signature in the form of a “mobile phone signature” or “citizen's card”, or
  • strong customer authentication in digital banking, for example, temporarily the valid approval method using a password and TAC SMS; CardTAN or the identity approval method in George.


Where can I find out more about the GDPR and the DSG 2018?

(All links are valid as of May 2018)

The legal text of the GDPR is available here:
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.DEU

The legal text of the DSG 2018 is available here:
https://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=10001597&FassungVom=2018-05-25

The EU Charter of Fundamental Rights:
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=celex:12012P/TXT


Further information about your rights is available on the following websites:

Austrian Data Protection Authority https://www.dsb.gv.at/

European Commission (in English only):
https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en

(All links are valid as of May 2018)

Before we can discuss the topic of data protection, it is important to clarify some basic terms. We have also included the references for the appropriate Articles of the GDPR so that you can read the definitions for yourself if you are interested. Please note that we only provide a summary, i.e. a shortened description of the legal text. The full legal text of the GDPR and the corresponding Articles is available here:
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.DEU
 

What is personal data?

Personal data means all information that refers to an identifiable natural person, known as the “data subject”. An identifiable natural person is a person who can be identified directly or indirectly by a reference to a name or an identification number such as an IBAN or account number, for example.

For further details refer to Article 4 (1) GDPR.


What does the processing of data entail?

The term “processing” means any operation, with or without the use of automated processes, which is performed on personal data. This includes, for example, the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure (by transmission, dissemination or otherwise making available), the alignment or combination, restriction, erasure or destruction of the data.

For further details refer to Article 4 (2) GDPR.


What is meant by the term “Controller”?

The term “Controller” refers to the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For example, we, in our role as a bank.

For further details refer to Article 4 (7) GDPR.


What is meant by the term “Processor”?

The term “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of a Controller.

For further details refer to Article 4 (8) GDPR.

Who is the data controller?

Responsible for the processing of your data:

Steiermärkische Bank und Sparkassen AG
Sparkassenplatz 4
8010 Graz

https://www.sparkasse.at/steiermaerkische-en/about-us/imprint


Contact for requests relevant for data protection:

Erste Bank der oesterreichischen Sparkassen AG
Bonitäts- und Wirtschaftsdaten
Data Protection Management Support Office
Am Belvedere 1
1100 Wien

Email: DataProtectionManagement0642@erstebank.at


Responsible supervisory authority for matters appertaining to data protection:

Austrian Data Protection Authority
Wickenburggasse 8,
1080 Vienna

Telephone: +43 1 52 152-0

Email: dsb@dsb.gv.at
https://www.dsb.gv.at/


Who is the Data Protection Officer?

The Data Protection Officer at our company (German title, Datenschutzbeauftragter) is Gregor König. If you have any questions, suggestions or causes for complaint regarding the processing of your data, you can contact him and his team at:

Gregor König – Data Protection Officer
Erste Group Bank AG
Am Belvedere 1
1100 Vienna

Email: datenschutz@erstegroup.com


Which of my personal data will be processed?

We process the following personal data:

  • Master and legitimation data, e.g. name, address, date of birth, telephone number, fiscal status, ID card data, ID card copy, etc.
  • Customer relationship management, e.g. hobbies, interests, etc.
  • Product, service and contract data, e.g. product possession, disposition option, sales and transactions, use of digital banking and portals (cookies), advice records, etc.
  • Creditworthiness data, e.g. rating, warning list entries, etc.
  • Image and sound data, e.g. video records, recorded telephone conversations and your photo (if you have consented to the taking of your photo), etc.
  • Processing results for the fulfilment of the contracts and consents
  • Data to satisfy legal and regulatory specifications



Please note: The information listed above constitutes a general outline. We do not necessarily have all the above data in every case. You have the right of access to a detailed and individual listing which you are able to request from us. For this, please contact us.


Where do the personal data that are processed originate from?

Most of your personal data that we process has been provided by yourself: for example, when you opened your account, with a loan agreement, when making payments in George, when sending an enquiry, etc.

Apart from that, the data may come from the following sources:

  • Debtor directories, such as KSV1870 Holding AG, CRIF GmbH
  • Publicly available sources, e.g. the company register, land register, insolvency file, register of associations
  • From other institutions of the Erste Group Bank AG, Erste Bank and Sparkassen for the risk control and consolidation in the credit institute group according to the Banking Act and the Capital Requirements Regulation EU 575/2013

In addition to this, we may also receive data from public authorities or from persons on behalf of the government, such as guardianship or criminal courts, public prosecutors or court commissioners. You have the right of access to a detailed list referring to your person.


For which purposes and on what legal basis are my personal data processed?

We are a credit institute according to section 1 subsection 1 Banking Act and Article 4, para. 1 number 1 of the Regulation (EU) 575/2013. Here, the designations “bank” and “credit institute” are synonymous. Within the scope of these activities, we process your personal data. This means in detail:

Processing for the contract performance
Depending on the type of contract concluded with you, we are permitted to render certain services for you. There may, for example, be loan agreements, account agreements, leasing agreements or the George agreement. The content of the George agreement, for example, is that you log in to George, manage your account online and are able to complete transactions. For this purpose, we have to process your data. Our offer is versatile, which means that there are several underlying contracts. Therefore, the scope of the data processing is defined in the contractual documents and terms and conditions.

Processing for the fulfilment of a legal obligation
Legal regulations and purposes may also make it necessary for us to process your personal data, e.g.:

  • Credit risk management: Banking Act; Capital Requirements Regulation EU 575/2013
  • Monitoring of insider trade, conflicts of interest and market manipulation: Securities Supervision Act 2018, Stock Exchange Act, Market Abuse Regulation EU 596/2014
  • Identity determination, transaction monitoring, suspect notifications: Financial Market Money Laundering Act and Funds Transfer Regulation EU 847/2015
  • Notifications in the account register and notifications of capital outflow: Account Register and Account Inspection Act, Capital Outflow Reporting Act
  • Recording of telephone conversations and electronic communication in securities transactions such as the acceptance, transfer and execution of customer orders according to the Securities Supervision Act 2018 or also in securities trade on one’s own account
  • Information in criminal proceedings to the prosecutions and courts as well as to authorities prosecuting tax offences due to intentional financial offences: Banking Act, Criminal Procedure Code, Law on Financial Crime

Processing due to a legitimate interest
A legitimate interest in the data processing by ourselves or third parties exists in the following cases:

  • Requests and data exchange to determine creditworthiness and default risks vis-à-vis credit agencies such as KSV1870
  • Video monitoring to gather evidence in case of offences or to prove dispositions and payments, e.g. at ATMs—this particularly serves the protection of customers and employees
  • Measures for the prevention of and for fighting against fraud, fraud transaction monitoring
  • Data processing within the scope of prosecution
  • Recording of telephone conversations, e.g. for complaints or for the documentation of so-called declarations relevant for the transaction, e.g. card blocking
  • Calculation of your financing potential for use in innovative online loan offers 

The processing of personal data for the purpose of direct marketing may also constitute a legitimate interest.

Processing on the basis of consent
If there is neither a contract nor a legal obligation or legitimate interest, the data processing may still be legitimate in cases in which you have granted us your consent and/or approval. The scope and content of this data processing always result from the relevant consent. It is decisive that you can withdraw your consent at any time.

The withdrawal does not affect the lawfulness of the processing that has already occurred on the basis of this consent before its withdrawal. In other words, that means that a withdrawal does not have any effect on the past.

Am I obliged to provide my personal data? What happens if I do not wish to do so?

For our business relationship, we require a significant amount of your personal data. If we do not know your name and your address, we will not be able to send you a debit card (ATM card) that you may have ordered, for example. If we are not able to check your identity, we are not allowed to establish a business relationship by law. If we do not know your creditworthiness, we are not allowed to grant you a loan. As you can see: In cases in which it is required for the business relationship based on a contract or a legal regulation, we have to process your personal data. If you do not provide your consent, it may unfortunately be the case that we are not allowed to provide or offer certain products or services. If we are only permitted to process your data on the basis of your consent, you are not obliged to grant this consent or to provide the data.


Is there any decision-making which is based on an automated form of processing such as profiling, for example?

At the beginning or during our business relationship, we do not use any automated decision-making according to article 22 GDPR. When granting credits, we will check the creditworthiness by means of the so-called credit scoring. In this connection, the default risk of credit applicants is evaluated by means of statistical comparative groups.

The calculated score value allows for a prognosis with which probability an applied credit will presumably be paid back. For the calculation of this score value, the following data are used:

  • Your master data, e.g. marital status, number of children, duration of the employment, employer, etc.
  • Information about your general financial circumstances, e.g. income, assets, monthly expenses, liabilities, securities, etc.
  • Data on the payment behaviour, e.g. credit repayments, reminders, data from credit agencies          

If the default risk is too high, the credit application will be rejected and there may be an entry in the small credit evidence of KSV1870 as well as an internal warning. If a credit application was rejected, this will be visible in the small credit evidence (“Kleinkreditevidenz”) with KSV1870 for a period of 6 months, according to the notification of the Data Protection Authority.


To whom do you transmit my personal data?

Your personal data may be transmitted to:

  • Credit institutions, departments and persons (employees and vicarious agents) within the Sparkasse group, Erste Bank and Erst Group Bank AG who need these data for the contractual, legal or supervisory performance of duties as well as for the protection of legitimate interests
  • Public bodies and institutions if we are legally obliged to do so, e.g. European Banking Supervisor, European Central Bank, Austrian Financial Market Supervision, financial authorities, etc.
  • Third parties commissioned by us, e.g. for IT and back office services as well as bank auditors if they need them for their task. Third parties are contractually obliged to treat your data confidentially and to only process them within the scope of the service provision
  • Third parties if this is binding for the contract performance or due to legal regulations, e.g. of the recipient of a bank transfer and their payment service provider.

The data may also be transmitted to third parties if you have consented to the transmission.


Are my personal data transferred to a third country?

(All links are valid as of May 2018)

Our processors may cooperate with sub-processors in third countries, e.g. in India. These sub-processors are obliged to comply with Austrian data protection and security standards.

You can request us to provide you with a list of the processors that currently operate in third countries and information about the principles on which the transfer is based.

If you make use of a service provided by Mastercard, your personal data can also be processed for such purposes in the USA. Mastercard undertakes to comply with binding internal data protection provisions - refer to Article 47, paragraph 2, letter b, Article 47, GDPR. These rules have been approved by the responsible data protection authority in Belgium and are available here: https://www.mastercard.us/content/dam/mccom/en-us/documents/mastercard-bcrs-february-2017.pdf (in English). General information on the binding internal data protection provisions is also available here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/binding-corporate-rules_en#bindingcorporaterules (English).


For how long are my personal data stored?

(All links are valid as of May 2018)

In all cases, your personal data will be stored for as long as it is necessary for the fulfilment of the relevant purposes. In addition to this, the period for which we must store your data is also legally stipulated. These storage obligations may also exist if you are no longer one of our customers. An overview of the legal storage obligations applicable in Austria is available here:

https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-speicher-und-aufbewahrungsfristen.html


What security measures are complied with during the processing of the data?

We consider data protection and data security to be very important. We have applied every technical and organisational measure to secure our data processing. This relates to the protection of your personal data in particular. We shall protect your data against unauthorised or unlawful processing, unintentional loss, unintentional destruction or unintentional damage. These measures encompass, for example, the use of the latest security software and encryption procedures, physical access control measures and precautions for the deterring and prevention of external and internal incursions.

Some practical tips on how you contribute to the protection of your personal data, for instance, are available here https://www.sparkasse.at/sicherheitscenter/sicherheit.

What rights do I have?

The GDPR grants you the following rights regarding your personal data. You are entitled to:

  • Access according to article 15 GDPR
  • Rectification according to article 16 GDPR
  • Erasure according to article 17 GDPR
  • Restriction of processing according to article 18 GDPR
  • Data portability according to article 20 GDPR
  • Objection according to article 21 GDPR
  • Decisions that are not exclusively based on an automated processing—including profiling according to Article 22 GDPR 


What does the right of access mean?

You have the right to request confirmation from us as to whether we process your personal data. If this is the case, you also have the right to access this personal data as well as the following information:

  • Purposes of the processing
  • Categories of personal data that are processed
  • The recipients or categories of recipients to whom the personal data has been or will still be disclosed, especially in the case of recipients in third countries or in international organisations
  • Where possible, the intended duration for which the personal data will be stored or, if this is not possible, the criteria for the determination of such a duration;
  • The existence of the right for the rectification or erasure of your personal data; the restriction of, or objection to, this processing;
  • The right to lodge a complaint with a supervisory authority
  • All available information regarding the origin of the personal data if the data is not collected from the data subject
  • Whether an automated form of decision-making including profiling exists, according to Article 22, paragraphs 1 and 4 GDPR and — at least in these cases — detailed information regarding the reasoning, scope and impact of such a method of processing for the data subject.

You can find out exactly how you can assert your right here.


What does the right to rectification mean?

We consider it to be important that your data are accurate and complete at all times. If you suspect that they may be incorrect or incomplete, you are able to request the rectification or completion of your data. You can find out how you can assert your right here.


What do the “Right to erasure” and the “Right to be forgotten” mean?

We attribute considerable importance to ensuring that your data are only processed as per the framework conditions of the GDPR and the DSG 2018. If you are of the reasoned opinion that this is not the case, however, you can request the erasure of your personal data. The reasons for this can be as follows:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

Example: Your personal data must be erased if they were only collected for the completion of a purchase (= sole purpose) and you did not provide your consent for the data to be processed for any other purposes. In this case, the further processing of the data is no longer necessary following the completion of the purchase and the expiry of the storage obligation. The legal storage obligations can be found here.

  • You withdraw your consent on which the processing was originally based according to Article 6, para. 1, letter a, GDPR or Article 9, para. 2, letter a, GDPR, and no other legal basis exists for the processing.

Example: You provided your consent to the processing of your personal data for the individual product offers of a third party (= sole purpose). As soon as you withdraw this consent, the personal data must be erased again. Exceptions: Other purposes or justifications for the processing exist and you are also in a customer relationship with the third-party provider, for instance.

  • You lodge an objection to the processing according to Article 21, para. 1, GDPR, and no overriding legitimate reasons exist for the processing.

Example: You can lodge an objection, for instance, if somebody processes your personal data without your consent only because s/he claims s/he has a legitimate interest to do so (and no other form of justification exists). If you lodge an objection and there was, in fact, no legitimate interest, the personal data must be erased. The objection was a success.

  • The personal data have been unlawfully processed.

Unlawfully (unfoundedly) processed personal data must be erased.

  • The erasure of personal data is subject to a legal obligation according to the EU- or member state law to which the Controller is subject.

This means laws or other legal provisions which require an erasure of personal data.

  • The personal data were collected in relation to information society services offered according to Article 8, para. 1, GDPR.

This relates to a special protection arrangement for the benefit of minors who make use of online services.

The was a brief summary of the right to erasure. This should not be confused with the “Right to be forgotten”.

The “right to be forgotten” refers to personal data that has been made public. It stipulates the following: If the person who originally published the data must erase this data (due to the existence of one of the aforementioned reasons for erasure), then they must also notify those persons who received the data on the grounds of the publication. In detail, this rule is very complicated. In this context, the GDPR makes particular reference to internet search engines.

You can find out how you can assert your right to erasure and your right to be forgotten here.


What does the right to the restriction of processing mean?

We attribute considerable importance to ensuring that your data are processed as per the framework conditions of the GDPR and the DSG 2018. If you are of the opinion that this is not the case, however, you have the right to request the restriction of the processing of your personal data. This is only possible on the following legitimate grounds, however:

  • You contest the accuracy of your personal data. You can request the restriction of processing of your personal data for a period that enables the Controller to verify the accuracy of the personal data.

People don't always share the same opinion. To ensure that the contested personal data are not immediately erased or have to be changed, their further processing can be restricted for the duration of the matter. It might be the case that the data were correct after all.

  • The processing of personal data is unlawful. Instead of the erasure, however, you would prefer that “only” the use of the personal data is restricted.

The GDPR therefore provides you with a choice: If you do not want unlawfully processed data to be erased immediately, you can request that they continue to be saved, but are no longer used.

  • Controllers no longer require your personal data for the processing. You require the data for the establishment, exercise or defence of legal claims, however.

If your personal data should actually have been erased, but you require them for your own defence or for the assertion of your rights, they can continue to be processed for these purposes.

  • You have lodged an objection to the processing according to Article 21, para. 1, GDPR. As long as it is not yet certain that the legitimate reasons of the Controller override your interests, it is possible to request the restriction of processing.

To ensure that the contested personal data do not have to be immediately erased, their further processing can be restricted for the duration of the matter. It might be the case that the processing was legitimate after all.

You can find out how you can assert your right to the restriction of processing here.


What does the right to data portability mean?

Your personal data belongs to you. You therefore have the right to receive such data in a structured, common and machine-readable format. This relates to data which you have provided to us and which is processed automatically on the basis of your consent or the fulfilment of a contract. You can also request us to transfer this personal data directly to another Controller.


In which form will I receive the data?

We provide the data as an XML file. You can find out how you can assert your right here.


What important security instructions should I take into consideration?

The protection of your personal data and your money is just as important to you as it is to us. In this respect, please consider your right to data portability in the same way as you would a bank statement. Would you “simply” send your bank statement to someone else?

Please also remember that your financial data contain personal data of other persons: If you transfer money to someone else, their details can also be seen in the transaction data – in the same way as they are shown on a bank statement. These persons have rights and freedoms as well. Therefore, we will only transfer the data to persons other than you directly,

  • if you expressly tell us to do so,
  • if you release us from banking secrecy, and
  • if it concerns financial services companies, solicitors’ offices, a notary public, tax consultants, chartered accountants or a public authority.

Please contact us beforehand if you wish to assert your right to data portability. Please also note the current security information at https://www.sparkasse.at/sicherheitscenter/sicherheit.

Our tip: You can also view and save your transaction data yourself in George at any time, for example, data concerning accounts, credit cards, financing arrangements or securities deposits. This means you maintain a current overview at all times.


What does the right to object mean?

Your data can be processed if a legitimate interest exists for their processing.

If such a legitimate interest is claimed, you must be informed of it. If you are then of the opinion that the legitimate interest does not exist, you can lodge an appropriate objection. This applies when your personal data are used for direct marketing purposes in particular. Insofar as Controllers are unable to demonstrate any legitimate grounds for the further processing, your personal data will not be processed any further after the objection. Except for processing for the purposes of direct marketing: in this case your objection is immediately valid.

You can find out how you can assert your right to object here.


What does the right not to be solely subject to a decision which is based on automated processing – including profiling – mean?

We do not use any automated decision-making processes according to Article 22, GDPR for decisions regarding the justification and completion of the business relationship, please refer here. The right to lodge an objection does not apply in this case.

What information do I have to provide?

So that your financial data does not fall into the wrong hands or someone is able to erase your data against your will, it is necessary for us to verify your identity upon every enquiry. We kindly ask for your understanding that in case of doubt, we will request more information regarding your identity. This also serves your protection, so as to only provide authorised persons with access to your data.


How can I submit the request?

Regardless of the right you wish to assert, you are always entitled to send us your request in 3 ways:

  • By letter, please sign in person and enclose a copy of your identity card, to
    Erste Bank der oesterreichischen Sparkassen AG
    Bonitäts- und Wirtschaftsdaten
    Data Protection Management Support Office
    Am Belvedere 1
    1100 Wien
  • In person at one of our branches of, or
  • By email, only with qualified electronic signature, to DataProtectionManagement0642@erstebank.at

Please draft your request as accurately as possible – so that we can process it as quickly as possible. Please comply with the special instructions regarding your right to data portability.


How long will it take to process my request?

We will provide you with the corresponding information about the measures as soon as possible, and within one month following the receipt of your request.

The deadline can be extended by another 2 months if necessary due to the complexity and the number of requests. We will be certain to inform you of a possible extension to the deadline within one month of the receipt of your request, however.


How will my request be processed?

Financial matters are confidential – and unfortunately, emails are not always trustworthy. In terms of security, emails are more like a postcard than a letter. Since we would never wish to send your banking details on a postcard, we will provide you with the information by post.

Please always make sure that you refer to the security information at https://www.sparkasse.at/sicherheitscenter/wichtige-sicherheitstipps.

What should I take into consideration with the right to data portability?

  • Please remember that your financial data contain personal data of other persons: If you transfer money to friends or family members, their details can also be seen in the transaction data – in the same way as they are shown on a bank statement.
  • Therefore, we will only transfer data directly to others if you 
    • expressly tell us to do so, 
    • absolve us from the banking confidentiality agreement, and 
    • if it concerns financial services companies, solicitors’ offices, a notary public, tax consultants, chartered accountants or a public authority. Please contact us beforehand if you wish to assert your right to data portability.
  • Before you assert your right to data portability: Did you know that you can also view your transaction data in George and can save them there yourself?


Does it cost me anything to assert my rights?

No, such requests are settled at no cost. Exception: We are only authorised to demand an appropriate payment if requests are obviously unsubstantiated or found to be excessive. In this case, the administration costs for the notification, rejection or completion of the requested measure are considered.

What are the possibilities for lodging a complaint?

If you have any complaints, questions or recommendations on the topic of data protection, our Data Protection Officer will be pleased to assist you. We believe that an amicable solution can be found for almost any problem.

If you do not receive a timely answer to a request, you are of the opinion that your right to data protection has been infringed, or you do not believe we have handled your request lawfully, you can also lodge a complaint with the responsible supervisory authority:

Austrian Data Protection Authority

Wickenburggasse 8
1080 Vienna
Austria

Telephone: +43 1 52 152-0

Email: dsb@dsb.gv.at

https://www.dsb.gv.at/

In addition to this, any person to suffer tangible or intangible damage due to an infringement of the GDPR of Article 1 or Article 2 1 of the principal part of the DSG 2018, is entitled to claim compensation from Controllers or Processors in accordance with Article 82, GDPR. In detail, the general conditions of civil law apply in such cases. Please note that the Austrian Data Protection Authority is not responsible for claims for compensation, but the local district court of your parish which is responsible for matters of civil law. Requests and lawsuits can also be submitted to the district court in the parish of which the defendant has their usual place of residence, head office or subsidiary office. You can find out the responsible court here: https://www.justiz.gv.at/

Last updated May 2018

Imprint:
Media owner, producer, publisher and editing: Steiermärkische Bank und Sparkassen AG,
Postal address: Sparkassenplatz 4, 8010 Graz

Cookies

Cookies are used in different parts of our website. Cookies are small text files which are able to recognise users when they use our website on another occasion. They do not save any personal details such as a person's name or address, however. This means that you cannot be identified due to the corresponding information.

We use cookies for the purpose of configuring our offers to your requirements and for analysing the way in which these offers are used. You can make the appropriate settings on your browser so that your consent must be obtained before the use of a cookie, or so that the general use of cookies is blocked. You can generally also use our website www.sparkasse.at without cookies.

Social networks

We cooperate with a variety of social networks. If you use these social networks, your browser will connect automatically with the appropriate network. In this context, it will transfer your IP address and other information such as cookies if you have previously visited the appropriate platform.

As far as possible, we avoid this method of data transfer unless you actually interact with one of the platforms. By clicking on the appropriate symbol (such as the Facebook logo), you indicate that you are prepared to communicate with the chosen platform and that information regarding your person such as your IP address will be transferred to this social network.

Web analytics

For the anonymised, statistical evaluation of the flow of visitors to our websites, we transfer personal data to the service provider Webtrekk GmbH. You can prevent your data from being forwarded in this way.

Ich möchte vom Tracking durch Webtrekk erfasst werden Ich möchte vom Tracking durch Webtrekk ausgeschlossen werden


Re-targeting

To allow us to configure our advertising messages to your interests and to be able to offer you products and services that are as suitable as possible, we use re-targeting and tracking software. During the course of re-targeting and tracking, cookies are placed during your visit to our website and your IP address is forwarded to third parties (advertisers, web services, data management platforms, media agencies, publishers). We do this so that we can offer you customised advertising, offers and services.

IntelliAd places cookies to perform interest based advertising and offer personalized web experiences. An unique ID will be assigned to your browser that allows for identification within the IntelliAd network. For further information please visit https://www.intelliad.de/opt-out-manager/

AppNexus places cookies to perform interest based advertising and offer personalized web experiences. An unique ID will be assigned to your browser that allows for identification within the ad network. For further information please visit https://www.appnexus.com/en/company/platform-privacy-policy

Plista places cookies to perform interest based advertising and offer personalized web experiences. An unique ID will be assigned to your browser that allows for identification within the ad network. For further information please visitr https://www.plista.com/de/about/privacy/

Sizmek places cookies to perform interest based advertising and offer personalized web experiences. An unique ID will be assigned to your browser that allows for identification within the ad network. For further information please visit https://www.sizmek.com/privacy-policy/

GroupM places cookies to perform interest based advertising and offer personalized web experiences. An unique ID will be assigned to your browser that allows for identification within the ad network. For further information please visit https://www.xaxis.com/privacy-policy/

Google places cookies to perform interest based advertising and offer personalized web experiences. An unique ID will be assigned to your browser that allows for identification within the ad network. For further information please visit https://www.google.com/intl/en/policies/terms/

Facebook places cookies to perform interest based advertising and offer personalized web experiences. An unique ID will be assigned to your browser that allows for identification within the ad network. For further information please visit https://www.facebook.com/privacy/explanation

Netzeffekt places cookies to perform interest based advertising and offer personalized web experiences. An unique ID will be assigned to your browser that allows for identification within the ad network. For further information please visit https://datenschutz.netrk.net/optout

AdForm places cookies to perform interest based advertising and offer personalized web experiences. An unique ID will be assigned to your browser that allows for identification within the ad network. For further information please visit  https://www.adition.com/datenschutz/

You can find out how to deactivate the re-targeting and tracking here.

×
George Go
Erste Bank und Sparkassen
Geld einfach überweisen.
Zum PlayStore