A. Our privacy statement
V-BANK AG thanks you for visiting this website and for your interest in our company. Your privacy and the protection of your personal data is very important to us, and we want you to feel safe and comfortable when visiting our website. Basically, V-BANK AG processes personal data in accordance with the data protection standards of the European Union and the provisions of the German data protection laws. Please note that we cannot give any guarantees for the providers of other websites which you may access via links on our website. With the following information we would like to give you an overview of the processing of your personal data on our side and your rights from the data protection law:
The institution in charge is:
Telefon: +49 89 7408000
Telefax: +49 89 740800222
You can contact our in-house data protection officer at:
Data Protection Officer
Telefon: +49 89 7408000
Telefax: +49 89 740800222
2. Which sources and data do we use?
We process personal data obtained from our customers within the scope of our business relationship. In addition, we process - to the extent required for the provision of our services - personal data admissibly acquired from publicly accessible sources (e.g. debtor registers, land registers, commercial and association registers, the press, Internet), or legally transmitted to us or from other third parties (e.g. credit agencies).
Relevant personal includes personal details (name, adress and other contact data, date and place of birth, and nationality), identification data (e.g.identity card details), and authentification data (e.g. specimen signature). In addition, such data can comprise order data (e.g. payment order), data from the performance of our contractual obligations (e.g. transaction data in payment transactions), information on your financial situation (e.g. creditworthiness data, scoring/rating data, origin of assets), advertising and sales data (inclusive of advertising scores), documentation data, as well as other data comparable to the aforementioned categories.
3. For which purpose do we process your data (purpose of processing), and on which legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation („GDPR") and the Federal Data Protection Act („BDSG"):
a) For the performance of contractual obligations (Art. 6 (1b) GDPR)
Data is processed to perform bank transactions and financial services within the scope of the performance of our contracts concluded with our clients or for the performance of pre-contractual measures upon request. The purposes of data processing are primarily based on the specific product (e.g. account, loan, home savings, securities, deposits, brokerage) and can, amongst other things, comprise requirement analyses, asset management, and the conduct of transactions. You can obtain further details on data processing purposes from the decisive contractual documents and business terms and conditions.
b) Within the scope of legitimate interests (Art. 6 (1f) GDPR)
- Where required, we will process your data beyond the actual performance of the contract in order to protect our or third parties legitimate interests. Examples:
- Consultation of and data exchange with credit agencies (e.g. SCHUFA) for the assessment of credit and default risks in the credit business and of the requirement in respect of the account exempt from attachment or basic account
- Review and optimisation of methods for the requirement analysis for the purpose of direct client contact
- Advertising or market and opinion research unless you have objected to the use of your data
- Assertion of legal claims and defence in the case of legal disputes
- Guarantee of the Bank's IT security and of the IT operation
- Prevention and investigation of criminal offences
- Video surveillance to protect the domiciliary right, collect evidence in the case of robberies or fraud, or prove deposits and pay-ins, e.g. at ATMs (cf. also Section 4 BDSG)
- Measures for the building and plant safety (e.g. access controls)
- Measures for guaranteeing the domiciliary right
- Measures for business management and for the further development of services and products
c) Due to your consent (Art. 6 (1a) GDPR)
Where you have given us the consent for the processing of personal data for specific purposes (e.g. transfer of data within the group, evaluation of payment transaction data for marketing purposes), the lawfulness of such processing is given on the basis of your consent. A given consent may be revoked at any time. This shall also apply to the revocation of declarations of consent given to us before the GDPR came into effect, i.e. before 25 May 2018. Revocation of the consent will not affect the legitimacy of data processed before revocation.
d) Due to legal specifications (Art. 6 (1c) GDPR) or in the public interest (Art. 6 (1e) GDPR)
In addition, we - as a Bank - are subject to various legal obligations, i.e. statutory requirements (e.g. the German Banking Act ("KwG"), the German Act to Fight Money Laundering ("GwG"), the German Securities Trading Act ("WpHG"), tax laws), and bank regulatory requirements (e.g. the European Central Bank, the Committee of European Banking Supervisors, the German Bundesbank, and the German Federal Institute for Financial Services Supervision ("BaFin")). The purposes of processing include, amongst others, the checking of creditworthiness, identity and age verification, prevention of fraud and money laundering, the compliance with control and reporting duties under the tax law, as well as the assessment and management of risks in the Bank.
4. Who will receive my data?
Within the Bank, those persons/departments will receive access to your data that need such data for the performance of our contractual and statutory obligations. Also service providers and vicarious agents employed by us can receive data for such purposes if they keep the bank secret. These are companies in the categories of credit services, IT services, logistics, print services, telecommunication, collection, consultancy and consulting, as well as sales and marketing. Under these conditions, receivers of personal data can be, for example:
With regard to passing on data to receivers outside our Bank, it should be noted at first that we, as a Bank, are obliged to maintain secrecy of all client-related facts and valuations of which we acquire knowledge (bank secret according to No. 2 of our Terms of Business). We may only pass on information about you if we are legally required to do so, if you have given your consent thereto, or if we are authorised to disclose banking affairs.
- Public authorities and institutions (e.g. the German Bundesbank, the German Federal Institute for Financial Services Supervision ("BaFin"), the European Banking Authority, the European Central Bank, financial authorities, law enforcement authorities) in the case of a legal or regulatory obligation.
- Other credit and financial services institutions or comparable institutions to which we transmit personal data for performing the business relationship with you (depending on the contract concluded, e.g. correspondent banks, custodian banks, stock exchanges, credit agencies).
Further data receivers can be those bodies for which you have given us your consent to data transmission or for which you have exempted us from the bank secret according to agreement or consent.
5. Will data be transmitted to a third country or to an international organisation?
Transfer of data to bodies in countries outside the European Union (so-called third countries) will take place where
- required for the execution of your orders (e.g. payment and securities orders)
- prescribed by law (e.g. fiscal reporting duties), or
- you have given us your consent
6. How long will my data be stored?
We will process and save your personal data as long as this is required to fulfil our contractual and statutory obligations. It should be noted that our business relationship is a continuing obligation created for years. If data is no longer required for the fulfilment of contractual or statutory obligations, it will be deleted on a regular basis unless its - time limited - further processing is required for the following purposes:
- Compliance with retention obligations under commercial and fiscal law, namely the German Commercial Code ("HGB"), the German tax code ("AO"), the German Banking Act ("KwG"), the German Act to Fight Money Laundering ("GwG"), and the German Securities Trading Act ("WpHG"). The time limits for retention or documentation stipulated therein are two to ten years.
- Maintenance of evidence within the scope of statutory limitation rules. These periods of limitation can last up to 30 years pursuant to Sections 195 et seq. of the German Civil Code ("BGB"), with the regular period of limitation being three years.
7. Which data proction rights do I have?
Every data subject has a right of access according to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object according to Art. 21 GDPR, and the right to data portability pursuant to Art. 20 GDPR. For the right of access and for the right to erasure, the restrictions stipulated by Sections 34 and 35 BDSG shall apply. In addition, you have a right to complain with the competent data protection supervisory authority (Art. 77 GDPR in connection with Section 19 BDSG).
You may revoke a consent granted for the processing of personal data at any time. This shall also apply to the revocation of declarations of consent given to us before the general data protection regulation came into effect, i.e. before 25 May 2018. Please note that the revocation will only be effective for the future. Processing prior to the revocation will not be affected thereby.
8. Do I have an obligation to provide data?
Within the scope of our business relationship, you must furnish that personal data required for the establishment and conduct of a business relationship and for the fulfilment of contractual obligations related therewith, or which we must collect by law. Without this data, we will usually not be able to conclude a contract with you or perform a contract concluded with you.
In particular, we are obliged in accordance with the German Act to Fight Money Laundering to identify you based on your identification document prior to establishing a business relationship and collect and store your names, place and date of birth, nationality, address, and identification document details. In order to meet this statutory obligation, you must provide us with the necessary information and documents as required by the German Act to Fight Money Laundering and promptly report changes occurring during the course of the business relationship. Should you not furnish the required information and documents, we may not establish or continue the business relationship requested by you.
9. To what extent is there automated decision-making?
On principle, we do not use fully automated decision-making according to Art. 22 GDPR to establish and conduct the business relationship. Should we use such methods in individual cases, we shall inform you thereof separately if stipulated by law.
10. Does Profiling take place?
We partly process your data in an automated manner with the aim to evaluate certain personal aspects ("Profiling"). For example, we use Profiling in the following cases:
- Due to statutory and regulatory provisions, we are obliged to fight money laundering, the financing of terrorism, and asset jeopardising offences. In this process, data evaluation (amongst others, in payment transactions) takes place as well. These measures serve your protection at the same time.
- We use evaluation instruments in order to be able to inform and consult you purposefully on products. These enable needs-based communication and advertising including market and opinion research.
- We use scoring to assess your creditworthiness. In this process, the probability is calculated with which a client will meet their contractual payment obligations. For example, income, expenses, existing liabilities, vocation, employer, term of employment, experience from previous business relationships, repayment of previous loans according to contract, and information provided by credit agencies will be included into the calculation. Scoring is based on mathematically/statistically recognised and reliable methods. The calculated score values assist us with decision-making within the scope of banking products and are taken into account for the ongoing risk management.
B. Information on your right to object
1. Individual right to object
You have the right to object to the processing of your personal data at any time for reasons arising from your specific situation based on Article 6(1e) GDPR (Data Processing in the Public Interest) and Article 6(1f) GDPR (Data Processing for Purposes of Legitimate Interests); this also applies to Profiling within the meaning of Article 4(4) GDPR based on this provision.
If you object, your personal data shall no longer be processed unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or if the processing serves for the assertion, exercise or defence of legal claims.
2. Right to object against the processing of data for purposes of direct marketing
In individual cases, we will process your personal data for direct marketing. You have the right to object against the processing of your personal data for the purposes of such marketing at any time; this also applies to Profiling to the extent to which it is related to such direct marketing.
If you object to the processing for the purposes of direct marketing, we shall no longer process your personal data for those purposes.
The objection can be formless and should preferably be directed to:
Datenschutzbeauftragter (Data Protection Officer)
Telefon: +49 89 7408000
Telefax: +49 89 740800222
3. Information on your right to object
Important: For security reasons you need to enable cookies for a successful log-in to the online banking system provided by V-BANK AG.
5. Web Analysis
You can visit the website of V-BANK AG without us requiring any personal data from you. When visiting our website, automated and purely statistical information such as IP address, type of browser, domain name, access times, etc. is collected. That information is analysed by us for the purpose of optimising our website, using the web analysis tool PIWIK. This occurs completely anonymously, without any references to persons. Since such anonymous data is stored separately from any other person-related information, it is impossible to establish your identity. Your anonymity remains fully intact. We do not create person-related visitor profiles, and we do not disclose any data to third parties who could create such visitor profiles from it. Personal data will only be transmitted to government institutions and authorities if we are required to do so by law or by any other legal rule.
In accordance with the applicable law, we will inform you upon request whether and which personal data we have stored about you.
In case of questions regarding the data protection procedures of V-BANK AG, please contact our data protection officer:
Mr Marcel Müller
Data Protection Officer
Tel.: 089 740 800-0