Data Protection

Our privacy statement

V-BANK AG thanks you for visiting this website and for your interest in our company. Your privacy and the protection of your personal data is very important to us, and we want you to feel safe and comfortable when visiting our website. Basically, V-BANK AG processes personal data in accordance with the data protection standards of the European Union and the provisions of the German data protection laws. Please note that we cannot give any guarantees for the providers of other websites which you may access via links on our website. With the following information we would like to give you an overview of the processing of your personal data on our side and your rights from the data protection law.

We, as the “controller”, are responsible for the processing of your personal data on this website within the meaning of Art. 4 No. 7 GDPR. This privacy statement applies to the website provided by V-Bank AG. If offers of other providers (“Third Party Offers”) are accessible from our Internet offer, then our privacy statement will not apply to such Third Party Offers. In this case, we will not be responsible for the processing of your personal data within the scope of such Third Party Offers within the meaning of Art. 4 No. 7 GDPR either.

A. Using our website

1. Processing data with and without references to persons

1.1 Using our website

You can principally visit our website without telling us who you are. We will only be informed of:

  • your IP address
  • the name of the retrieved web page or file and the date and time of the retrieval,
  • the data volume transmitted, and
  • whether the retrieval has been successful.

The aforementioned data will be exclusively used for the administration and optimisation of our website.

The IP address can be regarded as personal data since it may be possible under certain conditions to identify the owner of the Internet access used due to information provided by the particular Internet service provider.

IP addresses will only be analysed by us in the case of attacks on our Internet infrastructure. In such a case, we will have a legitimate interest within the meaning of Art. 6(1f) GDPR in the processing of an IP address. Such a legitimate interest emerges from the need to defend against attacks on our Internet infrastructure, establish the origin of the attack in order to be able to prosecute the responsible person under criminal and civil law, and effectively prevent further attacks.

Information on IP addresses will be deleted if there is no indication of an attack on our Internet infrastructure.

1.2 Use of cookies

We use cookies throughout our website. Cookies are small data packets which are stored on the hard drive of your computer via your browser.

1.2.1 Essential information

We mainly use cookies which are automatically deleted after you have closed your browser (so-called session cookies). Session cookies serve to control the Internet connection during your visit and present the functions of our website. The data processing in this connection is therefore based on Art. 6(1f) GDPR. Our legitimate interest is to provide a properly working website and render the visit and use of our website as pleasant and efficient as possible.

1.2.2 Convenience (functional)

To optimally support you with the use of our website and facilitate the operation, there is the possibility to store settings that you have made. Where we offer such functions on our website, your personal data will basically only be processed if you have given us your consent to do so, and we are accordingly authorised to process your personal data in accordance with Art. 6(1a) GDPR.

1.2.3 Marketing

Where we place marketing cookies, we use them to display personalised contents matching your interests to you. For example, we can see which contents you have viewed on our pages. We do not pass such data on to third parties. We only place such cookies with your consent for the purposes described herein (Art. 6(1a) GDPR).

1.2.4 Statistics

Statistical data helps us to continuously improve our website and allow greatest possible user comfort. To the extent to which we use such possibilities, they are realised based on anonymised evaluations. In this way, we, for example, know which areas of our website are frequently visited and which not at all or with a short dwell time only. We place cookies for statistical purposes only with your consent pursuant to Art. 6(1a) GDPR.

1.3 Tracking and web analysis services

Our website uses the Matomo (formerly Piwik) web analysis service. These analyses allow us to design our internet services as optimally and user-friendly as possible. The Matomo web analysis service uses cookies which enable an analysis of the use of our internet services. The information generated by the cookie regarding your use of this website is stored on a server within the European Union. In this process, the IP address is anonymised prior to its storage, so that tracing back to an individual user is not possible.

In addition, the processing and use of the data, as well as the operation of the website analysis tool are exclusively performed with the aid of Variomedia computer centre systems. Data is not passed on to any third parties.

You can prevent the analysis of your data by Matomo either by enabling the Matomo opt-out plug-in or via the “do not track” setting in your browser. You can obtain information on how to enable the “do not track” setting from the help section of the browser vendor. This website uses Matomo with the extension “AnonymizeIP", so that IP addresses are only processed further in abbreviated form to prevent them from being directly linked to a particular individual. The IP address transmitted by your browser by means of Matomo is not merged with other data collected by us.

The Matomo programme is an open source project. Information from the third-party provider regarding data protection can be obtained from www.matomo.org/privacy-policy/.

You can decide here whether an explicit web analysis cookie may be placed in your browser to allow the website's operator to gather and analyse various statistical data. If you would like to decide against it, please click the following link to place the deactivation cookie in your browser.

Deactivation was implemented! Your visit to this website is no longer tracked by the web analysis. Please note that the deactivation cookie of this website will be deleted as soon as you remove all cookies which may be placed in your browser. Furthermore you have to repeat the deactivation process once you use a different computer or browser.

1.4 Google Maps

This website uses Google Maps for the representation of maps and for the generation of directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you use additional functions of Google by, for example, clicking a map shown, you will use a service of Google beyond our control. In this case, the instructions and information provided by Google in this context will apply.

On the website accessible at www.google.com, you will find additional information on

  • Google’s terms of use (“General Terms and Conditions”),
  • additional terms of use for Google Maps/Google Earth (“Additional Terms of Use for Google Maps/Google Earth”),
  • legal notices for Google Maps/Google Earth (“Legal Notices”), as well as
  • Google’s privacy statement (“Privacy Statement”). Information on what data is collected for which purpose and what Google will do with that data can be obtained from Google’s Privacy Statement.

1.5 Other processing due to a legitimate interest

Where required, we will process your data beyond the actual performance of a contract concluded with you or a consent given by you to protect legitimate interests of us or third parties unless a careful consideration shows in an individual case that your legitimate basic rights and basic freedoms requiring the protection of personal data prevail (cf. Art. 6(1f) GDPR). Such data may include:

  • the review and optimisation of methods for the requirement analysis and direct client contact;
  • advertising or market and opinion research unless you have objected to the use of your data;
  • the assertion of legal claims and defence in the case of legal disputes;
  • guarantee of the Bank’s IT security and IT operation;
  • the prevention and investigation of criminal offences;
  • measures for business management and the further development of services and products.

2. Your rights as a user of our website

2.1 Your rights

Every data subject has a right of access according to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, and the right to data portability pursuant to Art. 20 GDPR. For the right of access and for the right to erasure, the restrictions stipulated by Sections 34 and 35 BDSG will apply. In addition, you have a right to complain with the data protection supervisory authority (Art. 77 GDPR in connection with Section 19 BDSG).

2.1.1 Revocation of consents given

You may revoke any express or implied consent given to us at any time with effect for the future.

2.1.2 Information on your right to object pursuant to Art. 21 EU General Data Protection Regulation (GDPR)

a. You have the right, for reasons arising from your specific situation, to object to the processing of your personal data at any time based on Article 6(1e) GDPR (Data Processing in the Public Interest) and Article 6(1f) GDPR (Data Processing for Purposes of Legitimate Interests); this also applies to profiling within the meaning of Article 4(4) GDPR used for credit rating or for advertising purposes.

If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or if the processing serves for the assertion, exercise or defence of legal claims.

b. In individual cases, we will process your personal data for direct marketing. You have a right to object to the processing of your personal data for the purposes of such marketing at any time; this also applies to profiling to the extent to which it is related to such direct marketing.

If you object to the processing for the purposes of direct marketing, we will no longer process your personal data for such purposes.

The objection can be formless and should preferably be addressed to:

V-BANK AG
Data Protection Officer
Arnulfstraße 58
80335 München

2.2 The assertion of all rights mentioned in Section 2.1 above is basically free of charge for you

However, in the case of obviously unfounded or, especially in the case of frequent repetition, excessive applications, we may, in accordance with Art. 12(5) GDPR, either

a. demand appropriate remuneration, taking into account the administrative costs for notifying or communicating or performing the measure applied for, or

b. refuse to act on the application.

Please contact our aforementioned Data Protection Officer in order to exercise your rights. They will be happy to provide you with additional information regarding data protection.

3. Updating this privacy statement

From time to time, an update of this privacy statement may become necessary, for example, due to new legal or administrative stipulations, as well as new offers on our website. We will inform you of updates here. Generally, we recommend you to retrieve this privacy statement on a regular basis to check whether there have been any amendments. Whether amendments have been made can be determined if, amongst other things, the “as of” date stated below has been updated.

4. Printing and saving this privacy statement

You can directly print and save this privacy statement, e.g. using the print and storage function in your browser.

5. Scope of this privacy statement

This privacy statement only applies to the contents of our website and the data processing on the servers used by us. It does not include such contents and websites of third parties to which our offer is merely linked. This, for example, applies to social networks such as Facebook, Twitter, Google+, YouTube, and so on. The processing of your personal data via these social networks is conducted by the particular network operator, without us having any influence on such processing. This also applies with regard to your personal data communicated to us via such a platform, for example, by writing to our profile in the particular social network. Information on how your personal data and its protection is handled on such platforms can be found in the privacy statement of the particular platform. However, if we store your personal data communicated to us via a social network or received from a social network and use it for the purpose of processing your enquiry or concern or for other purposes, our declarations made above in this privacy statement will naturally apply in this respect.

As of June 2018

B. Our privacy statement

With the following information, we would like to give you an overview of the processing of your personal data on our part and your rights arising from the data protection law.
What specific data is processed and the manner in which it is used is heavily dependent on the services requested or agreed upon.

1. Who is in charge of data processing, and who can I contact?

The institution in charge is:

V-BANK AG
Arnulfstraße 58
80335 München
Telefon: +49 89 7408000
Telefax: +49 89 740800222
E-Mail: info@v-bank.com

You can contact our in-house data protection officer at:

Marcel Müller
V-BANK AG
Arnulfstraße 58
80335 München
Telefon: +49 89 7408000
Telefax: +49 89 740800222
E-Mail: datenschutz@v-bank.com

2. What sources and data do we use?

We process personal data obtained from our customers within the scope of our business relationship. In addition, we process - to the extent required for the provision of our services - personal data admissibly acquired from publicly accessible sources (e.g. debtor registers, land registers, commercial and association registers, the press, Internet), or legally transmitted to us or from other third parties (e.g. credit agencies).

Relevant personal includes personal details (name, address and other contact data, date and place of birth, and nationality), identification data (e.g. identity card details), and authentification data (e.g. specimen signature). In addition, such data can comprise order data (e.g. payment order), data from the performance of our contractual obligations (e.g. transaction data in payment transactions), information on your financial situation (e.g. creditworthiness data, scoring/rating data, origin of assets), advertising and sales data (inclusive of advertising scores), documentation data, as well as other data comparable to the aforementioned categories.

3. For what purpose do we process your data (purpose of processing), and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation („GDPR") and the Federal Data Protection Act („BDSG"):

a) For the performance of contractual obligations (Art. 6 (1b) GDPR)

Data is processed to perform bank transactions and financial services within the scope of the performance of our contracts concluded with our clients or for the performance of pre-contractual measures upon request. The purposes of data processing are primarily based on the specific product (e.g. account, loan, home savings, securities, deposits, brokerage) and can, amongst other things, comprise requirement analyses, asset management, and the conduct of transactions. You can obtain further details on data processing purposes from the decisive contractual documents and business terms and conditions.

b) Within the scope of legitimate interests (Art. 6 (1f) GDPR)

Where required, we will process your data beyond the actual performance of the contract in order to protect our or third parties legitimate interests. Examples:

  • Consultation of and data exchange with credit agencies (e.g. SCHUFA) for the assessment of credit and default risks in the credit business and of the requirement in respect of the account exempt from attachment or basic account
  • Review and optimisation of methods for the requirement analysis for the purpose of direct client contact
  • Advertising or market and opinion research unless you have objected to the use of your data
  • Assertion of legal claims and defence in the case of legal disputes
  • Ensuring the Bank's IT security and IT operation
  • Prevention and investigation of criminal offences
  • Video surveillance to protect the domiciliary right, collect evidence in the case of robberies or fraud, or prove deposits and pay-ins, e.g. at ATMs (cf. also Section 4 BDSG)
  • Measures for building and plant safety (e.g. access controls)
  • Measures for guaranteeing the domiciliary right
  • Measures for business management and for the further development of services and products

c) Due to your consent (Art. 6 (1a) GDPR)

Where you have given us the consent for the processing of personal data for specific purposes (e.g. transfer of data within the group, evaluation of payment transaction data for marketing purposes), the lawfulness of such processing is given on the basis of your consent. A given consent may be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into effect, i.e. before 25 May 2018. Revocation of the consent will not affect the legitimacy of data processed before revocation.

d) Due to legal specifications (Art. 6 (1c) GDPR) or in the public interest (Art. 6 (1e) GDPR)

In addition, we - as a Bank - are subject to various legal obligations, i.e. statutory requirements (e.g. the German Banking Act ("KwG"), the German Act to Fight Money Laundering ("GwG"), the German Securities Trading Act ("WpHG"), tax laws), and bank regulatory requirements (e.g. the European Central Bank, the Committee of European Banking Supervisors, the German Bundesbank, and the German Federal Institute for Financial Services Supervision ("BaFin")). The purposes of processing include, amongst others, the checking of creditworthiness, identity and age verification, prevention of fraud and money laundering, the compliance with control and reporting duties under the tax law, as well as the assessment and management of risks in the Bank.

4. Who will receive my data?

Within the Bank, those persons/departments will receive access to your data that need such data for the performance of our contractual and statutory obligations. Also service providers and vicarious agents employed by us may receive data for such purposes if they keep the bank secret. These are companies in the categories of credit services, IT services, logistics, print services, telecommunication, collection, consultancy and consulting, as well as sales and marketing.

With regard to passing on data to receivers outside our Bank, it should be noted at first that we, as a Bank, are obliged to maintain secrecy of all client-related facts and valuations of which we acquire knowledge (bank secret according to No. 2 of our Terms of Business). We may only pass on information about you if we are legally required to do so, if you have given your consent thereto, or if we are authorised to disclose banking affairs. Under these conditions, receivers of personal data can, for example, be:

  • Public authorities and institutions (e.g. the German Bundesbank, the German Federal Institute for Financial Services Supervision ("BaFin"), the European Banking Authority, the European Central Bank, financial authorities, law enforcement authorities) in the case of a legal or regulatory obligation.
  • Other credit and financial services institutions or comparable institutions to which we transmit personal data for performing the business relationship with you (depending on the contract concluded, e.g. correspondent banks, custodian banks, stock exchanges, credit agencies).

Further data receivers can be those bodies for which you have given us your consent to data transmission or for which you have exempted us from the bank secret according to agreement or consent.

5. Will data be transmitted to a third country or to an international organisation?

Transfer of data to bodies in countries outside the European Union (so-called third countries) will take place where:

  • required for the execution of your orders (e.g. payment and securities orders)
  • prescribed by law (e.g. fiscal reporting duties), or
  • you have given us your consent

6. How long will my data be stored?

We will process and save your personal data as long as this is required to fulfil our contractual and statutory obligations. It should be noted that our business relationship is a continuing obligation created for years. If data is no longer required for the fulfilment of contractual or statutory obligations, it will be deleted on a regular basis unless its - time limited - further processing is required for the following purposes:

  • Compliance with retention obligations under commercial and fiscal law, namely the German Commercial Code ("HGB"), the German tax code ("AO"), the German Banking Act ("KwG"), the German Act to Fight Money Laundering ("GwG"), and the German Securities Trading Act ("WpHG"). The time limits for retention or documentation stipulated therein are two to ten years.
  • Maintenance of evidence within the scope of statutory limitation rules. These periods of limitation can last up to 30 years pursuant to Sections 195 et seq. of the German Civil Code ("BGB"), with the regular period of limitation being three years.

7. What data protection rights do I have?

Every data subject has a right of access according to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, the right to object according to Art. 21 GDPR, and the right to data portability pursuant to Art. 20 GDPR. For the right of access and for the right to erasure, the restrictions stipulated by Sections 34 and 35 BDSG will apply. In addition, you have a right to complain with the competent data protection supervisory authority (Art. 77 GDPR in connection with Section 19 BDSG).

You may revoke a consent granted for the processing of personal data at any time. This also applies to the revocation of declarations of consent given to us before the general data protection regulation came into effect, i.e. before 25 May 2018. Please note that the revocation will only be effective for the future. Processing prior to the revocation will not be affected thereby.

8. Am I obliged to provide data?

Within the scope of our business relationship, you must furnish that personal data required for the establishment and conduct of a business relationship and for the fulfilment of contractual obligations related therewith, or which we must collect by law. Without this data, we will usually not be able to conclude a contract with you or perform a contract concluded with you.

In particular, we are obliged in accordance with the German Act to Fight Money Laundering to identify you based on your identification document prior to establishing a business relationship and collect and store your names, place and date of birth, nationality, address, and identification document details. In order to meet this statutory obligation, you must provide us with the necessary information and documents as required by the German Act to Fight Money Laundering and promptly report changes occurring during the course of the business relationship. Should you not furnish the required information and documents, we may not establish or continue the business relationship requested by you.

9. To what extent is there automated decision-making?

On principle, we do not use fully automated decision-making according to Art. 22 GDPR to establish and conduct the business relationship. Should we use such methods in individual cases, we will inform you thereof separately if stipulated by law.

10. Does Profiling take place?

We partly process your data in an automated manner with the aim to evaluate certain personal aspects ("Profiling"). For example, we use Profiling in the following cases:

  • Due to statutory and regulatory provisions, we are obliged to fight money laundering, the financing of terrorism, and asset jeopardising offences. In this process, data evaluation (amongst others, in payment transactions) takes place as well. These measures serve your protection at the same time.
  • We use evaluation instruments in order to be able to inform and consult you purposefully on products. These enable needs-based communication and advertising including market and opinion research.
  • We use scoring to assess your creditworthiness. In this process, the probability is calculated with which a client will meet their contractual payment obligations. For example, income, expenses, existing liabilities, occupation, employer, term of employment, experience from previous business relationships, repayment of previous loans according to contract, and information provided by credit agencies will be taken into account for the calculation. Scoring is based on mathematically/statistically recognised and reliable methods. The calculated score values assist us with decision-making within the scope of banking products and are taken into account for the ongoing risk management.

You may also download V-BANK AG’s privacy statement here.

C. Information on your right to object

1. Individual right to object

You have the right to object to the processing of your personal data at any time for reasons arising from your specific situation based on Article 6(1e) GDPR (Data Processing in the Public Interest) and Article 6(1f) GDPR (Data Processing for Purposes of Legitimate Interests); this also applies to Profiling within the meaning of Article 4(4) GDPR based on this provision.

If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or if the processing serves for the assertion, exercise or defence of legal claims.

2. Right to object to the processing of data for purposes of direct marketing

In individual cases, we will process your personal data for direct marketing. You have the right to object to the processing of your personal data for the purposes of such marketing at any time; this also applies to Profiling to the extent to which it is related to such direct marketing.

If you object to the processing for the purposes of direct marketing, we will no longer process your personal data for those purposes.
The objection can be formless and should preferably be addressed to:

Marcel Müller
Data Protection Officer
V-BANK AG
Arnulfstraße 58
80335 München
Telefon: +49 89 7408000
Telefax: +49 89 740800222
E-Mail: datenschutz@v-bank.com