Privacy policy
Our handling of your data and your rights
Information pursuant to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
We hereby inform you about the processing of your personal data by us the Internationales Bankhaus Bodensee AG and the claims and rights to which you are entitled according to the data protection regulations.
Which data is processed in detail and how it is used depends primarily on the requested or agreed services.
1. who is responsible for data processing and whom can I contact?
Responsible entity is:
Internationales Bankhaus Bodensee AG
Otto-Lilienthal-Str. 8
88046 Friedrichshafen
Telefon: +49 7541 304-0
Fax: +49 7541 304-199
E-Mail-Adresse: kontakt@ibb-ag.com
You can reach our data protection officer at:
Internationales Bankhaus Bodensee AG
Aron Mildemann
Data Protection Officer
Otto-Lilienthal-Str. 8
88046 Friedrichshafen
E-Mail-Adresse: aron.mildemann@ibb-ag.com
2. what sources and data do we use?
We process personal data that we receive from you in the course of our business relationship. In addition, we process – to the extent necessary for the provision of our services – personal data that we have received from other companies or from other third parties (e.g. credit agencies) in a permissible manner (e.g. for the execution of orders, for the fulfillment of contracts or on the basis of consent given by you). In addition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. debtor lists, land registers, commercial and association registers, press, media) and are allowed to process.
Relevant personal data are personal details (name, address and other contact details, date of birth, place of birth and nationality), legitimation data (e.g. ID card data) and authentication data (e.g. specimen signature). In addition, this may also include order data (e.g., payment order, securities order), data from the fulfillment of our contractual obligations (e.g., turnover data in payment transactions, credit lines, product data [e.g., deposit and custody business), information about your financial situation (e.g., creditworthiness data, scoring/rating data, origin of assets), advertising and sales data (including advertising and marketing). (e.g., deposit, loan, and custody business), information about your financial situation (e.g., creditworthiness data, scoring/rating data, origin of assets), advertising and sales data (including advertising scores), documentation data (e.g., advisory log), register data, data about your use of the telemedia we offer (e.g., data about your use of the Internet), and data about your use of the Internet. B. Time of the call of our websites, apps
or newsletter, clicked pages or entries) as well as other data comparable to the categories mentioned.
3. what do we process your data for (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG-neu).
3.1 For the fulfillment of contractual obligations (Article 6 para. 1b DSGVO)
The processing of personal data (Article 4 No. 2 DSGVO) is carried out for the purpose of providing and arranging banking transactions, financial services and insurance and real estate transactions, in particular for the execution of our contracts or pre-contractual measures with you and the execution of your orders, as well as all activities necessary with the operation and management of a credit and financial services institution.
The purposes of data processing depend primarily on the specific product (e.g., account, loan, securities, deposit, brokerage, online banking, life and pension insurance, credit cards) and may include, but are not limited to, needs analysis, advice, asset management and support, and transaction execution.
Further details on the purpose of data processing can be found in the respective contract documents and terms and conditions.
3.2 Within the framework of the balancing of interests (Article 6 para. 1f DSGVO)
To the extent necessary, we process your data beyond the actual performance of the contract to protect legitimate interests of us or third parties such as in the following cases:
- Consultation of and data exchange with credit agencies to determine creditworthiness or default risks and the need for a garnishment protection account or basic account;
- Testing and optimization of procedures for needs analysis and direct customer contact;
- advertising or market and opinion research, unless you have objected to the use of your data;
- Assertion of legal claims and defense in legal disputes;
- Ensure information security and IT operations of the Bank;
- Prevention and detection of crime;
- Building and facility security measures (e.g., access controls);
- Measures to ensure the right of domicile;
- Measures for business management and further development of services and products.
3.3 Based on your consent (Article 6 (1a) DSGVO)
Insofar as you have given us consent to process personal data for specific purposes (e.g. transfer of data within the group, evaluation of payment transaction data for marketing purposes, business partners), the lawfulness of this processing is based on your consent. Consent given can be revoked at any time. This also applies to the revocation of declarations of consent that – such as the SCHUFA clause – were issued to us before the DSGVO came into force, i.e. before May 25, 2018.
Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
3.4 Due to legal requirements (Article 6 para. 1c DSGVO) or in the public interest (Article 6 para. 1e DSGVO)
As a bank, we are also subject to various legal obligations, i.e., statutory requirements (e.g., German Banking Act, German Money Laundering Act, German Securities Trading Act, German tax laws) and banking supervisory requirements (e.g., of the European Central Bank, the European Banking Authority, the Deutsche Bundesbank, and the German Federal Financial Supervisory Authority). The purposes of the processing include, among others, creditworthiness checks, identity and age checks, fraud and money laundering prevention, the fulfillment of control and reporting obligations under tax law, and the assessment and management of risks.
4. who gets my data?
Within the bank, access to your data is granted to those offices that require it in order to fulfill our contractual and legal obligations. Contractors used by us (Article 28 DSGVO) may also receive data for these purposes. These are companies in the categories of credit services, IT services, logistics, printing services, telecommunications, debt collection, consulting and advisory services, and sales and marketing.
With regard to the transfer of data to recipients outside the Bank, it should first be noted that, under the General Terms and Conditions agreed between you and us, we are obliged to maintain secrecy about all customer-related facts and evaluations of which we become aware (banking secrecy). We may only disclose information about you if required to do so by law, if you have consented, or if we are authorized to disclose banking information. Under these conditions, recipients of personal data may be, for example:
- Public bodies and institutions (e.g. Deutsche Bundesbank, German Federal Financial Supervisory Authority, European Banking Authority, European Central Bank, financial authorities) in the event of a statutory or regulatory obligation.
- Other credit and financial services institutions or comparable institutions to which we transmit personal data in order to carry out the business relationship with you (depending on the contract: e.g. correspondent banks, custodian banks, stock exchanges, credit agencies).
Other data recipients may be those entities for which you have given us your consent to transfer data or for which you have released us from banking secrecy pursuant to an agreement or consent.
5. how long will my data be stored?
To the extent necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. It should be noted that our business relationship is a continuing obligation that is intended to last for years.
In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG), among other things. The periods specified there for storage or documentation are two to ten years.
Finally, the storage period also results from the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to thirty years.
6. is data transferred to a third country or to an international organization?
Data is only transferred to third countries (countries outside the European Economic Area – EEA) if this is necessary to execute your orders (e.g. payment and securities orders) or is required by law, or if you have given us your consent. We will inform you separately about details, if required by law.
7. what data protection rights do i have?
Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR and the right to data portability under Article 20 GDPR. With regard to the right to information and the right of deletion, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Article 77 DSGVO in conjunction with Section 19 BDSG).
8. is there an obligation to provide data?
Within the scope of our business relationship, you only have to provide the personal data that is required for the establishment, implementation and termination of a business relationship or that we are legally obligated to collect. Without this data, we will usually have to refuse to conclude the contract or execute the order, or we will no longer be able to perform an existing contract and may have to terminate it.
In particular, we are obligated under money laundering regulations to identify you prior to the establishment of the business relationship, for example, on the basis of your identity card, and to collect your name, place of birth, date of birth, nationality and residential address. In order for us to comply with this legal obligation, you must provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into the business relationship you have requested.
9. to what extent is there automated decision-making in individual cases?
For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making pursuant to Article 22 DSGVO. If we use these procedures in individual cases, we will inform you separately if required by law.
10. to what extent will my data be used for profiling (scoring)?
We partially process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:
- Due to legal and regulatory requirements, we are obligated to combat money laundering, terrorism financing, and asset-threatening crimes. Data evaluations (including payment transactions) are also carried out. These measures also serve to protect you at the same time.
- We use evaluation tools to provide you with targeted information and advice on products. These enable needs-based communication and advertising, including market and opinion research.
- As part of our assessment of your creditworthiness, we use scoring. This involves calculating the probability that a customer will meet its payment obligations in accordance with the contract. The calculation may include, for example, income history, expenses, existing liabilities, occupation, employer, length of employment, past business experience, repayment of previous loans in accordance with the contract, and information from credit reporting agencies. Scoring is based on a mathematically-statistically recognized and proven procedure. The score values calculated support us in our decision-making process when concluding product deals and are incorporated into ongoing risk management.
Information on the right to object
Information pursuant to Article 21 of the General Data Protection Regulation (GDPR)
- You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1e) GDPR (data processing in the public interest) and Article 6(1f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR, which we use to assess creditworthiness or for advertising purposes.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
- In individual cases, we process your personal data in order to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is associated with such direct advertising.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made form-free and should preferably be addressed to:
Internationales Bankhaus Bodensee AG
Aron Mildemann
Data Protection Officer
Otto-Lilienthal-Str. 8
88046 Friedrichshafen
E-Mail: aron.mildemann@ibb-ag.com
