The provisions of the EU General Data Protection Regulation took effect on 25 May 2018. The Data Protection Notice is intended to provide you with an overview of the processing of your personal data in UniCredit Bank AG and your rights under data protection law.
Whether you are customer, prospective customer or visitor of our websites, you have the right to know, how we use your data if you utilize our internet presence. To put it plainly, you can find further information among Data Privacy Statement, Consent, Security and Cookies.
The Data Privacy Statement applies for the Internet presence WWW.HYPOVEREINSBANK.DE of the UniCredit Bank AG (hereinafter: HypoVereinsbank). The pages in this presence include links to other web pages (e.g. web pages of other providers or other web pages of HypoVereinsbank) which is not covered by this Data Privacy Statement. If you leave this Internet presence by following the link, it is recommended to study the Data Protection Notice of the relevant web page.
At HypoVereinsbank we process personal data as a matter of principle in accordance with data protection laws.
Below you can easily get an overview of the data processed within this web page and the manner in which the data is processed. Furthermore we inform you about your rights under data protection law whom you can contact to helping you on questions.
The responsible party is:
You can reach our Corporate Data Protection Officer at:
We process the personal data that we obtain from you, if you are interested in our products, sign up for a web service, contact us by E-Mail, Chat, or a contact form. Relevant personal data of prospective customers, applicants or customers can include:
When visiting the website we obtain by our IT systems technical data, as for example information about the internet browser, the operating system or the time of page view, in order to ensure an accurate provision of the website. The collection of data takes place, as soon as you open the website and is indispensable for the operation of the site.
In the context of our Internet presence we collect in additional data as for instance IP addresses and unique identifiers of devices as well as anonymous data about your online habits. This helps us to realize, whether and how you are on the way to our websites, in order to configure our web presence user-oriented and in line with demand.
Further information can be found on COOKIES .
In the context of our Internet presence we process various types of personal data in the following way:
Any processing and use of your personal data extending beyond takes only place - except for the cases where we are legally bound - if you have given us your consent. On some sides of this website you have the opportunity to provide your consent (e.g. in order to contact you by telephone). In case of providing consent the purpose of data processing is predetermined. It goes without saying that consent is freely given and that your consent can be revoked at any time by telephone on 0800/1090903 or alternatively by forwarding an email to firstname.lastname@example.org .
For the purpose of meeting contractual obligations (Art. 6 para. 1 b GDPR)
Data are processed to conduct banking business and provide financial services under the contracts with our customers and to implement pre-contractual measures, upon request (e.g. product and advisory inquiries of prospective customers and customers). The purposes for which data processing is used primarily depend on the specific product (e.g. consumers financing, account, loan) and can include requirements analysis and product selection, among other things. You can find additional details regarding the purposes for which data processing is utilized in the relevant contract documents and standard terms of business.
As part of balancing of interests (Art. 6 para. 1 f GDPR)
In addition to processing your data for the actual performance of the contract or for pre-contractual measures, we process your data to the extent necessary to protect our legitimate interests and those of third parties. Examples:
With your consent (Art. 6 para. 1 a GDPR)
To the extent that you have given us your consent to process your personal data for specific purposes (e.g. telephone contact and promotional approach), such processing is lawful based on your consent. Once given, your consent can be revoked at any time. This also applies to declarations of consent provided to us before the GDPR takes effect, i.e. before 25 May 2018. The revocation of consent does not affect the lawfulness of data processed before the revocation.
Based on legal obligations (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)
Moreover, as a bank, we are subject to various legal obligations, i.e. statutory requirements (e.g. the German Banking Act [Kreditwesengesetz], the Money-Laundering Act [Geldwäschegesetz], the Securities Trading Act [Wertpapierhandelsgesetz], and the tax laws) as well as bank regulatory requirements (e.g. those imposed by the European Central Bank, the European banking regulator, the German Central Bank and the German Federal Financial Supervisory Authority). The purposes for which processing is used include fraud and money-laundering prevention and the fulfilment of control and reporting obligations under tax laws.
Within the Bank, those parties that need access to your data to meet our contractual and statutory obligations receive such access. Service providers and agents utilised by us can also receive data for these purposes if they maintain banking secrecy and data protection. With regard to this website we utilise companies in the categories of IT services as well as marketing and online audience measurement. We only engage selected service providers which are contractually obliged to process data solely in line with our instructions.
With respect to the disclosure of data to recipients outside of our Bank, it should first be noted that, as a bank, we are obliged to maintain confidentiality with respect to all customer-related facts and assessments of which we obtain knowledge (banking secrecy in accordance with No. 2 of our Standard Terms of Business [OH(-U1] [LK(-U2] ). We may only disclose information regarding you when statutory provisions so require or when you have consented to this or we are authorised to issue a bank reference. Under these conditions, the following parties may receive your personal data, e.g.:
In the context of this internet presence UniCredit Bank AG transmits no personal data to locations in countries outside of the European Economic Area (so-called third countries). However, UniCredit Bank AG uses service providers for certain tasks, many of which also use service providers that may have their headquarters, parent companies or data centers in a third country.
Data transfer is permissible if the European Commission has decided that there is an adequate level of protection in the third country (Art. 45 GDPR). If the Commission has not made such a decision, UniCredit Bank AG or the service provider may only transfer personal data to a service provider in a third country if suitable guarantees have been provided (standard data protection clauses, which have been accepted by the Commission or the supervisory authority in a specific proceeding) and enforceable rights and effective legal remedies are available.
In addition, UniCredit Bank AG has contractually agreed with its service providers that basic data protection, which complies with the European level of data protection, must always be ensured by their contract partners.
We process and store your personal data for as long as this is necessary for the relevant processing purposes.
If the data are no longer necessary to meet contractual or statutory obligations, they are deleted on a regular basis, unless there is a need to further process the data – for a limited period of time – for the following purposes: To meet retention obligations under commercial and tax law: Such laws include the German Commercial Code (HGB), the Tax Code (AO), the Banking Act (KWG), the Money-Laundering Act (GwG) and the Securities Trading Act (WpHG). These laws prescribe two- to ten-year retention or documentation periods.
Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions in §§ 34 and 35 BDSG apply to the right to information and the right of erasure. In addition, there is a right to lodge a complaint with a competent data protection authority (Article 77 GDPR in conjunction with § 19 BDSG).
In the case that you claim your data protection rights please contact our Corporate Data Protection Officer by reference to the Internet Presence www.hypovereinsbank.de. You can find further information about the processing of personal data by UniCredit Bank AG and your rights under data protection law at hvb.de/eu-gdpr-information .
This Internet presence doesn’t contain social plugins of social networks such as Facebook, Google+ or Twitter, but only hyperlinks to social networks. Hence these networks have no way of reconstructing your activities on our websites.
On our Internet presence www.hypovereinsbank.de we deploy YouTube on a few pages. YouTube is a videoportal of YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as „YouTube“. YouTube is a subsidiary company of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as „Google“. According to the privacy shield certification („EU-US Privacy Shield“) - see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active - Google and YouTube as subsidiary company warrant that they comply with EU data protection requirements as with the data processing in US.
We utilise YouTube in connection with a 2-click-solution in order to show videos to you. By using this solution for the integration of YouTube videos, we ensure that by starting the video you agree and consent with loading the YouTube player and therefore make a connection with YouTube’s server and transfer data. Before your video start, a YouTube connection is not made automatically. You will know a YouTube connection has been started when you see start screen „starting YouTube Video“. By clicking on YouTube Video information (including your IP-Address, the date, the time as well as the webpage visited by you) is transferred to the server of YouTube resp. Google in US. Moreover a connection is established to the commercial network „DoubleClick“ of Google. By starting the video further data processing operations can be initiated. Please note, that we have no influence on this.
Videos without designation within the start screen „starting YouTube Video“ are on our servers and don’t establish a connection to YouTube.
In case you are logged on YouTube at the same time, YouTube allocates the connection information to your YouTube-account. If you want to prevent this, you need to log off on YouTube or to adjust the settings in your YouTube-user account before you visit our Internet presence. For the purpose of functionality and analysis of user behaviour YouTube stores permanently cookies over your internet browser on your device. If you disagree with the processing, you can adjust the settings in your internet browser, in order to hamper the storage of cookies. You can find further information of Google about the collection and use of data, your rights in this regard and protection measures on https://www.google.de/intl/de/policies/privacy/
A cookie is a small file which saves settings, whereby almost every website uses the cookie technology. Cookies will be created when you visit the website for the first time, they will be set by the website in your internet browser. If you visit the website again with the same device, the cookie data will be sent to our website (First Party Cookie) or it will be sent to another website which set the cookie by itself (Third Party Cookie).
Depending on their functionality and purpose, cookies can be categorized in one of the following categories: absolutely necessary / functional cookies, statistical, marketing as well as personalisation cookies.
By using our cookie banner, you can decide which cookie category you like to allow or not. Beside the settings in the cookie banner, you can also allow or deny the setting of cookies directly in your browser settings. The cookie banner will be added gradually to all pages on hypovereinsbank.de.
In the following part we provide a list, which purpose it is to make transparent what cookies will be set in which cookie category and for which purpose and provider.
Absolutely necessary functional cookies, without these cookies our website cannot function correctly. These cookies are set by HypoVereinsbank directly and therefore are so called First Party cookies. Furthermore, these cookies are part of a functionality which enables the switch from unencrypted http to encrypted https, therefore enabling higher security standards. Last but not least functional cookies are also used to save your decision, which cookie categories you allowed or not.
Absolutely necessary functional cookies cannot be turned off. But you can deny all cookies by using your browser settings if you like to do so. But we like to point out, that if you do so, our website may not work correctly in some parts or not work at all.
RLSESSIONID_HVB2 & 1
PrimeFaces cookie, which is used for the component library for JavaServer Faces-based applications
Provides a better detection if users came from a search engine to the page
Is used to save which cookie categories were allowed or denied by the user
DynaTrace cookie (technical Servermonitoring)
DynaTrace cookie (technical Servermonitoring)
DynaTrace cookie (technical Servermonitoring)
DynaTrace cookie (technical Servermonitoring)
DynaTrace cookie (technical Servermonitoring) RuxitAgent
Cookie used for banking functionality
Defines the name of the current page
Technical session control cookie & load balancing of our webservers
Detects, if the data for the navigation was already loaded, to be able to optimize loading times
To be able to analyse the usage of our website, we use the analytics provider Adobe (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland). Website usage is not recorded in the Online Banking section of our page. The website is analysed by using the tool “Adobe Analytics”. Adobe Analytics saves a shortened version of your IP address, therefore it is not possible to use your original IP address in any way.
In general, we don’t transfer any clear text personal identifiable information to Adobe Analytics. Such data fields will be converted to a pseudonym by using the SHA-256 hashing algorithm. By that Adobe and other external service providers cannot get and save clear text personal identifiable information of our users.
Data is collected and calculated for the sole purpose of creating statistical reports, by using these reports we can monitor and optimise our webpage to create a better user experience.
We do base this data processing on legitimate interest (Article 6, paragraph 1 f DSGVO).
This cookie is used to identify, if the browser supports setting cookies
Contains the information, if the user used an ad campaign to get to the site
This cookie is used as a fallback if the original cookie s_vi cannot be set, it contains a random generated unique ID together with a date/timestamp
This cookie saves a timestamp, when the user visited the page the last time
This cookie saves he amount of days the user last visited the page
This cookie is used for checking if the users visit is a recurring visit or the first visit
This cookie saves, for a better data processing, a complete combined value out of different single cookie values
This cookie saves, for a better data processing, a complete combined value out of different single cookie values (with only a session expiration date)
This cookie, as well as s_pv9, saves how much of a percentage the current page was scrolled down and therefore seen
This cookie, as well as s_ppv, save how much of a percentage the current page was scrolled down and therefore seen
This cookie contains the information about the last clicked link of a user
This cookie is used to save the, so called, visitor id. This is a random generated unique ID together with a date/timestamp. It is mostly used to identify if the user is visiting the site for the first time or if it’s a recurring visit.
This cookie saves if the currently opened page, is the page the user started the visit.
You have the right to opt out of any kind of statistical recording. Your opt out will also take an effect on the fact that no relation can be made between your contact request and the ad you clicked before to come to the site. If you decide to disagree to the recording of statistical data, a special blocking-cookie will be set on your device. Please note: If you delete this blocking-cookie or use another web browser or device, you have to activate the opt out / blocking-cookie again.
You can opt out from the statistical recording directly on the site of our partner Adobe, please click here and use the opt out link “Click here” to opt out.
Opt in again:
You can revoke a previous opt out by visiting the site of our partner Adobe directly, please click here and use the opt in link under “Click here” to opt out.
These cookies are opt-in-only, this means data and cookies will only be transferred in this category, if you explicitly give us your consent. This consent is given when you check the corresponding category entry in the cookie banner and then click “Accept selection” in the details layer or when you click on “Accept all” / “Accept” in the standard layer (both of these option opt in for all categories).
By doing our marketing campaigns we work sometimes with the external company named Salesfeeder to track certain pages on hypovereinsbank.de. These sites are for example contact request pages as well as online orders of our offered products. By getting data from us, this company is not enabled to get a direct relation to you as a person. We use the data to get a statistical reporting how well our marketing campaigns are performing considering different details about online orders made. As an example: We measure which ad placement leads to an online product sale.
The following cookies are set from marketing related tags:
Das Cookie speichert den Browser-Fingerprint des Nutzers, anhand dessen man erkennen kann, ob der Nutzer die Website schon einmal besucht hat und über welche Marketing-Kampagne der Nutzer die Seite besucht hat.
Das Cookie speichert die jeweils vom Benutzer aufgerufene pageId, um zu erkennen, ob der Nutzer von einer HVB-Seite gekommen ist
Das Cookie speichert eine zufällig generierte, eindeutige ID (Unique User Id), anhand derer man erkennen kann, ob der Nutzer die Website schon einmal besucht hat.
Sofern in Vergangenheit ein opt-out für das Salesfeeder Tool vorgenommen wurde, speichert dieser Cookie, dass dieser stattgefunden hat und keine Daten mehr gesendet werden.
Even when you opted in and gave your consent, you have the right to revoke this consent. Your opt out will also take an effect on the fact that no relation can be made between your contact request and the ad you clicked before to come to the site.
If you decide to disagree to the recording of statistical data, a special blocking-cookie will be set on your device. Please note: If you delete this blocking-cookie or use another web browser or device, you have to activate the opt out / blocking-cookie again.
Next to the possibility to revoke within the cookie banner, you can also explicitly use the option of our partner Salesfeeder. Therefor please click here .
We provide you a convenient solution, which you can use to opt in or opt out certain cookie categories. The different third party cookies are grouped into these categories. You can use the different sliders in the cookie banner, to opt in or opt out of these different categories. Please click
to reset your settings and reopen the cookie banner again, to be able to change your settings.
If a category is turned off and this setting is confirmed, all third party cookies of this category will not be activated and therefore blocked. In this case no data will be transmitted to those third parties.
If a category is turned on again by you or if the setting is already activated and the default setting is not changed, all third party cookies out of the category will be loaded and therefore data will be transferred to the third parties.
You can also block or delete cookies entirely by using your browser settings. Most browsers provide dedicated settings to manage your cookies to be able to accept, deny them or only accept a certain kind of cookies. You can find the documentation about these settings in the integrated help function of your browser. If you deny all or certain cookies on our website, some functional features may not work correctly.
We can respond even more specifically to your individual needs if you allow us to use your data beyond what is stated in the data protection declaration. You can provide us with a corresponding declaration of consent via "To consent". Since for technical reasons we can only make this offer to registered users, you must first register via "Log In" before you can declare your consent.
Everything possible is done using the latest technology to ensure that your data is secure on the Internet and on the bank's computers. Here you can find out what we can do and what you can do to help:
Version vom 25.05.2018