Data Protection Notice

The provisions of the EU General Data Protection Regulation took effect on 25 May 2018. The Data Protection Notice is intended to provide you with an overview of the processing of your personal data in UniCredit Bank AG and your rights under data protection law.

Whether you are customer, prospective customer or visitor of our websites, you have the right to know, how we use your data if you utilize our internet presence. To put it plainly, you can find further information among Data Privacy Statement, Consent, Security and Cookies.


Data Privacy Statement

The Data Privacy Statement applies for the Internet presence WWW.HYPOVEREINSBANK.DE  of the UniCredit Bank AG (hereinafter: HypoVereinsbank). The pages in this presence include links to other web pages (e.g. web pages of other providers or other web pages of HypoVereinsbank) which is not covered by this Data Privacy Statement. If you leave this Internet presence by following the link, it is recommended to study the Data Protection Notice of the relevant web page.

At HypoVereinsbank we process personal data as a matter of principle in accordance with data protection laws.  

Below you can easily get an overview of the data processed within this web page and the manner in which the data is processed. Furthermore we inform you about your rights under data protection law whom you can contact to helping you on questions.

Who is responsible and contact person for data processing?

The responsible party is:

UniCredit Bank AG
Arabellastr. 12
81925 München
Telefon: +49 (0)89 378 – 0
E-Mail-Adresse:

You can reach our Corporate Data Protection Officer at:

UniCredit Bank AG
Datenschutzbeauftragter
Postfach
80311 München
Telefon: +49 (0)89 378 – 0
E-Mail-Adresse:

 

What kind of personal data do we use?

We process the personal data that we obtain from you, if you are interested in our products, sign up for a web service, contact us by E-Mail, Chat, or a contact form. Relevant personal data of prospective customers, applicants or customers can include:

  • Personal details (e.g. name, address, e-mail address and other contact data)
  • Order-related data (e.g. your banking account, tax identification number (TIN))
  • Information regarding your financial situation (such as your monthly expenses)
  • And other data comparable to the above categories.

When visiting the website we obtain by our IT systems technical data, as for example information about the internet browser, the operating system or the time of page view, in order to ensure an accurate provision of the website. The collection of data takes place, as soon as you open the website and is indispensable for the operation of the site.

In the context of our Internet presence we collect in additional data as for instance IP addresses and unique identifiers of devices as well as anonymous data about your online habits. This helps us to realize, whether and how you are on the way to our websites, in order to configure our web presence user-oriented and in line with demand.

Further information can be found on  COOKIES .

How and for which purpose do we process your data?

In the context of our Internet presence we process various types of personal data in the following way:

  • If you enroll for a service and give your personal details (as for example your name, address or email-address) we use your data only in order to communicate with you and for the purpose you dedicated your data to us respectively as far as this is necessary for the implementation of the service. If you enroll for a newsletter subscription, we use your data only for the newsletter-subscription.
  • If you use our Internet presence in order to forward a message directly to us or place an order, we use your data after processing your order or your message in order to inform you about the subject you addressed in your message or about other subjects. This doesn’t apply if you objected to the use and the processing of data for purposes of direct advertising.

Any processing and use of your personal data extending beyond takes only place - except for the cases where we are legally bound - if you have given us your consent. On some sides of this website you have the opportunity to provide your consent (e.g. in order to contact you by telephone). In case of providing consent the purpose of data processing is predetermined. It goes without saying that consent is freely given and that your consent can be revoked at any time by telephone on 0800/1090903 or alternatively by forwarding an email to  info@unicredit.de .

On what legal basis do we process your data?

For the purpose of meeting contractual obligations (Art. 6 para. 1 b GDPR)

Data are processed to conduct banking business and provide financial services under the contracts with our customers and to implement pre-contractual measures, upon request (e.g. product and advisory inquiries of prospective customers and customers). The purposes for which data processing is used primarily depend on the specific product (e.g. consumers financing, account, loan) and can include requirements analysis and product selection, among other things. You can find additional details regarding the purposes for which data processing is utilized in the relevant contract documents and standard terms of business.

As part of balancing of interests (Art. 6 para. 1 f GDPR)

In addition to processing your data for the actual performance of the contract or for pre-contractual measures, we process your data to the extent necessary to protect our legitimate interests and those of third parties. Examples:

  • Consulting and exchanging data with credit bureaus (e.g. SCHUFA) to determine the credit risk or risk of default in the lending transaction and the need for an attachment protection account or a basic account,
  • Examining and optimizing requirements analysis procedures for the purpose of direct customer contact,
  • Advertising or market-and-opinion research, to the extent that you have not objected to this use of your data,
  • Analysis of information we obtain for quality improvement upon visiting our website,
  • Analysis of results of marketing efforts in order to measure the efficiency and the relevance of our campaigns,
  • Ensuring IT security and the security of the Bank’s IT operations,
  • Taking measures to manage the business and further develop services and products

With your consent (Art. 6 para. 1 a GDPR)

To the extent that you have given us your consent to process your personal data for specific purposes (e.g. telephone contact and promotional approach), such processing is lawful based on your consent. Once given, your consent can be revoked at any time. This also applies to declarations of consent provided to us before the GDPR takes effect, i.e. before 25 May 2018. The revocation of consent does not affect the lawfulness of data processed before the revocation.

Based on legal obligations (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

Moreover, as a bank, we are subject to various legal obligations, i.e. statutory requirements (e.g. the German Banking Act [Kreditwesengesetz], the Money-Laundering Act [Geldwäschegesetz], the Securities Trading Act [Wertpapierhandelsgesetz], and the tax laws) as well as bank regulatory requirements (e.g. those imposed by the European Central Bank, the European banking regulator, the German Central Bank and the German Federal Financial Supervisory Authority). The purposes for which processing is used include fraud and money-laundering prevention and the fulfilment of control and reporting obligations under tax laws.

Who receives your data?

Within the Bank, those parties that need access to your data to meet our contractual and statutory obligations receive such access. Service providers and agents utilised by us can also receive data for these purposes if they maintain banking secrecy and data protection. With regard to this website we utilise companies in the categories of IT services as well as marketing and online audience measurement. We only engage selected service providers which are contractually obliged to process data solely in line with our instructions.

With respect to the disclosure of data to recipients outside of our Bank, it should first be noted that, as a bank, we are obliged to maintain confidentiality with respect to all customer-related facts and assessments of which we obtain knowledge (banking secrecy in accordance with No. 2 of our Standard Terms of Business [OH(-U1]   [LK(-U2]  ). We may only disclose information regarding you when statutory provisions so require or when you have consented to this or we are authorised to issue a bank reference. Under these conditions, the following parties may receive your personal data, e.g.:

  • Public bodies and institutions (e.g. the German Central Bank, the German Federal Financial Supervisory Authority, the European Banking Authority, the European Central Bank, financial authorities, prosecuting authorities) if there is a statutory or regulatory obligation.
  • Other banks and financial services institutions or comparable institutions to which we send personal data in the pursuit of our business relationship with you (depending on the contract, e.g. correspondent banks, custodian banks, stock exchanges, credit bureaus)
Are data sent to a third country or an international organisation?

In the context of this internet presence UniCredit Bank AG transmits no personal data to locations in countries outside of the European Economic Area (so-called third countries). However, UniCredit Bank AG uses service providers for certain tasks, many of which also use service providers that may have their headquarters, parent companies or data centers in a third country.

Data transfer is permissible if the European Commission has decided that there is an adequate level of protection in the third country (Art. 45 GDPR). If the Commission has not made such a decision, UniCredit Bank AG or the service provider may only transfer personal data to a service provider in a third country if suitable guarantees have been provided (standard data protection clauses, which have been accepted by the Commission or the supervisory authority in a specific proceeding) and enforceable rights and effective legal remedies are available.

In addition, UniCredit Bank AG has contractually agreed with its service providers that basic data protection, which complies with the European level of data protection, must always be ensured by their contract partners. 

For how long are my data stored?

We process and store your personal data for as long as this is necessary for the relevant processing purposes.

If the data are no longer necessary to meet contractual or statutory obligations, they are deleted on a regular basis, unless there is a need to further process the data – for a limited period of time – for the following purposes: To meet retention obligations under commercial and tax law: Such laws include the German Commercial Code (HGB), the Tax Code (AO), the Banking Act (KWG), the Money-Laundering Act (GwG) and the Securities Trading Act (WpHG). These laws prescribe two- to ten-year retention or documentation periods. 

What are your data protection rights?

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions in §§ 34 and 35 BDSG apply to the right to information and the right of erasure. In addition, there is a right to lodge a complaint with a competent data protection authority (Article 77 GDPR in conjunction with § 19 BDSG).

In the case that you claim your data protection rights please contact our Corporate Data Protection Officer by reference to the Internet Presence www.hypovereinsbank.de. You can find further information about the processing of personal data by UniCredit Bank AG and your rights under data protection law at hvb.de/eu-gdpr-information .

How to use social networks

This Internet presence doesn’t contain social plugins of social networks such as Facebook, Google+ or Twitter, but only hyperlinks to social networks. Hence these networks have no way of reconstructing your activities on our websites.

On our Internet presence www.hypovereinsbank.de we deploy YouTube on a few pages. YouTube is a videoportal of YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as „YouTube“. YouTube is a subsidiary company of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as „Google“. According to the privacy shield certification („EU-US Privacy Shield“) - see https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active - Google and YouTube as subsidiary company warrant that they comply with EU data protection requirements as with the data processing in US.  

We utilise YouTube in connection with a 2-click-solution in order to show videos to you. By using this solution for the integration of YouTube videos, we ensure that by starting the video you agree and consent with loading the YouTube player and therefore make a connection with YouTube’s server and transfer data. Before your video start, a YouTube connection is not made automatically. You will know a YouTube connection has been started when you see start screen „starting YouTube Video“. By clicking on YouTube Video information (including your IP-Address, the date, the time as well as the webpage visited by you) is transferred to the server of YouTube resp. Google in US. Moreover a connection is established to the commercial network „DoubleClick“ of Google. By starting the video further data processing operations can be initiated. Please note, that we have no influence on this.

Videos without designation within the start screen „starting YouTube Video“ are on our servers and don’t establish a connection to YouTube.

In case you are logged on YouTube at the same time, YouTube allocates the connection information to your YouTube-account. If you want to prevent this, you need to log off on YouTube or to adjust the settings in your YouTube-user account before you visit our Internet presence. For the purpose of functionality and analysis of user behaviour YouTube stores permanently cookies over your internet browser on your device. If you disagree with the processing, you can adjust the settings in your internet browser, in order to hamper the storage of cookies. You can find further information of Google about the collection and use of data, your rights in this regard and protection measures on https://www.google.de/intl/de/policies/privacy/


Cookie Overview

As most websites, we also use cookies on hypovereinsbank.de to be able to enhance the user experience when a user visits the site for the first or a recurring time.

A cookie is a small file which saves settings, whereby almost every website uses the cookie technology. Cookies will be created when you visit the website for the first time, they will be set by the website in your internet browser. If you visit the website again with the same device, the cookie data will be sent to our website (First Party Cookie) or it will be sent to another website which set the cookie by itself (Third Party Cookie).

Depending on their functionality and purpose, cookies can be categorized in one of the following categories: absolutely necessary / functional cookies, statistical, marketing as well as personalisation cookies.

By using our cookie banner, you can decide which cookie category you like to allow or not. Beside the settings in the cookie banner, you can also allow or deny the setting of cookies directly in your browser settings. The cookie banner will be added gradually to all pages on hypovereinsbank.de.

In the following part we provide a list, which purpose it is to make transparent what cookies will be set in which cookie category and for which purpose and provider.

Functional Cookies

Absolutely necessary functional cookies, without these cookies our website cannot function correctly. These cookies are set by HypoVereinsbank directly and therefore are so called First Party cookies. Furthermore, these cookies are part of a functionality which enables the switch from unencrypted http to encrypted https, therefore enabling higher security standards. Last but not least functional cookies are also used to save your decision, which cookie categories you allowed or not.

Absolutely necessary functional cookies cannot be turned off. But you can deny all cookies by using your browser settings if you like to do so. But we like to point out, that if you do so, our website may not work correctly in some parts or not work at all.

Cookie name

  1. oam.Flash.RENDERMAP.TOKEN

  2. ucdl

  3. uccb

  4. dtCookie

  5. dtLatC

  6. dtPC

  7. dtSa

  8. rxVisitor

  9. RLSESSIONID_HVB2 & 1

  10. gpv_pageName

  11. TS*

  12. navww

Purpose

  1. PrimeFaces cookie, which is used for the component library for JavaServer Faces-based applications

  2. Provides a better detection if users came from a search engine to the page

  3. Is used to save which cookie categories were allowed or denied by the user

  4. DynaTrace cookie (technical Servermonitoring)

  5. DynaTrace cookie (technical Servermonitoring)

  6. DynaTrace cookie (technical Servermonitoring)

  7. DynaTrace cookie (technical Servermonitoring)

  8. DynaTrace cookie (technical Servermonitoring) RuxitAgent

  9. Cookie used for banking functionality

  10. Defines the name of the current page

  11. Technical session control cookie & load balancing of our webservers

  12. Detects, if the data for the navigation was already loaded, to be able to optimize loading times

Expiry date

  1. Session

  2. Session

  3. 3 Monate

  4. Session

  5. Session

  6. Session

  7. Session

  8. Session

  9. Session

  10. Session

  11. Session

  12. Session

Statistical Cookies

To be able to analyse the usage of our website, we use the analytics provider Adobe (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland). Website usage is not recorded in the Online Banking section of our page. The website is analysed by using the tool “Adobe Analytics”. Adobe Analytics saves a shortened version of your IP address, therefore it is not possible to use your original IP address in any way.

In general, we don’t transfer any clear text personal identifiable information to Adobe Analytics. Such data fields will be converted to a pseudonym by using the SHA-256 hashing algorithm. By that Adobe and other external service providers cannot get and save clear text personal identifiable information of our users.

Data is collected and calculated for the sole purpose of creating statistical reports, by using these reports we can monitor and optimise our webpage to create a better user experience.

We do base this data processing on legitimate interest (Article 6, paragraph 1 f DSGVO).

Cookies
  1. s_cc

  2. s_cm

  3. s_fid

  4. s_lv

  5. s_lv_s

  6. s_nr

  7. s_pers

  8. s_pers_s

  9. s_ppv

  10. s_pv9

  11. s_sq

  12. s_vi

  13. s_visit

Purpose
  1. This cookie is used to identify, if the browser supports setting cookies

  2. Contains the information, if the user used an ad campaign to get to the site

  3. This cookie is used as a fallback if the original cookie s_vi cannot be set, it contains a random generated unique ID together with a date/timestamp

  4. This cookie saves a timestamp, when the user visited the page the last time

  5. This cookie saves he amount of days the user last visited the page

  6. This cookie is used for checking if the users visit is a recurring visit or the first visit

  7. This cookie saves, for a better data processing, a complete combined value out of different single cookie values

  8. This cookie saves, for a better data processing, a complete combined value out of different single cookie values (with only a session expiration date)

  9. This cookie, as well as s_pv9, saves how much of a percentage the current page was scrolled down and therefore seen

  10. This cookie, as well as s_ppv, save how much of a percentage the current page was scrolled down and therefore seen

  11. This cookie contains the information about the last clicked link of a user

  12. This cookie is used to save the, so called, visitor id. This is a random generated unique ID together with a date/timestamp. It is mostly used to identify if the user is visiting the site for the first time or if it’s a recurring visit.

  13. This cookie saves if the currently opened page, is the page the user started the visit.

Expiry date
  1. Session

  2. 4 years

  3. 3 years

  4. 3 years

  5. 3 years

  6. 2 Jahre

  7. 4 years

  8. Session

  9. Session

  10. Session

  11. Session

  12. 3 years

  13. Session

You have the right to opt out of any kind of statistical recording. Your opt out will also take an effect on the fact that no relation can be made between your contact request and the ad you clicked before to come to the site. If you decide to disagree to the recording of statistical data, a special blocking-cookie will be set on your device. Please note: If you delete this blocking-cookie or use another web browser or device, you have to activate the opt out / blocking-cookie again.

Opt out:

You can opt out from the statistical recording directly on the site of our partner Adobe, please click here and use the opt out link “Click here” to opt out.

Opt in again:

You can revoke a previous opt out by visiting the site of our partner Adobe directly, please click here and use the opt in link under “Click here” to opt out.

Marketing Cookies

These cookies are opt-in-only, this means data and cookies will only be transferred in this category, if you explicitly give us your consent. This consent is given when you check the corresponding category entry in the cookie banner and then click “Accept selection” in the details layer or when you click on “Accept all” / “Accept” in the standard layer (both of these option opt in for all categories).

By doing our marketing campaigns we work sometimes with the external company named Salesfeeder to track certain pages on hypovereinsbank.de. These sites are for example contact request pages as well as online orders of our offered products. By getting data from us, this company is not enabled to get a direct relation to you as a person. We use the data to get a statistical reporting how well our marketing campaigns are performing considering different details about online orders made. As an example: We measure which ad placement leads to an online product sale.

The following cookies are set from marketing related tags:

Salesfeeder Cookies
  1. hypovereinsbank_fingerprint

  2. hypovereinsbank_previous

  3. hypovereinsbank_uuid

  4. hypovereinsbank_optout

Zweck
  1. Das Cookie speichert den Browser-Fingerprint des Nutzers, anhand dessen man erkennen kann, ob der Nutzer die Website schon einmal besucht hat und über welche Marketing-Kampagne der Nutzer die Seite besucht hat.

  2. Das Cookie speichert die jeweils vom Benutzer aufgerufene pageId, um zu erkennen, ob der Nutzer von einer HVB-Seite gekommen ist

  3. Das Cookie speichert eine zufällig generierte, eindeutige ID (Unique User Id), anhand derer man erkennen kann, ob der Nutzer die Website schon einmal besucht hat.

  4. Sofern in Vergangenheit ein opt-out für das Salesfeeder Tool vorgenommen wurde, speichert dieser Cookie, dass dieser stattgefunden hat und keine Daten mehr gesendet werden.

Ablaufdatum
  1. 2 Monate

  2. Session

  3. 2 Jahre

  4. 2 Jahre

Even when you opted in and gave your consent, you have the right to revoke this consent. Your opt out will also take an effect on the fact that no relation can be made between your contact request and the ad you clicked before to come to the site.

If you decide to disagree to the recording of statistical data, a special blocking-cookie will be set on your device. Please note: If you delete this blocking-cookie or use another web browser or device, you have to activate the opt out / blocking-cookie again.


Revocation:

Next to the possibility to revoke within the cookie banner, you can also explicitly use the option of our partner Salesfeeder. Therefor please click here .

 

You can give your renewed consent to the creation and analysis of records by our partner Salesfeeder via the cookie banner after resetting. Please click HERE .

Personalisation Cookies

By using special personalisation cookies, we are planning in the future to better the user experience even more. Currently we do not use such tools. If we implement such tools, we will update our cookie banner and also extend this page to keep you informed.

Change your cookie settings

We provide you a convenient solution, which you can use to opt in or opt out certain cookie categories. The different third party cookies are grouped into these categories. You can use the different sliders in the cookie banner, to opt in or opt out of these different categories. Please click here [LK(-U1]   to reset your settings and reopen the cookie banner again, to be able to change your settings.

If a category is turned off and this setting is confirmed, all third party cookies of this category will not be activated and therefore blocked. In this case no data will be transmitted to those third parties.

If a category is turned on again by you or if the setting is already activated and the default setting is not changed, all third party cookies out of the category will be loaded and therefore data will be transferred to the third parties.

You can also block or delete cookies entirely by using your browser settings. Most browsers provide dedicated settings to manage your cookies to be able to accept, deny them or only accept a certain kind of cookies. You can find the documentation about these settings in the integrated help function of your browser. If you deny all or certain cookies on our website, some functional features may not work correctly.


Consent to the use of Data

We can respond even more specifically to your individual needs if you allow us to use your data beyond what is stated in the data protection declaration. You can provide us with a corresponding declaration of consent via "To consent". Since for technical reasons we can only make this offer to registered users, you must first register via "Log In" before you can declare your consent.


Sicherheit

Everything possible is done using the latest technology to ensure that your data is secure on the Internet and on the bank's computers. Here you can find out what we can do and what you can do to help:

 

Version vom 25.05.2018