Data Protection Notice

The provisions of the EU General Data Protection Regulation took effect on 25 May 2018. The Data Protection Notice is intended to provide you with an overview of the processing of your personal data in UniCredit Bank GmbH and your rights under data protection law.

Whether you are customer, prospective customer or visitor of our websites, you have the right to know, how we use your data if you utilize our internet presence. To put it plainly, you can find further information among Data Privacy Statement, Consent, Security and Cookies.

Data Privacy Statement

The Data Privacy Statement applies for the Internet presence WWW.HYPOVEREINSBANK.DE of the UniCredit Bank GmbH (hereinafter: HypoVereinsbank). The pages in this presence include links to other web pages (e.g. web pages of other providers or other web pages of HypoVereinsbank) which is not covered by this Data Privacy Statement. If you leave this Internet presence by following the link, it is recommended to study the Data Protection Notice of the relevant web page.

At HypoVereinsbank we process personal data as a matter of principle in accordance with data protection laws.  

Below you can easily get an overview of the data processed within this web page and the manner in which the data is processed. Furthermore we inform you about your rights under data protection law whom you can contact to helping you on questions.

Who is responsible and contact person for data processing?

The responsible party is:

UniCredit Bank GmbH
Arabellastr. 12
81925 München
Telefon: +49 (0)89 378 – 0

You can reach our Corporate Data Protection Officer at:

UniCredit Bank GmbH
80311 München
Telefon: +49 (0)89 378 – 0


What kind of personal data do we use?

We process the personal data that we obtain from you, if you are interested in our products, sign up for a web service, contact us by E-Mail, Chat, or a contact form. Relevant personal data of prospective customers, applicants or customers can include:

  • Personal details (e.g. name, address, e-mail address and other contact data)
  • Order-related data (e.g. your banking account, tax identification number (TIN))
  • Information regarding your financial situation (such as your monthly expenses)
  • And other data comparable to the above categories.

When visiting the website we obtain by our IT systems technical data, as for example information about the internet browser, the operating system or the time of page view, in order to ensure an accurate provision of the website. The collection of data takes place, as soon as you open the website and is indispensable for the operation of the site.

In the context of our Internet presence we collect in additional data as for instance IP addresses and unique identifiers of devices as well as anonymous data about your online habits. This helps us to realize, whether and how you are on the way to our websites, in order to configure our web presence user-oriented and in line with demand.

Further information can be found on COOKIES.

How and for which purpose do we process your data?

In the context of our Internet presence we process various types of personal data in the following way:

  • If you enroll for a service and give your personal details (as for example your name, address or email-address) we use your data only in order to communicate with you and for the purpose you dedicated your data to us respectively as far as this is necessary for the implementation of the service. If you enroll for a newsletter subscription, we use your data only for the newsletter-subscription.
  • If you use our Internet presence in order to forward a message directly to us or place an order, we use your data after processing your order or your message in order to inform you about the subject you addressed in your message or about other subjects. This doesn’t apply if you objected to the use and the processing of data for purposes of direct advertising.

Any processing and use of your personal data extending beyond takes only place - except for the cases where we are legally bound - if you have given us your consent. On some sides of this website you have the opportunity to provide your consent (e.g. in order to contact you by telephone). In case of providing consent the purpose of data processing is predetermined. It goes without saying that consent is freely given and that your consent can be revoked at any time by telephone on 0800/1090903 or alternatively by forwarding an email to

On what legal basis do we process your data?

For the purpose of meeting contractual obligations (Art. 6 para. 1 b GDPR)

Data are processed to conduct banking business and provide financial services under the contracts with our customers and to implement pre-contractual measures, upon request (e.g. product and advisory inquiries of prospective customers and customers). The purposes for which data processing is used primarily depend on the specific product (e.g. consumers financing, account, loan) and can include requirements analysis and product selection, among other things. You can find additional details regarding the purposes for which data processing is utilized in the relevant contract documents and standard terms of business.

As part of balancing of interests (Art. 6 para. 1 f GDPR)

In addition to processing your data for the actual performance of the contract or for pre-contractual measures, we process your data to the extent necessary to protect our legitimate interests and those of third parties. Examples:

  • Consulting and exchanging data with credit bureaus (e.g. SCHUFA) to determine the credit risk or risk of default in the lending transaction and the need for an attachment protection account or a basic account,
  • Examining and optimizing requirements analysis procedures for the purpose of direct customer contact,
  • Advertising or market-and-opinion research, to the extent that you have not objected to this use of your data,
  • Analysis of information we obtain for quality improvement upon visiting our website,
  • Analysis of results of marketing efforts in order to measure the efficiency and the relevance of our campaigns,
  • Ensuring IT security and the security of the Bank’s IT operations,
  • Taking measures to manage the business and further develop services and products

With your consent (Art. 6 para. 1 a GDPR)

To the extent that you have given us your consent to process your personal data for specific purposes (e.g. telephone contact and promotional approach), such processing is lawful based on your consent. Once given, your consent can be revoked at any time. This also applies to declarations of consent provided to us before the GDPR takes effect, i.e. before 25 May 2018. The revocation of consent does not affect the lawfulness of data processed before the revocation.

Based on legal obligations (Art. 6 para. 1 c GDPR) or in the public interest (Art. 6 para. 1 e GDPR)

Moreover, as a bank, we are subject to various legal obligations, i.e. statutory requirements (e.g. the German Banking Act [Kreditwesengesetz], the Money-Laundering Act [Geldwäschegesetz], the Securities Trading Act [Wertpapierhandelsgesetz], and the tax laws) as well as bank regulatory requirements (e.g. those imposed by the European Central Bank, the European banking regulator, the German Central Bank and the German Federal Financial Supervisory Authority). The purposes for which processing is used include fraud and money-laundering prevention and the fulfilment of control and reporting obligations under tax laws.

Who receives your data?

Within the Bank, those parties that need access to your data to meet our contractual and statutory obligations receive such access. Service providers and agents utilised by us can also receive data for these purposes if they maintain banking secrecy and data protection. With regard to this website we utilise companies in the categories of IT services as well as marketing and online audience measurement. We only engage selected service providers which are contractually obliged to process data solely in line with our instructions.

With respect to the disclosure of data to recipients outside of our Bank, it should first be noted that, as a bank, we are obliged to maintain confidentiality with respect to all customer-related facts and assessments of which we obtain knowledge (banking secrecy in accordance with No. 2 of our Standard Terms of Business[OH(-U1] [LK(-U2] ). We may only disclose information regarding you when statutory provisions so require or when you have consented to this or we are authorised to issue a bank reference. Under these conditions, the following parties may receive your personal data, e.g.:

  • Public bodies and institutions (e.g. the German Central Bank, the German Federal Financial Supervisory Authority, the European Banking Authority, the European Central Bank, financial authorities, prosecuting authorities) if there is a statutory or regulatory obligation.
  • Other banks and financial services institutions or comparable institutions to which we send personal data in the pursuit of our business relationship with you (depending on the contract, e.g. correspondent banks, custodian banks, stock exchanges, credit bureaus)
Are data sent to a third country or an international organisation?

Data will only be transferred to countries outside the EU and the European Economic Area (so-called third countries), if this is required for the execution of your orders (e. g. payment orders and orders for securities), prescribed by law (e. g. reporting obligations under tax law), if you have given us your consent or in the context of commissioned data processing.

If service providers in a third country are used, data transfer is permissible, if the European Commission has decided that there is an adequate level of protection in the third country (Art. 45 GDPR). If the Commission has not made such a decision, UniCredit Bank GmbH or the service provider may only transfer personal data to a service provider in a third country if suitable guarantees have been provided (e. g. EU Standard Contractual Clauses) as well as enforceable rights and legal remedies are available.

In addition, UniCredit Bank GmbH has contractually agreed with its service providers that privacy principles with due observance of the European level of data protection, must always be ensured by their contract partners.

For how long are my data stored?

We process and store your personal data for as long as this is necessary for the relevant processing purposes.

If the data are no longer necessary to meet contractual or statutory obligations, they are deleted on a regular basis, unless there is a need to further process the data – for a limited period of time – for the following purposes: To meet retention obligations under commercial and tax law: Such laws include the German Commercial Code (HGB), the Tax Code (AO), the Banking Act (KWG), the Money-Laundering Act (GwG) and the Securities Trading Act (WpHG). These laws prescribe two- to ten-year retention or documentation periods. 

What are your data protection rights?

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions in §§ 34 and 35 BDSG apply to the right to information and the right of erasure. In addition, there is a right to lodge a complaint with a competent data protection authority (Article 77 GDPR in conjunction with § 19 BDSG).

In the case that you claim your data protection rights please contact our Corporate Data Protection Officer by reference to the Internet Presence You can find further information about the processing of personal data by UniCredit Bank GmbH and your rights under data protection law at

How to use social networks

This Internet presence doesn’t contain social plugins of social networks such as Facebook, Google+ or Twitter, but only hyperlinks to social networks. Hence these networks have no way of reconstructing your activities on our websites.

On our Internet presence we deploy YouTube on a few pages. YouTube is a videoportal of YouTube LLC., 901 Cherry Ave., 94066 San Bruno, CA, USA, hereinafter referred to as „YouTube“. YouTube is a subsidiary company of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter referred to as „Google“. 

We utilise YouTube in connection with a 2-click-solution in order to show videos to you. By using this solution for the integration of YouTube videos, we ensure that by starting the video you agree and consent with loading the YouTube player and therefore make a connection with YouTube’s server and transfer data. Before your video start, a YouTube connection is not made automatically. You will know a YouTube connection has been started when you see start screen „starting YouTube Video“. By clicking on YouTube Video information (including your IP-Address, the date, the time as well as the webpage visited by you) is transferred to the server of YouTube resp. Google in US. Moreover a connection is established to the commercial network „DoubleClick“ of Google. By starting the video further data processing operations can be initiated. Please note, that we have no influence on this.

Videos without designation within the start screen „starting YouTube Video“ are on our servers and don’t establish a connection to YouTube.

In case you are logged on YouTube at the same time, YouTube allocates the connection information to your YouTube-account. If you want to prevent this, you need to log off on YouTube or to adjust the settings in your YouTube-user account before you visit our Internet presence. For the purpose of functionality and analysis of user behaviour YouTube stores permanently cookies over your internet browser on your device. If you disagree with the processing, you can adjust the settings in your internet browser, in order to hamper the storage of cookies. You can find further information of Google about the collection and use of data, your rights in this regard and protection measures on

Cookie Overview

As most websites, we also use cookies on to be able to enhance the user experience when a user visits the site for the first or a recurring time.

A cookie is a small file which saves settings, whereby almost every website uses the cookie technology. It is downloaded from your internet browser the first time you visit a website. The next time you visit this website with the same device, the cookie and the information stored in it will either be sent back to the website that created it (First Party Cookie) or sent to another website to which it belongs (Third Party Cookie).

Depending on their functionality and purpose, cookies can be categorized in one of the following categories: absolutely necessary / functional cookies, statistical, marketing as well as personalization cookies.

By using our cookie banner, you can decide which cookie category you like to allow or not. Beside the settings in the cookie banner, you can also allow or deny the setting of cookies directly in your browser settings. The cookie banner will be added gradually to all pages on

In the following part we provide a list, which purpose it is to make transparent what cookies will be set in which cookie category and for which purpose and provider.

In addition to cookies, we also use a local storage of your browser on selected pages, e.g. account application sections. A detailed description can be found under „Functional Cookies“.

Functional Cookies

Absolutely necessary functional cookies, without these cookies our website cannot function correctly. These cookies are set by HypoVereinsbank directly and therefore are so called First Party cookies. Furthermore, these cookies are part of a functionality which enables the switch from unencrypted http to encrypted https, therefore enabling higher security standards. Last but not least functional cookies are also used to save your decision, which cookie categories you allowed or not.

Absolutely necessary functional cookies cannot be turned off. But you can deny all cookies by using your browser settings if you like to do so. But we like to point out, that if you do so, our website may not work correctly in some parts or not work at all.

Cookie name

  1. oam.Flash.RENDERMAP.TOKEN

  2. ucdl

  3. uccb

  4. dtCookie

  5. dtLatC

  6. dtPC

  7. dtSa

  8. rxVisitor


  10. gpv_pageName

  11. TS*

  12. navww

  13. ubkoac
  14. w3b51session/ w3b51survey

  16. _genesys.widgets.webchat.state.index

  17. _genesys.widgets.webchat.state.keys



  20. _genesys.widgets.webchat.state.session

  21. _genesys.widgets.webchat.metaData


  1. PrimeFaces cookie, which is used for the component library for JavaServer Faces-based applications

  2. Provides a better detection if users came from a search engine to the page

  3. Is used to save which cookie categories were allowed or denied by the user

  4. DynaTrace cookie (technical Servermonitoring)

  5. DynaTrace cookie (technical Servermonitoring)

  6. DynaTrace cookie (technical Servermonitoring)

  7. DynaTrace cookie (technical Servermonitoring)

  8. DynaTrace cookie (technical Servermonitoring) RuxitAgent

  9. Cookie used for banking functionality

  10. Defines the name of the current page

  11. Technical session control cookie & load balancing of our webservers

  12. Detects, if the data for the navigation was already loaded, to be able to optimize loading times

  13. Detects login status within corporate account opening process.
  14. Control the invitation layer of the W3B survey to limit repeated display. If you click on the invitation layer, no data, which is available in HTML code within the page, is transferred. The survey runs only in October/November.
  15. Contains a list of active plugin names that are updated based on the usage of Widgets during the Lazy loading deployment method. This is to ensure that a Widget is auto-loaded during a page refresh or page navigation when there is an active session associated with it.

  16. A session cookie containing the last unique Message ID for internal tracking purposes.

  17. A session cookie that can contain some encrypted keys related to the current active chat session.

  18. A cookie containing the WebChat Widget open or close state for internal tracking purposes.

  19. A session cookie containing the time at which the last successful request was made to the server.

  20. A session cookie containing the unique Session ID related to the current active chat session. It is used to restore the active chat session during scenarios like page refresh or page navigation.

  21. A session cookie containing all the Metadata details related to the current active chat session.

Expiry date

  1. Session

  2. Session

  3. 3 Monate

  4. Session

  5. Session

  6. Session

  7. Session

  8. Session

  9. Session

  10. Session

  11. Session

  12. Session

  13. Session
  14. Session
  15. Session
  16. Session
  17. Session
  18. Session
  19. Session
  20. Session
  21. Session

In addition to cookies, we also use a local storage of your browser on selected pages, e.g. account application sections. A web browser can store page-related data and information in a local storage, which it can retrieve at a later time. In contrast to cookies, that data is only transmitted and accessed/read when required and not every time the website is called upon.

Every web browser has this kind of storage area in two different forms:

  • the local storage (stored information has no predefined expiration date),
  • and the session storage (process with end of a session, usually when closing the browser). 

We use the local storage to save selected products and technical allocation characteristics, such as an OrderID, in order to reuse them in further user guidance course.

In this case we do not process personal data. Data stored in local storage cannot be accessed by third parties, they will neither be transferred to third parties nor used for advertising purposes.

You are able to delete the Local Storage at any given time through your browser settings. It is possible that any initiated account application processes must be restarted afterwards. 

Statistical Cookies

These are cookies, which are only set after your explicit consent them. You can give this consent if you tick the category "Statistics" in the cookie banner and accept the selection. The selection via the button "Accept all" includes this consent too. 

To be able to analyse the usage of our website, we use the analytics provider Adobe (Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland). Website usage is not recorded in the Online Banking section of our page. The website is analysed by using the tool “Adobe Analytics”. Adobe Analytics saves a shortened version of your IP address, therefore it is not possible to use your original IP address in any way.

In general, we don’t transfer any clear text personal identifiable information to Adobe Analytics. Such data fields will be converted to a pseudonym by using the SHA-256 hashing algorithm. By that Adobe and other external service providers cannot get and save clear text personal identifiable information of our users.

Data is collected and calculated for the sole purpose of creating statistical reports, by using these reports we can monitor and optimise our webpage to create a better user experience.

  1. s_cc

  2. s_cm

  3. s_fid

  4. s_lv

  5. s_lv_s

  6. s_nr

  7. s_pers

  8. s_pers_s

  9. s_ppv

  10. s_pv9

  11. s_sq

  12. s_vi

  13. s_visit

  1. This cookie is used to identify, if the browser supports setting cookies

  2. Contains the information, if the user used an ad campaign to get to the site

  3. This cookie is used as a fallback if the original cookie s_vi cannot be set, it contains a random generated unique ID together with a date/timestamp

  4. This cookie saves a timestamp, when the user visited the page the last time

  5. This cookie saves he amount of days the user last visited the page

  6. This cookie is used for checking if the users visit is a recurring visit or the first visit

  7. This cookie saves, for a better data processing, a complete combined value out of different single cookie values

  8. This cookie saves, for a better data processing, a complete combined value out of different single cookie values (with only a session expiration date)

  9. This cookie, as well as s_pv9, saves how much of a percentage the current page was scrolled down and therefore seen

  10. This cookie, as well as s_ppv, save how much of a percentage the current page was scrolled down and therefore seen

  11. This cookie contains the information about the last clicked link of a user

  12. This cookie is used to save the, so called, visitor id. This is a random generated unique ID together with a date/timestamp. It is mostly used to identify if the user is visiting the site for the first time or if it’s a recurring visit.

  13. This cookie saves if the currently opened page, is the page the user started the visit.

Expiry date
  1. Session

  2. 4 years

  3. 3 years

  4. 3 years

  5. 3 years

  6. 2 Jahre

  7. 4 years

  8. Session

  9. Session

  10. Session

  11. Session

  12. 3 years

  13. Session


Even after active consent on your part, you have the right to object to this type of recording at any given time by revoking your consent.

You are able to change your settings through the cookie banner for the category "statistics" or you can do this directly with our partner Adobe – to change your setting, please click HERE and use the opt out / exclusion link "Click here".

After that a blocking cookie will be saved on your device. Please note: If you delete the blocking cookie or use a different web browser, you will have to withdraw your consent again.

To give your renewed consent to the creation and analysis of records, you can do this through the cookie banner after a reset. Please click HERE

Marketing Cookies

These cookies are opt-in-only, this means data and cookies will only be transferred in this category, if you explicitly give us your consent. This consent is given when you check the corresponding category entry in the cookie banner and then click “Accept selection” in the details layer or when you click on “Accept all” / “Accept” in the standard layer (both of these option opt in for all categories).

By doing our marketing campaigns we work sometimes with the external company named Salesfeeder to track certain pages on These sites are for example contact request pages as well as online orders of our offered products. By getting data from us, this company is not enabled to get a direct relation to you as a person. We use the data to get a statistical reporting how well our marketing campaigns are performing considering different details about online orders made. As an example: We measure which ad placement leads to an online product sale.

The following cookies are set from marketing related tags:

Salesfeeder Cookies
  1. hypovereinsbank_fingerprint

  2. hypovereinsbank_previous

  3. hypovereinsbank_uuid

  4. hypovereinsbank_optout

  1. This cookie saves the user's browser fingerprint, which can be used to identify whether the user has visited the website before and through which marketing campaign the user visited the site. 

  2. The cookie saves the pageld accessed by the user to identify whether the user comes from an HVB site.  

  3. The cookie stores a randomly generated unique user ID (Unique User ID), which can be used to identify whether the user has visited the website before.

  4. If an opt-out for the salesfeeder tool was made in the past, this cookie saves that this has taken place and that no more data is sent.

Expiry Date
  1. 2 months

  2. Session

  3. 2 years

  4. 2 years

Even when you opted in and gave your consent, you have the right to revoke this consent. Your opt out will also take an effect on the fact that no relation can be made between your contact request and the ad you clicked before to come to the site.

If you decide to disagree to the recording of statistical data, a special blocking-cookie will be set on your device. Please note: If you delete this blocking-cookie or use another web browser or device, you have to activate the opt out / blocking-cookie again.


Next to the possibility to revoke within the cookie banner, you can also explicitly use the option of our partner Salesfeeder. Therefor please click here.


You can give your renewed consent to the creation and analysis of records by our partner Salesfeeder via the cookie banner after resetting. Please click HERE.

Personalisation Cookies

These are cookies subject to approval, which are only set after your explicit consent. You can grant this consent by checking the "Personalization" category in the cookie banner and accepting the selection. Selecting "Accept All" includes this consent. When it comes to both product recommendations and proactive service, customers expect a response tailored to their personal needs. We focus on individualized interaction in the right context and the enhancement of the customer experience. For real-time interaction management, we utilize a tool of an external provider.

You can find more detailed information on dealing with external service providers and data transfers in this privacy policy.

By selecting the "Personalization" category, you declare your consent to use the following described data:

  • Information about you that you provide to us when registering for a service. This includes information provided during your registration for HVB Online Banking or other services (e.g., newsletter subscription).
  • Personal records of your use of our internet services: among others, we collect detailed behavioral information based on your activities when using digital channels (e.g., including subdomains, online and mobile banking) in order to determine your personal interests.
  • Personal records of your use of our email services: among others, we can deduce from your click behavior how our email offerings resonate with you and which products or services you are interested in.
  • Bank-internal data about the customer relationship (e.g., information about whether you hold a current account or a securities account with us).

We use this data for the following purposes:

  • Targeted, needs-based customer communication in our digital channels.
  • Optimization of needs-based advice, advertising, and market research.
  • Improved design and functionality of our website.

If you have additionally granted consent for the use of your data in the logged-in area ("Online Banking / Mobile Banking"), we combine this information to display even more tailored offers to you. However, we do this only if both declarations of consent are available. For personalization, we use a cookie from our third-party service provider to identify you.  This cookie is valid for one year.

Change your cookie settings

We provide you a convenient solution, which you can use to opt in or opt out certain cookie categories. The different third party cookies are grouped into these categories. You can use the different sliders in the cookie banner, to opt in or opt out of these different categories.

Your current cookie settings can be viewed in the footer of our website under "Cookie-Einstellungen".

Please click  here to reset your settings and reopen the cookie banner again, to be able to change your settings.

If a category is turned off and this setting is confirmed, all third party cookies of this category will not be activated and therefore blocked. In this case no data will be transmitted to those third parties.

If a category is turned on again by you or if the setting is already activated and the default setting is not changed, all third party cookies out of the category will be loaded and therefore data will be transferred to the third parties.

You can also block or delete cookies entirely by using your browser settings. Most browsers provide dedicated settings to manage your cookies to be able to accept, deny them or only accept a certain kind of cookies. You can find the documentation about these settings in the integrated help function of your browser. If you deny all or certain cookies on our website, some functional features may not work correctly.

Consent to the use of Data

We can respond even more specifically to your individual needs if you allow us to use your data beyond what is stated in the data protection declaration. You can provide us with a corresponding declaration of consent via "To consent". Since for technical reasons we can only make this offer to registered users, you must first register via "Log In" before you can declare your consent.


Everything possible is done using the latest technology to ensure that your data is secure on the Internet and on the bank's computers. Here you can find out what we can do and what you can do to help:

  • Notfallnummern: So that nothing can happen to you if something happens. We are available for you.
  • Sicheres Online Banking: Find out why you can always rely on HVB Direct Banking.
  • Sicheres Mobile Banking: Read the checklist to find out how you can use our mobile banking solutions safely.
  • Betrugsprävention: From phishing to grandchild tricks: this is how you arm yourself against widespread fraud methods.
  • Sicherheit im fokus: With HVB debit and credit cards, you can buy flexibly and securely on the Internet.


Version as of 08.11.2021