Protecting your personal data is a particular concern of ours. This is why we strictly adhere to the statutory requirements when collecting and processing your personal data. Below, we would like to inform you in detail on the scope and purpose of our data processing, as well as on your rights as data subject.
This policy concerns the “GRAWE Bankengruppe” group of companies, which is made up of the following banks: Hypo-Bank Burgenland AG, Capital Bank-GRAWE Gruppe AG, Brüll Kallmus Bank AG and Bankhaus Schelhammer & Schattera AG.
1. Principle concerning the anonymous use of our website(s)
Fundamentally, it is possible to use the websites belonging to the GRAWE Bankengruppe (www.grawe-bankengruppe.at, www.bank-bgld.at, www.capitalbank.at, www.bkbank.at, www.schelhammer.at, www.dadat.at and www.dieplattform.at) without providing any personal data. However, the use of individual services can be subject to deviating provisions, something which we will point out to you separately.
When accessing our websites, information such as your IP address will be transmitted to us. This information provides information about the end device used (computer, smartphone, tablet etc.), the browser used (Internet Explorer, Safari, Firefox etc.), the time of access to our website, the volume of data transferred, etc. We do not use this data to identify individual users. This information serves only to determine the attractiveness of the website, as well as to continually improve its content and make it even more interesting for you. However, in the interests of completeness, please note that, in the case of a static IP address, it is generally possible to create a personal reference via a RIPE enquiry. We do not carry out such RIPE enquiries.
2. External links
In the case of links which lead to other online services, we accept no liability for the content, functionality and availability of the linked website(s). This also applies to all other references or links to external Internet offerings, direct or indirect. Links to this website are desired when these are displayed as external links in their own browser window. The assumption of the main window into a frame belonging to the creator of the link is not permitted. We kindly request that you inform us should a website linked by us contain unlawful content. The link will then be removed immediately.
3. Personal data
“Personal data” means any information relating to an identified or identifiable natural person. This includes, for example, your name, address, telephone number or date of birth and other data which is required for business purposes.
4. Your children’s personal data
We will only process children’s personal data after providing an indication of such and after receiving consent from parents/legal guardians. In general, any use or disclosure of personal data of children by us will only be performed – to the extent that this is legally permitted – to obtain the legally required consent of the parents or for the protection of children.
5. Collection and processing of personal data
Personal data will only be processed by us if you disclose them to us voluntarily, e.g. if you register with us, order something or contact us.
We use the personal data provided by you only to the extent that this is required to fulfil the respective purpose (e.g. registration, distribution of newsletters, sending informational material and advertisements, processing competitions, enabling access to certain information) and/or to the extent that this is permitted by law.
The purpose of data processing is to operate the websites; to inform, present and offer the bank’s products and services.
Any further use of your data only takes place if you provided us with your prior and express consent. You may withdraw your consent at any time with effect for the future.
6. Retention period
We will store the data which you have provided exclusively for client support or for marketing and information purposes until three years after our last communication, unless you withdraw your consent before this time.
In the event of a contract conclusion, your personal data will be stored after full contract processing until the limitation and statutory retention periods to which we are subject have expired, and until the definitive, legally-binding conclusion of any legal disputes for which the data is required as evidence.
You can subscribe to our newsletter free of charge. With this newsletter, you receive current news and information surrounding the bank, national economies, markets and current offers and product information at regular intervals. You require a valid e-mail address to receive the newsletter. We will verify the email address provided by you to ensure that you are the actual holder of the email address specified and/or to ensure that its holder has been authorised to receive the newsletter. We do so by sending an email to the email address which you have specified. You then confirm the receipt of said email. After confirmation of the e-mail, you are subscribed to our newsletter.
Upon your subscription to the newsletter, we save your IP address, the date and the time of your subscription. This is performed for security reasons in case a third party misuses your e-mail address and subscribes to our newsletter without your knowledge. Further data is not collected and processed by us for the newsletter subscription; the data is solely used for receiving the newsletter.
With your consent, which you can withdraw with effect for the future at any time, we transfer your data within the GRAWE Bankengruppe for the purposes of analysis as well as for the transfer of information for marketing purposes. Within the group of companies, the data which you provided to us for the receipt of the newsletter will be compared with data which we may collect from other sources (e.g. upon purchasing goods or booking services).
We do not disclose the data you provide when subscribing to the newsletter to third parties which do not belong to the group of companies.
You can unsubscribe from our newsletter at any time. Details on how to unsubscribe can be found in each individual newsletter.
8. Transfer of data
We generally do not transfer your data to third parties outside GRAWE Bankengruppe unless we are legally obliged to do so, unless such disclosure is required to perform a contractual relationship, or unless you have expressly consented to the disclosure of your data in advance. External service providers and partner companies –for example the shipping company tasked with delivery or other cooperation partners – only receive your data insofar as this is required to process the contract. To the extent that our service providers can access your personal data, we will ensure that these service providers comply with the provisions under data protection legislation to the same extent that we do.
Your personal data will not be sold or otherwise marketed to third parties.
We transfer your personal data to companies within the group of companies – the exact names and contact details of which you can look up here at any time – for analysis purposes in order to be able to present you with optimal offers, as well as for sending you information and advertisements.
You can withdraw your consent given for the transfer of your data to companies within the group of companies with effect for the future at any time.
Find the link to our Cookies Policy here: www.capitalbank.at/en/cookies
10. Web analysis
In order to regularly improve our website and our offer, and in order to resolve errors, we make use of the web analysis tool Piwik (http://piwik.org).
Cookies are also used to carry out web analysis. In doing so, exclusively pseudonymous data are stored. These are data which a third party cannot link to a particular individual. The storage of names, addresses or other personal data remains unaffected by this. The pseudonymous data exclusively serve to improve our web content for you. They are by no means sold to third parties.
You can object to the pseudonymous processing of your data by the above-mentioned web analysis tools at any time. This means that, in the future, your visits to our web pages will no longer be recorded. To do so, you are required to activate so-called “opt-out cookies”. Please click on the following link if you wish to object to the pseudonymous processing of your data: www.capitalbank.at/en/cookies
Alternatively, the use of third-party cookies can be deactivated by accessing the network advertising initiative’s deactivation page. Please note, however, that in this case you may not be able to use all of the functions of this website to their full extent.
11. Facebook pixel
(Insofar as it is set up) this website uses the “Custom Audiences” remarketing function provided by Facebook Inc. (“Facebook”). This function serves to present visitors to this website with interest-related advertising (“Facebook ads”) when they visit the social network Facebook. To do so, Facebook’s remarketing tag is used on this website. When you visit the website, this tag establishes a direct connection to the Facebook servers. In doing so, the fact that you have visited this website will be transferred to Facebook’s servers and Facebook will assign this information to your personal Facebook account.
Alternatively, you can deactivate the “Custom Audiences” remarketing function at https://www.facebook.com/settings/?tab=ads#_=_. To do so, you must be logged into Facebook.
Please click on the following link if you wish to object to the use of Facebook pixel: www.capitalbank.at/en/cookies
We employ technical and organisational security measures in order to protect your personal data against manipulation, loss, destruction and access by unauthorised third parties. Our security measures are subject to ongoing improvements in accordance with technological developments on the Internet.
All the information that we receive from you is protected via a secure server. SSL (Secure Socket Layers) server security software encrypts all the information which you provide before it is transferred to us. This information remains encrypted until it has reached our servers. If a small padlock appears at the bottom left of our website, you know that the website is secure.
13. Your rights
In accordance with the General Data Protection Regulation and the Data Protection Act, you as data subject have the following rights and remedies:
Right of access
As data subject affected by data processing activities, you are entitled to request information as to whether and, if so, which personal data relating to you is processed. For your own protection – to prevent unknown parties from obtaining information about your data – it may be necessary for us to verify your identity in an appropriate manner.
Right to rectification and erasure
You are entitled to request the immediate rectification of inaccurate personal data relating to you or – taking into account the purposes of data processing – the completion of incomplete personal data, as well as the erasure of your data.
Right to the restriction of processing
You are entitled to the restriction of processing of all personal data collected. As of the request for restriction, such data will only be processed subject to your individual consent or for the establishment and exercise of legal claims.
Right to data portability
You can request the unhindered and unrestricted transfer of collected personal data to a third party.
Right to object
At any time, you have the right to object, on grounds relating to your particular situation, to any processing of the personal data relating to you which is necessary to safeguard the legitimate interests of the controller or of a third party. Should you raise an objection, your data will no longer be processed, unless there are compelling legitimate grounds for processing which override your interests, rights and freedoms or unless processing is to be carried out for the establishment, exercise or defence of legal claims.
You can object to data processing for the purpose of direct marketing with effect for the future at any time.
Grace periods for the GRAWE Bankengruppe
If you take a measure to assert your rights under the GDPR set forth above, the member of the group you address shall provide a statement on the measure requested or comply therewith without undue delay, no later than within one month after receipt thereof.
We will act in response to all reasonable requests free of charge and as immediately as possible in accordance with current legislation.
The data protection authority is responsible for requests regarding a breach of the right to access or a breach of the right to secrecy, rectification or erasure.
14. Contact persons
Last updated: May 2018