Privacy Statement

Of the Association of Foreign Banks in Germany

The Association of Foreign Banks in Germany e.V. is pleased to welcome you to our website. We take the protection of your personal data very seriously and would like you to feel safe and comfortable when visiting our internet pages.

1. Performance of tasks under the statutes or rules of procedure

We process the data of our members and their employees, supporters, interested parties, business partners or other persons (collectively “data subjects”) if we are involved in a membership relationship or other business relationship with them and perform the tasks assigned to us or are recipients or providers of services and benefits. In all other respects, we process the data of Data Subjects on the basis of our legitimate interests, e.g. if administrative tasks or public relations activities are involved.

The data processed in this respect, the nature, scope and purpose of such processing and the necessity of its processing, shall be determined by the underlying membership or contractual relationship, from which the necessity of providing any data is also derived.

We delete data which are no longer required for the provision of our statutory and business purposes. This is determined according to the respective tasks and contractual relationships. We retain the data for as long as they may be relevant to the conduct of business and with regard to any warranty or liability obligations based on our legitimate interest in their fulfilment. The necessity of storing the data is regularly reviewed; in all other respects the statutory storage obligations apply.

  • Type of data processed: inventory data (e.g. names, addresses), payment data (e.g. bank details, invoices, payment history), contact data (e.g. e-mail, telephone numbers), contract data (e.g. subject matter of contract, duration, customer category).
  • Persons affected: Members and their employees, users (e.g. website visitors, users of online services), business and contractual partners.
  • Purposes of processing: (Pre-)contractual services and performances, contact requests and communication, administration and replies to requests.
  • Legal basis: Fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b. GDPR), legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR).

2. Website

To provide our website, we use a web server provided by Plus.line AG, Erlenstr. 2, 60325 Frankfurt am Main, Germany. We have concluded a data processing agreement (AVV) with Plus.line AG.

In order to protect your data in the best possible way, we use SSL encryption. All data that you transmit to our website cannot be read by third parties thanks to SSL encryption.

The following data are stored in the log files:

  • browser type/ browser version
  • used operating system
  • Referrer URL
  • IP/ hostname of the accessing computer
  • time of the server request
  • user (only relevant in case of http authentication)
  • request (downloaded content)
  • status code (HTTP status code such as 200 OK)
  • size of the returned object

These data cannot be assigned to specific persons. This data will not be merged with other data sources. Furthermore, these data will not be passed on to third parties and will only be used to maintain the operation (analysis and statistics purposes). Log files containing data listed above will be deleted after 180 days.

2.1. Plugins and embedded functions

We integrate functional elements into our online services that are obtained from the servers of their respective providers. These elements can be videos or contributions, for example.

Such integration always requires the third-party providers of this content to process the IP address of the users, as without the IP address they would not be able to send the content to their browsers. The IP address is therefore necessary for the display of these contents or functions. We strive to use only content whose respective providers use the IP address solely to deliver the content.

The data is processed on the basis of our legitimate interests (i.e. interest in efficient, economic and recipient-friendly services). In this context we would also like to draw your attention to the information on the use of cookies in this privacy statement.

  • Type of data processed: User data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses), content data (e.g. text entries, photographs, videos).
  • Persons affected: Users (e.g. website visitors, users of online services), communication partners.
  • Purposes of processing: provision of our online services, user-friendliness, contractual obligations, service, security measures, administration and replies to requests, contact enquiries and communication, direct marketing (e.g. by e-mail or post).
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Contract fulfilment and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO)

Used services and service providers:

  • YouTube videos: Video content; service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Website: https://www.youtube.com; Privacy Policy: https://policies.google.com/privacy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active; Opt-Out: Opt-Out Plugin: https://tools.google.com/dlpage/gaoptout?hl=en, Settings for the display of advertisements: https://adssettings.google.com/authenticated.
  • Vimeo videos: Video content; service provider: Vimeo Inc., Attention: Legal Department, 555 West 18th Street New York, New York 10011, USA; Website: https://vimeo.com; Privacy Policy: https://vimeo.com/privacy; Opt-Out: Please note that Vimeo may use Google Analytics and therefore we refer to the Privacy Policy (https://policies.google.com/privacy) as well as the opt-out options for Google Analytics (https://tools.google.com/dlpage/gaoptout?hl=en) or the settings of Google for the use of data for marketing purposes (https://adssettings.google.com/).

2.2. Presence in social networks (social media)

We maintain online presences within social networks and process user data in this context in order to communicate with the active users or to offer information about us.

Please note that user data may be processed outside the European Union. This can result in risks for users, as it could make it more difficult to enforce their rights, for example. With regard to US providers that are certified under the Privacy Shield or offer comparable guarantees of a secure level of data protection, we would like to point out that they thereby declare their commitment to comply with the data protection standards of the EU.

Furthermore, user data within social networks is usually processed for market research and advertising purposes. Thus, for example, usage profiles can be created on the basis of user behaviour and the related interests of the users. These usage profiles can in turn be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).

For a detailed presentation of the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection declarations and information provided by the operators of the respective networks.

In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can most effectively be pursued with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you can contact us.

  • Type of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
  • Persons affected: Users (e.g. website visitors, users of online services).
  • Purposes of processing: contact requests and communication, tracking (e.g. interest/behavioural profiling, use of cookies), remarketing
  • Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

Used services and service providers:

  • LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
  • Twitter: social network; service provider: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/de/privacy, (Settings) https://twitter.com/personalization; Privacy Shield (Ensuring the level of data protection when processing data in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.

3. Requesting Information Material and Establishing Contact

By sending your request, you consent to the electronic processing and storage of the contact data you have provided. This is done for the purpose of processing and answering your enquiry. We store your data for six months, unless a longer period is required to process your order or respond to your request or is required by law. We do not pass on any personal data to third parties.

If necessary, your contact data will also be used to send additional information material. You can revoke your consent to this use. Further information on this can be found at the end of the privacy policy.

4. Contents and Links to External Offers of Third Parties

Our website includes content and links from third party providers. We have no influence on whether third party providers store IP addresses, e.g. for statistical purposes. As soon as you are on the website of third parties, they are responsible for the data protection of their offers within the meaning of Art. 4 No. 7 of Regulation (EU) 2016/679.

4.1 Surveys

For surveys, we use Microsoft Forms. In the selection of the provider and the service we comply with the legal requirements. An order processing contract with Microsoft is concluded.

In this context, the information provided in the survey is processed and stored on the servers of the third-party provider.

Collecting and processing the data generated in the survey is generatde, among others, for the purpose of collecting statistical data and, if necessary, publishing them in the context of various publications.

The data processed in this context is determined by the underlying survey. By participating in the survey, you consent to the electronic processing and storage of the data you provide.

The data processed in this way include the name of the institution/company, but never the personal data, such as name, address or contact details, of the person participating in the survey.

Data is only passed on to third parties for the purpose of statistical analysis resulting from the data collection. At no time will the name of the institution/company be passed on to third parties.

5. Newsletter

With your consent to receive our newsletter we have the possibility to inform you regularly about current developments and events.

We hold the authority over these distribution lists. We reserve the right to remove individuals from our mailing lists.

Reasons:

  • Error messages or indications that persons have left the institute which has a business relationship with the association
  • Private individuals who have no current or former relationship with the association
  • Persons who, through their behavior or otherwise, cause damage to the association’s reputation

To subscribe to the newsletters, we provide a registration form for requests to be added to the corresponding distribution list. To be included in the mailing list, you only need to enter your e-mail address (mandatory information). We use your e-mail address exclusively for sending the newsletter.

We use the Google service reCaptcha to determine whether a human or a computer is making a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer: IP address of the terminal device used, the website that you visit with us and on which the captcha is embedded, the date and duration of the visit, the recognition data of the browser and operating system type used, Google account if you are logged in to Google, mouse movements on the reCaptcha areas and tasks that require you to identify images. The legal basis for the data processing described is Art. 6 (1) lit. f of the General Data Protection Regulation. There is a legitimate interest on our part in this data processing to ensure the security of our website and to protect us from automated entries (attacks).

5.1 CleverReach

To send our newsletter we use the services of CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. This enables us to organize and analyze the sending of our newsletters. The data you enter to receive the newsletter, such as your e-mail address, is stored on CleverReach’s servers in Germany and Ireland. A data processing agreement (AVV) has been concluded with CleverReach.

With the help of CleverReach’s analysis tools, we can track how many recipients have opened their newsletter and how often links were clicked on in the newsletter.

Details on CleverReach’s data analysis can be found at: https://www.cleverreach.com/en/features/reporting-tracking/

If you do not wish CleverReach to analyse your data, you must unsubscribe from the newsletter. Your data will be deleted from CleverReach’s servers if you unsubscribe. If this data has been transmitted to us for other purposes and elsewhere, it will remain with us.

Details of CleverReach’s privacy policy can be found at: https://www.cleverreach.com/en/privacy-policy/

Unconfirmed registrations are automatically deleted from CleverReach’s systems and servers after two months.

The legal basis for the processing of your personal data after registration for the newsletter is Art. 6 Para. 1 lit. a DSGVO if the user has given his consent.

You can object at any time for the future by clicking on the unsubscribe link at the end of the newsletter or by sending us an informal e-mail with your revocation to verband@vab.de. Unsubscriptions are automatically deleted from CleverReach’s systems and servers after two months.

6. VAB Events

6.1 Advanced education offers (seminars, in-house trainings, work groups) of the VAB

We process the data of the participants of our educational offers in order to be able to provide our educational services to them. The collection and processing of your data is carried out for the purpose of organizing and carrying out the event and for communication in connection with the event.

The data processed for this purpose is determined by the underlying registration process. By registering for events, you consent to the electronic processing and storage of the contact data you have provided.

  • Type of data processed: inventory data (e.g. names, addresses of participants), payment data (e.g. invoice recipient), contact data (e.g. e-mail, telephone numbers), contract data (membership in the VAB).
  • Persons affected: Employees of member companies, interested parties, business and contractual partners.
  • Purposes of processing: Execution of the event and communication in connection with the event.
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legal obligation (Art. 6 para. 1 sentence 1 lit. c. DSGVO), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

The collection and processing of your data is carried out for the purpose of organizing the event, communication in connection with the event and association topics. By registering for events, you consent to the electronic processing and storage of the contact data you have provided. The data will only be passed on to third parties for the purpose of carrying out the event as far as necessary (e.g. admission control of the host). Your data will be deleted after the event, unless they are subject to a longer retention period due to other legal requirements.

6.2 Receptions of the VAB

The collection and processing of the data of the invited and participating persons is carried out for the purpose of the organization and execution of the event as well as communication in connection with the event.

The data processed in this context is determined by the underlying registration process. By registering for events, you consent to the electronic processing and storage of the contact data you have provided.

  • Type of data processed: inventory data (e.g. names, addresses of participants), contact data (e.g. e-mail, telephone numbers)
  • Persons concerned: Employees of member companies, interested parties, business and contractual partners.
  • Purposes of processing: organization and execution of the event and communication in connection with the event.
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

The data will only be passed on to third parties for the purpose of the execution of the event to the extent necessary (e.g. access control by the landlord).

Your data will be deleted after the event, unless they are subject to a longer retention period due to other legal requirements.

6.3 Digital events (meetings, video conferences, webinars etc.) of the VAB

We use platforms and applications by Cisco Webex and ecosero for our audio conferences, webinars and other types of video and audio meetings. When selecting third-party providers and their services, we comply with the legal requirements. Order processing contracts with Cisco Webex and ecosero has been concluded.

In this context, data of the persons participating in the communication are processed and stored on the servers of the third-party providers, as far as they are part of communication processes with us. Such data may include, in particular, registration and contact data, entries in chats and shared screen contents.

  • Type of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. dial-in times and duration), meta/communication data (e.g. device information, IP addresses, browser information).
  • Persons concerned: Employees of member institutions, interested parties, communication partners, users (e.g. website visitors, users of online services).
  • Purposes of processing: organization and execution of the event and communication in connection with the event, contact requests and communications, office and organizational procedures
  • Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), fulfilment of contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

6.4 Recordings

On-site and online events can be recorded and distributed by the us. It is possible that individual participants can be identified by means of image or sound recording. This is the case, for example, if a participant speaks up during the recording or enters the area in front of the camera. However, intentional recordings of participants or the attendance list are not performed.

  • Type of data processed: Personal data (e.g. name, name of employer, image and voice recordings).
  • Persons affected: Employees of member companies, interested parties, business and contractual partners.
  • Purposes of processing: Making the recordings available to participants; commercial use; own publications; use on our website; use in video productions; lecture, training and demonstration purposes.
  • Duration of storage of the recordings: Recordings will be kept for as long as is necessary for the aforementioned purposes. The recordings can be stored internally without restriction, e.g. to secure copyright claims by providing evidence of original recordings.

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a DSGVO), Fulfilment of the contract and pre-contractual enquiries (Art. 6 para. 1 sentence 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 sentence 1 lit. f. DSGVO).

7. Member Area

Only registered employees from our members have access to the protected member area of the website of the Association of Foreign Banks in Germany e.V.. The access coordinates (username and password) will be sent to the user upon request to verband@vab.de. The collection and processing of your data is carried out for the purpose of verifying your access authorization to the member area. In order to process your request and activate access to the member area, your given contact data (surname, first name, member institution, e-mail address) will be electronically processed and stored. The user will receive a password randomly generated by us. You can then reset this password by clicking on “Forgot password” and assign a new password yourself. The association expressly recommends this step. You have the option to have us deactivate access to the member area at any time. All you need to do is send a message with your name and e-mail address to verband@vab.de.

Your personal rights

You have the following rights:

  • Right of access, Art. 15 DSGVO
  • Right to rectification, Art. 16 DSGVO
  • Right to erasure, Art. 17 DSGVO
  • Right to restriction of processing, Art. 18 DSGVO
  • Right to data portability, Art. 20 DSGVO
  • Right to object, Art. 21 DSGVO

If you wish to make use of any of these rights, please contact the data protection officer of VAB. You will find the contact details at the end of the declaration.

It is also possible to lodge a complaint with a supervisory authority.

You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6 para. 1 lit. e) DSGVO (data processing in the public interest) and Art. 6 para. 1 lit. f) DSGVO (data processing on the basis of a weighing of interests).

If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

The objection can be directed formally with the subject “Objection” under indication of your name, your (vocational) address to the following contact:

Verband der Auslandsbanken in Deutschland e. V.
Data Protection Officer
Weißfrauenstraße 12-16
60311 Frankfurt am Main
datenschutz@vab.de

The Association of Foreign Banks in Germany

Weißfrauenstr. 12-16
60311 Frankfurt am Main
+49 69 975850 0
+49 69 975850 10
verband@vab.de