Log inSign up

English

API Health CheckPlanned Outages

Information on Data Protection and Data Processing

We protect your personal information as best we can when collecting, processing and during your visit to our website. Your data is protected by law. Below you will find explanations on the nature of the information collected when you visit our website and how they are used.

The processing of your data within the credit institute

Who is the data controller?

Responsible for the processing of your data:

Erste Group Bank AG
Am Belvedere 1
1100 Vienna
https://www.erstegroup.com/en/legal-information/imprint

Contact for requests relevant for data protection:

Erste Group Bank AG
0196 1905/AT Data Privacy Security Management
Am Belvedere 1
1100 Vienna

email: GDPR-Support@erstegroup.com

The fastest way to reach us is via an s Contact message in George: if two topics are displayed for you to choose from,
click on "General Data Protection Regulation (GDPR)”.
Otherwise, simply type "Data protection" in the subject line of your message.

Responsible supervisory authority for matters appertaining to data protection:

Austrian Data Protection Authority
Barichgasse 40-42,
1030 Vienna

Telephone: +43 1 52 152-0
email: dsb@dsb.gv.at
https://www.dsb.gv.at/

Who is the Data Protection Officer?

The Data Protection Officer at our company is Gregor König. If you have any questions,
suggestions or causes for complaint regarding the processing of your data, you can contact him and his team at:

Gregor König – data protection officer
Erste Group Bank AG
Am Belvedere 1
1100 Vienna

email: datenschutz@erstegroup.com

For what purposes and on what legal basis will my personal data be processed?

We are a bank organized according to Article 1 (1) of the Austrian Banking Act and Article 4 (1) 1 of the EU Capital Adequacy Regulation.

  • Processing to provide the requested service

    Upon registration on the portal, the user acknowledges and agrees that the name and e-mail address are required for the proper functioning of the portal. The e-mail address will be used to send notifications related to their use of the service.

  • Processing due to a legitimate interest

    A legitimate interest for data processing by us or third parties exists in the following cases:

    • Measures to protect employees, customers and the Bank's property.

    • Exercising or defending rights

    • Preventing and combatting fraud as well as preventing money laundering and terrorist funding, including but not limited to:

    • Improving data quality

    • Ensuring the security of IT and of the Bank's IT operations

  • Processing on the basis of consent
    If there is neither a contract nor a legal obligation or a legitimate interest, processing the data may still be lawful if you have given us your consent to do so. The withdrawal of consent shall, however, not affect the lawfulness of processing before the withdrawal of consent. This means that withdrawal of consent shall not be effective for the past.

  • Processing for statistical purposes
    We also process your personal data for statistical purposes in accordance with Article 7 of the Austrian Data Protection Act.

  • Will data other than those collected from me be processed?
    Most of your personal data that we process will have been provided by you.

Am I obliged to provide my personal data? What will happen if I do not want to do so?

For our business relationship, we require your personal data. So you see we must process your personal data wherever it is required by contract or by law. If you do not want us to do so, we may unfortunately not be allowed to provide certain services. If we process your data only on the basis of your consent, you will not be obliged to give this consent and provide the data.

Is there any automated decision-making, including profiling?

We are not using any automated decision-making, including profiling.

To whom will my personal data be disclosed?

Your personal data may be disclosed to:

  • Credit institutions, bodies and persons within the network of Sparkasse savings banks, Erste Bank and Erste Group who require the data for contractual, legal or regulatory duties as well as for legitimate interests.

  • Processors and other service providers (controllers) commissioned by us, e.g. for IT, back office, legal and tax advice, chartered accountants and collection companies, to the extent they require the data for their tasks.

  • Third parties, if this is mandatory for the fulfilment of the contract or legal provisions.

Will my data be transferred to a third country?

Your personal data may be transferred to a third country in the following cases:

  • this is necessary in order to assert, exercise or defend legal claims or there is a legal obligation, e.g. at the request of the authorities under a mutual legal assistance agreement.

  • Our processors and sub-processors may be located in third countries. Unless the transfer is based on an adequacy decision of the European Commission, we will transfer the data on the basis of appropriate or suitable safeguards. We will be happy to provide you with these on request.

  • You will receive a special notification in other cases of data being transferred to a third country.

A list containing an overview of potential recipients in third countries can be found here.

For how long will my personal data be stored?

(All links are valid as of March 2021)

Your personal data will be stored for as long as is necessary for the respective purpose: this may be the duration of the customer relationship, pending legal proceedings or the existence of a claim, or if required by law. Retention may also be necessary if you have ceased to be our customer.

The essential legal provisions applicable to credit institutions include:

  • the Austrian Companies Code, Article 212 (7 years)

  • the Federal Tax Code, Article 132 (7 years or for the duration of tax proceedings);

  • the Securities Supervision Act 2018, Article 33 (5 or 7 years by order of the Financial Market Authority).

  • Financial Market Money Laundering Act, Article 21 (10 years from the end of the business relationship).

An overview of other statutory retention obligations applicable in Austria can be found here, for example:
https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-speicher-und-aufbewahrungsfristen.html

Your rights

What are my rights?

The GDPR grants you certain rights regarding your personal data. You have the right to access, rectification, erasure, restriction, data portability, objection and to decisions not based solely on automated processing, including profiling. For detailed information and important guidance on the right to data portability please visit the webpage of your Bank at: https://sparkasse.at/dsgvo.

No matter which right you wish to assert, please submit your request to us preferably in one of four ways:

  • by letter, signed in your own hand and with a copy of an identity piece, to:
    Erste Group Bank AG 0196 1905/AT Data Privacy Security Management
    Am Belvedere 1, 1100 Vienna

  • Personally in one of the Bank's branches

  • by e-mail, ideally with a qualified digital signature, to GDPR-Support@erstegroup.com or

  • by s contact message in George: If two topics are displayed for you to choose from, please click on "General Data Protection Regulation” (GDPR). Otherwise, simply type "Data protection" in the subject line of your message.

Please understand that in case of doubt we may request further information about your identity. This also serves for your own protection, to prevent unauthorised persons from accessing your data.

If you do not receive a timely response to a request or if you believe that we have not complied with your request in accordance with the law, or if you feel that your right to data protection has been violated, you will be entitled to lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority
Barichgasse 40-42, 1030 Vienna
https://www.dsb.gv.at

Partner with us

Want to know more about Erste Group projects?
Check out our newest projects.