Information pursuant to articles 13 and 14 of the general data protection regulation (GDPR) on the processing of personal data
We hereby inform you about the processing of your personal data and the data protection claims and rights to which you are entitled. The content and scope of the data processing depends largely on the products and services you have requested or which are agreed with you.
Who is responsible for data processing and whom can you contact?
Responsible for data processing:
Raiffeisen Property International GmbH (hereinafter referred as "RPI")
Raiffeisen Property International GmbH and it's other companies are part of RBI-Group. Direct all questions concerning GDPR to below indicated contacts:
Group Data Privacy Office of RBI Group
Phone: +43 1 / 717 07 – 8817
Contact data of the Data Protection Officer of the Bank:
Phone: +43 1 71707-8603
Which data are processed and from which sources do they come?
We process the personal data that we receive from you as part of our business relationship. In addition, we process data that we have legitimately received from credit bureaus (CRIF GmbH), debtor directories (Kreditschutzverband von 1870, Creditreform etc.) and from publicly available sources (eg business register, association register, land register or media) or that are provided legitimately by other companies affiliated with RPI and/or RPHI.
Personal information includes your personal details and contact information (e.g., name, address, other contact details, date and place of birth, nationality, social insurance number, gender, marital status, power of representation etc.) or identity and travel document information (such as signature sample, ID information). In addition, this may include creditworthiness data, data on marketing and distribution, electronic log and identification data (apps, cookies, etc.) and compliance data and other data comparable to the above categories.
For which purposes and on which legal basis are data being processed?
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act 2018.
to fulfill contractual obligations (Article 6 (1) (b) GDPR)
The processing of personal data (Art 4 No. 2 GDPR) is carried out for rent, building and real estate transactions (like Lease Agreements, Purchase and Sales Contracts etc.), in particular for the performance of our contracts with you and the execution of your orders as well as for carrying out pre-contractual measures.
to fulfill legal obligations (Article 6 (1) (c) GDPR)
The processing of personal data shall only be carried out for the purpose of fulfilling various legal obligations Examples of such cases are:
- Reports to the Money Laundering Reporting Office in certain suspicious cases (§ 16 FM-GwG, Financial Market Anti-Money-Laundering Act)
- Provision of information to financial penal authorities in the context of financial criminal proceedings for an intentional financial offense
- Reporting to trade authorities and associations, land Register authorities, building and construction authorities as well as other authorities within framework of existing legislation and obligation and our RPI/RPHI and affiliated companies business purposes
- as part of your consent (Article 6 (1) (a) GDPR
If you have given us your consent to the processing of your personal data for specific purposes (eg, information by using E-Mails about actual projects of RPI or RPHI-Group etc.), processing will only take place in accordance with the scope and for the purpose as set out in and agreed in the consent form. A given consent may be withdrawn at any time with effect for the future.
to safeguard legitimate interests (Article 6 (1) (f) GDPR) in general
If necessary, data processing may be carried out to protect legitimate interests of RPI/RPHI or third parties. In the following cases, data processing takes place to safeguard legitimate interests. Examples of such cases are:
- Consultation and exchange of data with credit bureaus (for example Österreichischer Kreditschutzverband 1870, Creditreform etc.) for the determination of creditworthiness or default risks
- Review and optimization of needs analysis and direct customer approach procedures
- General infomails and newsletters on service, products and related market information
- Measures for business management and further development of services and products
- Measures to protect customers and employees as well as to secure the property of RPI/RPHI companies and to prevent, contain and investigate criminally relevant conduct. Areas that are publicly accessible can be monitored (in particular foyers, corridors, staircases, elevator areas, interior / exterior entrance areas, facades, garage)
- Certain phone records (for quality assurance or complaint cases)
- Measures for controlling business and further development of services and Products
- Measures in Fraud Transaction Monitoring, against anti-money laundering, terrorist financing and offending crime. At the same time, data evaluations (among others in payment transactions) are carried out. These measures also serve for your protection.
- Data processing for law enforcement purposes
- Asserting legal claims and defense in legal disputes
- Ensuring the IT security and IT operations of RPI and affiliated companies
- Prevention and investigation of criminal offenses
Who receives my data?
Within our company and/or company group, those units or employees receive your data, as required by them to fulfill their contractual, legal and / or regulatory obligations and legitimate interests. In addition, contractors (especially IT and back-office service providers) will receive your data as long and to the extent as they need the data to perform their respective service. All processors are contractually obliged to treat your data confidentially and to process the data for the provision of the respected services.
According legal rules and laws and because of legitimate interest, personal data may be transferred to our mother Raiffeisen Bank International AG and/or affiliated RBI-companies. That personal data will be treated especially confidential.
If there is a legal or regulatory obligation, public authorities and institutions (like financial authorities, tax authorities, trade authorities and associations, land Register authorities, building and construction authorities as well as other authorities etc.)
as well as our Bank and auditors may be the recipients of your personal data.
According existing contracts and in framework of special RPI/RPHI interests, credit agencies or other with RPI/RPHI affiliated companies may receive your data too.
In case of your special allowance, your data can be provided to other authorities, companies etc. too (consent for your data processing).
Is there a data transfer to a third country or to an international organization?
A transfer of data to third countries (outside the European Economic Area - EEA) will only take place if this will be necessary for the execution of your orders (eg payment and securities orders), or if so required by law or if you have given us your explicit consent.
In addition, data may be transferred to RPI's subsidiaries or processors in third countries or subcontractors of RPI's processors in third countries. These are obliged to comply with European data protection and security standards. Information about this can be obtained from us.
If so required by law, we will separately provide you with further details.
How long will my data be stored?
We process your personal data, as far as necessary, for the whole duration of the entire business relationship (beginning with the conclusion of a contract, its execution and ending with its termination) as well as in accordance with the mandatory storage and documentation obligation as required by law, in particular pursuant to the following Austrian legal provisions: the Companies Code (Unternehmensgesetzbuch, UGB), the Federal Fiscal Code (Bundesabgabenordnung, BAO) and the Financial Market Money Laundering Act (Finanzmarkt-Geldwäschegesetz, FM-GwG).
Moreover, the data storage is also subject to the statutory limitation periods, eg under the Austrian General Civil Code (Allgemeines Bürgerliches Gesetzbuch, ABGB) and may in certain cases last up to 30 years (the most relevant limitation period in practice is 3 years).
Which data protection rights do I have?
You have the right to access, rectification, erasure or restriction of the processing of your stored data, a right to object to processing and a right to data portability in accordance with the requirements of data protection law. Complaints can be addressed to the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Wien, dsb.gv.at.
Am I obliged to providing data?
As part of the business relationship, you must provide us with all personal information that is necessary to enter into and to maintain the business relationship with you, and also those data that we are required by law to collect. If you do not provide us with these data, we will generally decline either to conclude or to complete the contract, or we will be unable to execute an existing contract or we would be forced to terminate such contract. However, you are not obliged to give your consent to the processing of data if such data is not necessary for the performance of a contract or is not required by law or regulation.
Is there automated decision-making?
In general, we do not use fully automated decision-making within the meaning of Article 22 GDPR in order to establish and/or to conduct a business relationship. If we should use such procedures on a case-by-case basis, we will inform you accordingly by separate notice as so provided for by law.
Data Protection and Cookies
The use of our website is generally possible without specific input of your personal data. When personal data (for example name, address or E-Mail addresses) is collected on our website, this always takes place in order to enable the use of the website or on a voluntary basis. For example, the processing of the IP address is for technical reasons and can not be prevented.
Technically required cookies
These cookies are necessary for the basic functions of the website and are used to store your user settings and preferences (e.g. saving your input in form fields to protect against unwanted loss) as well as to enable and secure authentication or ELBA sessions. These cookies assign a randomly generated ID to your browser. The data processing is based on our legitimate interest in the secure design and convenient use of our contents and generally in the provision of our services on the specific website visited. No information about you is collected which is used for marketing and statistical purposes. Furthermore, we may use information for fraud prevention and to ward off service overloading requests (denial of service attacks). This category of cookies cannot be deactivated.
This information is anonymized immediately after the cookie is set respectively the website is visited and enables us to gain knowledge about the use, functionality and user-friendliness of websites and apps, to advertise our content, to place it in a targeted manner and to improve it continuously. We carry out range and performance measurement: We obtain information about the number of website visitors, page views and the usage habits of visitors to a website or app.
You can object to this processing at any time with effect for the future by using this selection option, your browser settings or plug-ins (e.g. tools.google.com/dlpage/gaoptout?hl=en). Processing will be carried out until you object to it.
We use personal cookies, pixels and scripts as a way to evaluate the effectiveness and success of our marketing tools and to better align them. These tools are used to draw conclusions on your interests and needs based on the analysis of your behavior, as well as to segment users with the same or similar interests and needs so that we can offer you advertising or content that is target-oriented and tailored to your needs and interests. The processing is carried out for a maximum period of three years or until withdrawal. Withdrawal of consent does not affect the lawfulness of the processing that took place until withdrawal.
This declaration of consent applies to the controller named in the imprint and companies associated with this controller, which are linked in the introduction above.
Record on the web server
Every time a user accesses our website and every time a file is retrieved or attempted to be retrieved from the server, data about this process is stored in a log file. For us it is not directly recognizable, which user called upon which data. We also do not try to collect this information. This would only be possible in legally regulated cases and with the help of third parties (e.g. Internet service providers). In detail, the following data record is stored for each retrieval: The IP address, the name of the downloaded file, the date and time of the download, the amount of data transferred, the message as to whether the download was successful and the message as to why a download may have failed, the name of your Internet service provider, if applicable the operating system, the browser software of your computer and the website from which you are visiting us.
The legal basis for the processing of personal data is our legitimate interest (in accordance with Art 6 (1) (f) GDPR). This is to detect, prevent and investigate attacks on our website.
In addition, we process your personal data in special cases on the basis of the legitimate interests of us or legitimated third parties for legal proceedings or on behalf of legally authorized authorities or courts.
We generally store data for a period of three months to guarantee the security of our homepage. A longer storage only takes place as far as this is necessary to investigate determined attacks on our website or to pursue legal claims.
For the above-mentioned purposes, we have your personal data processed by the following service providers: Raiffeisen Informatik GmbH, GRZ IT Center GmbH, Raiffeisen Informatik Center Steiermark GmbH.
Raiffeisen Web Analytics
This website uses the "Raiffeisen Web Analytics" software for anonymous analysis of website usage. Your IP address will be made anonymous for analysis purposes by deleting the last 8 bits immediately when a website is accessed. For this purpose Cookies are used which enable an analysis of the website usage by users. Through the evaluation of this data valuable knowledge about the needs of these users can be gained. This knowledge contributes to further improving the quality of our offer. You can prevent this by setting up your browser in a manner that no Cookies are saved.
Upon others we collect the following data: visited websites, date and time of the visit, length of stay, browser version, screen resolution, operating system, the country and the referrer, this is the previously visited page from which a page was accessed.
GRZ IT Center GmbH acts as IT service provider for us, processing your data only within the scope of the provision of services.
On our website we use the service Google Maps API. This service is a service of Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By integrating the service on our website, at least the following data are transmitted to Google, Inc.: IP address, time of visit of the website, screen resolution of the visitor, URL of the website (referrer), the identification of the browser (user agent) and search terms. The data transfer is independent of whether you have a Google account that you are logged in or whether you do not have a Google user account. If you are logged in, the data will be assigned with your account. If you do not wish assignment to your profile, you must log out before activating the button. Google, Inc. stores this data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google Inc. to exercise this right. For more information about the purpose and scope of data collection and processing by Google, Inc., please contact google.at/intl/de/policies/privacy/. We do not process the affected data.
Last updated on: 25.11.2020