We hereby inform you about the processing of your personal data and the data protection claims and rights to which you are entitled. The content and scope of the data processing is largely determined by the products and services you have requested or agreed with us.
Version January 2023
Responsible for data processing:
Raiffeisen Property International GmbH (nachfolgend „RPI“)
Raiffeisen Property International GmbH and it's other companies are part of RBI-Group. Direct all questions concerning GDPR to below indicated contacts:
Group Data Privacy Office der RBI Gruppe
Telefon: +43 1 / 717 07 - 8817
Kontaktdaten des Datenschutzbeauftragten:
Am Stadtpark 9, 1030 Wien
We process the personal data that we receive from you as part of our business relationship. In addition, we process data that we have legitimately received from credit bureaus (CRIF GmbH), debtor directories (Kreditschutzverband von 1870, Creditreform etc.) and from publicly available sources (eg business register, association register, land register or media) or that are provided legitimately by other companies affiliated with RPI and/or RPHI.
Personal information includes your personal details and contact information (e.g., name, address, other contact details, date and place of birth, nationality, social insurance number, gender, marital status, power of representation etc.) or identity and travel document information (such as signature sample, ID information). In addition, this may include creditworthiness data, data on marketing and distribution, electronic log and identification data (apps, cookies, etc.) and compliance data and other data comparable to the above categories.
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act 2018.
- to fulfill contractual obligations (Article 6 (1) (b) GDPR)
The processing of personal data (Art 4 No. 2 GDPR) is carried out for rent, building and real estate transactions (like Lease Agreements, Purchase and Sales Contracts etc.), in particular for the performance of our contracts with you and the execution of your orders as well as for carrying out pre-contractual measures.
- to fulfill legal obligations (Article 6 (1) (c) GDPR)
The processing of personal data shall only be carried out for the purpose of fulfilling various legal obligations Examples of such cases are:
- Reports to the Money Laundering Reporting Office in certain suspicious cases (§ 16 FM-GwG, Financial Market Anti-Money-Laundering Act)
- Provision of information to financial penal authorities in the context of financial criminal proceedings for an intentional financial offense
- Reporting to trade authorities and associations, land Register authorities, building and construction authorities as well as other authorities within framework of existing legislation and obligation and our RPI/RPHI and affiliated companies business purposes
- as part of your consent (Article 6 (1) (a) GDPR
If you have given us your consent to the processing of your personal data for specific purposes (eg, information by using E-Mails about actual projects of RPI or RPHI-Group etc.), processing will only take place in accordance with the scope and for the purpose as set out in and agreed in the consent form. A given consent may be withdrawn at any time with effect for the future.
- to safeguard legitimate interests (Article 6 (1) (f) GDPR) in general
If necessary, data processing may be carried out to protect legitimate interests of RPI/RPHI or third parties. In the following cases, data processing takes place to safeguard legitimate interests. Examples of such cases are:
- Consultation and exchange of data with credit bureaus (for example Österreichischer Kreditschutzverband 1870, Creditreform etc.) for the determination of creditworthiness or default risks
- Review and optimization of needs analysis and direct customer approach procedures
- General infomails and newsletters on service, products and related market information
- Measures for business management and further development of services and products
- Measures to protect customers and employees as well as to secure the property of RPI/RPHI companies and to prevent, contain and investigate criminally relevant conduct. Areas that are publicly accessible can be monitored (in particular foyers, corridors, staircases, elevator areas, interior / exterior entrance areas, facades, garage)
- Certain phone records (for quality assurance or complaint cases)
- Measures for controlling business and further development of services and Products
- Measures in Fraud Transaction Monitoring, against anti-money laundering, terrorist financing and offending crime. At the same time, data evaluations (among others in payment transactions) are carried out. These measures also serve for your protection.
- Data processing for law enforcement purposes
- Asserting legal claims and defense in legal disputes
- Ensuring the IT security and IT operations of RPI and affiliated companies
- Prevention and investigation of criminal offenses
Within our company and/or company group, those units or employees receive your data, as required by them to fulfill their contractual, legal and / or regulatory obligations and legitimate interests. In addition, contractors (especially IT and back-office service providers) will receive your data as long and to the extent as they need the data to perform their respective service. All processors are contractually obliged to treat your data confidentially and to process the data for the provision of the respected services.
According legal rules and laws and because of legitimate interest, personal data may be transferred to our mother Raiffeisen Bank International AG and/or affiliated RBI-companies. That personal data will be treated especially confidential.
If there is a legal or regulatory obligation, public authorities and institutions (like financial authorities, tax authorities, trade authorities and associations, land Register authorities, building and construction authorities as well as other authorities etc.)
as well as our Bank and auditors may be the recipients of your personal data.
According existing contracts and in framework of special RPI/RPHI interests, credit agencies or other with RPI/RPHI affiliated companies may receive your data too.
In case of your special allowance, your data can be provided to other authorities, companies etc. too (consent for your data processing).
A transfer of data to third countries (outside the European Economic Area - EEA) will only take place if this will be necessary for the execution of your orders (eg payment and securities orders), or if so required by law or if you have given us your explicit consent.In addition, data may be transferred to RBI's subsidiaries or processors in third countries or subcontractors of RBI's processors in third countries. These are obliged to comply with European data protection and security standards. Information about this can be obtained from us.
Payments and cash withdrawals with debit and credit cards can lead to the necessary involvement of international card organizations and thus possibly to data processing by these card organizations in third countries. For example, the data protection measures taken by MasterCard ("Binding Corporate Rules") are available here.
If so required by law, we will separately provide you with further details.
We process your personal data, as far as necessary, for the whole duration of the entire business relationship (beginning with the conclusion of a contract, its execution and ending with its termination) as well as in accordance with the mandatory storage and documentation obligation as required by law, in particular pursuant to the following Austrian legal provisions: the Companies Code (Unternehmensgesetzbuch, UGB), the Federal Fiscal Code (Bundesabgabenordnung, BAO), the Banking Act (Bankwesengesetz BWG), the Financial Market Money Laundering Act (Finanzmarkt-Geldwäschegesetz, FM-GwG) and the Securities Supervision Act (Wertpapieraufsichtsgesetz, WAG).
Moreover, the data storage is also subject to the statutory limitation periods, eg under the Austrian General Civil Code (Allgemeines Bürgerliches Gesetzbuch, ABGB) and may in certain cases last up to 30 years.
Data from the video-surveillance of the Bank will be deleted in principle after 90 days if no longer required for the purposes of video surveillance.
You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing and a right to data portability in accordance with the requirements of data protection law. If you wish to exercise your rights, please contact email@example.com or the data protection officer. If, in your view, the response to your rights is not carried out in accordance with the GDPR, you are welcome to contact us again or file a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria, www.dsb.gv.at.
As part of the business relationship, you must provide us with all personal information that is necessary to enter into and to maintain the business relationship with you, and also those data that we are required by law to collect. If you do not provide us with these data, we will generally decline either to conclude or to complete the contract, or we will be unable to execute an existing contract or we would be forced to terminate such contract. However, you are not obliged to give your consent to the processing of data if such data is not necessary for the performance of a contract or is not required by law or regulation.
For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making in accordance with Article 22 DSGVO. In connection with products to be concluded online, an automated rejection of the online conclusion may occur if your information does not meet the requirements defined for the product. In these cases, please contact a customer service representative. If we use these procedures in other individual cases, we will inform you of this separately, insofar as this is provided for by law.
If you contact us by form on the website or by e-mail, the data you provide and transmit will be stored by us for a maximum of twelve months for the purpose of processing the inquiry and in case of follow-up questions. In this way, we pursue our legitimate interest in being able to offer you the best possible service and to open up ways for you to exchange information with us. If you do not wish your data to be shared and/or stored in this way, please send your objection to: firstname.lastname@example.org.
Our online presences in social networks or on platforms serve the communication and information of interested parties or customers. As a rule, user data is processed for market research and advertising purposes, e.g., to create usage profiles. These usage profiles can be used, among other things, to place advertisements that correspond to the user's interests. Cookies are stored on the user's computer for this purpose, with the help of which the user's usage behavior and interests are stored. In addition, user data can also be stored in the usage profiles across devices (this primarily concerns users who are logged in to the relevant platform). It is possible for us to place target group-oriented advertising and to perform an anonymized analysis of the use of our online presence.
The processing of users' personal data is based on your consent (a declaration of consent, e.g., by activating a checkbox or confirming a button). Below you will find details and information on possible data transfers to third countries (countries outside the European Union - EU or the European Economic Area - EEA) based on the provider information on processing and objection options.
- LinkedIn, LinkedIn Ireland Unlimited Company, Gardner House, 2 Wilton Place, Dublin 2, Irland
This website uses the "Raiffeisen Web Analytics" software for anonymous analysis of website usage. Your IP address will be made anonymous for analysis purposes by deleting the last 8 bits immediately when a website is accessed. For this purpose Cookies are used which enable an analysis of the website usage by users. Through the evaluation of this data valuable knowledge about the needs of these users can be gained. This knowledge contributes to further improving the quality of our offer. You can prevent this by setting up your browser in a manner that no Cookies are saved or do not give consent.
Upon others we collect the following data: visited websites, date and time of the visit, length of stay, browser version, screen resolution, operating system, the country and the referrer, this is the previously visited page from which a page was accessed.GRZ IT Center GmbH acts as IT service provider for us, processing your data only within the scope of the provision of services.
For anonymous statistical evaluation and extended security precautions during visits to our website, we use services of the company JENTIS GmbH, Schönbrunner Straße 231, 1120 Vienna ("JENTIS"). For this purpose, data is transmitted to JENTIS, which JENTIS evaluates on our behalf in anonymized form. This means that JENTIS GmbH only processes data that cannot be traced back to an identifiable person. In addition, we use JENTIS to anonymize your personal data before transferring it to a third country, thus protecting your data.You can view the data protection provisions of JENTIS at the following link: https://www.jentis.com/privacy-policy/"
By using the company JENTIS GmbH, your personal data is anonymized before a potential transfer to a third country. Google thus only receives information that does not allow any conclusions to be drawn about you.
On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage.You can prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plugin available at tools.google.com/dlpage/gaoptout.
In connection with Google Analytics, the Google Tag Manager is also used. Google Tag Manager is also a solution from Google that allows companies to manage website tags via an interface. The Google Tag Manager is a domain without cookies that does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. We hereby point this out separately. The Google Tag Manager does not access this data. If a deactivation has been made by the user at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.
If you use the corresponding function and have given your consent, we use the Google Maps API service on our pages. This service is a service of Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By integrating the service on our website, at least the following data are transmitted to Google, Inc.: IP address, time of visit of the website, screen resolution of the visitor, URL of the website (referrer), the identification of the browser (user agent) and search terms. The data transfer is independent of whether you have a Google account that you are logged in or whether you do not have a Google user account. If you are logged in, the data will be assigned with your account. If you do not wish assignment to your profile, you must log out before activating the button. Google, Inc. stores this data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google Inc. to exercise this right. For more information about the purpose and scope of data collection and processing by Google, Inc., please contact www.google.at/intl/de/policies/privacy/. We do not process the affected data.
We have embedded YouTube videos on our website, which are stored on "www.youtube.com" and can be played directly from our website. These are all embedded in the so-called "extended data protection mode", which means that no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos are YouTube cookies stored on your terminal device and data transmitted to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as YouTube operator. When playing videos stored on YouTube, at least the following data is transmitted to Google Ireland Limited: IP address and cookie ID, the specific address of the page called up from us, the language setting of the browser, the system date and time of the call-up and the identifier of your browser. The data transfer takes place regardless of whether you have a user account with Google, via which you are logged in, or whether there is no user account for you. If you are logged in, this data is directly assigned to your account. If you do not want the assignment to your profile, you must log out before activating the button. YouTube or Google Ireland Limited stores this data as usage profiles and uses it for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) for the provision of needs-based advertising and to inform other users about your activities on our website. You have the right to object to the creation of these user profiles, and to exercise this right you must contact Google Ireland Limited as the operator of YouTube. For more information on the purpose and scope of data collection and its processing by Google Ireland Limited, please visit www.google.at/intl/de/policies/privacy. We do not process the data concerned.
Every time a user accesses our website and every time a file is retrieved or attempted to be retrieved from the server, data about this process is stored in a log file on the server. It is not directly traceable for us which user has retrieved which data. We also do not attempt to collect this information. This would only be possible in legally regulated cases and with the help of third parties (e.g. Internet service providers). In detail, the following data record is stored on the server about each retrieval: The IP address, the name of the retrieved file, the date and time of the retrieval, the amount of data transferred, the message whether the retrieval was successful, as well as the message why a retrieval may have failed, the name of your Internet service provider, if applicable, the operating system, the browser software of your computer and the website from which you visit us.
The legal basis for any processing of this personal data is our legitimate interest (Art. 6 para. 1 lit. f DSGVO). This is to be able to detect, prevent and investigate attacks on our website.
In addition, we process your personal data in special cases due to the legitimate interests of us or legal third parties in legal prosecution (Art. 6 para. 1 lit. f DSGVO) or by order of legally authorized authorities or courts (Art. 6 para. 1 lit. c DSGVO).
We generally store data for a period of three months to ensure the security of our website. Longer storage only takes place insofar as this is necessary to investigate detected attacks on our website or to pursue legal claims.
Cookies can be blocked, disabled or deleted. There are a variety of tools available to you to do this (including browser controls and settings). Information on this can be found in the help section of the web browser you are using. If you deactivate all cookies used by us, the display of the website may be restricted, for example.