Data Privacy
Data Privacy
General Data Privacy Notice for Website Visitors and Online Account Users
1. Contents of this notice
In this Data Privacy Notice, we inform you about how we process your personal data when you visit our website at deka.de. In addition, we inform you about your rights under the General Data Protection Regulation (GDPR).
This Data Privacy Notice also applies to any other websites of Deka Group that make reference to it.
This Data Privacy Notice is supplemented by specific data privacy notices applicable to individual topics, e.g. data privacy notices for securities account customers or online job applicants. An overview is available here.
Information on the use of cookies is provided on our Cookie Information page.
This Data Privacy Notice also applies to any other websites of Deka Group that make reference to it.
This Data Privacy Notice is supplemented by specific data privacy notices applicable to individual topics, e.g. data privacy notices for securities account customers or online job applicants. An overview is available here.
Information on the use of cookies is provided on our Cookie Information page.
2. Controller and data protection officer
The controller within the meaning of the GDPR for the processing of your data on deka.de is:
DekaBank Deutsche Girozentrale
Mainzer Landstrasse 16
60325 Frankfurt am Main
Germany
Telephone (0 69) 71 47 – 652
Email: service@deka.de
The contact details of the data protection officer of DekaBank Deutsche Girozentrale are as follows:
DekaBank Deutsche Girozentrale
Data Protection Officer
Mainzer Landstrasse 16
60325 Frankfurt am Main
Germany
Email: datenschutz@deka.de
Where other websites of Deka Group make reference to this Data Privacy Notice, the controller within the meaning of the GDPR for the processing of your data on such other websites is, unless specified otherwise, the controller as indicated in the legal notice of the relevant other website.
DekaBank Deutsche Girozentrale
Mainzer Landstrasse 16
60325 Frankfurt am Main
Germany
Telephone (0 69) 71 47 – 652
Email: service@deka.de
The contact details of the data protection officer of DekaBank Deutsche Girozentrale are as follows:
DekaBank Deutsche Girozentrale
Data Protection Officer
Mainzer Landstrasse 16
60325 Frankfurt am Main
Germany
Email: datenschutz@deka.de
Where other websites of Deka Group make reference to this Data Privacy Notice, the controller within the meaning of the GDPR for the processing of your data on such other websites is, unless specified otherwise, the controller as indicated in the legal notice of the relevant other website.
3. Individual features of our website
Below, we will explain how we process your data when you use individual features of our website.
3.1. Contact form
We will use the information provided by you in the contact form (e.g. subject, message, contact details) to process your request. We will use your name for the purposes of addressing you. We will use your address and telephone number (optional information) as a further contact option in connection with your request. Your securities account number (optional information) helps us to link your request to a specific securities account.
After registration, you will receive an email asking you to click on a confirmation link. You will receive the subscribed newsletter only after you have confirmed.
The legal basis for the processing is your consent. We will delete all data when you close your subscription management user account.
3.2. Newsletter subscription
If you want to subscribe to a newsletter on deka.de, please set up a user account for subscription management (new registration). To do so, you will need to provide us with your email address and a password selected by you. In addition, you may provide further optional profile details such as your first and last name to enable us to address you directly.
By setting up a user account, you give DekaBank Deutsche Girozentrale data privacy consent to provide you by email with information about financial products and services relating to the topics covered by the relevant newsletters you subscribed to. You may withdraw such consent at any time with immediate effect by unsubscribing from the individual newsletters using the subscription management user account or by closing your subscription management user account completely.
After registration, you will receive an email asking you to click on a confirmation link. You will receive the subscribed newsletter only after you have confirmed.
The legal basis for the processing is your consent. We will delete all data when you close your subscription management user account.
3.3. Using the online securities account
Once you have authorised online use of your DekaBank securities account, you can use the online account features on our website. Our Datenschutzhinweise für (Depot-)Kunden (PDF, 2.6 MB) applies to data processed for the purposes of account management and execution of orders.
We will also record when you log in and out of your online securities account and use this data to prevent misuse and as evidence, e.g. in the event of ambiguities regarding submitted orders. Such log data will be stored for 90 days.
The legal basis for such processing is our legitimate interests (ensuring the security of your online account and preservation of evidence).
3.4. Google Maps
We may use services of Google Ireland Limited, Gordon House Barrow Street, Dublin 4, Ireland on our website to display maps (e.g. locations of properties). The display of the map requires the processing of your IP address by Google. In addition, Google collects data about your use of the map and data may be transmitted to the parent company Google LLC 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
In order to use the map, you may first have to activate it with a click. By activating the map function, you consent for the duration of the browser session that we transmit data to Google LLC in the USA, an "unsafe third country" as defined by the DS-GVO. Details of your consent to the transfer to an unsafe third country in this regard can be found in section 5.
3.1. Contact form
We will use the information provided by you in the contact form (e.g. subject, message, contact details) to process your request. We will use your name for the purposes of addressing you. We will use your address and telephone number (optional information) as a further contact option in connection with your request. Your securities account number (optional information) helps us to link your request to a specific securities account.
After registration, you will receive an email asking you to click on a confirmation link. You will receive the subscribed newsletter only after you have confirmed.
The legal basis for the processing is your consent. We will delete all data when you close your subscription management user account.
3.2. Newsletter subscription
If you want to subscribe to a newsletter on deka.de, please set up a user account for subscription management (new registration). To do so, you will need to provide us with your email address and a password selected by you. In addition, you may provide further optional profile details such as your first and last name to enable us to address you directly.
By setting up a user account, you give DekaBank Deutsche Girozentrale data privacy consent to provide you by email with information about financial products and services relating to the topics covered by the relevant newsletters you subscribed to. You may withdraw such consent at any time with immediate effect by unsubscribing from the individual newsletters using the subscription management user account or by closing your subscription management user account completely.
After registration, you will receive an email asking you to click on a confirmation link. You will receive the subscribed newsletter only after you have confirmed.
The legal basis for the processing is your consent. We will delete all data when you close your subscription management user account.
3.3. Using the online securities account
Once you have authorised online use of your DekaBank securities account, you can use the online account features on our website. Our Datenschutzhinweise für (Depot-)Kunden (PDF, 2.6 MB) applies to data processed for the purposes of account management and execution of orders.
We will also record when you log in and out of your online securities account and use this data to prevent misuse and as evidence, e.g. in the event of ambiguities regarding submitted orders. Such log data will be stored for 90 days.
The legal basis for such processing is our legitimate interests (ensuring the security of your online account and preservation of evidence).
3.4. Google Maps
We may use services of Google Ireland Limited, Gordon House Barrow Street, Dublin 4, Ireland on our website to display maps (e.g. locations of properties). The display of the map requires the processing of your IP address by Google. In addition, Google collects data about your use of the map and data may be transmitted to the parent company Google LLC 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.
In order to use the map, you may first have to activate it with a click. By activating the map function, you consent for the duration of the browser session that we transmit data to Google LLC in the USA, an "unsafe third country" as defined by the DS-GVO. Details of your consent to the transfer to an unsafe third country in this regard can be found in section 5.
4. Analysis of your website visit for statistical purposes
4.1. Logfiles
Whenever a webpage is accessed, our web server, like any other web server, will record technical data. However, we do not link such data to any individuals and we store only shortened versions of IP addresses.
When you access an individual webpage, our web servers will record in a log file by default the address of the page accessed, the date and time of the access, any error messages and, if available, your computer's operating system and browser software and the previous webpage you were visiting. We store only a shortened version of your computer's IP address in our log files that does not allow an individual to be identified.
We use the log file data only to ensure proper provision of our services (e.g. error analyses, system security and protection against abuse), and we will delete such data after 90 days.
Where log file data qualifies as personal data in individual cases, the legal basis for the processing of such log file data is our legitimate interests (error analyses, system security and protection against abuse).
4.2. Adobe Analytics
If you give your consent to data processing for statistical purposes, we will use the analytics service "Adobe Analytics" to analyse how visitors use our website. We will track your use without collecting any personal data (data will be pseudonymised). We will store only a shortened version of your IP address.
You can change your consent for cookies and data privacy here: Opt out of Adobe website tracking
If you give us your consent, we use Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited ("Adobe").
We will collect the following information:
Whenever a webpage is accessed, our web server, like any other web server, will record technical data. However, we do not link such data to any individuals and we store only shortened versions of IP addresses.
When you access an individual webpage, our web servers will record in a log file by default the address of the page accessed, the date and time of the access, any error messages and, if available, your computer's operating system and browser software and the previous webpage you were visiting. We store only a shortened version of your computer's IP address in our log files that does not allow an individual to be identified.
We use the log file data only to ensure proper provision of our services (e.g. error analyses, system security and protection against abuse), and we will delete such data after 90 days.
Where log file data qualifies as personal data in individual cases, the legal basis for the processing of such log file data is our legitimate interests (error analyses, system security and protection against abuse).
4.2. Adobe Analytics
If you give your consent to data processing for statistical purposes, we will use the analytics service "Adobe Analytics" to analyse how visitors use our website. We will track your use without collecting any personal data (data will be pseudonymised). We will store only a shortened version of your IP address.
You can change your consent for cookies and data privacy here: Opt out of Adobe website tracking
If you give us your consent, we use Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited ("Adobe").
We will collect the following information:
- Which webpages you visit on our websites
- Your browsing activities including the URLs of webpages of our Group visited by you
- The URL of the webpage containing the link that you followed to access our website
- Information about your browser and your device such as device type, browser type, advertising identifier, operating system, connection speed and display settings
- A shortened version of your IP address, which enables us to identify your approximate location;
If information about website use is sent to an Adobe server, our settings ensure that only a shortened form of the IP address is stored before geolocation is performed (determining the approximate location of the accessing computer).
Adobe uses the collected information on our behalf in order to analyse how the website is used by the users and to compile reports on the website activities. We use the analyses and reports to tailor our website to meet user needs, e.g. to determine from which regions a particularly large number of users visit our website, which contents are particularly popular and which devices are used by visitors.
Adobe can use subcontractors. A list of Adobe subcontractors is available at www.adobe.com/ie/privacy/sub-processors.html. Adobe's subcontractors may also be located in a country outside the EU or EEA, including, without limitation, Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA95110 USA and Adobe Systems India Private Limited, Level - 2 Elegance Building, Campus 217, Mathura Road, Jasola District Complex, Jasola, New Delhi, Delhi, 110025 India.
The legal basis for the processing is your consent. The data will be stored for 36 months.
We will not link the analytics data about your use of our website to your personal data (e.g. online securities account) without your consent to do so.
Adobe uses the collected information on our behalf in order to analyse how the website is used by the users and to compile reports on the website activities. We use the analyses and reports to tailor our website to meet user needs, e.g. to determine from which regions a particularly large number of users visit our website, which contents are particularly popular and which devices are used by visitors.
Adobe can use subcontractors. A list of Adobe subcontractors is available at www.adobe.com/ie/privacy/sub-processors.html. Adobe's subcontractors may also be located in a country outside the EU or EEA, including, without limitation, Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA95110 USA and Adobe Systems India Private Limited, Level - 2 Elegance Building, Campus 217, Mathura Road, Jasola District Complex, Jasola, New Delhi, Delhi, 110025 India.
The legal basis for the processing is your consent. The data will be stored for 36 months.
We will not link the analytics data about your use of our website to your personal data (e.g. online securities account) without your consent to do so.
5. Analysis of your website visit for marketing purposes
If you give your consent to data processing for marketing purposes, we will use the “Adobe Experience Cloud” service provided by Adobe. We will then use the data recorded by Adobe Analytics (see section 4.2 above) in pseudonymised form for the following purposes:
- To identify potential interests (e.g. in certain funds or forms of investment)
- To display interest-based advertising in third-party search and advertising networks, including social media (e.g. we can show appropriate advertising in third-party search machines and websites used by previous visitors to our website)
- To personalise content (e.g. we can show content on our webpage that interested you during your last visit).
Additional information on how Adobe uses your data is available in the Adobe Privacy Policy at https://www.adobe.com/de/privacy/policy.html.
The information in section 4.2 on data recipients, retention period and legal basis also applies to Adobe Experience Cloud.
You can change your consent for cookies and data privacy here: Opt out of Adobe website tracking
The information in section 4.2 on data recipients, retention period and legal basis also applies to Adobe Experience Cloud.
You can change your consent for cookies and data privacy here: Opt out of Adobe website tracking
6. Additional information
6.1. Mandatory information
All mandatory fields are marked with an asterisk ("*") on our website. Without such information, it is not possible to use the relevant feature.
6.2. Data recipients
At DekaBank, your data will be received by the relevant department, e.g. Securities Account Services or the Marketing Department. To the extent your data relates to other companies of Deka Group, these companies will also be granted access to your data (e.g. request made using the contact form concerning a matter of Deka Investment GmbH).
We may engage technical service providers, which are bound by our instructions, to ensure the technical operation of the website. Such service providers include in particular Finanzinformatik Technologie Service GmbH & Co. KG.
Any data will be transferred to countries outside of the European Economic Area only if this has been expressly indicated.
6.3. Criteria for the data retention period
We will determine the period for which your data will be stored based on the specific purposes for which we use your data. In addition, we are subject to statutory retention and documentation requirements, in particular under the German Commercial Code and the German Tax Code. Moreover, the period for which data will be stored is also determined by the statutory limitation periods of generally three years, e.g. pursuant to §§ 195 et seqq. of the German Civil Code.
All mandatory fields are marked with an asterisk ("*") on our website. Without such information, it is not possible to use the relevant feature.
6.2. Data recipients
At DekaBank, your data will be received by the relevant department, e.g. Securities Account Services or the Marketing Department. To the extent your data relates to other companies of Deka Group, these companies will also be granted access to your data (e.g. request made using the contact form concerning a matter of Deka Investment GmbH).
We may engage technical service providers, which are bound by our instructions, to ensure the technical operation of the website. Such service providers include in particular Finanzinformatik Technologie Service GmbH & Co. KG.
Any data will be transferred to countries outside of the European Economic Area only if this has been expressly indicated.
6.3. Criteria for the data retention period
We will determine the period for which your data will be stored based on the specific purposes for which we use your data. In addition, we are subject to statutory retention and documentation requirements, in particular under the German Commercial Code and the German Tax Code. Moreover, the period for which data will be stored is also determined by the statutory limitation periods of generally three years, e.g. pursuant to §§ 195 et seqq. of the German Civil Code.
7. Definitions
7.1. Terms
Below, we will explain some of the legal and technical terms used in this Data Privacy Notice.
Personal data
Personal data means any information involving an identified or identifiable natural person, e.g. data linked to your e-mail address or securities account number.
Processing:
Processing of personal data means any procedure in relation to personal data, e.g. the collection of data using an online form, the storage of data on our servers or the use of data for the purposes of contacting you.
Cookie:
A cookie is a small text file which is stored on your computer. The content of such file is transferred to our servers every time you visit a website.
IP address:
The IP address is a number temporarily or permanently assigned to your computer by your internet service provider. In individual cases, a complete IP address allows the identification of the internet connection subscriber, e.g. through additional information provided by your internet access provider.
Privacy Shield
By participating in the EU-U.S. Privacy Shield programme, companies in the US can create an adequate level of protection as provided for in the GDPR. The corresponding adequacy decision by the EU Commission can be accessed here: Decision of 12/07/2016 (file ref. C(2016) 4176). A list of the participating companies is available here.
Standard data protection clauses
Standard clauses by the EU Commission that we agree to with service providers in non-EEA countries in order to create an adequate level of protection as provided for in the GDPR. The text of the standard data protection clauses is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087 (Annex).
7.2. Legal basis
Under the GDPR, personal data may be processed only if a legal basis exists. We are required by law to inform you about the legal basis for the processing of your data.
Below, we will explain the terms used in this respect.
Below, we will explain some of the legal and technical terms used in this Data Privacy Notice.
Personal data
Personal data means any information involving an identified or identifiable natural person, e.g. data linked to your e-mail address or securities account number.
Processing:
Processing of personal data means any procedure in relation to personal data, e.g. the collection of data using an online form, the storage of data on our servers or the use of data for the purposes of contacting you.
Cookie:
A cookie is a small text file which is stored on your computer. The content of such file is transferred to our servers every time you visit a website.
IP address:
The IP address is a number temporarily or permanently assigned to your computer by your internet service provider. In individual cases, a complete IP address allows the identification of the internet connection subscriber, e.g. through additional information provided by your internet access provider.
Privacy Shield
By participating in the EU-U.S. Privacy Shield programme, companies in the US can create an adequate level of protection as provided for in the GDPR. The corresponding adequacy decision by the EU Commission can be accessed here: Decision of 12/07/2016 (file ref. C(2016) 4176). A list of the participating companies is available here.
Standard data protection clauses
Standard clauses by the EU Commission that we agree to with service providers in non-EEA countries in order to create an adequate level of protection as provided for in the GDPR. The text of the standard data protection clauses is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087 (Annex).
7.2. Legal basis
Under the GDPR, personal data may be processed only if a legal basis exists. We are required by law to inform you about the legal basis for the processing of your data.
Below, we will explain the terms used in this respect.
|
Legal basis
|
Term
|
Explanation
|
|
Art. 6(1)(a) GDPR
|
Consent
|
This legal basis allows processing if and to the extent you have given us your consent thereto.
|
|
Art. 6(1)(b) GDPR
|
Performance of a contract
|
This legal basis allows processing to the extent it is necessary for the performance of a contract with you, including steps prior to entering into a contract (e.g. preparation of the conclusion of a contract).
|
|
Art. 6(1)(f) GDPR
|
Legitimate interests
|
This legal basis allows processing to the extent it is necessary for the purposes of our legitimate interests (or those of any third party), except where such interests are overridden by your conflicting interests.
|
8. Your rights
The GDPR grants you certain rights in relation to your personal data. An explanation is available here.