Protecting your personal data and data security are very important to us. We collect, process and use personal and anonymised data during your visit to our website, always complying with the law.
In this Data Privacy Notice, we (DekaBank Deutsche Girozentrale, Mainzer Landstraße 16, 60325 Frankfurt/Main) inform you about the personal data we collect, process and use when you visit our websites at deka.de or dekabank.de. This Data Privacy Notice also applies to any of our other websites that make reference to it.
Additional special data privacy notices may apply to special services (e.g. our online job centre). Reference is made to these policies when the service is used.
The term ‘personal data’ means all data related to a specific or identifiable natural person, e.g. your address, E-mail address, date of birth or requests that you send to us using our contact form.
Generally speaking, we do not collect personal data when you visit our website. We collect and use such data only if required to provide a specific service, and only to the extent necessary to provide the service. For example, we need personal data in order to check your authorisation to access your securities account, to process your contact requests and send information that you request.
An asterisk (*) is used to identify required fields in the forms on our website. Completing all other fields is optional.
We observe applicable provisions of the law when we collect, process and use personal data, in particular the provisions of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and German Telemedia Act (Telemediengesetz, TMG).
We disclose personal data that has been collected through our website to government institutions, authorities, courts and other third parties if we are obligated to do so, or if this is necessary in order to efficiently conduct a legal defence or assert rights. Otherwise, we only disclose data if you have authorised us to do so. We may contract data processing services from service providers to operate our website or send newsletters you have subscribed to.
Except in the cases indicated, no data is transmitted to countries outside the European Union (EU) or European Economic Area (EEA).
When you access individual webpages, our web servers normally record in a log file the address of the page accessed, the date and time of the access, any error messages and, if available, your computer’s operating system and browser software and the previous webpage you were visiting. We only store a shortened version of your computer IP address in our log files that does not allow an individual to be identified. An IP address is a number that is temporarily or permanently assigned to your computer by your Internet service provider.
We only use the log file data to ensure proper provision of our services (e.g. error analyses, system security and protection against abuse).
We use analysis software provided by an outside company. The software collects data about visits to our website (‘user profiles’) and allows this data to be analysed. According to a certificate issued on 11 October 2010 by TÜV Süd, the company satisfies the applicable requirements of the German data protection authorities (“Düsseldorf Kreis” statement of November 2009).
The user profiles that are created are pseudonymised, i.e. they cannot be used in practice to obtain information about a specific person. In particular, we do not store your full IP address. The user profiles are also stored separately from other data (e.g. personal data obtained from the contact form), and we do not combine data or use it to identify visitors to our website.
The user profiles include, for example, information on the search engines, search terms, languages and Internet service providers used, the origin of website visitors, the browsers and plugins used and the web page that was visited immediately before (referrer). We use the data collected in this way to design our website appropriately to meet the needs of visitors, e.g. to identify information that is frequently accessed and where improvements are needed.
A tracking pixel is integrated into our webpages and, if necessary, a cookie (a small text file) is stored on your computer to create user profiles. If you are not in agreement with this, follow the link below to opt out fully from the use of your visitor data (click on the Opt out of Website Tracking link at the end of the page).
Once you have authorised online use of your securities account, you can use our website to check account holdings and submit orders. We record when you log in and out of your account and use this data to prevent misuse and as evidence. Data on orders submitted is used to execute the orders and is stored in accordance with statutory retention requirements.
When you log in to your securities account, our server stores a cookie (a small text file) containing a code on your computer. The contents of this file are transferred to our server each time you access a webpage. We only use the cookie (a ‘session cookie’) to identify you as a logged-in user. The cookie is automatically deleted if there is no interaction between you and our web server for more than 10 minutes (automatic log-out). You can modify your browser settings to prevent cookies from being stored. If you do so, however, you will no longer be able to use our website to access your securities account.
If you subscribe to a newsletter on our website, you can cancel this subscription at any time (e.g. using a link in the newsletter). After cancelling, you will receive a confirmation email containing a link. Cancellation does not take effect until the link is clicked (“double opt-in” process).
Our newsletters contain images (web bugs) that allow us to determine if and when an email is opened. Information is also stored when links in the newsletter are clicked. However, we only store this data for statistical purposes (i.e. without personal information), in order to improve our newsletters, products and services and better understand client needs.
We have implemented technical and organisational measures for our Internet webpages and underlying components to protect your data against intentional or accidental manipulation, unauthorised third-party access, loss, destruction or changes. We continually improve this protection as technology changes.
More information on data security and what you should know about data protection for online transactions is available at deka.de: Depot > Informationen > Sicherheit (Securities Account > Information > Security).
Our websites at deka.de and dekabank.de are operated by host providers in Germany. Data transmitted between our server and your computer is encrypted (SSL, indicated by “https” in the address line).
The data included in international transfers, and individual requests for international and domestic express transfers, is forwarded to the recipient’s financial institution by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) in Belgium. Since there is no other company that currently offers these services worldwide, German financial institutions generally have no alternative but to use the services provided by SWIFT for processing international payments. If they did not work together with SWIFT, German financial institutions would not be able to offer global payment services to their clients. The SWIFT network used by German financial institutions satisfies the highest technical and organisational security requirements.
SWIFT has an operating centre in Europe and one in the US where transaction data is temporarily stored. Data mirroring is used to ensure that the data stored on the servers at the two operating centres are identical at all times. This mirroring is performed for security reasons, so that if one of the operating centres fails, the other operating centre is able to take over the processing of all its international payments transactions. Providing geographically separate backup infrastructure to ensure continuous operations, satisfies international standards and regulatory requirements.
Under the agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States, US authorities are permitted to access data for transfers processed through the SWIFT system in order to combat international terrorism, and to store this data for five years. Upon request, the US authorities can therefore examine transfer data containing the names, addresses, recipients and amounts of funds transfers.
We reserve the right to make amendments to this Data Privacy Notice from time to time that take effect for the future. If changes are made to our Data Privacy Notice, however, we will not use data that has been previously collected for other purposes without your consent.
If you have questions about data protection at DekaBank Deutsche Girozentrale, or would like to know what personal data we have stored for you, please contact our Data Protection Officer: DekaBank Deutsche Girozentrale, Data Protection Officer, Mainzer Landstraße 16, 60325 Frankfurt, Germany.
Status of this version is 1 March 2015.