Data Privacy

General Data Privacy Notice for Website Visitors and Online Account Users

1. Contents of this notice

In this Data Privacy Notice, we inform you about how we process your personal data when you visit our website at deka.de. In addition, we inform you about your rights under the General Data Protection Regulation (GDPR).
 
This Data Privacy Notice also applies to any other websites of Deka Group that make reference to it.
 
This Data Privacy Notice is supplemented by specific data privacy notices applicable to individual topics, e.g. data privacy notices for securities account customers or online job applicants. For an overview, please go to www.deka.de/datenschutz.

2. Controller and data protection officer

The controller within the meaning of the GDPR for the processing of your data on deka.de is:

DekaBank Deutsche Girozentrale
Mainzer Landstrasse 16
60325 Frankfurt am Main
Germany
Telephone (0 69)  71 47 – 652
Email: service@deka.de

The contact details of the data protection officer of DekaBank Deutsche Girozentrale are as follows:

DekaBank Deutsche Girozentrale
Data Protection Officer
Mainzer Landstrasse 16
60325 Frankfurt am Main
Germany
Email: datenschutz@deka.de

Where other websites of Deka Group make reference to this Data Privacy Notice, the controller within the meaning of the GDPR for the processing of your data on such other websites is, unless specified otherwise, the controller as indicated in the legal notice of the relevant other website. For an overview of the contact details of the appointed data protection officer, please go to www.deka.de/datenschutz.

3. Individual features of our website

Below, we will explain how we process your data when you use individual features of our website.

3.1. Contact form

We will use the information provided by you in the contact form (e.g. subject, message, contact details) to process your request. We will use your name for the purposes of addressing you. We will use your address and telephone number (optional information) as a further contact option in connection with your request. Your securities account number (optional information) helps us to link your request to a specific securities account.

Show details

The legal basis for the processing is our legitimate interests (facilitating the contact with our customers) and, if you are or want to become a customer, the performance of a contract, e.g. the execution of an order. The recipient of your message is the relevant company within Deka Group and its specialist department (e.g. Securities Account Services) responsible for processing your message. We will delete your message upon completion of your request or upon expiry of the legal retention periods.

3.2. Newsletter subscription

If you want to subscribe to a newsletter on deka.de, please set up a user account for subscription management (new registration). To do so, you will need to provide us with your email address and a password selected by you. In addition, you may provide further optional profile details such as your last name and first name to enable us to address you directly.

By setting up a user account, you give DekaBank Deutsche Girozentrale data privacy consent to provide you by email with information about financial products and services relating to the topics covered by the relevant newsletters you subscribed to. You may withdraw such consent at any time, however, not retroactively, by unsubscribing from the individual newsletters using the subscription management user account or by closing your subscription management user account completely.

Show details

After registration, you will receive an email asking you to click on a confirmation link. You will receive the subscribed newsletter only after you have confirmed.

The legal basis for the processing is your consent. We will delete all data when you close your subscription management user account.

Our newsletters contain special images (web bugs) that allow us to determine if and when an email is opened. Information is also stored when links in the newsletter are clicked. However, we store this data only for statistical purposes (i.e. the data is not linked to individuals) in order to improve our newsletters, products and services and to better understand customer needs.

3.3. Using the online securities account

Once you have authorised online use of your DekaBank securities account, you can use the online account features on our website. Our Datenschutzhinweise für (Depot-)Kunden (PDF, 2.6 MB) applies to data processed for the purposes of account management and execution of orders.

Show details

We will also record when you log in and out of your online securities account and use this data to prevent misuse and as evidence, e.g. in the event of ambiguities regarding submitted orders. Such log data will be stored for 90 days.

The legal basis for such processing is our legitimate interests (ensuring the security of your online account and preservation of evidence).

When you log in to your securities account, our server stores a cookie containing a code on your computer. We use this cookie (a "session cookie") only to identify you as a logged-in user. The cookie will be automatically deleted if there is no interaction between you and our web server for more than 10 minutes (automatic log-out). You can modify your browser settings to prevent cookies from being stored. If you do so, however, you will no longer be able to use our website to access your securities account.

3.4. Google Maps

We may use Google services to display maps on our website (e.g. location of real estate). In doing so, we will not collect any information about your location or any other personal data. The map services provided by Google are subject to Google's privacy policy, which is available at https://policies.google.com/privacy?hl=en.

Show details

4.  Analysis of your website visit

4.1. Logfiles

Whenever a webpage is accessed, our web server, like any other web server, will record technical data. However, we do not link such data to any individuals and we store only shortened versions of IP addresses.

Show details

When you access an individual webpage, our web servers will record in a log file by default the address of the page accessed, the date and time of the access, any error messages and, if available, your computer's operating system and browser software and the previous webpage you were visiting. We store only a shortened version of your computer's IP address in our log files that does not allow an individual to be identified.

We use the log file data only to ensure proper provision of our services (e.g. error analyses, system security and protection against abuse), and we will delete such data after 90 days.

Where log file data qualifies as personal data in individual cases, the legal basis for the processing of such log file data is our legitimate interests (error analyses, system security and protection against abuse).

4.2. Tracking the use of our website using Adobe

We use the analytics solution "Adobe Analytics" to analyse how visitors use our website. In doing so, we use cookies. We will track your use without collecting any personal data (data will be pseudonymised). We will store only a shortened version of your IP address. You may opt out of the tracking of your use by following the link below:

Opt out of Adobe website tracking

Show details

We use Adobe Analytics, a web analytics solution provided by Adobe Systems Software Ireland Limited ("Adobe"). Adobe Analytics stores a cookie, which will expire after two years. When the information about the use of the website generated by the cookie is transferred to an Adobe server, our configurations ensure that only a shortened version of the IP address will be stored prior to the geolocation (identification of the approximate location of the accessing computer).

We will collect the following information:

  • Which webpages you visit and what you do on our websites;
  • Your browsing activities including the URLs of webpages of our Group visited by you;
  • The URL of the webpage containing the link that you followed to access our website;
  • Information about your browser and your device such as device type, browser type, advertising identifier, operating system, connection speed and display settings;
  • A shortened version of your IP address, which enables us to identify your approximate location;
  • Information you provide on the website or in the applications of our company or in the interaction with social media pages of our company, e.g. whether you have clicked on advertisements of our company and whether displaying or clicking on advertisements resulted in a purchase of products offered by our company or any other interaction with our company.

Adobe uses the collected information on our behalf in order to analyse how the website is used by the users and to compile reports on the website activities. We use the analyses and reports to tailor our website to meet user needs, e.g. to determine from which regions a particularly large number of users visit our website, which contents are particularly popular and which devices are used by visitors.

The legal basis for the processing is our legitimate interests (tailoring the website to meet user needs, online interest-based advertising). The data will be stored for 36 months.

We will not link the analytics data about the use of our website by you to your personal data (e.g. online securities account).
If you do not want us to track and analyse your visits to our website using Adobe Analytics, please follow the link below:

Opt out of Adobe website tracking

4.3. Interest-based advertising using Sizmek

We use the Sizmek solution provided by Sizmek Inc. (401 Park Avenue S, 10016 New York City / USA) to present to you relevant and targeted advertisements on the basis of your use including on third-party websites and to measure and statistically analyse the success of our advertisements (e.g. interaction with or clicks on an advertisement). You may opt out of such interest-based advertising by following the link below:

https://www.sizmek.com/privacy-policy

Show details

For the aforementioned purposes, cookies and similar technologies (e.g. pixels and statistical device IDs) are used on your computer to track and analyse your use of our website including your interaction with advertisements on third-party websites.

In using such cookies and similar technologies, we will not store any data identifying you directly (e.g. your name or your email address), as we collect the data using code numbers and IDs, i.e. the data will be pseudonymised. The cookies will expire after a period of up to 90 days.

For further information about Sizmek's data privacy policy and your opt-out option, please go to http:/www.sizmek.com/privacy-policy/optedout/.

Sizmek is certified under the EU-US Privacy Shield. The EU-US Privacy Shield is a data privacy framework intended to ensure adequate data protection for the transmission of data to certified US companies. The European Commission confirmed the adequacy of the protection provided under the EU-US Privacy Shield in its decision dated July 12, 2016 (document C(2016) 4176).

To view the decision of the European Commission, go to: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

To view the current status of the certification of Sizmek under the EU-US Privacy Shield, go to https://www.privacyshield.gov/participant_search (search for "Sizmek").

Your data will be processed on the legal basis of our legitimate interests (displaying interest-based advertising and optimizing our advertising campaigns).

We will delete your pseudonymised data we collect using Sizmek after 6 months.

4.4. Google Remarketing

We use Google Remarketing, a service of Google LLC in the United States, to show you interest-based advertisements within the Google advertising network. To that end, a cookie will record your visit to our website.

Show details

For advertising purposes, we use Google Remarketing, a feature of the advertising network AdWords of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). After you have visited our website, this enables us to display targeted interest-based advertisements about our website and our offers in the future when you visit websites of Google and other websites of the Google advertising network.

For this purpose, we use cookies on our websites. These cookies are used to record that you have visited our website and enable Google to recognise you as a visitor to our website on other websites of the Google advertising network.

You can prevent the storage of such cookies by modifying the relevant settings of your browser software.

In addition, you can opt out of receiving advertising based on the websites you have visited from Google AdWords at any time by adjusting your settings for personalised advertisements at www.google.de/settings/ads.

To view the Google Privacy Policy, go to: https://www.google.com/policies/privacy/partners/?hl=de.

Google is certified under the EU-US Privacy Shield. The EU-US Privacy Shield is a data privacy framework intended to ensure adequate data protection for the transmission of data to certified US companies. The European Commission confirmed the adequacy of the protection provided under the EU-US Privacy Shield in its decision dated July 12, 2016 (document C(2016) 4176).

To view the decision of the European Commission, go to: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.207.01.0001.01.DEU.

To view the current status of the certification of Google under the EU-US Privacy Shield, go to https://www.privacyshield.gov/participant_search (search for "Google").

Your data will be processed on the legal basis of our legitimate interests (displaying interest-based advertising within the Google advertising network).

We will delete your data collected for Google Remarketing purposes after 18 months.

5. Additional information

5.1. Mandatory information

All mandatory fields are marked with an asterisk ("*") on our website. Without such information, it is not possible to use the relevant feature.

5.2. Data recipients

At DekaBank, your data will be received by the relevant department, e.g. Securities Account Services or the Marketing Department. To the extent your data relates to other companies of Deka Group, these companies will also be granted access to your data (e.g. request made using the contact form concerning a matter of Deka Investment GmbH).

We may engage technical service providers, which are bound by our instructions, to ensure the technical operation of the website. Such service providers include in particular Finanzinformatik Technologie Service GmbH & Co. KG.

Any data will be transferred to countries outside of the European Economic Area only if this has been expressly indicated.

5.3. Criteria for the data retention period

We will determine the period for which your data will be stored based on the specific purposes for which we use your data. In addition, we are subject to statutory retention and documentation requirements in particular under the German Commercial Code and the German Tax Code. Moreover, the period for which data will be stored is also determined by the statutory limitation periods of generally three years, e.g. pursuant to Secs. 195 et seq. German Civil Code.

6. Definitions

6.1. Terms

Below, we will explain some of the legal and technical terms used in this Data Privacy Notice.
 
Personal data
Personal data means any information involving an identified or identifiable natural person, e.g. data linked to your e-mail address or securities account number.
 
Processing:
Processing of personal data means any procedure in relation to personal data, e.g. the collection of data using an online form, the storage of data on our servers or the use of data for the purposes of contacting you.
 
Cookie:
A cookie is a small text file which is stored on your computer. The content of such file is transferred to our servers every time you visit a website.
 
IP address:
The IP address is a number temporarily or permanently assigned to your computer by your internet service provider. In individual cases, a complete IP address allows the identification of the internet connection subscriber, e.g. through additional information provided by your internet access provider.

6.2. Legal basis

Under the GDPR, personal data may be processed only if a legal basis exists. We are required by law to inform you about the legal basis for the processing of your data.
 
Below, we will explain the terms used in this respect.

Legal basis
Term
Explanation
Art. 6(1)(a) GDPR
Consent
This legal basis allows processing if and to the extent you have given us your consent thereto.
Art. 6(1)(b) GDPR
Performance of a contract
This legal basis allows processing to the extent it is necessary for the performance of a contract with you, including steps prior to entering into a contract (e.g. preparation of the conclusion of a contract).
Art. 6(1)(c) GDPR
Compliance with legal obligations
This legal basis allows us to process your data to the extent this is necessary to comply with a legal obligation to which we are subject.
Art. 6(1)(f) GDPR
Legitimate interests
This legal basis allows processing to the extent it is necessary for the purposes of our legitimate interests (or those of any third party), except where such interests are overridden by your conflicting interests.

7. Your rights

The GDPR grants you certain rights in relation to your personal data. For an explanation, please go to "Your rights under the General Data Protection Regulation" (available in German language only).