Meinl Bank

WHAT IS THE DSGVO?

The ‘DSGVO’ (German: Datenschutzgrundverordnung) is a regulation of the European Union. It applies with immediate effect in every Member State, including Austria. Any person whose data are being processed can invoke the DSGVO directly.

WHAT DOES THE DSGVO REGULATE?

The DSGVO contains regulations applicable to the processing of your personal data.

DOESN’T BANKING SECRECY APPLY IN AUSTRIA ANYWAY?

Yes, information made known to us based on the business relationship is also protected by Austrian banking secrecy – as specified in § 38 of the Banking Act. The DSGVO applies in addition to this legislation.

WHAT ARE ‘PERSONAL DATA’?

Personal data are any information relating to an identifiable natural person (‘person affected’). A natural person counts as identifiable if he or she can be directly or indirectly identified by being allocated a name or password, such as an IBAN or account number, for example.

HOW EXACTLY IS THE ‘PROCESSING OF DATA’ DEFINED?

The term ‘processing’ refers to any process executed in association with personal data, with or without the help of automated procedures. This includes, for example, the gathering of such data, their recording, organisation, ordering, storing, adjustment or modification, reading out, querying, usage, disclosure (by transmission, distribution or making it available in another form), comparison or linkage, restriction, deletion or destruction.

WHAT DOES ‘PERSON RESPONSIBLE’ MEAN?

The term ‘person responsible’ means the natural person or legal entity, authority, institution or other office which, either alone or together with others, decides on the purposes and means of processing personal data.

WHAT DOES ‘PERSON PROCESSING THE ORDER’ MEAN?

The term “person processing the order” means a natural person or legal entity, authority, institution or other office which processes personal data on behalf of persons responsible.

WHO IS RESPONSIBLE FOR PROCESSING PERSONAL DATA?

Meinl Bank AG
Bauernmarkt 2
1010 Wien

is responsible for processing your data.

WHO IS THE DATA PROTECTION OFFICER AT MEINL BANK AG?

At Meinl Bank AG, the function of Data Protection Officer is being taken on by Daniel Hahn. If you have any queries, suggestions or complaints, you can reach him by writing to:

Daniel Hahn – Data Protection Officer
Meinl Bank AG
Bauernmarkt 2
1010 Wien
E-Mail: dsgvo@meinlbank.com

WHAT PERSONAL DATA ARE PROCESSED?

Meinl Bank AG processes the following personal data:

  • Master data and legitimising data, e.g. name, address, date of birth, telephone number, tax status, identification data, a copy of the identifying document, etc.
  • Data resulting from consultative meetings, for example your experiences with investments, financial position, household bills and financial objectives; at companies, this also covers balance sheets, financial forecasts, etc.
  • Product, service and contractual data, for example product ownership, right of disposition, turnover and transactions, use of digital banking, consultation protocols, etc.
  • Creditworthiness data, e.g. rating, entries in warning lists, etc.
  • Video and audio data, e.g. video recordings, recorded telephone calls
  • Processing results for the performance of contracts and consents
  • Data for the performance of legal and regulatory requirements. In this case, it may only be a general listing involved. For a more detailed listing, you have a right to information and can demand of us that we provide this.

WHERE DO THE PERSONAL DATA BEING PROCESSED ORIGINALLY COME FROM?

You yourself will have made us aware of most of your personal data that we process, while opening an account, for example, or within the bounds of a consultation.

Above and beyond this, however, the data could come from the following sources:

  • Records of debtors, such as KSV1870 Holding AG, CRIF GmbH, for example.
  • Publicly accessible sources, such as the company register, land register, bankruptcy file or register of associations, for example.

In addition to this, we could receive data from state authorities or persons acting on behalf of an official body such as, for example, guardianship courts or criminal courts, state prosecutors’ offices or court commissioners. For a detailed listing, you have the right to information.

FOR WHAT PURPOSES, AND ON WHAT LEGAL BASIS, ARE MY PERSONAL DATA PROCESSED?

Meinl Bank AG is a credit institution according to § 1, Para. 1 of the Banking Act. Within these activities, we process your personal data.

PROCESSING TO PERFORM A CONTRACT

Depending on the type of contracts we have with you, we provide certain services for you. This could involve a credit agreement, for example, or an account agreement.

To do this, we need to process your data. You will find the extent of the data processing in your account opening documents.

PROCESSING TO MEET A CONTRACTUAL OBLIGATION

Legal regulations and purposes also require us to process your personal data. Examples of these may include:

  • Credit risk management
  • Monitoring of insider trading, conflicts of interest and market manipulation
  • Establishment of identity, monitoring of transactions, suspicious activity reports
  • Reports into the account register and reports of capital outflows
  • Recording of telephone calls and electronic communication in case of securities business such as, for example, the acceptance, communication and execution of customer orders according to the 2018 Securities Supervision Act, or in case of securities trading on own account
  • Information in criminal proceedings towards state prosecutors’ offices and courts, and towards financial criminal authorities due to intentional financial offences

PROCESSING BASED ON A JUSTIFIED INTEREST

A justified interest in data processing by us or third parties exists in the following cases:

  • Enquiries and data exchange to determine creditworthiness and risks of default towards credit agencies such as, for example, KSV1870
  • Video monitoring to gather evidence in the case of criminal offences or proof of dispositions and payments, at the banking call of Meinl Bank AG, for example – these serve to protect the customers and employees in particular
  • Measures for preventing and fighting fraud, Fraud Transaction Monitoring
  • Data processing within the bounds of prosecuting the law
  • Recordings of telephone calls, for complaint cases, for example, or for the documentation so-called transitionally relevant statements, such as blocks on cards

PROCESSING BASED ON CONSENT

If neither a contract nor a legal obligation nor a justified interest exists, however, data processing can still be legal if you have granted your consent or agreement to our doing so. The extent and content of this data processing is always a result of the respective consent. It is essential that you can revoke your consent at any time.

The legality of the processing that has taken place based on this consent up until the revocation is not affected as a result of the revocation, however. Loosely speaking, this means a revocation does not work retroactively.

WHOM ARE MY PERSONAL DATA PASSED ON TO?

Your personal data can be passed on to:

  • Public offices and institutions where we are legally obliged to do so, for example the European Banking Supervisors, European Central Bank, Austrian Financial Market Authority, financial authorities, etc.
  • Third parties commissioned by us, for IT and back office services, for example, and banking inspection authorities where these need such data for their task. Third parties are contractually or legally obliged to treat your data confidentially and only to process within the bounds of the provision of the service
  • Third parties where this is obligatory for the performance of the contract or based on legal regulations, for example the payee of a transfer and their payment provider.

WHAT RIGHTS DO I HAVE?

The DSGVO guarantees you the following rights for your personal data. You have the right to:

  • Information
  • Correction
  • Deletion
  • Restriction of Processing
  • Data Portability
  • Revocation

WHAT DOES THE ‘RIGHT TO INFORMATION’ MEAN?

You have the right to demand confirmation of whether we are processing your personal data. If this is the case, you also have the right to information about these personal data, and to the following information:

  • Processing purposes
  • Categories of the personal data being processed
  • Payees or categories of payees to whom the personal data have been disclosed or are still being disclosed, particularly in the case of payees in third countries or at international organisations
  • Where possible, the planned duration for which the personal data are being stored, or, if this is not possible, the criteria for establishing this duration
  • The existence of the right to correct or delete the personal data affecting you; restriction or revocation of this processing
  • Right to complain to a supervisory authority
  • Any information available about the origin of the personal data if the data are not collected at the person affected

WHAT DOES THE ‘RIGHT TO CORRECTION’ MEAN?

It is important to Meinl Bank AG that your data should be correct and complete at all times. If you suspect the data are incorrect or incomplete, you can apply for your data to be corrected or completed.

WHAT DO THE ‘RIGHT TO DELETION’ AND ‘RIGHT TO BE FORGOTTEN’ MEAN?

We set great store by ensuring your data are only processed within the framework conditions of the Data Protection Act. If you are justifiably of the opinion that this is not the case, however, you can apply for your personal data to be deleted. We must explicitly draw your attention to the fact that your consent to the processing of your data is a precondition for our being able to provide you with legally compliant services.

WHAT DOES THE ‘RIGHT TO THE RESTRICTION OF PROCESSING’ MEAN?

We set great store by ensuring your data are only processed within the framework conditions of the Data Protection Act. If you are of the opinion that this is not the case, however, then you have the right to demand the processing of your personal data be restricted.

HOW CAN I SUBMIT AN APPLICATION (E.G. FOR INFORMATION, CORRECTION, ETC.)?

No matter what right you wish to assert, you can send your application to us personally at Meinl Bank AG in a letter, signed in your own hand and with a copy of your identification document enclosed, at the following address:

  • Meinl Bank AG
    Data Protection Officer
    Bauernmarkt 2
    1010 Wien
  • Personally at Meinl Bank AG

HOW LONG WILL IT TAKE FOR MY APPLICATION TO BE PROCESSED?

We will make the appropriate information about the measures available to you immediately, but within one month of your application being received at Meinl Bank AG.

The deadline could be extended by a further 2 months if this proves necessary due to the complexity and volume of applications. We will, however, inform you of the possibility of an extension to this deadline and the reasons for this within one month of our receiving your application.

HOW WILL MY APPLICATION BE PROCESSED?

Financial matters are a matter of trust – e-mails, however, are not always worthy of that trust. Viewed in terms of security, e-mails are more comparable with a postcard than a letter. Since we don’t want to send your banking data on a postcard, we will have the information sent to you by post.

DOES IT COST ME ANYTHING TO ASSERT MY RIGHTS?

Applications are completed free of charge. Exceptions: we are only entitled to demand reasonable payment if applications are clearly unfounded or are excessive. In this way, the administrative costs of the notification, rejection or execution of the measure applied for are taken into consideration.

SUPERVISORY AUTHORITY RESPONSIBLE FOR DATA PROTECTION AGENDAS:

Österreichische Datenschutzbehörde
Wickenburggasse 8
1080 Wien
Telefon: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at
https://www.dsb.gv.at/