Data protection

Responsible for data processing: 

RSC Raiffeisen Service Center GmbH (hereinafter referred to as „RSC“)
Mooslackengasse 25
1190 Vienna
AUSTRIA

The entity is part of the RBI Group. Inquiries for Data Protection please send to:

Group Data Privacy Office 
Am Stadtpark 9
1030 Vienna 
E-Mail: datenschutz@rbinternational.com

Contact data of the Data Protection Officer: 

Mag. Daniela Bollmann, LL.M. 
Telephone +43 1 71707-8603
Am Stadtpark 9
1030 Vienna 
E-Mail: datenschutzbeauftragter@rbinternational.com

We process the personal data that we receive from you as part of our business relationship. In addition, we process data that we have legitimately received from publicly available sources (e.g. business register, association register, land register or media) or that are provided legitimately by other companies affiliated with RSC.

Personal information includes your personal details and contact information (e.g. name, address, date and place of birth, nationality, etc.) or identity and travel document information (such as signature sample, ID information). 

In addition, this may include payment and clearing data (e.g. payment orders, payment transaction turnover data), creditworthiness data (e.g. type and amount of income, recurring payment obligations for children's education costs, loan repayments, rent), marketing and sales data, credit transactions, image and/or sound recordings (e.g. video, telephone recordings), electronic log and identification data (apps, cookies, etc.), financial identification data (data from credit, debit, prepaid cards or AML (Anti Money Laundering) data. (e.g. video, telephone recordings), electronic log and identification data (apps, cookies, etc.), financial identification data (credit, debit, prepaid card data) or AML (Anti Money Laundering) and compliance data, as well as other data comparable to the above categories.

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act 2018.

• to fulfill contractual obligations (Article 6 (1) (b) GDPR)
  

The processing of personal data (Art 4 No. 2 GDPR) takes place for the fulfillment of mutual obligations arising from employment contracts and other contractual relationships arising from business activities, insofar as this is required on the basis of laws, standards of collective law or employment contract obligations. This also includes automation-supported and archived text documents (including correspondence) in these matters. Without these data we can not conclude or maintain a contract with you.

Specific details for the purpose of the data processing mentioned herein can be found in the respective contractual documents. 

• to fulfill legal obligations (Article 6 (1) (c) GDPR)
  

Processing of personal data may be necessary for the purpose of fulfilling various legal obligations (e.g. data relevant under tax and fiscal law, data relevant under social security law, data relevant under employee protection law, data relevant under accounting law, and generally for compliance with record-keeping, information and reporting obligations). In addition, personal data may be processed for the fulfilment of supervisory requirements (e.g. storing the qualifications of employees, carrying out compliance checks). Further obligations for data processing result from norms of collective law (such as collective agreements and company agreements).

• as part of your consent (Article 6 (1) (a) GDPR
  

If you have given us consent to process your personal data for certain purposes (e.g. passing on data to the recipients named in the consent, competitions), processing will only take place in accordance with the purposes specified in the declaration of consent and to the extent agreed therein. Consent given can be revoked at any time with effect for the future.

• to safeguard legitimate interests (Article 6 (1) (f) GDPR) in general 
  

If necessary, data processing may be carried out to protect legitimate interests of RSC or third parties. In the following cases, data processing takes place to safeguard legitimate interests. 

Examples of such cases are:

• General infomails and newsletters on services, products and related market information
  
• Video surveillance for the collection of evidence in the case of criminal offences - in particular for the protection of customers and employees, for the protection of the company's property and for the purpose of preventing, containing and clarifying criminally relevant conductCertain phone records (for quality assurance or complaint cases)
• Measures for business management and further development of services and products 
• Measures to protect customers and employees as well as to secure the property of the company
• Data processing for law enforcement purposes 
• Asserting legal claims and defense in legal disputes
• Ensuring the IT security and IT operations of the Bank 
• Prevention and investigation of criminal offenses

Within the company, your data is received by those departments or employees who need it to fulfil contractual, legal and/or supervisory obligations as well as legitimate interests or for which you have given us your consent. In addition, contractually bound processors (in particular IT and back-office service providers) receive your data insofar as they require the data to perform their respective services. All processors are contractually obliged to treat your data confidentially and to process it only in the context of providing the service.

In the event of a legal or regulatory obligation, public bodies and institutions (European Banking Authority, European Central Bank, Austrian National Bank, Austrian Financial Market Authority, financial authorities, etc.) as well as our auditors and the bank and financial statement auditors of our clients may be recipients of your personal data.

We transmit your personal data to carry out the business relationship with you, e.g. to internal offices, as well as to external partner institutions or public offices/authorities required for our services. 

We transmit your personal data to companies affiliated with the company due to legal obligations.

Further data recipients may be those bodies for which you have given us the corresponding consent.

We transmit data that we need to carry out the business relationship with you. Depending on the contract, these recipients may include correspondent banks, stock exchanges, custodian banks, credit agencies or other companies associated with the company (due to official or legal obligations).

Data from the video surveillance of RSC may be transmitted in individual cases and if required to competent authorities or the court (for securing evidence in criminal cases), security authorities (for security police purposes), courts (for securing evidence in civil cases), employees, witnesses, victims (in the context of enforcing claims), insurance companies (exclusively for processing insurance claims), lawyers and other bodies for the purpose of enforcing the law.

A transfer of data to third countries (outside the European Economic Area - EEA) will only take place if this is necessary for the execution of your orders (e.g. payments and securities transactions) or if so required by law or if you have given us your explicit consent. 

We process your personal data, as far as necessary, for the whole duration of the entire business relationship (beginning with the conclusion of a contract, its execution and ending with its termination) as well as in accordance with the mandatory storage and documentation obligation as required by law, in particular pursuant to the following Austrian legal provisions: the Companies Code (Unternehmensgesetzbuch, UGB) and the Federal Fiscal Code (Bundesabgabenordnung, BAO). 

Moreover,  the data storage is also subject to the statutory limitation periods, eg under the Austrian General Civil Code (Allgemeines Bürgerliches Gesetzbuch, ABGB) and may in certain cases last up to 30 years.

Data from the video-surveillance of RSC at the head office in Austria will be deleted after 90 days if no longer required for the purposes of video surveillance.

You have the right to access, rectification, erasure or restriction of the processing of your stored data, a right to object to processing and a right to data portability in accordance with the requirements of data protection law. 

If you wish to exercise your rights, please contact datenschutz@rbinternational.com or the data protection officer. If, in your view, the response to your rights has not been carried out in accordance with the GDPR, you are welcome to contact us again or file a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria, www.dsb.gv.at.

As part of the business relationship, you must provide us with all personal information that is necessary to enter into and to maintain the business relationship with you, and also those data that we are required by law to collect. If you do not provide us with these data, we will generally decline either to conclude or to complete the contract, or we will be unable to execute an existing contract or we would be forced to terminate such contract. 

However, you are not obliged to give your consent to the processing of data if such data is not necessary for the performance of a contract or is not required by law or regulation.

In general, we do not use fully automated decision-making within the meaning of Article 22 GDPR in order to establish and/or to conduct a business relationship. If we should use such procedures on a case-by-case basis, we will inform you accordingly by separate notice as so provided for by law.

Our online presences in social networks or on platforms serve the communication and information of interested parties or customers. As a rule, user data is processed for market research and advertising purposes, e.g., to create usage profiles. These usage profiles can be used, among other things, to place advertisements that correspond to the user's interests. Cookies are stored on the user's computer for this purpose, with the help of which the user's usage behavior and interests are stored. In addition, user data can also be stored in the usage profiles across devices (this primarily concerns users who are logged in to the relevant platform). It is possible for us to place target group-oriented advertising and to perform an anonymized analysis of the use of our online presence.

The processing of users' personal data is based on your consent (a declaration of consent, e.g., by activating a checkbox or confirming a button). Below you will find details and information on possible data transfers to third countries (countries outside the European Union - EU or the European Economic Area - EEA) based on the provider information on processing and objection options.

• Facebook, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland
  Privacy Policy https://facebook.com/about/privacy/
  Opt-Out www.facebook.com/settings?tab=ads und www.youronlinechoices.com
  Joint data processing agreement: https://de-de.facebook.com/legal/terms/page_controller_addendum
  

• Twitter, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Irland
  Privacy Policy https://twitter.com/de/privacy
  Opt-Out https://twitter.com/personalization
  

• LinkedIn, LinkedIn Ireland Unlimited Company, Gardner House, 2  Wilton Place, Dublin 2, Irland
  Privacy Policy https://de.linkedin.com/legal/privacy-policy
  Opt-Out https://linkedin.com/psettings/guest-controls/retargeting-opt-out
  

• Xing, XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland
  Privacy Policy and Opt-Out privacy.xing.com/de/datenschutzerklaerung
  

On our website, technically necessary cookies and other standard web control elements are used in particular to control and improve our Internet presence (JavaScript and tracking pixels). All data is collected anonymously. This allows us to collect information in order to check for which screen sizes, browsers and operating systems our website should be optimized. JavaScript is a programming language used to evaluate user interactions and to change, reload or generate content.

This website uses the "Raiffeisen Web Analytics" software for anonymous analysis of website usage. Your IP address will be made anonymous for analysis purposes by deleting the last 8 bits immediately when a website is accessed. For this purpose Cookies are used which enable an analysis of the website usage by users. Through the evaluation of this data valuable knowledge about the needs of these users can be gained. This knowledge contributes to further improving the quality of our offer. You can prevent this by setting up your browser in a manner that no Cookies are saved or do not give consent.

Upon others we collect the following data: visited websites, date and time of the visit, length of stay, browser version, screen resolution, operating system, the country and the referrer, this is the previously visited page from which a page was accessed.

For anonymous statistical evaluation and extended security precautions during visits to our website, we use services of the company JENTIS GmbH, Schönbrunner Straße 231, 1120 Vienna ("JENTIS"). For this purpose, data is transmitted to JENTIS, which JENTIS evaluates on our behalf in anonymized form. This means that JENTIS GmbH only processes data that cannot be traced back to an identifiable person. In addition, we use JENTIS to anonymize your personal data before transferring it to a third country, thus protecting your data.You can view the data protection provisions of JENTIS at the following link: https://www.jentis.com/privacy-policy/

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), if you have consented to this. Google Analytics uses cookies that are stored on your computer. The information generated by the cookie about your use of this website (including your anonymized IP address and IDs and the URLs of websites visited) will be transmitted to and stored by Google on servers in Europe. This website uses the IP anonymization option offered by Google Analytics. Your IP address will be shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

By using the company JENTIS GmbH, your personal data is anonymized before a potential transfer to a third country. Google thus only receives information that does not allow any conclusions to be drawn about you.

On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage.

You can prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plugin available at tools.google.com/dlpage/gaoptout.

In connection with Google Analytics, the Google Tag Manager is also used. Google Tag Manager is also a solution from Google that allows companies to manage website tags via an interface. The Google Tag Manager is a domain without cookies that does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. We hereby point this out separately. The Google Tag Manager does not access this data. If a deactivation has been made by the user at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

At https://policies.google.com/terms/de, https://policies.google.com/technologies/partner-sites and https://policies.google.com/privacy/, respectively, you will find more detailed information on Google's terms of use and Google's privacy policy.

Every time a user accesses our website and every time a file is retrieved or attempted to be retrieved from the server, data about this process is stored in a log file on the server. It is not directly traceable for us which user has retrieved which data. We also do not attempt to collect this information. This would only be possible in legally regulated cases and with the help of third parties (e.g. Internet service providers). In detail, the following data record is stored on the server about each retrieval: The IP address, the name of the retrieved file, the date and time of the retrieval, the amount of data transferred, the message whether the retrieval was successful, as well as the message why a retrieval may have failed, the name of your Internet service provider, if applicable, the operating system, the browser software of your computer and the website from which you visit us.

The legal basis for any processing of this personal data is our legitimate interest (Art. 6 para. 1 lit. f DSGVO). This is to be able to detect, prevent and investigate attacks on our website.

In addition, we process your personal data in special cases due to the legitimate interests of us or legal third parties in legal prosecution (Art. 6 para. 1 lit. f DSGVO) or by order of legally authorized authorities or courts (Art. 6 para. 1 lit. c DSGVO).

We generally store data for a period of three months to ensure the security of our website. Longer storage only takes place insofar as this is necessary to investigate detected attacks on our website or to pursue legal claims.

Cookies can be blocked, disabled or deleted. There are a variety of tools available to you to do this (including browser controls and settings). Information on this can be found in the help section of the web browser you are using. If you deactivate all cookies used by us, the display of the website may be restricted, for example.