Log in
Open a term deposit account

Privacy policy

Table of contents

Status: 17/08/2023

We hereby inform you about the processing of your personal data in accordance with Art. 13 and 14 GDPR, Section 21 (5) FM-GwG and the data protection claims and rights to which you are entitled. The content and scope of data processing depend largely on which products and services you apply for or agree with us.

1. who is responsible for data processing?

Vak?fBank International AG

Prinz-Eugen-Straße 8-10/8th floor/17

1040 Vienna

Phone: +43 1 512 35 20

Fax: +43 1 512 35 20 ? 199

E-mail: info@vakifbank.at

VakifBank International AG has designated a Data Protection Officer (“DPO”) who is available to answer questions about the processing of your personal data. The DPO can be contacted via e-mail at datenschutz@vakifbank.at.

2. What data do we processed and where do these data come from?

Data processing in the context of account opening and account management

  • ? First name, surname and title
    ? Address and second address
    ? Date and place of birth
    ? Citizenship
    ? e-mail address
    ? Telephone number
    ? Currency status
    ? Profession
    ? Identification data (e.g. ID card data) ? Authentication data (specimen signature)
    ? Creditworthiness data
    ? Documentation data (e.g. counselling protocols)
    ? Register data
    ? Image data and sound data (e.g. video recordings and sound recordings)
    ? Information from communication (e.g. e-mails)
    ? Account data (IBAN, BIC, account number, type of account, account balance or account status, turnover or order data)
    ? Customer number
Data processing in the context of self-disclosure regarding tax residency (CRS, FACTA)
  • ? First name, surname and title
  • ? Address
  • ? Date, place and country of birth
  • ? Indicate whether the person is a U.S. person
  • ? Details of tax residency (country, tax identification number and justification for lack thereof)
Data processing as part of the Know Your Customer questionnaire
  • ? First name, surname and title
  • ? Address
  • ? Date and place of birth
  • ? Citizenship
  • ? e-mail address
  • ? Telephone number
  • ? Currency status
  • ? Employer (company, address)
  • ? Profession
  • ? Information on the background of the business relationship or domestic reference
  • ? Information on the origin of current/future assets
  • ? Details and documents as proof of income/assets
  • ? Information on the intended use of the assets
  • ? Indication whether the account holder is a politically exposed person (PEP) and description of the exposure
Data processing in the context of opening and maintaining a savings account
  • ? First name, surname and title
  • ? Address
  • ? Date and place of birth
  • ? Citizenship
  • ? e-mail address
  • ? Telephone number
  • ? Currency status
  • ? Profession
  • ? Identification data (e.g. ID card data)
  • ? Authentication data (specimen signature)
  • ? Account data (passbook name, account number, account type, term, interest rate, control number, password, account balance or account status, turnover or order data)
  • ? Specimen signature (only for legitimised passbook)
  • ? Customer number

Data processing in the context of opening and maintaining a term deposit account

  • ? Title, first name and surname of the account holder or account holders in the case of a joint account
  • ? Address
  • ? Information on possible US citizenship or tax liability / tax residency
  • ? Date and place of birth
  • ? Citizenship
  • ? Employment
  • ? Marital status
  • ? Telephone number
  • ? e-mail address
  • ? Identification data (e.g. ID card data)
  • ? Sound and image data in the context of online identity verification
  • ? Account data (account number, type of account, account balance or account status, reference account, transactions or transfer transactions including related information)
  • ? Type and origin of the funds

Data processing as part of the video identification procedure before opening a term deposit account

To make it easier for you to open a transfer account, we offer a video identification procedure for the required identification. The video identification procedure is carried out on our behalf and exclusively for our purposes by CRIF GmbH or WebID Solutions GmbH, which are obliged to comply with all applicable data protection regulations. We provide your personal data (first and last name, date of birth, address, e-mail address, telephone number and the language you wish to use). As part of the video identification process, WebID employees take photos of you and your identification document (passport, ID card, driving licence) using your camera. These are then sent to us for identification and account opening.

Name and title of the borrower and guarantor

  • ? First name, surname and title of the borrower and guarantors
  • ? Account number
  • ? Customer number
  • ? Credit data (guarantee limit, term, processing fee, liability commission, expense reimbursement, debit interest, default interest)
  • ? Pledge agreement for savings deposits: pledgee, passbook number, account number, account holder, password, legitimised person
  • ? Pledge contract life insurance: pledgee, life insurance policy, policyholder
  • ? Mortgage: Debtor

We process personal data that you have disclosed to us, as well as data that we have received from credit agencies, debtor directories and publicly accessible sources (e.g. company register, land register and register of associations). We also process personal data that we have legitimately received from third parties (e.g. KSV 1870) (e.g. for the execution of orders, fulfilment of contracts or on the basis of your consent) insofar as this is necessary for the provision of our services.

3. For which purposes and on what legal basis are my data processed?

This data processing serves to fulfil the contract in the context of the business relationship for the provision of banking transactions and financial services with you as a customer (Art. 6 para. 1 lit. b GDPR) and to comply with the bank's legal obligations (Art. 6 para. 1 lit. c GDPR), such as reporting certain suspicious cases to the Money Laundering Office (§ 16 FM-GwG) and providing information to federal tax authorities (§ 8 Account Register and Account Inspection Act).

If necessary, data may be processed by us or third parties beyond the actual fulfilment of the contract in order to safeguard legitimate interests (Art. 6 para. 1 lit. f GDPR). Examples of data processing for legitimate interests are
  • ? Consultation of and data exchange with credit agencies (e.g. Austrian Credit Protection Association) to determine creditworthiness and default risks
  • ? Assertion of legal claims and defence in legal disputes
  • ? Risk management and assessment in the group
  • ? Video surveillance to collect evidence in the event of robberies and fraud offences or to provide evidence of transactions and deposits, e.g. at ATMs
  • ? Measures to protect employees, customers and the Bank's property
  • ? Measures to prevent and combat fraud (Fraud Transaction Monitoring)

If you have given us your consent (Art. 6 para. 1 lit. a GDPR) to process your data (e.g. for marketing activities or the setting of technically unnecessary cookies on our website), processing will only take place in accordance with and within the scope of the purposes specified in the declaration of consent. Any consent given can be revoked at any time free of charge with effect for the future.

4. customer information pursuant to Section 21 (5) FM-GwG

Credit institutions shall delete all personal data processed or stored exclusively on the basis of the FM-GwG for the purpose of preventing money laundering and terrorist financing after a retention period of 10 years from the termination of the business relationship, unless other federal laws require or entitle to a longer retention period, or the Financial Market Authority (FMA) has set longer retention periods by decree.

Personal data used by the bank solely based on the Austrian Financial Markets Anti-Money Laundering Act for the purposes of prevention of money laundering and terrorism financing are not further processed in a way that is incompatible with those purposes. Therefore, such personal data are not processed for any other purposes (e.g., commercial purposes).

5. is there automated decision-making including profiling?

We do not use automated decision-making pursuant to Art. 22 GDPR to reach a decision on the establishment and implementation of the business relationship.

A credit check (credit scoring) is carried out when a loan is granted. This involves using statistical comparison groups to assess the default risk of loan applicants. The calculated score value is intended to enable a forecast of the probability that an applied-for loan will be repaid. Your master data (e.g. marital status, number of children, length of employment, employer, etc.), information on your general financial circumstances (e.g. income, assets, monthly expenditure, amount of liabilities, collateral, etc.) and payment behaviour (e.g. proper loan repayments, reminders, data from credit agencies) are used to calculate this score. If the risk of default is too high, the loan application is rejected and, if necessary, an entry is made in the small loan register kept by KSV 1870 and an internal warning is issued. If a loan application is rejected, this is shown in the small loan register kept by KSV 1870 for 6 months in accordance with the decision of the data protection authority.

6 Who receives your data?

Within VakifBank International AG, only those departments and employees receive your data that need it to fulfil contractual, legal and regulatory obligations as well as legitimate interests. In addition, processors commissioned by us (in particular IT service providers) will receive your data if they require the data to fulfil their respective services. Our processors are contractually obliged to treat your data confidentially and to process it only within the scope of providing the service. If there is a legal or regulatory obligation, public bodies and institutions (e.g. Austrian Financial Market Authority, tax authorities) and bank auditors may be recipients of your personal data.

When you open an online term deposit account, your personal data is passed on to CRIF GmbH, which carries out an identity check as a processor for VakifBank International AG and forwards the result, including all the data you have provided, to us. Data will only be transferred to countries outside the EU or the EEA if

  • ? this is necessary for the execution of your orders (e.g. payment orders),
  • ? it is required by law (e.g. reporting obligations under tax law),
  • ? you have given us your consent to do so or
  • ? an order data processing exists.

If such data is transferred to recipients in third countries and there is no adequacy decision by the EU Commission for the respective third country in accordance with Art. 45 GDPR, the transfer is subject to suitable guarantees in accordance with Art. 46 GDPR, such as standard contractual clauses (SCC) of the European Commission.

7. For how long will my data be stored?

We process your personal data, if necessary, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) as well as in accordance with the statutory retention and documentation obligations (including in accordance with the Austrian Commercial Code (UGB), the Federal Fiscal Code (BAO), the Financial Markets Anti-Money Laundering Act (FM-GwG), the Banking Act (BWG)). The retention and documentation periods specified there are up to 10 years. In addition, the statutory limitation periods, which can be up to 30 years in certain cases (the general limitation period is 3 years) in accordance with the Austrian Civil Code (ABGB), for example, must be taken into account when determining the storage period.

8. What data protection rights do I have?

The GDPR gives you the following rights as a data subject of personal data processing:

In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, about a transfer to third countries or to international organisations and about the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.

In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect or the completion of your personal data stored by us.

In accordance with Art. 21 GDPR, you can at any time right to object object to the processing of your personal data on grounds of public interest or our legitimate interests if you believe that it is unlawful.

In accordance with Art. 17 GDPR, you can request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.

In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, we no longer need the data and you refuse to delete it because you need it for the assertion, exercise or defence of legal claims. You also have the right under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.

In accordance with Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or you can request that it be transferred to another controller.

In accordance with Art. 7 para. 3 GDPR, you can revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future.

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority (Austria: Data Protection Authority, Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at). As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters for this purpose

9. Am I obliged to provide data?

As part of the business relationship, you must provide all personal data that is required for the establishment and execution of the business relationship and for the collection of which there is a legal obligation. If you do not provide us with this data, we will generally have to refuse to conclude the contract or execute the order or will no longer be able to fulfil an existing contract and will therefore have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or is not required by law and/or regulation.

10. changes to the privacy policy

Please note that changes in the legal situation, technical developments as well as changes to our range of services and organisational changes may make it necessary to adapt or update the data protection declaration.

We expressly reserve the right to amend this privacy policy, in particular due to changes in the legal situation or changes to banking processes and products.

The current version of the privacy policy will be published on this website, stating the date of amendment.

How can we help you?

info@vakifbank.at

Write to us!

+43 1 512 15 57

Give us a call. You can find our opening hours here.

Vak?fBank @socialmedia

Linkedin Facebook

Email: info@vakifbank.at

Support: +43 1 512 15 57

Vak?fBank @socialmedia

Visit us at:

Linkedin Facebook

Vak?fBank

Private customers

Corporate clients

Other

Legal

Log in
Open a term deposit account