Privacy policy

The present privacy policy explains the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") in the context of our online offering and the websites, functions and contents associated with it (hereinafter referred to collectively as "online offering"). Regarding the terms used, such as "processing" or "controller", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

 

Controller

BdB-Akademie GmbH
Weißfrauenstraße 12 - 16 
60311 Frankfurt a. M.

Phone: +49 69 962203 - 0
Fax: +49 69 962203 - 21
Email: info@bankenakademie.de
Internet: www.bankenakademie.de

Management:
Dr. Stefanie Franzke

Link to site-notice: www.bankenakadmie.en/datenschutzerklaerung

 

Types of data processed

  • Inventory data (e.g. names, addresses)
  • Contact data (e.g. email, telephone numbers)
  • Content data (e.g. text input)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses)

 

Purpose of processing

  • Provision of the online offering, its functions and content.
  • Answering contact inquiries and communicating with users.
  • Security measures
  • Marketing
  • Event management
    • Organising, holding and handling events.
    • Networking participants in events by, for example, naming the participants (e.g. name tags), displaying lists of the participants and inserting them in conference documents. We wish to point out that the name, company name and location of all participants are included in the lists of participants.
    • To plan future events and, if necessary, to invite you by email or post
    • In the case of registration by/via third parties (e.g. personnel department), we assume that consent has been obtained beforehand from the client (participant).
    • As proof that we are processing your data, we may in particular send you information by email.

 

Terms used

"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable  natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. The term is broad and covers practically any handling of data.

"Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

 

Applicable legal bases

In accordance with Article 13 of the GDPR, we inform you about the legal basis for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Article 6 (1) (a) and Article 7 of the GDPR, the legal basis for processing in order to perform our services and carry out contractual measures as well as answer inquiries is Article 6 (1) (b) of the GDPR, the legal basis for processing in order to fulfil our legal obligations is Article 6 (1) (c) of the GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 (1) (f) of the GDPR. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Article 6 (1) (d) of the GDPR serves as the legal basis.

 

Safety precautions

Please check the content of our private policy at regular intervals. We will adapt the private policy as soon as changes to the data processing we carry out make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

 

Cooperation with processors and third parties

If we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit them to these or otherwise grant these access to the data, we shall only do so on the basis of legal permission (e.g. if transmission of data to third parties, such as payment service providers, in accordance with Article 6 (1) (b) of the GDPR is necessary for the performance of the contract), if you have consented thereto, if this is required by law, or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we entrust third parties with the processing of data based on a so-called "order processing contract", we shall do so on the basis of Article 28 of the GDPR.

 

Transmission of data to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or in the context of use of third-party services or disclosure or transmission of data to third parties, we will only do so if this is to fulfil our (pre)contractual obligations, on the basis of your consent or a legal obligation or our legitimate interests. Subject to legal or contractual permission, we will process or allow data to be processed in a third country only if the special conditions laid down in Article 44 ff. of the GDPR are met. This means that processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level equivalent to that in the EU (e.g. for the US, by way of the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contract clauses").

 

Rights of data subjects

You have the right in accordance with Article 15 of the GDPR to request confirmation as to whether or not data relating to you is being processed and to be informed about such data and to receive further information and a copy of the data.

You have the right in accordance with Article 16 of the GDPR to request the completion of data relating to you or the rectification of incorrect data relating to you.

You have the right in accordance with Article 17 of the GDPR to demand that data relating to you be erased without undue delay or, alternatively, to request that processing of the data be restricted in accordance with Article 18 of the GDPR.

You have the right in accordance with Article 20 of the GDPR to receive the personal data you have provided to us and to demand that such data be transmitted to other controllers.

You also have the right in accordance with Article 77 of the GDPR to lodge a complaint with the competent supervisory authority.

 

Right of withdrawal

You have the right in accordance with Article 7 (3) of the GDPR to withdraw consent given with future effect.

 

Right of objection

You have the right in accordance with Article 21 of the GDPR to object at any time to the processing of data relating to you in the future. In particular, you may object to the processing of your data for direct marketing purposes.

 

Cookies and right to object to direct marketing

“Cookies" are small files that are stored on users’ computers. Different data can be stored in cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after the user's visit to a website. Temporary cookies, also known as "session cookies" or "transient cookies", are cookies that are deleted after a user exits a website and closes their browser. The content of a shopping cart in an online shop or a login status, for example, can be stored in such a cookie. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent" cookies. For example, the login status can be saved for users revisiting a website several days later. The interests of users utilised for measuring reach or for marketing purposes may also be stored in such a cookie. “Third-party cookies" are cookies that are offered by providers other than the party operating the website (otherwise, if they are only the latter's cookies, they are referred to as "first-party cookies").

We may use temporary and permanent cookies and draw attention to this in our privacy policy.

If users do not wish cookies to be stored on their computer, they should deactivate the corresponding option in their browser settings. Stored cookies can be deleted in the browser settings. Blocking cookies may lead to reduced website functionality for users, however.

Users may object in general to the use of cookies for online marketing purposes for a large number of services, especially tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, cookies can be stored by disabling them in the browser settings. Please note that in this case  you may not be able to use some website functions.

 

Erasure of data

The data we process will be erased or their processing restricted in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated in this privacy policy, the data we store will be erased as soon as they are no longer needed for their intended purpose and their erasure does not conflict with any legal retention requirements. If the data are not erased because they are needed for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for any other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

In line with legal requirements in Germany, data are stored for 10 years in accordance with Section 147 (1) of the Fiscal Code (AO), Section 257 (1), points 1 and 4 and (4) of the German Commercial Code (HGB) (books, records, management reports, accounting records, commercial books, documents relevant for taxation, etc.) and for 6 years in accordance with Section 257 (1), points  2 and 3, and (4) of the German Commercial Code (commercial letters).

 

Business-related processing

Additionally, we process

  • contract data (e.g. subject of the contract, duration, customer category).
  • payment data (e.g. bank account details, payment history)

from our customers, interested parties and business partners for the purpose of providing contractual services and customer service and cultivating customer relationships.

 

Hosting

The hosting services we use are designed to provide the following: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating this website.

We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this website on the basis of our legitimate interests in the efficient and secure provision of this website in accordance with Article 6 (1) (f) of the GDPR, in conjunction with Article 28 of the GDPR (conclusion of an order processing contract).

 

Collection of access data and log files

We, or our hosting provider, collect on the basis of our legitimate interests within the meaning of Article 6 (1) (f) of the GDPR data on each access to the server on which this service is located (so-called server log files). The access data include the name of the website accessed, file, date and time of access, amount of data transmitted, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.

Log file information is stored for security reasons (e.g. to clarify any incidents of misuse or fraud) for a maximum period of 30 days and then erased. Data whose further retention is necessary for evidential purposes are excluded from erasure until the respective incident has been fully clarified.

 

Provision of our statutory and business services

We process the data of members of the Association of German Banks, sponsors, interested parties, customers or other persons in accordance with Article 6 (1) (b) of the GDPR if we offer these contractual services or act within the framework of an existing business relationship, e.g. with cooperation partners, or are ourselves the recipient of services and benefits. Otherwise we process data subjects’ data in accordance with Article 6 (1) (f) of the GDPR on the basis of our legitimate interests, e.g. where administrative tasks or public relations work are involved.

The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. This basically includes inventory and master data of the persons concerned (e.g. name, address, etc.), as well as contact data (e.g. email address, telephone number, etc.), contract data (e.g. services used, content and information communicated, names of contacts) and, if we offer services or products requiring payment, payment data (e.g. bank account details, payment history, etc.).

We erase data that are no longer needed for achieving our statutory and business purposes. This is determined in each case according to the respective tasks and contractual relationships. Where business processing is concerned, we retain data for as long as they may be relevant with respect to the business transaction and any warranty or liability obligations. The necessity of retaining data is reviewed every three years; otherwise, the legal retention requirements apply.

 

Processing of online shop orders and customer account

We process customer data in the course of our online shop ordering processes to enable our customers to select and order products and services and to allow payment and delivery or execution of such orders.

The processed data include inventory data, communication data, contract data, payment data and the persons affected by processing include our customers, interested parties and other business partners. Processing is carried out for the purpose of providing contractual services in the context of operation of an online shop, billing, delivery and customer service. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.

Processing is based on Article 6 (1) (b) (execution of ordering processes) and (c) (legally required archiving) of the GDPR. The information identified as necessary is required to establish and perform the contract. We disclose data to third parties only in connection with delivery and payment or to legal advisors and authorities within the limits of permissions and obligations provided for by law. Data will only be processed in third countries if this is necessary for the performance of the contract (e.g. at the customer's request, upon delivery or payment).

Users must establish an account to be able to use the online shop functions. During the registration process, the required mandatory information will be provided to them. User accounts are not public and cannot be indexed by search engines. Where users have terminated their account, data relating to the account will be erased unless they have to be retained for commercial or tax reasons in accordance with Article 6 (1) (c) of the GDPR. Customer account data will be retained until termination of the account and any subsequent, legally required archiving. It is up to users to secure their data before the end of the contract in the event of termination.

In the course of registration and renewed registration as well as use of our online services, we store the IP address and the time of each user action. Storage is based on our, and users’, legitimate interests in protection against misuse and any other unauthorised use. We will not transmit such data to third parties unless this is necessary to enforce our claims or we are legally required to do so in accordance with Article 6 (1) (c) of the GDPR.

Data will be erased after expiry of legal warranty and comparable requirements, with the necessity of retaining data being reviewed every three years; where legal archiving requirements apply, erasure takes place after their expiry (6 years under commercial law and 10 years under tax law).

 

Administration, financial accounting, office organisation, contact management

We process data in the context of administrative tasks as well as the organisation of our business, financial accounting and compliance with legal requirements, such as archiving. We process the same data that we process in connection with the provision of our contractual services. The basis for processing is Article 6 (1) (c) and Article 6 (1) (f) of the GDPR. Customers, interested parties, business partners and website visitors are affected by processing. The purpose of, and our interest in, processing lie in administration, financial accounting, office organisation, archiving of data, i.e. tasks which serve maintenance of our business activities, performance of our tasks and provision of our services. Erasure of data relating to contractual services and contractual communication covers the same data as specified in these processing activities.

We disclose or transmit data to tax authorities, consultants, such as tax consultants, or auditors, as well as billing centres and payment service providers.

We also store information on suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of establishing contact at a later date. Such data, which are mainly company-related, are stored permanently.

 

Registration function

Users may optionally establish a user account. During the registration process, the required mandatory information will be provided to them. The data entered during registration will be used for website usage purposes. Users may be informed by email about information relevant to the online offering or registration, such as changes in the scope of the offering or technical circumstances. Where users have terminated their account, data relating to the account will be erased unless they have to be retained for commercial or tax reasons in accordance with Article 6 (1) (c) of the GDPR. It is up to users to secure their data before the end of the contract in the event of termination. We are entitled to irretrievably erase all user data stored during the term of the contract.

When our registration and login functions as well as the user account are used, we store the IP address and the time of each user action. Storage is based on our, and users’, legitimate interests in protection against misuse and any other unauthorised use. We will not transmit such data to third parties unless this is necessary to enforce our claims or we are legally required to do so in accordance with Article 6 (1) (c) of the GDPR.

IP addresses will be anonymised or erased after 7 days at the latest.

 

Contact us

When users contact us (e.g. using a contact form, by email, telephone or via social media), their details will be processed for the purpose of  dealing with the contact enquiry in accordance with Article 6 (1) (b) of the GDPR. User data may be stored in a customer relationship management system ("CRM system") or a comparable enquiry organisation.

We delete enquiries if they are no longer necessary. We check whether they are still necessary every two years; the legal archiving requirements also apply.

 

Google ReCaptcha

We integrate the function for recognition of bots, e.g. for entries in online forms ("ReCaptcha"), provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy policy: https://www.google.com/policies/privacy/,
Opt-out: https://adssettings.google.com/authenticated.

 

Google Maps

We integrate maps from the "Google Maps" service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Processed data may, in particular, include IP addresses and location data of users; these are not collected without users’ consent, however (usually given in their mobile device settings). The data may be processed in the US.

Privacy policy: https://www.google.com/policies/privacy/,
Opt-out: https://adssettings.google.com/authenticated.