Data Protection Declaration of Berlin Hyp
Please note Berlin Hyp’s Data Protection Declaration, our information on visiting and using our website, and our current information on data protection and the encryption methods we offer.
1. Data Protection Principles
The content of this website is managed by:
Berlin Hyp
A dependent institution of Landesbank Baden-Württemberg
Budapester Strasse 1
10787 Berlin
Germany
Postal address:
Postfach 100120
70001 Stuttgart
Germany
Telephone: +49 30 2599 90
E-mail: info@berlinhyp.de
Further details can be found in the Legal Notice.
Data Protection Officer of
Landesbank Baden-Württemberg
Am Hauptbahnhof 2
70173 Stuttgart
Germany
Telephone +49 711 127 0
Fax: +49 711 127 6673495
E-mail: datenschutz@lbbw.de
As the controller responsible for the processing of your personal data, LBBW / Berlin Hyp attaches great importance to the protection of your personal data and your privacy, which is why we take the protection of your personal data very seriously.
Personal data is all (personal and factual) information relating to a known or identifiable natural person (=the data subject). Such data includes, for example, your name, your address, your e-mail address and your telephone number.
We only process your personal data if we have a legal basis for the processing of personal data within the meaning of Article 6 of the General Data Protection Regulation (GDPR). The additional data protection statements made below provide more information on how your personal data is processed within the framework of individual processing activities.
a. You have the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR and the right to data portability in accordance with Article 20 GDPR. The restrictions under Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right to receive information (access) and the right to (request) erasure. In addition, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR in conjunction with Section 19 BDSG. The data protection supervisory authority responsible for LBBW is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (State Commissioner for Data Protection and Freedom of Information Baden-Württemberg).
b. If you have consented to us processing your personal data, you have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of the processing of your personal data up to the time you withdraw your consent. Withdrawal of consent also does not affect further processing of these data on another legal basis, for example in order to fulfil a legal obligation (see “Legal basis for processing”.
c. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you that is based on Article 6 (1)(e) GDPR (data processing in the public interest) or Article 6 (1)(f) GDPR (data processing based on a balancing of interests). If you file an objection, we will only continue to process your personal data to the extent that we can demonstrate that there are compelling legitimate reasons for processing that override your interests, rights and freedoms, or that processing is necessary for the assertion, exercise or defence of legal claims.
Do you have any questions about the processing of your personal data or about data protection in general? Do you have any suggestions or concerns? If so, please feel free to contact our Data Protection Officer. You should also contact our Data Protection Officer if you wish to assert your rights to access, erasure or data portability.
Contact details can be found in point 2 above (Data Protection Officer).
2. Data Protection Declaration for the Berlin Hyp Website
Thank you for visiting our website and for your interest in our company. As the controller responsible for the processing of your personal data, LBBW / Berlin Hyp attaches great importance to the protection of your personal data and your privacy, which is why we take the protection of your personal data very seriously.
Due to the rapid pace of technological development, we will have to make certain adjustments to our Data Protection Declaration for the Berlin Hyp Website from time to time. You will always find the current version of the Data Protection Declaration on this page. All changes to the Data Protection Declaration apply to the future only. We will not change any provisions retroactively, unless this is required by law.
The content of www.berlinhyp.de/en/ is managed by:
Berlin HypA dependent institution of Landesbank Baden-Württemberg
Budapester Strasse 1
10787 Berlin
Germany
Postal address:
Postfach 100120
70001 Stuttgart
Germany
Telephone: +49 30 2599 90
E-Mail: info@berlinhyp.de
Further details can be found in the Legal Notice.
a. We process the personal data of our users to the extent that is necessary in order to provide a functional, stable and secure website. In particular, we automatically collect and store information in so-called server log files that your browser automatically transmits to us. In this context the following data, which is required for technical purposes, will be processed during the informational use of this website:
• IP address of the device you are using
• Date and time of access / server request
• Screen resolution
• The browser type, browser version and operating system you are using
• Host name of the accessing computer / referrer URL
The storage is only temporary; the server log files are deleted after 14 days.
The aforementioned data are processed for the purposes of legitimate interests (functionality, stability and security of our website) on the basis of a balancing of interests in accordance with Article 6 (1)(f) GDPR and Section 25 (2) of the Telecommunications Digital Services Data Protection Act (TDDDG).
b. We only store other personal data if you provide us with this data, e.g. as part of a registration process, when filling in a contact form or participating in a survey or a prize competition, or if such processing is necessary for the performance of a contract. In these cases as well, we only store your personal data insofar as we are permitted to do so on the basis of your consent or in accordance with applicable legal provisions (further information on this can be found below in “Legal basis for processing”).
c. You are neither legally nor contractually obligated to provide us with your personal data. However, it is possible that certain functions on our website are dependent upon the provision of personal data. If you do not provide your personal data in these cases, it may result in certain functions not being available, or only being available to a limited extent.
a. We use the personal data collected when you visit our website in order to make your use of the website as convenient as possible and also to protect our IT systems against cyber attacks and other illegal activities.
b. If you provide us with additional personal data, e.g. as part of a registration process, when filling in a contact form or participating in a survey or a prize competition, or if such processing is necessary for the performance of a contract, we use these data for the stated purposes, for customer management purposes and – if necessary – for the purpose of processing and invoicing business transactions, in each case to the extent necessary for this.
When linking to social networks (LinkedIn & Instagram), we use so-called social plugins that make it easier to share or access content on social networks. We use technical solutions which ensure that no contact with the servers of social network operators is established unless the social plugin is activated. Only when you activate the deactivated social plugin do you give your consent to the transmission of data to the social network. When the social plugin is activated, data is transferred to third parties.
Conversely, without activation, no data is transferred to the operators of social networks.
Information on the data protection provisions of the social networks can be found as follows:
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Instagram: https://help.instagram.com/519522125107875
We want to constantly improve the content of our website for you, and tailor it to your interests. In order to identify usage processes, we use Matomo, which is an open source software for the statistical analysis of visitor access. IP addresses are anonymised immediately after processing and before they are stored. The information that is generated about your use of this website is stored on our web servers in Germany.
In order to improve the analysis, Matomo also uses text files (cookies) that are stored on your device. Your consent is obtained before these cookies are applied. You can withdraw your consent at any time using the “Cookie Consent” setting at the bottom of any page. You can also prevent the installation of cookies by selecting the appropriate browser settings.
If you use the “Do not track” (DNT) setting in your browser software, this will be noted and no data will be collected by Matomo.
Alternatively, you can also deactivate data collection by Matomo directly on this page. To do this, click on the following note in order to store the Matomo deactivation cookie in your browser. The deactivation cookie ensures that no data will be collected by Matomo.
Please note that the deactivation cookie for this website will be deleted as well if you remove the cookies stored in your browser. You will also need to deactivate once again if you use a different device or browser.
We always ensure a high level of security when we collect or process your data. LBBW / Berlin Hyp use effective technical and organisational measures to make sure your data remains secure. In this manner, we protect your data against manipulation, loss, destruction or access by unauthorised parties or individuals. We are constantly improving our measures to ensure your security, and we also continuously adjust these measures in line with the latest technological developments.
a. If you subscribe to a newsletter offered on our website, the data you enter to sign up for the newsletter will only be used to send the newsletter, unless you consent to some other type of further use. You can cancel your subscription at any time using the unsubscribe option provided in the newsletter.
b. If you send us an e-mail or a message via a contact form, we will store and use your data. Such data includes, for example, your name, your date of birth, your address, your e-mail address and your telephone number. However, we will only use your data for our services and to communicate with you. The contact forms used on our website transmit your data to us securely.
Please note: If you send us personal data in an e-mail, it is possible that your e-mail is not transport-encrypted, which means that, theoretically, unauthorised parties or individuals could read or falsify your data. For further information, please contact your e-mail provider.
If you accept the optional service via the Data protection settings, this website will use the “Google Maps API” map service from Google Inc. for the branch finder in order to display locations on an interactive map. As a result, information about your use of the Berlin Hyp website, including your IP address, may be transmitted to and stored by Google on servers in the United States. If you use the advanced features of Google Maps, for example by clicking on the map displayed, your browser will establish a direct connection with Google’s servers. The map content is transmitted by Google directly to your browser, which then incorporates it into the website. We therefore have no influence on the extent of the data collected in this manner by Google.
As part of its own data protection declaration, Google undertakes not to disclose any information to third parties, but it also makes exceptions to this commitment. The data collected in this way may therefore be transferred to third parties if this is required by law in the USA, or if third parties process the data on behalf of Google. The Privacy Policy of Google Inc. can be found here: http://www.google.com/policies/privacy/.
You have the option to deactivate the map service and prevent data transmission to Google. To do this, deactivate JavaScript in your browser or withdraw your consent to the optional service via the Data protection settings. After you do this, you will no longer be able to use the location finder.
a. If you have given us your consent to process your personal data, this constitutes a legal basis for processing (Article 6 (1)(a) GDPR).
b. The legal basis for the processing of personal data for the purpose of initiating or fulfilling a contract with you is Article 6 (1)(b) GDPR.
c. If the processing of your personal data is necessary to fulfil one or more of our legal obligations (e.g. to store data), we are authorised to perform such processing in accordance with Article 6 (1)(c) GDPR.
d. We also process personal data for the purpose of safeguarding our legitimate interests and the legitimate interests of third parties in accordance with Article 6 (1)(f) GDPR. Such legitimate interests include maintaining the functionality of our IT systems, the marketing of our own and third-party products and services and the legally required documentation of business contacts. As part of the necessary balancing of interests, we particularly take into account the type of personal data involved in each case, the purpose and circumstances of processing and your interest in the confidentiality of your personal data.
We process the personal data of our users to the extent that is necessary in order to provide a functional, stable and secure website. In particular, we automatically collect and store information in so-called server log files that your browser automatically transmits to us. In this context the following data, which is required for technical purposes, will be processed during the informational use of this website:
• IP address of the device you are using
• Date and time of access / server request
• Screen resolution
• The browser type, browser version and operating system you are using
• Host name of the accessing computer / referrer URL
The storage is only temporary; the server log files are deleted after 14 days.
The aforementioned data are processed for the purposes of legitimate interests (functionality, stability and security of our website) on the basis of a balancing of interests in accordance with Article 6 (1)(f) GDPR and Section 25 (2) TDDDG.
The collection of data needed to make the website available, and the storage of data in the log files, are absolutely necessary for the operation of our website.
a. Rights of data subjects pursuant to Articles 15 – 20 GDPR
You have the right of access in accordance with Article 15 GDPR, the right to rectification in accordance with Article 16 GDPR, the right to erasure in accordance with Article 17 GDPR, the right to restriction of processing in accordance with Article 18 GDPR and the right to data portability in accordance with Article 20 GDPR. The restrictions under Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right to receive information (access) and the right to (request) erasure. In addition, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR in conjunction with Section 19 BDSG. The data protection supervisory authority responsible for LBBW is the Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (State Commissioner for Data Protection and Freedom of Information Baden-Württemberg).
b. Right to withdraw consent pursuant to Article 7 (3) GDPR
If you have consented to us processing your personal data, you have the right to withdraw your consent at any time. Withdrawing your consent does not affect the lawfulness of the processing of your personal data up to the time you withdraw your consent. Withdrawal of consent also does not affect further processing of these data on another legal basis, for example in order to fulfil a legal obligation (see “Legal basis for processing”.
c. Right to object pursuant to Article 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you that is based on Article 6 (1)(e) GDPR (data processing in the public interest) or Article 6 (1)(f) GDPR (data processing based on a balancing of interests). If you file an objection, we will only continue to process your personal data to the extent that we can demonstrate that there are compelling legitimate reasons for processing that override your interests, rights and freedoms, or that processing is necessary for the assertion, exercise or defence of legal claims.
a. If you activate social plugins (point 4) or use Google Maps (point 8) in our system, personal data can be sent to recipients in countries outside the European Union (EU), Iceland, Liechtenstein and Norway (= European Economic Area) and processed there. This particularly applies to transmission to and processing in the USA and India.
b. In the view of the EU, the following countries have an appropriate level of protection for the processing of personal data in line with EU standards (adequacy decision): Andorra, Argentina, Canada (limited), Faeroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, Uruguay. We agree with recipients in other countries on the application of EU standard contractual clauses or binding corporate regulations in order to establish an appropriate level of protection in accordance with legal requirements.
3. Data Protection on Social Media Channels
Berlin Hyp
A dependent institution of Landesbank Baden-Württemberg
Budapester Strasse 1
10787 Berlin
Germany
Postal address:
Postfach 100120
70001 Stuttgart
Germany
Telephone: +49 30 2599 90
E-mail: info@berlinhyp.de
Further details can be found in the Legal Notice.
Meta Platforms Ireland Ltd, 4 Grand Square, Grand Canal Harbour, Dublin 2, Ireland (“Instagram”) is generally responsible for the collection and further processing of personal user data on Instagram websites. Please note that Instagram also collects and processes certain information about your visit to our Instagram page even if you do not have an Instagram account or are not logged in to Instagram. For information on the processing of personal data by Instagram, please view Instagram’s Privacy Policy at https://help.instagram.com/519522125107875.
As the operator of the Instagram page, we can only view your public profile on Instagram. The information that can be viewed here depends on your profile settings. We also process your personal data (such as your name and the content of your messages, enquiries or other posts to us) if you contact us via our Instagram page. We then process these data for the purpose of addressing your posts and, if necessary, replying to them.
Instagram also provides us with so-called Page Insights data. These data are anonymous statistics that we use to evaluate the quality of our Instagram page and our content. These statistics are compiled on the basis of usage data that Instagram collects about your interaction with our Instagram page. We cannot access these usage data.
Processing here is based on our legitimate interests in accordance with Article 6 (1)(f) GDPR, in particular in order to be able to contact you regarding your questions or posts, and to identify usage preferences (e.g. number of followers, number of views of individual page areas, user statistics by age, geography and language) in order to adapt and improve our Instagram page as far as possible in line with the preferences of our target groups.
We store your personal data on our systems, i.e. outside Instagram, for as long as such storage is necessary for the purposes for which the data were collected, or for as long as statutory retention periods apply.
You are neither legally nor contractually obligated to provide us with your personal data. However, it is possible that certain functions on our website are dependent upon the provision of personal data. If you do not provide your personal data in these cases, it may result in certain functions not being available, or only being available to a limited extent.
It is conceivable that some of the information collected is also processed outside the European Union by Instagram, which is based in the USA. In order to ensure an adequate level of data protection, Instagram bases such data transfers on the European Commission’s standard contractual clauses.
We may also use qualified service providers (e.g. dialogue marketing agencies) as processors responsible for designing and maintaining this Instagram page. The processors we use are subject to a contractual obligation in accordance with Article 28 GDPR and only process personal data in line with our instructions for the purposes stated above (e.g. to answer your questions), to pursue our legitimate interests or in the event you have given your consent to such processing.
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is responsible for the collection and further processing of personal user data on LinkedIn’s websites. Please note that LinkedIn also collects and processes certain information about your visit to our LinkedIn page even if you do not have a LinkedIn account or are not logged in to LinkedIn. For information on the processing of personal data by LinkedIn, please view LinkedIn’s Privacy Policy at https://www.linkedin.com/legal/privacy-policy?trk=d_org.
As the operator of the LinkedIn page, we can only view your public profile on LinkedIn. The information that can be viewed here depends on your profile settings. We also process your personal data (such as your name and the content of your messages, enquiries or other posts to us) if you contact us via our LinkedIn page. We then process these data for the purpose of addressing your posts and, if necessary, replying to them.
LinkedIn also provides us with so-called Page Analytics data. These data are anonymous statistics that we use to evaluate the quality of our LinkedIn page and our content. These statistics are compiled on the basis of usage data that LinkedIn collects about your interaction with our LinkedIn page; we cannot access these usage data.
Processing here is based on our legitimate interests in accordance with Article 6 (1)(f) GDPR, in particular in order to be able to contact you regarding your questions or posts, and to identify usage preferences (e.g. number of followers, number of views of individual page areas, user statistics by age, geography and language) in order to adapt and improve our LinkedIn page as far as possible in line with the preferences of our target groups.
We store your personal data on our systems, i.e. outside LinkedIn, for as long as such storage is necessary for the purposes for which the data were collected, or for as long as statutory retention periods apply.
You are neither legally nor contractually obligated to provide us with your personal data. However, it is possible that certain functions on our website are dependent upon the provision of personal data. If you do not provide your personal data in these cases, it may result in certain functions not being available, or only being available to a limited extent.
It is conceivable that some of the information collected is also processed outside the European Union by LinkedIn Corporation and its US subsidiaries (“LinkedIn”), which are based in the USA. In order to ensure an adequate level of data protection, LinkedIn bases such data transfers on the European Commission’s standard contractual clauses.
We may also use qualified service providers (e.g. dialogue marketing agencies) as processors responsible for designing and maintaining this LinkedIn page. The processors we use are subject to a contractual obligation in accordance with Article 28 GDPR and only process personal data in line with our instructions for the purposes stated above (e.g. to answer your questions), to pursue our legitimate interests or in the event you have given your consent to such processing.
4. Information on Data Protection
We would like to give you the opportunity here to view our current information on data protection at any time.
In this set of information on data protection, we inform you about which personal data we process within the framework of our business relationship with you.
LBBW processes your personal data if you are a person authorised to represent and/or act on behalf of a company. LBBW also processes the personal data of persons who, due to their position in a company, conduct (business) activities or use LBBW’s online applications. For the purpose of maintaining contact, your personal data will be processed in accordance with your position as a contact person for our customers or business partners.
LBBW offers its services in various forms to customers of savings banks, building societies and other banks.
We offer support with the processing of
• Development loans from the Kreditanstalt für Wiederaufbau or other development/funding institutions
• Payment transaction orders for domestic and foreign payment transactions
• Purchases and sales of precious metals, coins and foreign currencies
Receivables are sold or assigned as security to LBBW in various contexts. LBBW processes the personal data needed to process and manage such business transactions.
If you receive a newsletter from LBBW, we will process your personal data in order to be able to send the newsletter, among other things.
LBBW records images and videos during events, etc. The following information on data protection provides you with an overview of the processing of your image or video.
LBBW also offers the option of using a web conferencing tool to participate in customer events, among other things, and we also process your personal data in this context.
We store your personal data within the framework of our video surveillance of the premises of LBBW, our branches and our ATMs. We conduct this surveillance in order to safeguard our domiciliary rights, prevent and investigate vandalism, identify and provide evidence of criminal acts, protect our employees, our customers and other visitors, and investigate deposit and withdrawal transactions at our ATMs.
LBBW processes the personal data of staff at commissioned service providers.
LBBW processes your personal data for the purpose of concluding, managing and terminating rental contracts and leases.
This information applies to all job applicants who apply to LBBW on their own initiative or for an advertised position.
The data you enter on this website will be stored in our application system for 6 months after your last activity. This storage period is necessary in order to comply with documentation requirements. Four weeks before this period ends, you will receive an e-mail informing you that your data will soon be deleted. You can then stop the deletion by logging in again or submitting another application.
During the ongoing application process, your data will be accessible to employees in the Human Resources department and in the department or departments advertising the position, as well as to members of the employee representation body and, if applicable, members of the representative body for severely disabled employees. Once the application process has been completed, only employees from the Human Resources department will have access to your data. When we receive your application, we will also check to see whether any other current job postings might match your qualifications and expectations.
In addition, if your profile is approved, your applicant data will be made available to all LBBW Group companies for the purpose of an alternative job search.
Some companies affiliated with LBBW are based in countries outside the EU or the EEA that do not have personal data protection policies comparable to those in Germany. The group of persons at such affiliated companies who can view your data is analogous to the group of persons at LBBW.
We use technical and organisational security measures to protect the data you have provided us with from accidental or intentional manipulation, loss, destruction or access by unauthorised persons, and we use SSL encryption to ensure secure data transmission.
LBBW processes your personal data with SWIFT (joint responsibility) in the context of international and express money transfers using the SWIFT transaction processing service.
LBBW offers the LBBW Wi-Fi HotSpot “LBBW_Guest”, and we also process your personal data in this context.
5. Data Protection With Cookies
We use so-called session cookies (also known as temporary or transient cookies) on our website. Cookies are small text files that are sent from our web server to your PC and are usually stored there on your hard drive. They do not become part of your system and cannot cause any damage. The session cookies are only stored for the duration of your visit to our website. The session cookies we employ are only used to identify you while you are logged on to our website. The session cookies are then deleted at the end of each session. Session cookies are not used for any other purpose.
These cookies are absolutely necessary for the proper functioning of our website and cannot be deactivated in our systems. These cookies are generally only set in response to actions you take that correspond to a service request, such as setting your data protection preferences, logging in or on, or filling out forms. You can set your browser to block these cookies or to notify you about them. However, if you block the cookies, some parts of the website may not work.
The use of these session cookies is based on Article 6 (1)(f) GDPR and on Section 25 (2) of the Telecommunications-Telemedia Data Protection Act (TDDDG). Without the use of these cookies, it would be technically impossible for you to view and use the website and the services it offers