Data Privacy.

1. General remarks

Protecting the personal data of its customers is a matter of high priority for Kommunalkredit Austria AG (the “bank”). The bank complies with all legal provisions relating to the protection, the lawful use and the privacy of personal data and to data security, in particular the Austrian Data Protection Act, the Telecommunications Act and the General Data Protection Regulation (GDPR) of the European Union.

Kommunalkredit’s provisions on data protection and the use of cookies (“Data Protection Policy”) are intended to inform customers about the collection, use and processing of their personal data as well as the scope and purpose of data collection by the bank, including data collected on the basis of customers’ usage of the website www.kommunalkredit.at (the “website”).

2. Contact person and details

For data processing:

Kommunalkredit Austria AG
Tuerkenstrasse 9
A-1090 Vienna
+43 1 31631
info(at)kommunalkredit.at
www.kommunalkredit.at

Our Data Protection Officer can be contacted at:
Tuerkenstrasse 9
A-1090 Vienna
+43 1 5334795-0
datenschutz(at)kommunalkredit.at

3. Information on data processing

Information on Data Processing according to Art. 13 and 14 GDPR and § 21 (5) FM-AML (see “Terms and conditions and legal information”). Below you will also find information about the nature, extent and purpose of the collection and use of data when you visit our websites.

4. What are personal data?

Personal data are defined as any information relating to data subjects (in this specific case: website visitors, prospects and customers) who are identified or identifiable (e.g. name, mail address or IP address).

5. Which visitor data are collected by the bank?

On the basis of the visitors’ usage of the website, the bank collects and processes the following visitor data:

• IP address and IP location
• Date and time of the customer’s visit to the website
• Number, duration and time of page access (the customer’s interaction with the website)
• Referrer URLs (Internet pages visited before and after visiting the bank’s website)
• Search engines and key words used by the customer to find the bank on the Internet
• Browser type, screen size and operating system

The bank collects these log files (access data) automatically by means of a website analytics tool and cookies (for details see below).

6. Cookies and Matomo

Like most other websites, the bank’s website uses cookies. These are small text files placed on the hard disk of the customer’s device to make the website more convenient and to enable the company to better understand the customer’s user behaviour on the basis of his/her activities on the website.

The bank uses (i) functional cookies, which are necessary for operation of the website, and (ii) cookies collecting statistical data on the use of the website, which enable the bank to improve its services and make them more user-friendly.

All cookies, that are not personalized and/or not required for functional operation of the website require the visitor’s consent. Therefore, the visitor is able to click on the button “accept” and agree or to click on the button “Continue without cookies“ and disagree. If she/he gives consent, the visitor is free to withdraw his/her consent at any time and with immediate effect, e.g. by mail sent to datenschutz(at)kommunalkredit.at.

The customer can object to data processing by cookies on the Kommunalkredit website under “Data Protection Policy”. Moreover, the customer can modify the options for the storage of cookies on his/her device in the browser settings, disable cookies in general, and delete cookies placed on his/her device. However, if you have consented to the use of cookies, we use the following cookies:

The website uses Matomo, an open source analysis tool from InnoCraft Ltd (https://matomo.org). Cookies enable the analysis of your use of the website. The following data is collected: anonymised IP addresses by removing the last two bytes (e.g. 198.51.100.54); pseudo-anonymised location (with low accuracy based on the anonymised IP address); country, region, city (with low accuracy based on the anonymised IP address); date and time; title of the page accessed; URL of the page accessed; URL of the previous page (if this is permitted); screen resolution; local time; files that have been clicked on and downloaded; external links; duration of the page load; main language of the browser; user agent of the browser; operating system and browser software of your computer; interaction with forms (but not their content).

For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymised before storage. Matomo cookies are only stored with your prior consent and thus on the basis of Art. 6 para. 1 lit. a GDPR.

Matomo cookies remain on your terminal device until you delete them.

7. What rights does the customer have?

Pursuant to Art. 12 et seq. of the General Data Protection Regulation, the customer has the right to information, rectification, erasure, restriction of processing and portability of data, as well as the right to object. Moreover, the customer can withdraw his/her consent at any time and without indication of reasons in order to prevent the further processing of his/her personal data collected and used on the basis of the data subject’s prior consent.

Customers are requested to address questions relating to the above or to other issues to Kommunalkredit Austria AG, Tuerkenstrasse 9, 1090 Vienna, datenschutz(at)kommunalkredit.at, +43 1 31631. Furthermore, the customer has the right to complain at the Austrian Data Protection Authority (www.dsb.gv.at).

8. How does the bank protect customer data?

The bank makes every effort to protect the personal data of its customers. The bank therefore complies with the provisions of Art. 32 et seq. of the General Data Protection Regulation in order to guarantee the confidentiality and security of the customers’ personal data, and it implements adequate technical and organisational security measures.

9. Concluding remarks

In line with the ongoing development of the Internet, the bank will continuously adjust its data protection policy. Any change will be notified in due time on the website. Customers are therefore advised to access the bank’s data protection policy at regular intervals and to take note of its most recent version.

___
Last update:
October 2022

Kommunalkredit Austria AG (the “Bank”) is making every effort to protect the personal data of its customers. The Bank complies with the legal provisions in force regarding the protection, lawful processing and secrecy of personal data as well as data security, in particular the Austrian Data Protection Act (“DSG”), the General Data Protection Regulation (“GDPR”) of the European Union and the Austrian Telecommunications Act (“TKG”). We herewith inform you about the processing of your personal data and the claims and rights you have under data protection and privacy law. The content and extent of data processing depends, for the most part, on the products and services you have requested or agreed upon with us.

Who is responsible for data processing and who can you turn to?

Responsibility for data processing lies with:

Kommunalkredit Austria AG
Tuerkenstrasse 9
A-1090 Vienna
+43 1 31631
info(at)kommunalkredit.at
www.kommunalkredit.at

The data protection officer can be contacted at:
Tuerkenstrasse 9
A-1090 Vienna​​​​​​
+43 1 5334795-0
datenschutz(at)kommunalkredit.at

2. What data are being processed and where do these data come from?

We process the personal data you disclose to us within the scope of our business relationship or as an interested party in our products and services (e.g. in connection with competitions, events). In particular, we receive personal data from you if you are interested in our products, submit applications, fill out online application forms, register for our online services or contact us by mail or telephone or if you use our products and services while maintaining a business relationship. Furthermore, we process data which we have lawfully obtained from credit reporting agencies, registers of debtors and publicly available sources (e.g. company register, register of associations, land register, media).

Personal data include your personal details (name, address, contact data, date and place of birth, nationality, occupational details, etc.), identification data (e.g. ID card data, registered address, photo ID) and authentication data (e.g. specimen signature). In addition, personal data may include data on your occupation and the sector of your activity, your customer ID, order data (e.g. payment orders), data arising from the performance of our contractual obligations (e.g. turnover data), information on your financial status (e.g. credit standing, scoring and rating data, information on taxability and tax residence, account data, type and origin of funds, etc.), advertising and sales data, documentation data, register data, image and video recordings, phone recordings (e.g. phone number, duration of call, date and time of day of the call), information derived from your electronic communication with the Bank (e.g. apps, cookies, etc.), processing results generated by the Bank itself, as well as data needed to meet statutory and regulatory requirements.
 

3. For which purposes and on what legal basis are my data processed?
 

3.1. To perform our contractual obligations (Art. 6 (1)(b) GDPR)

Personal data (Art. 4 (1) and (2) GDPR) are processed for the purpose of conducting and facilitating banking transactions, financial services, in particular for the performance of the contracts we have entered into with you and the execution of your orders as well as for all activities necessary for the operation and management of a credit and financial services institution. The purposes of data processing depend, for the most part, on the specific product and may include, among other things, requirements analyses, advisory services, and the execution of transactions. Data processing merely serves for the performance of contracts within the framework of the business relation with the customer (Art. 6 (1)(b) GDPR) and, in the majority of cases, to ensure compliance with the legal obligations of the Bank (Art. 6 (1)(c) GDPR; see item 3.2).
 

3.2. To comply with our legal obligations (Art. 6 (1)(c) GDPR)

The processing of personal data may be necessary to meet various statutory obligations (e.g. under the Austrian Banking Act (BWG), the Austrian Financial Markets Anti-Money Laundering Act (FM-GwG), the Austrian Securities Supervision Act (WAG 2018), the Austrian Stock Exchange Act, etc.) and regulatory requirements (imposed by, e.g., the European Central Bank, the European Banking Authority, the Austrian Financial Market Authority, Deutsche Bundesbank and the German Federal Financial Supervisory Authority (BaFin), etc.), which the Bank, being an Austrian credit institution, is required to comply with.

Examples include:

• Submitting notifications to the Financial Intelligence Unit in certain suspicious cases as provided for by the law (section 16 Austrian Financial Markets Anti-Money Laundering Act);
• Providing information to the Austrian Financial Market Authority pursuant to the Austrian Securities Supervision Act and the Stock Exchange Act, for instance, to monitor compliance with the provisions on market abuse of inside information;
• Providing information to authorities in charge of financial crime matters in proceedings dealing with an intentional financial offence;
• Providing information to fiscal authorities based on existing statutory obligations (e.g. pursuant to section 8 of the Austrian Account Register and Account Inspection Act.
   

3. Within the scope of the consent given by you (Art. 6 (1)(a) GDPR)

If you have consented to the processing of your personal data, we will process these data only for such purposes and to such extent as defined and agreed in the declaration of consent. For instance, the Bank requests consent within the framework of business marketing in the form of direct marketing measures by electronic means or by telephone in connection with the Bank’s banking products, when placing cookies other than technical cookies, etc. You can withdraw your consent at any time (e.g. by mail sent to the Bank), effective as of that date.
 

3.4. To pursue legitimate interests (Art. 6 (1)(f) GDPR)

In the process of weighing and balancing the interests of all stakeholders, data may, where necessary, be processed not only for the performance of the contract but also for the purposes of legitimate interests pursued by us or by third parties. In the following cases, data processing takes place for the purposes of legitimate interests:

• Risk assessment, coverage of the risks assumed by us, and ensuring that your claims can be satisfied;
• Consultation of and data exchange with credit reporting agencies and the bank holding your account to determine credit and default risks;
• Assessment and optimization of procedures for the analysis of your requirements and for direct customer contacts;
• Advertising or market and opinion research, provided you have not objected to the use of your data pursuant to Article 21 GDPR and consent is not required for such purposes;
• Business marketing (in which case contacts by electronic means and by telephone always require your consent) and event management, provided – following the weighing balancing of interests – the respective market research and direct marketing activities can be regarded as processing serving a legitimate interest. Otherwise your data will only be used for these purposes with your explicit consent, which can be withdrawn at any time
• “Compliance”: This is understood to include conformity with legal and other requirements, e.g. deduction of income tax and social security contributions, recording and reporting obligations, audits, conformity with reviews by the state/public authorities, reaction to legal proceedings, pursuit of statutory rights/remedies, defence in litigation, management of internal complaints/claims, investigations and compliance with strategies/procedures;
• Access rights and video surveillance – detailed information is available at the reception desk;
• Planning, implementation and documentation of internal audit measures, business continuity management and forensic analyses aimed to ensure the continuous improvement of our business processes and compliance with regulatory obligations (partly also within the framework of contract performance);
• Ensuring IT security and IT operations, performance of stress tests, development of new products and systems and adaptations of existing ones, migration of data to ensure the stability and integrity of the systems and, in a broader context, the data processed, unless this is obligatory pursuant to section 39 of the Austrian Banking Act. In this context, the personal data disclosed are used primarily for tests that cannot be performed on the basis of anonymous basis at reasonable cost. Data security pursuant to Article 32 GDPR is guaranteed at all times.
• Business management measures and measures aimed at the further development of services and products.

Any other personal data are collected and processed by the Bank exclusively with the customer’s consent (e.g. for mailing of newsletters) and to the extent necessary. The customer can withdraw his/her consent at any time, effective as of that date, e.g. by mail sent to datenschutz(at)kommunalkredit.at.
 

3.5. Transfer of data to a third country or international organization

Data will only be transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders and required by law, if you have given us your consent or within the scope of order data processing. If service providers are used in third countries, they are obliged to comply with the European data protection level.

3.6. Is there an automated decision-making mechanism, including profiling?

The bank automatically uses and/or processes the customer’s personal data within the framework of its anti-money laundering transaction monitoring, the objective being to assess certain personal aspects of the customer (details see item 4.). This is based on the legal and regulatory requirements regarding the fight against money laundering and terrorism financing. The following data are collected and processed within the framework of profiling:

The following data are collected and processed within the framework of profiling: Name, date and place of birth, address, nationality, type of ID document, number of the ID document, place of issue of the ID document, contact details, bank/account details, classification as a “politically exposed person”, transaction on own/third-party account, type and date of the transaction, currency, amount, current credit/debit balance, motivation/statement of facts, relevant supporting documents.

These measures also serve for the customer’s protection.
 

4. Customer information on data processing pursuant to the Austrian Financial Markets Anti-Money Laundering Act (FM-GwG)

Pursuant to the Austrian Financial Markets Anti-Money Laundering Act (FM-GwG) and within the framework of its duty of diligence in preventing money laundering and terrorism financing, Kommunalkredit Austria AG is obligated to obtain and retain certain documents and information from its customers upon the establishment of a business relation or in the course of an occasional transaction.

In this context, pursuant to FM-GwG, Kommunalkredit Austria AG is obligated to establish the identity of customers, the beneficial owners of customers or any trustors of the customer, and to verify the purpose pursued by the customer, assess the type of business relation desired by the customer, obtain and verify information about the origin of the funds used, and continuously monitor the business relation and the transactions made within its framework. In particular, credit institutions have to retain copies of the documents and information material required to comply with the aforementioned duties of diligence and to preserve all transaction records.

The Austrian Financial Markets Anti-Money Laundering Act confers upon credit institutions the statutory authority to use such customer data in complying with the duties of due diligence for the prevention of money laundering and terrorist financing, which the institution is obligated by law to comply with and which serve the public interest. The data processing operations performed for such due diligence purposes are based on a legal obligation imposed on the bank. For this reason, the bank is not permitted to comply with any objection by the customer to such data processing (Art. 6 (1)(c) GDPR).

All personal data processed and/or stored by the credit institution exclusively on the basis of the Austrian Financial Markets Anti-Money Laundering Act for the purpose of preventing money laundering and terrorism financing have to be deleted after a retention period of ten years after termination of the business relation, unless a longer retention period is required or permitted under the provisions of other federal laws or longer retention periods are imposed by decree by the Financial Market Authority.

Personal data used by the bank solely on the basis of the Austrian Financial Markets Anti-Money Laundering Act for the purposes of the prevention of money laundering and terrorism financing must not be further processed in a way that is incompatible with those purposes. Such personal data are therefore not processed for any other purposes, such as, for example, commercial purposes.
 

5. Who receives my data?

Within the Bank, your data will be provided to those employees or units that need your data to fulfil contractual, legal and regulatory obligations and pursue legitimate interests. Moreover, the following processors mandated by us will receive your data if they need such data to provide the agreed services:

• Back-office service providers, IT service providers and/or providers of data hosting solutions or similar services;
• Other service providers, providers of tools and software solutions supporting the Bank in the provision of its services and acting on behalf of the Bank (including providers of marketing tools, marketing agencies, communication service providers, mailing service providers and call centres).

All processors process customer data exclusively on our behalf on the basis of the instructions received from the Bank. Moreover, to the extent required, the Bank transmits the customer’s personal data to the following recipients (controllers):

• Any third parties involved in the provision of services to the customer for the performance of the contractual obligations of the Bank (e.g. distribution partners);
• External third parties, to the extent required, on the basis of legitimate interests of the Bank (e.g. public accountants and tax advisors, insurance companies in the event of a loss covered by insurance, legal representatives, if required);
• Public authorities and other public bodies, to the extent obligated by law (e.g. financial authorities).

All processors and controllers are contractually obligated to treat your data confidentially and to process them exclusively within the framework of service provision.

With respect to data transmission to other third parties, please note that as an Austrian credit institution we are obligated to observe banking secrecy pursuant to section 38 of the Austrian Banking Act and therefore keep confidential all customer-related information and facts entrusted or made accessible to us within the scope of our business relationship. We are therefore only allowed to transmit your personal data if you have expressly released us, in advance and in writing, from our obligation to observe banking secrecy or if we are obligated or authorised to do so under legal and/or regulatory provisions. Other credit institutions and financial institutions or similar entities to which we transmit data in the course of our business relationship with you may be the recipients of your personal data in this context.
 

6. For how long will my data be stored?

Where necessary, we store your personal data for the duration of our entire business relationship [from (pre-contractual) first contacts to contract execution to contract termination] or as long as necessary to achieve the above-mentioned purpose/s and, beyond that, pursuant to legal retention or documentation requirements, based, inter alia, on the Austrian Company Code (UGB) or the German Commercial Code (HGB), the Austrian Federal Tax Code (BAO) or the German Federal Tax Code (AO Germany), the Austrian Banking Act (BWG), the Austrian Financial Markets Anti-Money Laundering Act (FM-GwG) or the German Anti-Money Laundering Act (GwG Germany), the Austrian Securities Supervision Act (WAG 2018) and the German Securities Trading Act (WpHG). As a rule, data storage is required for a period of seven or, in certain instances, ten years years on the basis of our overriding and justified interest in the documentation of our obligations in the event of an inspection by the regulatory authority.

We store your personal data for direct marketing purposes until your withdrawal of consent, but not longer than for a period of five years after you have given your consent.

Furthermore, if need arises, the Bank stores the customer’s personal data beyond the deadlines specified above, as long as claims can be derived from the relation between the customer and the Bank and/or until a specific incident or case in litigation is finally resolved. This longer period of data storage serves to uphold the Bank’s legitimate interests in raising and clarifying legal claims or defending itself against such claims.
 

7. What data protection rights do I have?

You have, at any time, a right to access, rectification, erasure or restriction of processing of your stored data, a right to object to processing as well as a right to data portability as set out in data protection law (see Art. 15 et seq. GDPR). If you have any questions regarding issues of data protection law, please do not hesitate to contact the Bank or the data protection officer.

Moreover, the customer can withdraw his/her consent at any time and without indicating a reason in order to prevent the continued use of his/her personal data collected and used on the basis of an earlier declaration of consent.

Complaints can also be addressed to the competent data protection authority:

• In Austria: Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna www.dsb.gv.at
• In Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), Husarenstrasse 30, 53117 Bonn, www.bfdi.bund.de
   

8. Am I obliged to provide data?

In the context of our business relationship, you are obliged to provide such personal data as are necessary to establish and manage the business relationship and which we are required by law to collect. If you fail to provide such data, we will, as a rule, have to refuse to enter into a contract with you or to execute an order or we will no longer be able to perform an existing contract and must therefore terminate it. However, you are not obliged to consent to the processing of data other than those that are of relevance for the performance of the contract and/or that are required under legal or regulatory provisions.
 

9. Amendment of data privacy information

Please note that we may amend the present data privacy information as and when necessary. You will always find the most recent version of this information on our website at www.kommunalkredit.at/en/data-privacy.

___
Last update:
April 2021

Information on Data Processing
pursuant to Articles 13 and 14 GDPR
(General Data Protection Regulation)

Kommunalkredit Austria AG (the “Bank”) is making every effort to protect the personal data of its customers. The Bank complies with the legal provisions in force regarding the protection, lawful processing and secrecy of personal data as well as data security, in particular the Austrian Data Protection Act (“DSG”), the General Data Protection Regulation (“GDPR”) of the European Union and the Austrian Telecommunications Act (“TKG”). We herewith inform you about the processing of your personal data and the rights you have under data protection and privacy law.
 

1. Who is responsible for data processing and who can you turn to?

Responsibility for data processing lies with:

Kommunalkredit Austria AG
Tuerkenstrasse 9
A-1090 Vienna
+43 1 31631
info(at)kommunalkredit.at
www.kommunalkredit.at

The data protection officer can be contacted at:
Tuerkenstrasse 9
A-1090 Vienna
+43 1 5334795-0
datenschutz@kommunalkredit.at

2. In the following, we inform you about the information we collect and process if you visit and use our social media platforms indicated below

• Instagram
• Kununu
• LinkedIn
• Twitter
• YouTube

3. What are personal data?

Personal data are defined as any information relating to an identified or identifiable data subject. This includes, inter alia, your name, your mail address and your IP address.
 

4. What personal data are processed for which purposes and on what legal basis?

We process the personal data we receive from you within the framework of your interaction on our social media platforms.
 

4.1. Contacting us via Instagram, LinkedIn, Kununu und Twitter

If you contact us by mail, telephone, post or via the news function of the social media platform, we will store the personal data voluntarily shared by you (form of address, title, name, company, mail, telephone number), you user details (user name, IP address) and the content of your enquiry so that we can respond to it and, if necessary, ask follow-up questions. We will use such data pursuant to Art. 6 (1) point f GDPR in order to meet your request and reply to your enquiry as soon as possible. The data will be stored for a maximum of six months after your request has been dealt with.
 

4.2. Interactions on Instagram, Twitter and YouTube

On Instagram and Twitter, subscribers and other users can mark our posts with “like”, comment on them, share and save them. This provides the basis for a communication that is intended to give customers and interested parties an insight into Kommunalkredit by means of visual narration. We store the personal data voluntarily provided on our company pages (e.g. name, comment and other contents etc.) on the basis of legitimate interests on your part in the announcement of your personal opinion in accordance with Art. 6 (1) point f GDPR for as long as you do not remove the “like” indication or delete the comment or this is lawfully deleted by the platform operator within the scope of the Terms of Use (e.g. in cases of abuse).
 

4.3. Evaluations and comments on Kununu

Current and former employees, job applicants and other visitors can evaluate us as an employer and post comments on our Kununu social media site. Comments are posted anonymously and processed and replied to by our HR team. The personal data you disclose voluntarily on our Kununu website (e.g. name, user details, evaluation and other contents, etc.) are stored on the basis of the legitimate interest of the public in your experience and your legitimate interest in expressing your personal opinion pursuant to Art. 6 (1) point f GDPR, as long as you do not delete the evaluation and/or it is not lawfully deleted by the platform operator within the framework of the terms of use (e.g. in cases of abuse).
 

4.4. Applications posted on LinkedIn

We post vacancies on LinkedIn and thus enable you to apply for vacant positions by uploading your CV. Applications received are processed by our recruiting team, as described below.
 

4.5. Statistics and marketing analyses via Instagram and LinkedIn

When you browse, register and interact on our social media platforms (e.g. via social plugins), the social media operators frequently process your data for the purpose of statistics and analyses. From the Instagram social media platform we receive (i) general statistics that include information about the target group and its location, age group, gender and activity, (ii) statistics on individual posts such as the number of “like” entries, comments and activities and (iii) statistics on posts in stories. From the LinkedIn social media platform we receive (i) job-specific statistics based on the applicants’ profiles, (ii) general statistics on the number of followers, and (iii) demographic statistics from the social media platforms. Hence, we share the responsibility for such data processing with the social media operators as joint controllers pursuant to Art. 26 GDPR. For further information, in particular regarding page insights, please refer to the shared responsibility agreement with Instagram or LinkedIn. We process such data on the basis of our legitimate interests pursuant to Art. 6 (1) point f GDPR. Our recruiting team and our HR department have a legitimate interest in learning which individuals from which industry and demographic bracket express an interest in our company and the vacancies advertised. We exclusively receive and process anonymous data.

4.6. Advertising on LinkedIn

Based on the statistics and marketing analyses that LinkedIn compiles - as described under 4.5. - we make use of the possibility to place targeted advertisements on this platform and to potentially reach people interested in the industry. For general information about advertising, please refer to LinkedIn's Privacy Policy at 2.4. The Cookie Policy describes how you can opt out of targeted personalized advertising or withdraw your consent. If you opt out, you will receive advertising that is not based on your interests. 
 

5. Who receives your data?

Within the Bank, your data will be shared with those units and/or employees that require your data to fulfil contractual, legal and regulatory obligations and thus pursue legitimate interests. Moreover, your personal data will also be shared with the operators of social media platforms on which we run a company site.
 

6. What data protection rights do you have?

You have, at any time, a right to access, rectification, erasure or restriction of processing of your stored data, a right to object to processing as well as a right to data portability as set out in data protection law (see Art. 15 seq. GDPR). If you have any questions regarding issues of data protection law, please do not hesitate to contact the Bank or the data protection officer.

Moreover, you can withdraw your consent at any time and without indicating a reason in order to prevent the continued use of your personal data collected and used on the basis of an earlier declaration of consent.

Complaints can also be addressed to the competent data protection authority:

• For Austria: Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at
• For Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI), Husarenstrasse 30, 53117 Bonn, www.bfdi.bund.de

7. Further relevant data privacy information provided by the social media platform operators

As you are a registered user of the aforementioned social media platforms, all other forms of data processing (e.g. comment, like, share functions) are subject to the data privacy statements of these providers:

• Instagram
• Kununu
• LinkedIn
• Twitter 
• YouTube

___
Last update:
July 2022

Information on Data Processing
pursuant to Articles 13 and 14 GDPR
(General Data Protection Regulation)

1. Who is responsible for data processing and who can you turn to?

Responsibility for data processing lies with:

Kommunalkredit Austria AG
Tuerkenstrasse 9
A-1090 Vienna
+43 1 31631
info(at)kommunalkredit.at
www.kommunalkredit.at

Der Datenschutzbeauftragte ist erreichbar unter:
Tuerkenstrasse 9
A-1090 Vienna
+43 1 5334795-0
datenschutz(at)kommunalkredit.at
 

2. Why are we interested in your data and for what purpose are we allowed to process them?

2.1. We process your data in connection with various meetings, events and conferences (“event”), provided you participate voluntarily in such events and register for them at the respective contact point. Data processing is performed within the framework of the implementation of (pre-) contractual measures pursuant to Art. 6 (1) point b of the GDPR in order to (i) organize the event and (ii) contact you, if necessary, in connection with the event you have chosen to participate in (e.g. in case of cancellation, change of date or change of the venue of the event). If you do not indicate your data, we are unable to register you for the event of your choice.

2.2. Images of the participants may be captured on video recordings and photographs within the framework of the event. We use such recordings and photographs on the basis of our legitimate interests pursuant to Art. 6 (1) point f of the GDPR for (i) the documentation of the event and (ii) external and internal reporting about the event, including through postings on our websites, social media channels or on the Intranet.

2.3. If the use of images is not based on our legitimate interests, we will specifically ask you for your consent to processing pursuant to Art. 6 (1) point a of the GDPR.

2.4. Before processing your data for purposes other than those specified in this document, we will notify you separately of our intention to do so.
 

3. Who will your data be shared with and from whom do we receive them?

3.1. To the extent required, we transmit your registration data to an external organizer and, if necessary, other third parties supporting us in the organization of the event in order to ensure a smooth conduct of the event.

3.2. We comply with all legal and contractual obligations. To this end, we cooperate with external service providers (processors) and transmit your personal data to them to the extent required for service provision. Our processors include, in particular, IT service providers:

• Software and service providers (provision of IT applications) for email services and administrative activities;
• Computing centres, IT operation and hosting;
• Scan and print service providers;
• Security service providers within the framework of the protection of physical safety and data security;
• IT service providers and IT support for the purpose of project management, the definition of requirements, the introduction, adaptation and development of software, as well as the servicing and maintenance of IT systems and the performance of regular IT activities (hotline, trouble shooting, servicing of interfaces).

3.3. Certain legal obligations can only be met by us if we transmit your personal data to public authorities or courts, as required.
 

4. How long will your data be stored?

Your personal data will be deleted as soon as they are no longer required for the aforementioned purposes, unless storage for a longer period of time is prescribed by law.
 

5. What are your rights?

You have a right to information, rectification, erasure or restriction of processing of your data, as well as a right to object to processing and a right to data portability pursuant to the provisions of data protection law (see Art. 15 seq. GDPR). If you are of the opinion that in processing your data we are violating the legal data protection provisions, please contact us so that we can clarify the matter.

You can also address your complaints to the competent data protection authority:
For Austria: Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at

___
Last update:
November 2019

Information on Data Processing
pursuant to Articles 13 and 14 GDPR
(General Data Protection Regulation)

Protecting your personal data is a matter of special importance for us. Kommunalkredit Austria AG therefore processes your data exclusively in accordance with the legal provisions in effect (in particular, the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act). Please read more about the following aspects of data processing within the framework of your application.

Categories of data processed

The data processed by us are personal data made available by you, such as your name, title, address, telephone number, date of birth, education and professional experience as well as data and images enclosed with your letter of application, your CV or other documents (e.g. marital status, language skills, type of job you are applying for, further training certificates and diplomas, ID documents, etc.). We also process personal data obtained and noted down during a potential interview.

Data processing

Your data are processed exclusively within the framework of the application process for the purpose of selecting the applicant best suited for a particular job. Pursuant to Art. 6 para.1 (b) GDPR, processing is necessary prior to entering into a contract.

Moreover, data are processed pursuant to Art. 6 para 1 (f) GDPR for the purposes of our legitimate interests in defending our position in the event of claims being raised under the Equal Treatment Act. For this purpose, we store your data for a period of seven months after the termination of the application process.

If you give us your voluntary consent (i) to send you an email reminder after seven months so that we can keep a record of your application for a further seven months and/or (ii) to send you new job advertisements in the course of creating an account in our online application form for a period of seven months after your last account activity, we will process your data in accordance with Art. 6 para 1 (a) GDPR.

Transfer to third parties

We transfer your personal data to third party IT service providers if this transfer is necessary for the processing of the data for the purposes stated above.

Duration of storage

In principle, your data will be stored for a period of seven months from the end of an unsuccessful application process. A longer retention period of three years for an eventual contact later is possible, provided that you consent to the record keeping of your data. In the event of a successful application process, the data collected will be stored as long as required by law or as long as legal claims, if any, are not time-barred. Should the application process result in you being employed by us, we will store your data for the period of employment and delete them after the termination of employment as soon as the period of data retention required by law expires.

Your rights and you contact points

As a matter of principle, you have the right to information, rectification, erasure, restriction of processing, data portability and withdrawal of consent as well as the right to object to the processing of your personal data. You can contact our data protection officer on this matter at datenschutz(at)kommunalkredit.at. For general information on how we process personal data, please refer to our Privacy Policy at www.kommunalkredit.at/datenschutz. Should you feel that your data have been processed in violation of the legal provisions on data protection, you can file a complaint with the Austrian Data Protection Authority.

Processor

Kommunalkredit Austria AG
Tuerkenstrasse 9
A-1090 Vienna
+43 1 31631
info(at)kommunalkredit.at
www.kommunalkredit.at

___
Last update:
November 2021

[Translate to English:]

An beiden öffentlichen Eingängen ist ein Piktogramm bzw. Hinweis auf die Videoüberwachung im Eingangsbereich angebracht. Es besteht die Möglichkeit einen QR-Code zu scannen und zur Datenschutzerklärung für die Videoüberwachung zu gelangen.

[Translate to English:]

Zum Informationsblatt