BayernLB

Data Protection

I. Name and address of controller

The controller under the General Data Protection Regulation is:

Bayerische Landesbank
Institution established under public law
Brienner Straße 18
80333 Munich, Germany

II. Contact details for the data protection officer

The data protection officer can be contacted at:

The Data Protection Officer
c/o Bayerische Landesbank
Brienner Straße 18
80333 Munich, Germany
E-mail: datenschutz.bayernlb@bayernlb.de

III. General information on data processing

Protecting your personal data is very important to us. We mainly process it in order to keep our website running and easy to use. We would like to ensure that you are able to use our content and offerings through this website.

We also only process your data to the extent permitted by law. For further details please see below.

IV. Provision of website and creation of log files

Each time our website is accessed, our system automatically records data and information about your computer system. We collect the following data:

(1) Information about the type of browser and the version used

(2) Your IP address

(3) Date and time of access

This data is stored in the log files in our system. The data listed is not stored with other personal data.

Our system has to temporarily store your IP address, so the website can be delivered to your computer. To do this, your IP address has to be stored for the duration of each visit to the website. The log files are therefore saved so the website can function. We also use this data to optimise our website and protect our IT systems. Data in this context is not used for marketing purposes. The legal basis for temporarily storing data and log files is Article 6 (1) f) of the General Data Protection Regulation (hereinafter referred to as “GDPR”).

This data is stored as long as it is required to meet the purpose for which it was collected. If data is needed to provide the website, it ceases to be so once the session is ended. Your data is then automatically erased. In the case of data saved in log files, this occurs within 14 days. If this data remains stored your IP address is erased or redacted so it cannot be associated with the incoming internet connection.

V. Use of cookies

Our website uses cookies. These are text files saved on your computer by your browser. When you access our website, a cookie may be saved on your system. This contains an individual string of characters that allows your browser to be identified next time you access the website.

Except where other periods for deletion are specified below, the following provides a summary of the storage periods which apply regardless of the nature and purpose of the cookies:

You have unrestricted control over the use of cookies. They are saved on your computer and transmit data to our site. Most browsers are configured to accept cookies as standard; however, transmission of cookies can be limited or deactivated by changing the browser settings. Saved cookies can be deleted at any time. This can be done automatically using the appropriate setting in your browser.

If cookies for our website are generally deactivated, it may not be possible to use all functions on the site.

You can stop cookies being saved on your computer by using the corresponding setting on your browser software; please note that in this case you may not be able to use all the functions on our website.

a) WebTrends

We use the web analysis service WebTrends on our website. We only save the information collected from log entries on our servers in Germany. The log files generated have the IP addresses anonymised, so no personal data can be traced back to you.

The anonymised information is used to evaluate your use of the website, compile reports of web site activities and provide the website operator with other services related to website and internet usage.

Log data on our servers which is not anonymised is automatically deleted after 14 days.

b) Matomo

This website uses the web analysis service Matomo from Matomo.org so we can evaluate use of our website and constantly improve it. The statistics acquired allow us to improve our offering and make it more attractive for you as a user. The legal basis for using Matomo is Article 6 (1) sentence 1 letter f) GDPR.

Cookies are saved on your computer for this evaluation. The information gathered in this way is saved solely on our servers in Germany. You can stop the evaluation by deleting any cookies present and blocking the saving of cookies. If you block cookies from being saved, please note that you may not be able to use this website in full. You can block cookies from being saved using your browser settings. You can block the use of Matomo by removing the tick, which activates the opt-out plug-in.

This website uses Matomo with the AnonymizeIP extension. This means IP addresses are processed in a shortened form, so they cannot be directly related to individuals. IP addresses sent to us by your browser over Matomo are not merged with other data we gather.

Matomo is an open source project. For information from the third-party provider on data protection, please go to https://matomo.org/privacy-policy/ .

Log data on our servers which is not anonymised is automatically deleted after 14 days.

VI. Log-in/registration – client.next

It is possible to use large sections of our website without registering or providing your personal details.

We offer you the option to register voluntarily for the client.next log-in area, to gain access to exclusive content, functions and information. client.next gives you single-sign-on access so you can immediately go to your current account overdrafts or interest rate and commodities derivatives, or get the latest research data. You can also receive your account documents digitally via the dedicated inbox.

To be given access to the log-in area,

When registering, please supply:

  • Your full name and
  • The name of your company.

What further data we process depends on the services you would like to use. This can be found in the further correspondence as part of registration.

The legal basis for the processing is therefore the user agreement entered into for client.next, i.e. Article 6 (1) b) GDPR.

Your data is deleted once it is no longer needed to achieve the purpose for which it was collected. For data collected as part of registration this is generally the case when you cancel your registration or delete your username.

If this data is required to perform an agreement or carry out pre-contractual measures, early deletion is only possible if permitted by contractual or statutory obligations. We may be under a contractual or statutory obligation to save data even after the agreement has ended (e.g. for tax purposes). The storage period applicable has to be determined separately for each agreement and contracting party.

VII. Contact form and e-mail contact

You can contact us using a contact form on our website or by e-mail. If you enter data in the template provided for the contact form, it will be sent to us and processed by us. This applies to the following mandatory information:

(1) Subject (reason for making contact)

(2) Message

(3) E-mail address

(4) Form of address

(5) Your name

(6) Post code

(7) Town, street and country

We also process data you give us voluntarily.

If you make contact via the e-mail address that has been provided, the personal data transmitted with your email will be saved. The legal basis for processing your data is therefore Article 6 (1) f) GDPR, as we have a legitimate interest in this. If you make contact using the form or by e-mail in connection with entering into or carrying out an agreement, Article 6 (1) b) GDPR is always the legal basis for the processing.

We process personal data from the entry template or e-mail solely to deal with processing the correspondence. The data is not transmitted to third parties.

We delete your data as soon as it is no longer needed to achieve the purpose for which it was collected. For personal data from the entry template in the contact form or submitted by e-mail, this is the case when the correspondence with you is completed. The correspondence is completed when the circumstances indicate that the matter in question has been fully dealt with.

If you make contact by e-mail you can object to your personal data being stored at any time. To do this please send a message to this effect, which does not need to be in any particular form, to the contact details provided under item I.

In some circumstances, however, it may not be possible to process your message.

If the data is required to perform an agreement or carry out pre-contractual measures, early deletion is only possible if permitted by contractual or statutory obligations. The storage period applicable has to be determined separately for each agreement and contracting party.

Once you have sent your message via the contact form, the following data will also be saved:

(1) Your IP address

(2) Date and time sent

This data is processed during dispatch to prevent misuse of the contact form and ensure our IT systems are secure. The legal basis is therefore Article 6 (1) f) GDPR. Additional personal data collected during dispatch is deleted within seven days, unless storage beyond that is permitted for statutory or contractual purposes.

VIII. Newsletter

You can subscribe to our free IR newsletter here:

https://www.bayernlb-newsletter.de/bc/servlet/web.subscribe?tid=39&mid=0

Please enter your data in the template provided and it will be sent to us. This applies to the following data:

(1) Full name

(2) E-mail address

(3) Telephone number (voluntary)

(4) Company name (voluntary)

Once your message has been sent, the following other data is also saved:

(1) Your IP address

(2) Date and time sent

Before sending your data, please grant your consent for it to be processed; please note this data protection notice. Your data will then be processed with your consent. The legal basis is therefore Article 6 (1) a) GDPR.

After subscribing you will receive an e-mail asking you to confirm your subscription. This confirmation is required to stop people subscribing with other people’s e-mail addresses. Subscription to the newsletter is recorded so we can prove that the subscription process met the legal requirements. This includes saving the time of subscription and confirmation and the IP address you used.

As this data also has to be processed in order to deliver the newsletter requested, Article 6 (1) b) and Article 6 (1) f) also serve as the legal basis.

No data is passed to third parties in connection with the processing of data for sending newsletters. The data is used solely for sending the newsletter.

You can cancel your subscription to the newsletter at any time or object to further newsletters being sent. Each newsletter contains a link to the unsubscribe form. This also allows you to withdraw your consent to your data being saved. You can also send your withdrawal, which need not be in any particular form, to the contact details provided provided under item I.

We delete your data as soon as it is no longer needed to achieve the purpose for which it was collected. Your e-mail address will be saved as long as you are subscribed to the newsletter. Other personal data collected as part of the subscription process is generally deleted seven days after collection.

If the data is required to perform an agreement or carry out pre-contractual measures, early deletion is only possible if permitted by contractual or statutory obligations. We may be under a contractual or statutory obligation to save data even after the agreement has ended (e.g. for tax purposes). The storage period applicable has to be determined separately for each agreement and contracting party.

IX. Your rights

Please find below a summary of your rights under the General Data Protection Regulation.

1. Right to withdraw consent (Article 7 (3) GDPR)

You have the right to withdraw your consents at any time. Withdrawing consent does not affect the legality of processing carried out with this consent before it was withdrawn. You will be informed of this before giving consent.

2. Right of access (Article 15 GDPR, section 34 BDSG)

Under Article 15 GDPR you have the right to request confirmation from us as to whether or not we are processing personal data concerning you. Where that is the case, you have the right to access this personal data and the following information:

  • The purposes for which we are processing the data;
  • The categories of personal data we are processing;
  • The recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
  • Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • The existence of the right to request rectification or erasure of personal data concerning you or restriction of processing or to object to such processing by us;
  • The right to lodge a complaint with a supervisory authority;
  • Where the personal data is not collected from you, any available information as to its source;
  • The existence of automated decision-making, including profiling, pursuant to in Article 22 (1) and (4) GDPR and, if this occurs, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Where personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards being used to ensure that the provisions of the GDPR will be observed by these recipients.

3. Right to rectification (Article 16 GDPR, section 35 BDSG)

You have the right to have inaccurate personal data concerning you rectified by us without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4. Right to erasure or “right to be forgotten” (Article 17 GDPR, section 35 BDSG)

You have the right to obtain the erasure of personal data by us without undue delay where one of the following grounds applies:

  • The data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  • You withdraw your consent on which the processing is based and there is no other legal ground for the processing.
  • You object to the processing pursuant to Article 21(1) GDPR for reasons based on your personal situation and there are no overriding legitimate grounds for the processing.
  • You object to processing for direct marketing pursuant to Article 21 (2) GDPR.
  • The data has been processed unlawfully.
  • The personal data has to be erased to comply with a legal obligation in EU or German law.
  • The data was collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.

Where we have made your data public and are obliged to erase it, we take into account available technology and the cost of implementation while taking reasonable steps to inform the controllers that you have demanded erasure.

5. Right to restriction of processing (Article 18 GDPR)

Under Article 18 GDPR, we may only process data to a limited extent in the following cases. This applies where:

  • You contest the accuracy of your personal data, for a period enabling us to verify its accuracy.
  • The processing is unlawful, and you oppose the erasure of your data and request the restriction of the use of the personal data instead;
  • We no longer need the personal data for the purposes of the processing, but it is required for the establishment, exercise or defence of legal claims;
  • You object to processing pursuant to Article 21(1) GDPR for reasons based on your personal situation pending verification of whether our legitimate grounds for processing override your interests.

Where processing has been restricted, we may only store the data. Further processing is only permitted with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

You may withdraw consent given in this regard at any time.

You will be informed by us before the restriction is lifted.

6. Notification obligation (Article 19 GDPR)

We are obliged to communicate any rectification or erasure of your data or restriction of processing to all recipients to whom the data has been disclosed, unless this proves impossible or involves disproportionate effort.

We will inform you of these recipients at your request.

7. Right to data portability (Article 20 GDPR)

You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to a third party, provided

- The processing is based on your consent or on a contract and

- The processing is carried out by automated means.

You can ask us to transmit your data directly to the third party, where technically feasible. This right must not adversely affect the rights and freedoms of others.

8. Automated individual decision-making, including profiling (Article 22 GDPR)

On our website your data is not used for decisions based solely on automated processing (e.g. profiling).

9. Right to object (Article 21 GDPR)

If we process your data on the basis of a legitimate interest (Article 6 (1) f) GDPR) you have the right to object if the reasons for doing so are based on your personal situation. The same applies to profiling based on these provisions. In such cases we will no longer process your data unless we can demonstrate compelling legitimate grounds for doing so. These must override your interests, rights and freedoms or the processing must serve to establish, exercise or defend legal claims.

Where your data is processed for direct marketing purposes, you may object at any time to the processing of the data. The same applies to profiling, to the extent that it is related to such direct marketing.

Once you have objected, your data will no longer be processed for these purposes.

To lodge an objection please send a message to this effect, which need not be in any particular form, to the contact details provided under item I.

10. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of data relating to you violates the General Data Protection Regulation. This does not affect any other administrative or judicial remedy which may be open to you.