Customer information about data processing in accordance with Art. 13 and Art. 14 of the EU General Data Protection Regulation (GDPR)
The protection of your personal data is of utmost importance for ICBC Austria Bank GmbH (hereinafter “ICBC”). Therefore, ICBC commits itself to comply with the data protection regulations in order to achieve sufficient protection and security of our customers’ data. With this document we would like to inform you about the processing of your personal data by ICBC and the rights you are entitled to regarding data protection.
1. Who is responsible for data processing and who is your contact person?
Responsible for the data processing is:
ICBC Austria Bank GmbH
1090 Vienna, Austria
Our corporate data protection officer can be reached at:
ICBC Austria Bank GmbH
Data Protection Officer
1090 Vienna, Austria
Email address: email@example.com
2. Which data is processed by us and what are the sources for this data?
We process personal data that we receive from you in the context of the customer relationship. The customer relationship begins with the initiation of a contract and includes the fulfilment and completion of the contract. We also process data that we obtained permissibly from publicly available sources (e.g. commercial register).
When you visit our website we collect data by means of cookies. On the one hand these are so-called "session cookies", which are deleted after leaving the website, and on the other hand, there are cookies that are also stored on your device. In this case the browser settings and the anonymized IP-address are saved. This cookie allows us to recognize your browser on your next visit.
Personal data that we process includes for example:
first and last name, address, date and place of birth, nationality, occupational information, phone numbers, email address, bank account information, information on personal income, information on personal wealth, marital status, tax number, data from identification documents, login data, customer number, etc.
3. For what purposes and on what legal basis do we process the data?
- To fulfil contractual obligations (Art. 6 (1) lit b) GDPR):
We process personal data (Art. 4 No. 2 GDPR) in order to provide our services under the deposit contract and other relevant required activities. Precontractual information that you provide as part of the registration process is also included.
- To meet legal obligations (Art. 6 (1) lit c) GDPR):
We may process personal data for the purpose of fulfilling various legal obligations, e.g. due to taxation law etc.
Under the Financial Markets Anti-Money Laundering Act, we are required to identify you using your identification documents before entering into any business relationship. In doing so, we are collecting records of e.g. name, place and date of birth, your nationality, address and identity card information.
- Within the framework of your consent (Art. 6 (1) lit a) GDPR):
In case you give us consent for the processing of your personal data for specific purposes, we process data in accordance with the purposes and to the extent defined in the declaration of consent. You have the right to revoke your consent at any time with effect for the future.
- To protect legitimate interests (Art. 6 (1) lit f) GDPR):
It is possible - as result of a balancing of interests - that in favor of ICBC or third parties ICBC or a third party process data beyond the actual fulfilment of the contract to protect legitimate interests of ICBC or third parties. Such processing includes:
Testing and optimization of requirements analysis and direct customer approach;
Measures to manage the business, to improve services and to recover customers;
Advertising or market and opinion research, unless you have not objected to this kind of usage of your personal data according to Art. 21 GDPR.
4. Who receives my personal data?
- Within ICBC those departments and employees process your personal data, which need the data to fulfil the contractual obligations, legal obligations or legitimate interests.
- In addition, data processors (e.g. external IT service providers) and distribution partners contracted by us, process your personal data if they need the data to perform their respective services. All data processors and distribution partners have a contractual obligation to treat your data as confidential and to process the data only within the framework of the provision of their services to us.
- Based on the fulfilment of legal obligations ICBC may be obliged under certain circumstances to forward data to public bodies and institutions.
- Other persons may receive your data if you have given your consent for the transmission of data to such persons.
5. Does ICBC transmit my data to a third country or an international organization?
- As a rule, your personal data will not be transmitted international organization. In any case such transmission only occurs as part of a data processing agreement, an express consent by you or based on a legal obligation and taking into account legal restrictions.
- ICBC is processing all data in the central datacenters of Industrial and Commercial Bank of China ltd. in Beijing and Shanghai. This data processing is performed under the Contractual Standard Clauses of the European Commission and the data processors are strictly bound to banking secrecy and confidentiality.
6. How long will my data be stored?
- ICBC stores your personal data no longer than absolutely necessary. In order to fulfil the contract, we store the data for the duration of the entire customer relationship.
- Based on legal retention and documentation requirements ICBC can store data beyond the customer relationship. These can derive for example from the Austrian Commercial Code (Unternehmensgesetzbuch, UGB) and the Austrian Tax Code (Bundesabgabenordnung, BAO). We take in to account the statutes of limitation regarding storage. The Civil Code (Allgemeines bürgerliches Gesetzbuch, ABGB) provides for a general limitation period of 3 years and in certain cases even 30 years.
- Retention of data may also be required for regulatory purposes (up to five years) or to enforce legitimate interests of ICBC (evidence in litigation).
7. Which privacy rights do I have?
- Right of information (Art. 15 GDPR):
Your right of information includes that you can request from ICBC a confirmation whether we process personal data from you. If so, you have the right to get information about this data and further information about how we process the data.
- Right of rectification (Art. 16 GDPR):
If your information is not correct (anymore), you have the right to claim the rectification of incorrect personal data by us.
- Right of erasure (Art. 17 GDPR):
You have the right to call for an immediate erasure of your data by us if any of the following applies:
- The keeping of the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You have revoked your consent and there is no other legal basis for processing.
- Your personal data has been processed without good reason. o Your personal data must be deleted to meet legal requirements.
- Right of restrict processing (Art. 18 GDPR):
The right to restrict processing includes that you can require limited data processing if any of the following applies:
- The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
- The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead.
- ICBC no longer needs the personal data for the purposes of the processing, but it is kept for the establishment, exercise or defense of legal claims.
- You have objected to the processing and the verification whether the legitimate grounds of ICBC override those stated by you is still pending.
- Right to object (Art. 21 GDPR):
If data processing takes place on the basis of a legitimate interest or of the public interest, you have the right to object to this data processing. Detailed information on your right of objection can be found at the end of this section.
- Right of data portability (Art. 20 GDPR): Y
ou have the right to receive your personal data provided to us in a portable format and ask us to transmit such data to another controller.
- Right to complain:
In case you believe that we process your data against national or European data protection law, we kindly ask you to contact us, to find a satisfying solution together. In addition, you have the right to complain at the respective data protection supervisory authority.
- Revocation of consent for data processing:
A consent to the processing of personal data can be revoked at any time without any form requirements. This also applies with regard to the withdrawal of declarations of consent issued to us prior to the application of the GDRP, i.e. before 25 May 2018. We would like to point out that any revocation only applies for any future engagements.
8. Am I required to provide personal data?
- In the context of the customer relationship, you must provide the personal data necessary for the initiation and fulfilment of the costumer relationship. Also, you must provide us with personal data necessary for the fulfilment of legal obligations.
- Should you disagree with the provision of these required personal data, we are not in a position to conclude or execute a contract with you.
9. Does ICBC use automated decision making (including profiling)?
- ICBC does not use automated decision making in the sense of Art. 22 GDPR as part of the business relationship. ICBC processes your data partially automated to evaluate certain personal aspects (profiling) and to be able to provide the best possible service to you. In order to inform you about products in a targeted manner, we use evaluation tools that enable us to communicate and advertise on demand.
- We process your data partially automated with the aim of analyzing and evaluating certain aspects within the framework of the legal and regulatory requirements for combating money laundering, terrorist financing and other asset risks.
10. Adjustment of this customer information on data protection
If necessary, this data protection information will be adjusted. The latest version of this information is made available on our website www.icbc-at.com.
Information of your right to object pursuant to Art. 21 of the EU General Data Protection Regulation (GDPR)
- Individual case-related right of objection
You have the right, for reasons arising out of your particular situation, to object at any time against the processing of your personal data, which is based on the Art. 6 (1) lit e) GDPR (data processing in the public interest) and Art. 6 (1) lit f) GDPR (data processing on the basis of a balance of interests); this also applies to proﬁling within the meaning of Art. 4 (4) GDPR.
In case you object, we will no longer process your personal data, unless we can prove compelling reasons for the processing that outweigh your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims.
- Right of objection against processing of data for direct advertising
In individual cases we process your personal data in order to operate direct advertising. You have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising; this also applies to proﬁling, as far as it is related to such direct advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
Your objection can be communicated informally. We kindly ask you to communicate via email to our data protection officer: firstname.lastname@example.org.