We process your personal data in accordance with data protection regulations:
- for the fulfilment of contractual obligations (Section 6 Para. 1b DSGVO [Datenschutz Grundverordnung (General Data Protection Regulation (GDPR)]):
The processing of personal data (Art. 4 No. 2 of GDPR) is carried out for the provision and arrangement of banking,financial services and insurance, leasing and real estate business, in particular for the execution of our contracts with you and the execution of your orders and all activities required for the operation and management of a credit and financial services institution.
The purposes of data processing are based primarily on the specific product (such as account, credit, building society savings, securities, deposits, brokerage) and include, among other things:
- Needs analyses
- The provision of advice
- Asset management and support
- The execution of transactions
The specific details for the purpose of data processing can be found in the respective contract documents and terms and conditions.
- to comply with legal obligations (Section 6 Para 1c GDPR)
Certain statutory obligations, which UniCredit Bank Austria AG is subject to, may require the processing of personal data. Such obligations may arise from the provisions of the following laws:
- Austrian Banking Act (BWG [Bankwesengesetz])
- Austrian Financial Markets Money Laundering Act (FM-GwG [Finanzmarkt-Geldwäschegesetz])
- Austrian Securities Supervision Act (WAG [Wertpapieraufsichtsgesetz])
- Austrian Stock Exchange Act (BörseG [Börsengesetz]), etc.
Compliance with regulatory requirements may also be necessary, for example in relation to:
- the European Central Bank
- the European banking regulator
- the Austrian Financial Market Authority (FMA), etc.
Examples of such cases:
- Reports to the financial intelligence units in certain suspicious cases (§ 16 FM-GwG)
- Providing information to the FMA according to the WAG and the BörseG, for example, to monitor compliance with the rules on market abuse of insider information
- Providing information to financial crime authorities in the context of financial criminal proceedings due to wilful financial offence
- Providing information to federal tax authorities in accordance with § 8 of the Account Register and Account Entry Act
- within the scope of your consent (Section 6 Para. 1a GDPR):
If you have granted us consent to process your personal data, processing will only take place in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Any consent given may be revoked at any time with future effect (for example, you may object to the processing of your personal data for marketing and advertising purposes if you no longer consent to processing in the future).
- to safeguard legitimate interests (Section 6 Para. 1f GDPR):
If necessary, within the framework of balancing of interests of UniCredit Bank Austria AG or a third party, data may be processed, by us or by third parties, beyond the actual fulfilment of the contract, in order to safeguard legitimate interests. In the following cases, data are processed to safeguard legitimate interests:
- Consultation of and data exchange with credit agencies (e.g. Austrian Credit Protection Association1870) for the identification of credit risks and default risks
- Review and optimisation of needs analysis and direct customer approach procedures
- Advertising or market and opinion research, provided that you have not objected to the use of your data in accordance with Art. 21 of the GDPR
- Video surveillance for collecting proof in case of offences or evidence of transactions and deposits (e.g. at ATMs); these especially serve to protect the customers and employees
- Telephone records (such as in the event of complaints)
- Measures for business management and further development of services and products
- Measures for protecting employees and customers and the property of the bank
- Measures for the prevention and combating of fraud (Fraud Transaction Monitoring)
- In the framework of prosecution