We process your personal data in accordance with data protection regulations:
- for the fulfilment of contractual obligations (Section 6 Para. 1b DSGVO [Datenschutz Grundverordnung (General Data Protection Regulation (GDPR)]):
The processing of your data (personal data, Section 4 (2) GDPR is necessary to handle banking transactions, provide financial services and to process insurance, leasing and property transactions with you. We also require this data for the implementation of contracts we have concluded with you. As well as for executing your orders. In addition, we process personal data as part of the activities we must carry out to maintain the ongoing operation and administration of a credit and financial services institution.
The purposes of data processing are based primarily on the specific product (such as account, credit, building society services, securities, deposits, procurements) and include, among other things:
- Needs analyses
- Advisory services
- Wealth management and consulting
- Processing of transactions
The specific details for the purpose of data processing can be found in the respective contract documents and terms and conditions.
- to comply with legal obligations (Section 6 Para 1c GDPR)
Certain statutory obligations, which UniCredit Bank Austria AG is subject to, may require the processing of personal data. Such obligations may arise from the provisions of the following laws:
- Austrian Banking Act
- Austrian Financial Markets Money Laundering Act
- Austrian Securities Supervision Act (SSA)
- Austrian Stock Exchange Act
Compliance with regulatory requirements may also be necessary, for example in relation to:
- the European Central Bank
- the European banking regulator
- the Austrian Financial Market Authority (FMA), etc.
Examples of such cases:
- Providing reports to the money laundering unit in certain suspicious cases (Section 16 FM-GwG [Finanzmärkte Geldwäsche Gesetz (Financial Markets Money Laundering Act (FMMLA))]
- Providing information to the FMA in accordance with the SSA and the Stock Exchange Act, for example, to monitor compliance with the rules on market abuse with insider information
- Providing information to financial crime prosecutors in the context of financial crime proceedings for a deliberate financial offence
- Providing information to federal tax authorities in accordance with Section 8 of the Account Register and Account Entry Act.
- within the scope of your consent (Section 6 Para. 1a GDPR):
If you have granted us consent to process your personal data, processing will only take place in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Any consent given may be revoked at any time with future effect (for example, you may object to the processing of your personal data for marketing and promotional purposes if you no longer consent to processing in the future).
- to safeguard legitimate interests (Section 6 Para. 1f GDPR):
Should it become necessary to process your data over and above the terms stipulated in the contract in order to safeguard the legitimate interests of UniCredit Bank Austria AG or a third party, then such processing can be carried out in the following cases:
- Consultation of and data exchange with credit agencies (such as the Austrian Credit Protection Association 1870) for the identification of credit and default risks;
- Review and optimisation of needs analysis and direct customer approach procedures
- Advertising or market and opinion research, provided that you have not objected to the use of your data pursuant to Section 21 GDPR
- Video surveillance for collecting evidence of criminal offences, or to provide evidence of transactions and deposits (e.g., at ATMs); these especially serve to protect customers and employees
- Telephone records (such as in the event of complaints)
- Measures relating to business management and the enhancement of services and products
- Measures for protecting employees and customers, as well as the property of the bank
- Measures for the prevention and combating of fraud (Fraud Transaction Monitoring)
- In the course of legal proceedings