Güvenlik Politikası


Gizlilik politikamız bizim için son derece önemlidir. Gizlilik politikası bölümümüzde, konuyla ilgili tüm temel bilgileri bulabilirsiniz
DenizBank AG, kişisel verilerinizin işlenmesinde şeffaflık, güvenlik ve bütünlük sunar. Verilerinizi azami özenle işlemeyi ve herhangi bir kötü kullanıma karşı korumayı taahhüt eder. AB'nin 25 Mayıs 2018 tarihinde yürürlüğe girmiş olan Genel Veri Koruma Yönetmeliği ve 2018 tarihli Veri Koruma Uyum Yasası nedeniyle, kişisel verilerin işlenmesine ilişkin mevcut yasal düzenlemelere ek olarak özel hükümler uygulanacaktır.

Aşağıda kişisel verilerinizin işlenmesine ilişkin genel detayları ve web sitemizi ziyaret ettiğinizde hangi verilerin toplandığını ve bunların nasıl kullanıldığına dair bilgileri bulabilirsiniz. Ayrıca, Kişisel Verilerin Korunması Kanunu kapsamındaki haklarınız hakkında bilgi edinebilirsiniz.

Bu bilgileri mevcut ve gelecekteki yetkili temsilcilerin yanı sıra tüm müşterek borçlularla paylaşmanızı rica ederiz.

Gizlilik bildirimlerimiz (Genel Veri Koruma Yönetmeliği'nin 13. ve 14. maddeleri uyarınca) size ayrıntılı bilgi sunmaktadır. Gizlilik bildirimlerimizi basılı olarak almak isterseniz bize bir talep gönderebilirsiniz.

Gizlilik politikamıza buradan ulaşabilirsiniz (İngilizce):

General information

Data protection and data security are very important to us. We would therefore like to take this opportunity to inform you which personal data we collect in the course of the business relationship or its initiation and for what purposes it is processed.
As changes to the law or changes to our internal company processes may make it necessary to adapt this privacy policy, we ask you to read this privacy policy regularly. The privacy policy can be viewed at any time at https://www.denizbank.at/en/customer-service/data-protection
Should significant changes to this privacy policy be necessary, we will of course inform you directly.

Controller

The controller within the meaning of the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:
Thomas-Klestil-Platz 1
A-1030 Vienna
Austria
Tel: +43 (0) 505-105 2000
ContactCenter@denizbank.at
www.denizbank.at

Data Protection Officer

The data protection officer of the controller is:
Andreas Waberer
Thomas-Klestil-Platz 1
A-1030 Wien
datenschutz@denizbank.at
If data subject rights within the meaning of point (8) of this privacy policy (e.g. right of access, right to erasure, etc.) are asserted, these requests or applications can be sent to ContactCenter@denizbank.at or by post to Thomas-Klestil-Platz 1, 1030 Vienna, Austria.
If you have any concerns about data protection, you are also welcome to contact our data protection officer at datenschutz@denizbank.at at any time.

What is personal data?

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior. Information for which we cannot (or can only with disproportionate effort) establish a reference to a natural person, e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis or your consent.

General information on data processing

Scope and purpose of data processing

We process personal data that we have received as part of the business relationship from customers, potential customers, interested parties or persons authorized to represent them. This may be data of the customers themselves or data of authorized representatives, authorized signatories or, in the case of legal entities, data of authorized representatives and beneficial owners.
We collect and use personal data only to the extent necessary to provide our services and functional products and websites. We use personal data to provide the information, products and services we offer, to respond to inquiries, to operate and improve our websites and applications, for advertising purposes and, where necessary, to defend against or assert legal claims or to comply with legal obligations to which we are subject.
The collection and use of personal data only takes place on basis of the corresponding legal basis within the meaning of the GDPR. Further details on the individual legal bases can be found under point (6) of this privacy policy for the respective processing.

Legal basis

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which DenizBank AG is subject to, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of DenizBank AG or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

Retention period and erasure of data

The personal data of the data subject will be erased as soon as the purpose of storage no longer applies. Data may also be stored if it is required by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. In this case, the data will be erased when a retention period expires, unless there is a need for further storage of the data, for example due to legitimate interest, or if the processing of a contract or legal disputes make further processing necessary.

Data processing

Banking

Scope and purpose of data processing

We collect and use personal data only insofar as it is necessary for the provision of banking products, the brokerage of insurance and banking products, in the context of the execution of contracts or for the execution of pre-contractual measures that are carried out on request of data subjects, as well as for the execution of all activities required for the operation and administration of a credit institution, as well as for the settlement of the business relationship. For specific details on the purpose of data processing, please refer to the relevant contractual documents and terms and conditions. In addition, we process personal data that we receive from other third parties in a permissible manner (e.g. for the execution of orders, for the fulfillment of contracts, on the basis of legitimate interest or on the basis of a given consent), insofar as this is necessary for the provision of our services. In addition, we process personal data that we have legitimately obtained from publicly accessible sources (e.g. land registers, company registers, registers of associations, press, media, Internet) and are permitted to process. The data required for the provision of our services includes, in particular, the following data of customers, authorized representatives, authorized signatories, adult representatives, authorized representatives, beneficial owners, etc:
  • Master data such as name, date of birth, address, nationality, country of birth, marital status, etc.
  • Contact information such as delivery addresses, e-mail addresses, telephone numbers
  • Occupational data such as profession, industry, income
  • Information in connection with the Financial Markets Anti-Money Laundering Act (FM-GwG):
    • Proof of identity (type, ID number, date of issue and end date, issuing authority)
    • Information in accordance with FATCA (US citizenship, green card, place of birth in the USA)
    • Information as to whether the account investor is a politically exposed person, is related to a politically exposed person or is closely affiliated to a politically exposed person
    • Information according to the “Know Your Customer” principle (e.g. customer profile, purpose and type of business relationship, proof of origin of funds)
  • Transaction data such as volumes, payment orders, account movements, securities purchases, etc.
  • Data on accounts and products such as IBAN, debit card data, securities account no. etc.
  • Contractual documents
  • Personal relationships (e.g. relationships between customers or to the customer or powers of representation)
  • Data for the fulfillment of legal or regulatory requirements
  • Tax-relevant data (e.g. tax ID, CRS status)
  • Correspondence (e.g. letters, E-Mails, meeting notes)
  • Data on creditworthiness
The purposes of data processing include the handling of the business relationship (including the provision of online banking access via browser or app), creditworthiness checks, identity checks and verification of identity, measures to prevent fraud and money laundering, compliance with regulations on market abuse and insider information, the fulfillment of tax and reporting obligations as well as the assessment and management of risks such as credit risks, liquidity risks and operational risks in the bank and in the parent company.

Legal basis

Since the processing of the above-mentioned data is necessary in order to be able to offer the respective products, Art. 6 para. 1 lit. b GDPR serves as the legal basis. The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Furthermore, we are subject to strict regulatory requirements that oblige us to process data. Art. 6 para. 1 lit. c GDPR serves as the legal basis for this type of processing (processing is necessary for compliance with a legal obligation to which the controller is subject). This includes processing for the purpose of risk management, the prevention of insider trading, market manipulation and conflicts of interest as well as measures to combat money laundering and terrorism. The legal obligations arise in particular from the Austrian Banking Act, the Financial Markets Anti-Money Laundering Act, the Securities Supervision Act, the Payment Services Act, tax laws and banking supervisory regulations (e.g. the European Central Bank, the European Banking Authority, the Austrian National Bank and the Financial Market Authority).
In addition, data may also be processed on the basis of Article 6(1)(f) GDPR (they serve a legitimate interest of DenizBank AG). This includes, for example, creditworthiness checks, the assessment and management of risks such as credit risks, liquidity risks and operational risks (together with the parent company) as well as contacting the customer via the communication channels known to DenizBank AG for the collection of outstanding claims or generally in the course of the restructuring or settlement of a contract.

Retention period and erasure of data

The personal data provided will only be processed and stored for as long as it is necessary for the fulfilment of the aforementioned purposes, in any case for the duration of the entire business relationship, as well as beyond that in accordance with the regulatory or statutory retention periods, the statutory warranty periods or contractually agreed guarantee periods or if another legally regulated reason or the settlement of the contractual relationship or legal disputes justifies the storage in individual cases.
Data will be erased after the purpose has been fulfilled and after the expiry of applicable statutory retention obligations or after the expiry of statutory warranty periods or contractually agreed guarantee periods, but not before the end of any legal disputes in which the data is required as evidence.
The main retention and documentation obligations for a credit institution arise, among other things, from the following statutory provisions:
  • Austrian Fiscal Code § 132 BAO (7 years or for the duration of tax proceedings);
  • Financial Market Anti-Money Laundering Act § 21 FM-GwG (10 years from the end of the business relationship).
  • Austrian Commercial Code § 212 UGB (7 years)
An overview of the statutory retention obligations applicable in Austria can be found here:
https://www.wko.at/datenschutz/eu-dsgvo-speicher-und-aufbewahrungsfristen

Profiling and automated decision-making

Scope and purpose of data processing

Data is processed for the purpose of evaluating certain personal aspects. We use profiling in the following cases in particular:
Due to legal and regulatory requirements, we are obliged to prevent money laundering and the financing of terrorism (“AML”) as well as to combat fraud (fraud prevention). For this purpose, customer details, payment details and transactions are analyzed, whereby certain personal data is used to check whether a transaction could be fraudulent or AML-relevant or whether other AML-relevant anomalies can be identified. Based on the result of the check, a transaction may have to be rejected or a payment instrument blocked or the application for the issuing or opening of a product may be rejected. These measures also serve to protect you.
When granting a loan, your creditworthiness (credit check) may be assessed using a scoring system based on a mathematically and statistically recognized and proven procedure. Statistical comparison groups are used to calculate the default risk or the probability that a customer will meet their payment obligations in accordance with the contract. The following data, among others, can be used to calculate this score:
  • Master data (e.g. marital status, number of children, profession, employer, length of employment)
  • Financial circumstances (e.g. income, assets, expenses, existing liabilities, collateral)
  • Payment behavior and experiences from the previous business relationship (e.g. credit history, dunning letters, ordinary business relationship)
  • Information about your payment history that we have received from credit agencies
  • Information on your payment behavior that you have provided to us in the course of onboarding or the ongoing business relationship or in another way (e.g. account statements, account history or other proof of creditworthiness)
The credit check (scoring) and the assessment of credit behavior and a high level of loans can be used as part of the assessment of creditworthiness. This involves an assessment of whether the customer is currently and will continue to meet their payment obligations under a contract. This enables us to make responsible credit decisions that are fair and well-founded. The scoring is based on a mathematically and statistically recognized procedure. The calculated values help us to decide when someone wants to purchase a product. They are also used in the ongoing management of credit and general default risk.
In the course of initiating the business relationship and subsequently also in the course of the ongoing business relationship, you may also be subject to a decision based solely on automated processing - including profiling - within the meaning of Art. 22 GDPR. In particular, the following automated decisions may be made
  • Decision on the acceptance or rejection of an application to open a business relationship (credit check, AML reasons, fraud prevention)
  • The decision on the amount of a loan granted
  • The decision to carry out transactions or to block a payment instrument for reasons of creditworthiness, AML or fraud
If you are subject to a decision based solely on automated processing - including profiling - in accordance with Art. 22 GDPR, you have the right to request a review of the decision by an employee of DenizBank AG in accordance with Art. 22 para. 3 GDPR. To do so, you can contact ContactCenter@denizbank.at and explain your point of view as to why a different decision should have been made.

Legal basis

Art. 6 para. 1 lit. f GDPR serves as the legal basis for the aforementioned data processing for fraud prevention and credit checks. They serve a legitimate interest. Data processing to combat fraud and to check creditworthiness also serves to fulfill legal obligations to check creditworthiness, in particular under the Consumer Credit Act (§§ 7 f VKrG) and the Mortgage and Real Estate Credit Act (§ 9 ff HIKrG) and to combat fraud, in particular under the Banking Act, due to European legal requirements and the Financial Market Anti-Money Laundering Act, especially since fraud is one of the most common predicate offenses for money laundering (e.g. § 39 para. 2 BWG, § 5 ff FM-GwG; see e.g. FMA Circular Risk Analysis 03/2022, p.10 ) (Art 6 para 1 lit c GDPR).
Article 6 para. 1 lit. c GDPR serves as the legal basis for the aforementioned AML-relevant data processing, which arises in particular from the FM-GwG (Section 5 et seq. FM-GwG). They are required to fulfill a legal obligation.
In addition, Art. 22 para. 2 lit. a GDPR (necessary for the conclusion or performance of a contract between the data subject and the controller) serves as the basis for automated decision-making.

Retention period

The personal data provided will only be processed and stored for as long as it is necessary for the fulfilment of the aforementioned purposes, in any case for the duration of the entire business relationship, as well as beyond that in accordance with the regulatory or statutory retention periods, the statutory warranty periods or contractually agreed guarantee periods or if another legal reason or the settlement of the contractual relationship or legal disputes justifies the storage in individual cases.
Data will be erased after the purpose has been fulfilled and after the expiry of applicable statutory retention obligations and after the expiry of statutory warranty periods or contractually agreed guarantee periods, but not before the end of any legal disputes in which the data is required as evidence.
The main retention and documentation obligations for a credit institution arise, among other things, from the following statutory provisions:
  • Austrian Fiscal Code § 132 BAO (7 years or for the duration of tax proceedings);
  • Financial Market Anti-Money Laundering Act § 21 FM-GwG (10 years from the end of the business relationship).
  • Austrian Commercial Code § 212 UGB (7 years)
An overview of the statutory retention obligations applicable in Austria can be found here:
https://www.wko.at/datenschutz/eu-dsgvo-speicher-und-aufbewahrungsfristen

Video recordings

Scope and purpose of data processing

As a credit institution, DenizBank AG is exposed to an increased risk potential with regards to possible criminal offenses that could be committed against DenizBank AG. For this reason, it is necessary to monitor the buildings and branches of DenizBank AG by video recording in order to protect our employees, our customers, our business premises and to prevent fraud and criminal offenses in general. This affects the interior as well as the immediate exterior area around the buildings, branches or ATMs of DenizBank AG.

Legal basis

Art. 6 para. 1 lit. f GDPR serves as the legal basis for the aforementioned data processing in the context of video recordings. They serve a legitimate interest of DenizBank AG.

Retention period

Video recordings of indoor areas (branches and head office) are deleted after a maximum of 30 days. Retention for 30 days is necessary as this is the only way to ensure that any criminal offenses can be investigated.
Video recordings that cover the outdoor area and thus, to a lesser extent, public areas, are deleted after 72 hours at the latest.

Audio recordings (telephone conversations)

Scope and purpose of data processing

DenizBank AG records all telephone conversations that are subject to the Securities Supervision Act (WAG) (e.g. concerning transactions in connection with financial instruments such as securities, futures contracts, swaps, forward transactions, derivative contracts, etc.) for documentation purposes and to fulfill regulatory obligations. Furthermore, all other telephone conversations with employees of the Priority Banking departments are also recorded, as these conversations may contain WAG-relevant facts and the client may also place orders in such conversations. You will be expressly informed of the recording at the beginning of such a call.
If telephone orders were also placed with DenizBank in the course of a recorded telephone call, these recordings may subsequently be processed for the purpose of ensuring that an order is executed correctly.
Furthermore, DenizBank AG may record telephone calls with the Customer Care Center for quality assurance and documentation purposes. Such recording will only take place if you expressly consent to it. You will be asked for your consent at the beginning of the respective telephone call.

Legal basis

Art. 6 para. 1 lit c GDPR, § 33 WAG 2018 and Art. 76 of the DelReg (EU) 2017/565 serve as the legal basis for the recording of telephone calls, which are subject to the WAG. They are required to fulfill a legal obligation. Furthermore, for the recording of telephone calls with the Priority Banking departments or for parts of telephone calls with the Priority Banking department that do not have any direct WAG-relevant content, Art. 6 para. 1 lit. f GDPR serves as the legal basis. They serve a legitimate interest of DenizBank AG, as DenizBank AG must be able to prove to its supervisory authorities at any time that the provisions of the WAG are being complied with. However, this proof is only possible to the extent required if all telephone calls made by the departments relevant to the WAG are recorded in full.
Processing to ensure that an order is executed correctly is based on DenizBank's legitimate interest in ensuring the proper execution of orders. Art. 6 para. 1 lit. A GDPR serves as the legal basis for the recording of telephone calls by the Customer Care Center (consent of the data subject).

Retention period

There is a statutory retention period of up to 7 years for recordings of telephone calls that are subject to the WAG. A copy of the recording of such telephone conversations with customers is available on request for a period of five years and, if requested by a competent authority, for a period of up to seven years (free of charge). Recordings are automatically deleted at the end of the retention period unless there are specific reasons that make longer processing necessary. The retention period generally applies to all telephone calls made by the Priority Banking departments.
Recordings of telephone calls with the Customer Care Center are stored for as long as consent is not revoked, but for a maximum of 7 years.

Marketing / Newsletter

Scope and purpose of data processing

DenizBank AG may also process your data for its own advertising purposes, whereby we will never pass on your data to third parties for advertising purposes without your consent. This does not apply to processors (service providers) which we use to fulfill the processing purposes listed here and which are contractually obliged to process data only for the purposes specified by us. The advertising purposes are limited to products of DenizBank AG and products of cooperation partners of DenizBank AG (e.g. insurance or loan brokerage). The aim of this processing is to be able to offer suitable products (e.g. by post or personal contact) as part of good customer service. For this purpose, we may process data relating to the business relationship (e.g. existing products) and address data.
Contact data will not be used for promotional calls or promotional electronic mail unless consent has been given to the use of personal data for promotional calls and promotional electronic mail.

Legal basis

The legal basis for general data processing for advertising purposes is Article 6(1)(f) GDPR. They serve a legitimate interest of DenizBank AG.
Art. 6 para. 1 lit. A GDPR serves as the legal basis for marketing by telephone or electronic mail (consent of the data subject).

Retention period

For advertising purposes, we only process data that is already collected due to an existing contractual relationship and which therefore must be processed for reasons already stated in this privacy policy (e.g. to fulfill a contract or due to a legal obligation). Erasure can therefore only take place after expiry of the respective retention periods listed above.
However, regardless of other retention periods, processing for advertising purposes will only take place during an active business relationship and only as long as you have not objected to the processing or withdrawn your consent.
You can object to the processing at any time, e.g. by e-mail to ContactCenter@denizbank.at or by post to Thomas-Klestil-Platz 1, 1030 Vienna, Austria, and you can also revoke or change your consent in the DenizBank AG app or via your online banking access in the settings.

Brokerage activities

Scope and purpose of data processing

DenizBank AG also brokers products such as insurance contracts, loans, building savings contracts and leasing contracts. In the course of the brokerage, DenizBank AG collects the personal data necessary for the conclusion of the respective contract and forwards this data to the respective company offering the brokered product (cooperation partner). Subsequently, the personal data transmitted will be processed by the respective cooperation partner as an independent controller. The relevant data protection information will be made available to you separately.
In addition to the brokerage and transfer of personal data to the cooperation partner, DenizBank AG also processes data for the purpose of billing the cooperation partner for the brokerage activity.

Legal basis

Since the processing of the above-mentioned data is necessary in order to be able to provide you with the respective products, Art. 6 para. 1 lit. b GDPR serves as the legal basis. The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing for the purpose of billing with the cooperation partner. It serves a legitimate interest of DenizBank AG.

Retention period

The data transmitted to the cooperation partner will only be processed and stored for as long as it is necessary for the fulfillment of the aforementioned purposes. The personal data required for billing will only be processed and stored for as long as it is necessary for the fulfillment of the aforementioned purposes, but in any case for the duration of the relevant legal retention periods. The retention periods are derived from
  • Austrian Fiscal Code § 132 BAO
    (7 years or for the duration of tax proceedings);
  • Austrian Commercial Code § 212 UGB
    (7 years)

Datatransfer to third parties

General

We only pass on personal data to third parties if:
  • express consent has been given in accordance with Art. 6 para. 1 lit. a GDPR
  • this is legally permissible and necessary for the fulfillment of a contractual relationship pursuant to Art. 6 para. 1 lit. b GDPR
  • there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 lit. c GDPR
  • pursuant to Art. 6 para. 1 lit. f GDPR the disclosure is necessary to pursue legitimate company interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that the data subject has an overriding interest worthy of protection in not disclosing the data.
Within the Bank, departments or employees have only access to data they need to fulfill our contractual, legal and regulatory obligations and legitimate interests. Furthermore, personal data may also be transferred to Processors (service providers), provided that they comply with the data protection requirements specified in writing within our data processing agreements and undertake to maintain confidentiality. If we commission a processor, we nevertheless remain responsible for the protection of the data.
With regard to the transfer of data to recipients outside the bank, we would like to point out that as a bank we are obliged to maintain confidentiality regarding all customer-related information that has been entrusted or made accessible to us as a result of the business relationship (banking secrecy pursuant to Section 38 Austrian Banking Act). We may only disclose information regarding customers if this is required by law or regulatory provisions or if customers have given their consent or have released us from banking secrecy in writing in advance. Public bodies and institutions (e.g. financial market supervisory authorities, European banking supervisory authorities) may be recipients of data within the scope of regulatory or legal obligations.

Kreditschutzverband von 1870 (KSV)

Mastercard

In the course of issuing debit cards, we must also pass on data to the international card organization “Mastercard” (Mastercard International Incorporated, Mastercard Europe SA) and it may also be necessary (e.g. to process complaints) for data to be passed on to licensees and acceptance partners associated with Mastercard.
The transfer is required in accordance with Art. 6 para. 1 lit. b GDPR to fulfill the contractual relationship with you. Further information on data processing by Mastercard can be found at

Other third parties

If and insofar as it is required for the aforementioned purposes, we will also transfer your personal data to the extent necessary to the following recipients or categories of recipients:
  • Parent company
  • Financial institutions, banks, payment service providers
  • Austrian National Bank
  • Ministry of Finance
  • Administrative authorities, courts and public corporations
  • External legal representatives, notaries, tax consultants, auditors and accountants
  • US tax authorities
  • Creditor protection associations
  • IT service providers
  • Other service providers and cooperation partners
  • Debt collection agencies for debt recovery
  • Cooperation partners in the course of brokerage activities

Third country transfer

Some of the recipients mentioned above may be located outside Austria or outside the European Union or process personal data outside Austria or outside the European Union. The level of data protection in these countries may not correspond to that of Austria or the member states of the European Union. In this context, we may point out that we only use processors outside the European Union if an adequacy decision has been issued by the European Commission for the third country in question, if we have agreed suitable guarantees (e.g. current standard contractual clauses), if suitable guarantees are in place, e.g. binding corporate rules or if express consent has been given. In such cases, we take all measures to ensure that all recipients offer an appropriate level of data protection.

Data subject rights

Right of access

In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, about a transfer to third countries or to international organizations and about the existence of automated decision-making including profiling and, if applicable, information about its details.

Right to rectification

In accordance with Art. 16 GDPR, you can request the immediate correction of incorrect or the completion of your personal data stored by us.

Right to erasure (‘right to be forgotten’)

In accordance with Art. 17 GDPR, you can request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

Right to restriction of processing

In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, we no longer need the data and you refuse erasure because you need it to assert, exercise or defend legal claims. You also have the right under Art. 18 GDPR if you have objected to the processing pursuant to Art. 21 GDP.

Right to data portability

In accordance with Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or you can request that it be transferred to another controller.

Right to lodge a complaint

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters. The supervisory authority responsible for the registered office of DenizBank AG is:
Österreichische Datenschutzbehörde
Barichgasse 40-42
A-1030 Wien
Tel: +43 1 52 152-0
dsb@dsb.gv.at

Withdrawal of consent

In accordance with Art. 7 para. 3 GDPR, you can withdraw your consent at any time. To do so, you can contact ContactCenter@denizbank.at. As a result, we will stop the relevant data processing.

Right to object

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR on grounds relating to your particular situation or if the objection is directed against direct marketing. In the case of direct marketing, you have a general right to object, which we will implement without you having to specify a particular situation. You can contact ContactCenter@denizbank.at for this purpose.

Right to obtain human intervention

If you are subject to a decision based solely on automated processing - including profiling - in accordance with Art. 22 para. 2 lit. a GDPR, you have the right to request a review of the decision by an employee of DenizBank AG in accordance with Art. 22 para. 3 GDPR. To do so, you can contact ContactCenter@denizbank.at and explain your point of view as to why a different decision should have been made.

Data security and security measures

We are committed to protecting your privacy and treating your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to the technological progress.

Çerez Politikası - Web sitemizi ziyaret ederken kişisel verilerin toplanmasına ilişkin bilgiler

Veri işleme faaliyetinin kapsamı

Web sitemizde çerezler kullanılmaktadır. Çerezler, web sitemizi ziyaretiniz sırasında tarafımızdan kişisel cihazınızın tarayıcısına gönderilen ve daha sonra orada saklanan küçük komut dosyalarıdır. Web sitemizin bazı işlevleri, teknik olarak gerekli çerezler kullanılmadan veya isteğe bağlı çerezler kullanılmadan sunulamaz. Diğer çerezler çeşitli analizler yapmamızı sağlar. Örneğin çerezler, web sitemizi tekrar ziyaret ettiğinizde kullandığınız tarayıcıyı tanıyabilir ve bize çeşitli bilgiler iletebilir. Çerezler sayesinde, örneğin web sitemizi kullanımınızı takip ederek ve tercih ettiğiniz ayarları (örneğin; ülke ve dil ayarları) belirleyerek web sitemizi sizin için daha kullanıcı dostu ve etkili hale getirebiliriz. Üçüncü taraflar çerezler aracılığıyla bilgi işliyorsa, bilgileri doğrudan tarayıcınız aracılığıyla toplarlar. Çerezler son cihazınıza herhangi bir zarar vermez. Programları çalıştıramazlar veya virüs içeremezler. Web sitemizde çeşitli çerez türleri kullanılmaktadır. Türleri ve işlevleri aşağıda ayrıntılı olarak açıklanmıştır:

Web sitemiz, tarayıcınızı kapattığınız anda otomatik olarak silinen geçici çerezler kullanır. Bu tür çerezler oturum kimliğinizin kaydedilmesini sağlar. Böylece, tarayıcınızın farklı istekleri ortak bir oturuma atanabilir ve bir oturum içindeki sonraki web sitesi ziyaretleri sırasında son cihazınızı tanıyabiliriz.

Web sitemizde kalıcı çerezler kullanılmaktadır. Kalıcı çerezler, tarayıcınızda daha uzun süre saklanan ve bize bilgi ileten çerezlerdir. İlgili saklama süresi, çerezlere bağlı olarak farklılık gösterir. Kalıcı çerezleri tarayıcı ayarlarınız üzerinden bağımsız olarak silebilirsiniz.

Temel Çerezler

Bu çerezler, web sitemizi ziyaret edebilmeniz ve tarafımızdan sunulan işlevleri kullanabilmeniz için teknik nedenlerle gereklidir, özellikle: dil ayarları, çevrimiçi formlarımızın kullanımı ve faturalama ortağı hizmetleri için ihtiyaç duyduğumuz bilgiler ve işleme amaçlarına yönelik onayınıza ilişkin ayarlarınızı saklamak için gerekmektedir.

İstatistiksel ve pazarlama çerezleri (isteğe bağlı çerezler)

İstatistiksel çerezler, web sitesi kullanımını analiz etmemizi ve web sitemizin performansını ve işlevselliğini geliştirmemizi sağlar. Örneğin, kullanıcıların web sitemizi nasıl kullandıkları, hangi sayfalara en sık erişildiği veya belirli sayfalarda hata mesajlarının görüntülenip görüntülenmediği hakkında bilgi toplanır. Buna ek olarak, bu çerezler web sitesinin güvenli ve uyumlu bir şekilde kullanılmasına katkıda bulunur.

Bunun yanı sıra, reklam ve pazarlama önlemlerimizin analizi için pazarlama çerezlerini kullanabiliriz. Aynı zamanda, size kişiselleştirilmiş reklamlar sunabilmek için kullanıcı davranışlarınızı izliyoruz. Pazarlama çerezlerini maksimum üç yıl süreyle veya daha önce onay geri alınana kadar işleriz. Bu tür bir onayın geri alınması, geri alınma zamanına kadar gerçekleştirilen işlemenin yasallığını etkilemez.

İsteğe bağlı çerezlerle bağlantılı olarak, web sitemizin sürekli optimizasyonunu ve özelleştirilmiş tasarımını sağlamak için izleme ve analiz araçları da kullanıyoruz. İzleme araçlarının yardımıyla, web sitemizin kullanıcılar tarafından kullanımını istatistiksel olarak kaydetmemiz ve elde edilen deneyimi kullanarak sizin için çevrimiçi hizmetlerimizi daha da geliştirmemiz de mümkündür.

Çerez Hizmetlerinin her birinin yanı sıra, izleme ve analiz araçları ile AB içindeki ve dışındaki ortak hizmetlerimiz hakkında ayrıntılı bilgi için lütfen Çerez Tercihleri‘ne bakın.

Çerez Tercihleri, çerezlerin ve izleme ve analiz araçlarının kullanımı ve AB dışına veri aktarımı için yasal dayanak

Çerez tercihlerinizi istediğiniz zaman Çerez Tercihleri'nden değiştirebilirsiniz.

İsteğe bağlı çerezleri ve ilgili izleme ve analiz araçlarını yalnızca sizin izniniz dahilinde kullanırız. Çerez Tercihleri üzerinden istediğiniz zaman onayınızı tamamen veya kısmen geri alabilirsiniz. İptal, halihazırda gerçekleştirilmiş olan işlemenin yasallığını etkilemez. Teknik olarak gerekli çerezleri ve ilgili verileri, bu web sitesinin düzgün işlevselliğini sağlamaya yönelik meşru menfaatimiz temelinde işliyoruz.

Yalnızca teknik olarak gerekli çerezlerin kullanılmasını kabul ederseniz, web sitemizin işlevselliği sınırlı olabilir.

Yukarıda bent a altında açıklanan işleme amaçları dikkate alındığında, temel çerezler kullanılarak kişisel verilerin işlenmesi için yasal dayanak “GDPR madde 6 (1) bent f” dır. Web sitesinde sunduğumuz bildirimlere ("Çerez Başlığı" veya Çerez Tercihleri) dayanarak isteğe bağlı çerezlerin ve izleme ve analiz araçlarının kullanılmasına izin verdiyseniz, kullanımın yasallığı madde 6 paragraf 1 bent a GDPR’ye dayanmaktadır.

Web sitemizin Türkiye'deki hizmet sağlayıcımız Intertech Bilgi İşlem ve Pazarlama Ticaret A.Ş. tarafından sunulduğunu lütfen dikkate alınız. Bu amaçla, ilgili teknik ve organizasyonel önlemlerle birlikte DSGVO madde 46 paragraf 2 bent c uyarınca Avrupa Komisyonu'nun standart sözleşme maddelerinin geçerli versiyonu şeklinde uygun koruma önlemleri uygulanmıştır.

Çerezlerle ilgili veri saklama süresi

Çerezler aracılığıyla bize iletilen veriler, yukarıda açıklanan amaçlara ulaşmak için artık gerekli olmadığında veya isteğe bağlı çerezler söz konusu olduğunda, tek tek veya tüm çerezlerin kullanımına ilişkin onayınızı iptal ettiğinizde veya reklam çerezleri söz konusu olduğunda, yukarıda belirtilen saklama süresi sona erdiğinde, ilgili veriler GDPR uyumlu silme süreleri içinde silinecektir. Yasaların gerektirmesi halinde münferit durumlarda daha uzun saklama süreleri uygulanabilir

Tarayıcı Yapılandırmaları

Çoğu tarayıcı varsayılan olarak çerezleri kabul edecek şekilde ayarlanmıştır. İlgili tarayıcınızı yalnızca belirli çerezleri kabul edecek veya hiç çerez kabul etmeyecek şekilde yapılandırabilirsiniz. Ancak, tarayıcı ayarlarınız web sitemizdeki çerezleri devre dışı bırakırsa, web sitemizin tüm işlevlerini artık kullanamayabileceğinizi lütfen unutmayın. Ayrıca tarayıcınızda halihazırda saklanan çerezleri tarayıcı ayarlarınız üzerinden silebilir veya saklama süresinin görüntülenmesini sağlayabilirsiniz. Ayrıca, tarayıcınızı çerezler kaydedilmeden önce sizi bilgilendirecek şekilde ayarlamanız mümkündür. Çeşitli tarayıcı türleri kendi işlevleri açısından farklılık gösterebileceğinden, yapılandırma seçenekleri için lütfen tarayıcınızın ilgili yardım menüsüne bakın.

Tarayıcınızdaki tüm üçüncü taraf erişimlerine kapsamlı bir genel bakış istiyorsanız, bu amaç için özel olarak geliştirilmiş eklentileri yüklemenizi öneririz.