✏️ Exciting News: Our website is getting a fresh new look - stay tuned! 💻

Book now

Data protection information

scroll down ancher

Thank you for your interest in our website and our company. Although we carefully check external links, we are not liable for the content and security of these external links.

We protect your personal data in the best possible way when collecting, processing and during your visit to our website. Your data is protected in accordance with the law. Below you will find explanations of the type of data collected when you visit our website and how this data is used.

Who is responsible for processing my personal data?

Responsible for the processing of your data is

FLiP GmbH
Gemeinnützige Gesellschaft zur Förderung finanzieller Bildung
Am Belvedere 1
1100 Vienna

Contact for data protection related inquiries:

Erste Social Finance GmbH
3532 3200
Am Belvedere 1
1100 Vienna

E-Mail: contact@erstesocialfinance.com

Competent supervisory authority for data protection matters:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna

Phone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
https://www.dsb.gv.at/

Who is the data protection officer?

Gregor König is our Data Protection Officer, also known as the Data Protection Officer. If you have any questions, suggestions or complaints regarding the processing of your data, you can contact him and his team at:

Gregor König – Data Protection Officer
Erste Group Bank AG
Am Belvedere 1
1100 Vienna

E-mail: datenschutz@erstegroup.com

For what purposes and on what legal basis is my personal data processed?
Information on data processing in connection with the operation of our website can be found in the “Cookies” section.

Information on data processing in connection with the operation of our website can be found in the “Cookies” section.

When you book a visit or contact us, we process the personal data you provide in order to process your request.

Am I obliged to provide my personal data? What happens if I do not want to?

We rely on your personal data for our business relationship (bookings, answering contact inquiries). If you do not wish this, we may unfortunately not be able to provide certain services. If we only process your data on the basis of your consent, you are not obliged to give this consent and provide the data.


To whom will my personal data be passed on?

Your personal data may be forwarded to:

  • Processors commissioned by us and other service providers (controllers), e.g. for IT, back office, legal and tax advice, insofar as they require the data for their task.
  • third parties, insofar as this is mandatory for the fulfillment of the contract or legal regulations.
  • validation services such as Rundfunk und Telekom Regulierungs-GmbH, if this is necessary to verify an electronic signature or electronic seal transmitted by you
  • Trust service providers, e.g. A-Trust, when we electronically sign a document containing your data.

Data may also be passed on to third parties if and for as long as you have consented to this.

Will my personal data be transferred to a third country?

Your personal data may be transferred to a third country in the following cases:

  • If this is necessary in order to assert, exercise or defend legal claims or if there is a legal obligation, e.g. at the request of the authorities under a mutual legal assistance agreement.
  • If it is necessary for your contract or for pre-contractual measures.
  • Our processors and sub-processors may be located in third countries. If the transfer is not based on an adequacy decision of the European Commission, we transfer the data on the basis of suitable or appropriate guarantees. We will be happy to provide you with these on request.
  • In other cases in which data is transferred to a third country, you will be informed separately.

How long will my personal data be stored?

(All links as of September 2024)

Your personal data will be stored for as long as is necessary for the respective purpose, for example if a law prescribes storage.

The key legal provisions for us are, for example

  • German Commercial Code § 212 (7 years)
  • Federal Fiscal Code § 132 (7 years or for the duration of tax proceedings)

An overview of other statutory retention obligations applicable in Austria can be found here, for example:

https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-speicher-und-aufbewahrungsfristen.html

The Bank has a legitimate interest in retaining your personal data in the following cases:

  • Financing applications can be stored for up to one year after they have been created. This serves our legitimate interest in documenting customer contact and being able to process the application quickly when you come back to us.
  • SWIFT messages are stored for 30 years to prevent and combat fraud and to prevent money laundering and terrorist financing.
  • Data on receivables sold is retained for 30 years from the date of sale. This serves the bank’s legitimate interest in averting possible objections arising from the sale of receivables.
  • Your personal data may also be retained for the purpose of documenting past claims, as a decision-making aid for entering into new or extended customer relationships. Specifically:
    • 7 years in the event of a claim if
      • the amount of loss at the time the case was closed was a maximum of 20,000 euros or
      • there is otherwise no interest in a business relationship due to special circumstances
    • 12 years in the event of a claim if
      • the amount of loss was more than 20,000 euros when the case was closed or
      • insolvency proceedings were opened against your assets during our ongoing business relationship.
    • 30 years in particularly serious exceptional cases after detailed examination of the individual case.

The retention period begins when the claim has been closed, i.e. as soon as there is no longer a debt/claim or insolvency proceedings have been terminated or lifted. In addition, data on past claims must be retained for regulatory purposes, e.g. the data is also used for our model for calculating defaults. However, only a limited group of people have access to this data. It is no longer visible to customer advisors. The data also has no effect on an existing or future business relationship.

What rights do I have?

The GDPR grants the following rights for your personal data. You have the right to:

  • Information, according to Article 15 GDPR
  • Rectification, in accordance with Article 16 GDPR
  • Erasure, in accordance with Article 17 GDPR
  • Restriction of processing, in accordance with Article 18 GDPR
  • Data portability, in accordance with Article 20 GDPR
  • Objection, according to Article 21 GDPR
  • Decisions that are not based exclusively on automated processing – including profiling, in accordance with Article 22 GDPR

What information do I have to provide?

We do not want your data to fall into the wrong hands. Please understand that in cases of doubt we may request further information about your identity.

How can I submit the application?

You can submit your application by e-mail to contact@erstesocialfinanceholding.at or by letter:

Erste Social Finance GmbH
3532 3200
Am Belvedere 1
1100 Vienna
How long will it take for my application to be processed?

We will provide you with the relevant information on the measures without delay, but in any case within one month of receiving your application.

The deadline can be extended by a further 2 months if this is necessary due to the complexity and number of applications. However, we will inform you within one month of receiving your application about a possible extension of the deadline and the reasons for it.

Will it cost me anything if I assert my rights?

No, the applications are processed free of charge. Exception: If the applications are manifestly unfounded or excessive, we are entitled to demand an appropriate fee. This takes into account the administrative costs for the notification, refusal or implementation of the requested measure.

Are there any complaint options?

Our data protection officer will be happy to help you with any complaints, questions or suggestions on the subject of data protection. We are convinced that a joint solution can be found to almost any problem.

If you do not receive a timely response to a request, if you feel that your right to data protection has been violated or if you believe that we have not complied with your request in accordance with the law, you can also lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority

Barichgasse 40-42
1030 Vienna
Austria

Phone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
https://www.dsb.gv.at/

In addition, any person who has suffered material or non-material damage as a result of a breach of the GDPR or of Section 1 or Article 2 1st main section of the DPA is entitled to compensation from the controller or processor in accordance with Article 82 GDPR. In detail, the general provisions of civil law apply. Please note that it is not the Austrian Data Protection Authority that is responsible for claims for damages, but the local provincial court in your district that is responsible for civil law matters. However, applications and lawsuits can also be filed with the regional court in whose district the defendant has his habitual residence, registered office or branch office. You can find out which court has jurisdiction here: https://www.justiz.gv.at/

We use cookies to analyze access to our website and create content and offers that meet your needs. You can set your browser so that your consent must be obtained before a cookie is used or the use of cookies is generally blocked. In the following section, which you can access by clicking on the “Cookie settings” button, you will find further information and the option to object to the use of cookies.

We use video surveillance in many of our areas to ensure increased security. These areas are marked accordingly.

We use video surveillance for these purposes:

  • In order to enforce our domiciliary rights and to prevent attacks
  • Protection of customers, employees and the bank’s property
  • To enforce and defend against legal claims
  • To collect evidence of criminal offenses
  • For proof of withdrawals and deposits (at ATMs and in branches)

Storage duration of the video recording:

  • We store the recordings for 90 days and then delete them.
    • Longer storage is possible if necessary, e.g. if proceedings are ongoing (in the event of suspected fraud)

is responsible for video surveillance:

Erste Group Bank AG
(Erste Campus site)
Am Belvedere 1
1100 Vienna

Note:
If a tenant of Erste Campus claims a legitimate interest, we can also pass on the video recordings to them. A list of tenants can be found under Campus Tenants | Erste Group Bank AG.

Contact for inquiries about data protection:

Erste Group Bank AG
0196 1905/AT Data Privacy Security Management
Am Belvedere 1
1100 Vienna

E-Mail: DSGVO-Support@erstegroup.com

You can reach the person responsible for data protection at

Erste Group Bank AG
0196 0358/Data Protection Office
Am Belvedere 1
1100 Vienna

E-mail: datenschutz@erstegroup.com

Subscribe to FLiP News

Updates on exhibition, program & events