Information on privacy and data processing

The General Data Protection Regulation, GDPR for short, has been in force throughout the European Union since 25 May 2018. It lays down provisions regarding the processing and protection of your personal data.

Below you will find the most important information on privacy.

1. Who is the controller of the processing of my personal data?

Intermarket Bank AG
Am Belvedere 1, 1100 Vienna
https://www.intermarket.at/en/legal-notice

Contact for requests related to data protection:
Intermarket Bank AG
Am Belvedere 1, 1100 Vienna
Email: datenschutz@intermarket.at


2. Who is the data protection officer?

Andrea Czerny
Intermarket Bank AG
Am Belvedere 1, 1100 Vienna
Email: datenschutz@intermarket.at


3.  Which items of personal data are processed and where do they come from?

We process the following items of personal data:

3.1. You are our customer

Most of the personal data we process about you were provided by you, for example at the start of our business relationship, upon scheduling an appointment, when submitting a request through a form or on our website, etc.

  • Master data and authentication information, e.g. name, address, date of birth, telephone number, email address, tax status, identification data, a copy of your ID, etc.
  • Product, service and contract data, e.g. type of product, disposition options, account movements and transactions, use of digital banking and portals (cookies), etc.
  • Information about your economic situation, e.g. creditworthiness/balance sheet data, scoring or rating data, etc.
  • Processing results to fulfil contracts and declarations of consent
  • Data to satisfy legal and regulatory requirements
  • Image and sound data, e.g. video recordings, recordings of telephone calls and your photo (if you have given consent to your photo being recorded), etc.

In addition, data may also come from the following sources:

  • Publicly available sources, e.g. companies register, land register, insolvency database, register of associations, etc.
  • Creditor protection associations, credit bureaus, rating agencies, e.g. KSV1870 Information GmbH, etc.
  • Third parties involved in our business dealings, e.g. insurance companies, cooperation partners, etc.
  • Other institutions affiliated in the network of Erste Group Bank AG, Erste Bank and Sparkassen for the purpose of risk control and consolidation in the affiliation of credit institutions in accordance with the Banking Act (Bankwesengesetz, BWG) and the Capital Requirements Regulation (EU) No 575/2013

We may also receive data from government authorities or from persons acting under government mandate such as criminal courts, public prosecutors, court commissioners.


3.2.  You are a contact person in our business relationship (e.g. board member / managing director, holder of a commercial power of attorney, accountant)

Most of the personal data we process about you were provided by our customer or by you, for example at the start of our business relationship, upon scheduling an appointment, when submitting a request through a form or on our website, etc.

  • Master data and authentication information, e.g. name, address, date of birth, telephone number, email address, tax status, identification data, a copy of your ID, etc.
  • Data to satisfy legal and regulatory requirements
  • Image and sound data, e.g. video recordings, recordings of telephone calls and your photo (if you have given consent to your photo being recorded), etc.

In addition, data may also come from the following sources:

  • Publicly available sources, e.g. companies register, land register, insolvency database, register of associations, etc.
  • Other institutions affiliated in the network of Erste Group Bank AG, Erste Bank and Sparkassen for the purpose of risk control and consolidation in the affiliation of credit institutions in accordance with the Banking Act (Bankwesengesetz, BWG) and the Capital Requirements Regulation (EU) No 575/2013

We may also receive data from government authorities or from persons acting under government mandate such as criminal courts, public prosecutors, court commissioners.


3.3. You have provided collateral for our business relationship

Most of the personal data we process about you were provided by our customer or by you, for example at the start of our business relationship, upon scheduling an appointment, when submitting a request through a form or on our website, etc.

  • Master data and authentication information, e.g. name, address, date of birth, telephone number, email address, tax status, identification data, a copy of your ID, etc.
  • Information about your financial situation, e.g. creditworthiness/balance sheet data, scoring or rating data, etc.
  • Processing results to fulfil contracts and declarations of consent
  • Data to satisfy legal and regulatory requirements
  • Image and sound data, e.g. video recordings, recordings of telephone calls and your photo (if you have given consent to your photo being recorded), etc.

In addition, data may also come from the following sources:

  • Publicly available sources, e.g. companies register, land register, insolvency database, register of associations, etc.
  • Creditor protection associations, credit bureaus, rating agencies, e.g. KSV1870 Information GmbH, etc.
  • Other institutions affiliated in the network of Erste Group Bank AG, Erste Bank and Sparkassen for the purpose of risk control and consolidation in the affiliation of credit institutions in accordance with the Banking Act (Bankwesengesetz, BWG) and the Capital Requirements Regulation (EU) No 575/2013
     

3.4. You are a debtor (= party liable to pay) for our factoring customer’s accounts receivable

We may process the following personal data about your company or other representatives/contact persons:

  • Master data and authentication information, e.g. name, address, date of birth, telephone number, email address, tax status, identification data, a copy of your ID, etc.
  • Transaction data, e.g. terms of delivery and payment, invoice data, payment information, etc.
  • Information about your financial situation, e.g. creditworthiness/balance sheet data, scoring or rating data, etc.
  • Processing results to fulfil contracts and declarations of consent
  • Data to satisfy legal and regulatory requirements
  • Image and sound data, e.g. video recordings, recordings of telephone calls and your photo (if you have given consent to your photo being recorded), etc.

The personal data we process about you may come from the following sources:

  • Our customer, e.g. transmission of receivables ledger files, invoices, etc.
  • Disclosure by you (e.g. correspondence, telephone call)
  • Publicly available sources, e.g. companies register, land register, insolvency database, register of associations, etc.
  • Creditor protection associations, credit bureaus, rating agencies, e.g. KSV1870 Information GmbH, etc.
  • Third parties involved in our business dealings, e.g. insurance companies, etc.
  • Other institutions affiliated in the network of Erste Group Bank AG, Erste Bank and Sparkassen for the purpose of risk control and consolidation in the affiliation of credit institutions in accordance with the Banking Act (Bankwesengesetz, BWG) and the Capital Requirements Regulation (EU) No 575/2013

We may also receive data from government authorities or from persons acting under government mandate such as criminal courts, public prosecutors, court commissioners.

3.5. You have no direct business relationship with us (and have given consent to data processing)

Most of the personal data we process about you were provided by you, for example when submitting a request through a form or on our website, as a recipient of our newsletter or event invitations, etc.

  • Master data, e.g. name (company/individual), address, telephone number, email address, etc.
  • Image and sound data, e.g. video recordings, recordings of telephone calls and your photo (if you have given consent to your photo being recorded), etc.


4. For what purposes and on what legal basis are my personal data processed?

We are a credit institution pursuant to section 1 (1) of the Banking Act (Bankwesengesetz, BWG) and a financial institution pursuant to point (26) of Article 4 (1) of Regulation (EU) No 575/2013. We process your personal data within the scope of these activities. Specifically, this means:

Processing for the performance of a contract
Depending on the type of contract concluded with our partners, we are allowed to provide certain services to them. The contract in question may be, for example, a factoring agreement, an e-discounting agreement, a cooperation agreement, etc.

The purposes of data processing depend mainly on the specific product and may include, among other things, needs assessment, consulting and the execution of transactions. For more details, please refer to your contract documents and our terms and conditions.

Processing for compliance with a legal obligation
We are also required to process your personal data to comply with legal regulations and to fulfil legal purposes, such as:

  • Credit risk management: Banking Act (Bankwesengesetz, BWG), Capital Requirements Directive (EU) No 575/2013
  • Monitoring of insider dealing, conflicts of interest and market manipulation: Securities Supervision Act 2018 (Wertpapieraufsichtsgesetz, WAG), Stock Exchange Act (Börsegesetz, BörseG), Market Abuse Regulation (EU) No 596/2014
  • Identification, transaction monitoring, suspicious activity reports: Financial Markets Anti-Money Laundering Act (Finanzmarkt-Geldwäschegesetz, FM-GwG) and Funds Transfer Regulation (EU) No 847/2015
  • Provision of information to public prosecutor’s offices and courts in criminal proceedings and to financial crime authorities in connection with wilful financial crimes:
    Banking Act, Code of Criminal Procedure (Strafprozessordnung, StPO), Financial Crime Act (Finanzstrafgesetz, FinStrG)

Processing based on legitimate interests

We or third parties have a legitimate interest in the processing of data in the following cases:

  • Enquiries and data exchange with credit bureaus, such as KSV1870, to determine credit risks and default risks
  • Measures to prevent and combat fraud, fraud transaction monitoring
  • Data processing for prosecution purposes
  • Recordings of telephone conversations, e.g. in the case of complaints
  • The processing of personal data for direct marketing purposes may also be a legitimate interest.


Processing based on consent

If there is neither a contract nor a legal obligation nor a legitimate interest , the processing of data may still be legitimate in cases where you have given your consent or approval to processing.

The scope and content of such data processing always depend on the specific consent given. Please note that you can withdraw your consent at any time.

However, the withdrawal of consent does not affect the lawfulness of processing based on such consent before its withdrawal. Generally speaking, this means that withdrawal does not have any effect on the past.

5. Am I obliged to provide my personal data?

What happens if I do not want to do so?

In many cases, we need your personal data for the purpose of our business relationship.

If we are unable to check your creditworthiness or your identity, we are forbidden by law to establish a business relationship with you.

We have to process your personal data wherever this is necessary for the purpose of the business relationship on the basis of a contract or a legal regulation. If you want to avoid this, we may unfortunately not be allowed to provide or offer certain products or services.

If we are only allowed to process your data based on your consent, you are not obliged to give such consent and provide your data.


6. Do you use decision-making based on automated processing – e.g. profiling?

We do not use automated decision-making as referred to in Article 22 of the GDPR to make decisions on establishing and maintaining business relationships.


7. To whom are my personal data transferred?

Your personal data may be transferred to:

  • Credit institutions, departments and persons (employees and vicarious agents) within the network of Sparkassen, Erste Bank and Erste Group Bank AG who need these data to perform contractual, legal or supervisory duties and to safeguard their legitimate interests
  • Public bodies and institutions if we are legally obliged to do so, e.g. European Banking Authority, European Central Bank, Austrian Financial Market Authority, financial authorities, etc.
  • Third parties contracted by us, e.g. for IT and back office services, as well as bank auditors if they need such data for their tasks; third parties are bound by contract to treat your data confidentially and to process them only in the context of providing their services
  • Third parties if this is required to perform the contract or to comply with legal regulations, e.g. the recipient of a bank transfer and their payment service provider

We may also transfer your data to other third parties if you have given your consent to such transfer.


8. Are my personal data transferred to a third country?

Our processors may work with sub-processors in third countries, e.g. in India. These sub-processors are required to comply with Austrian standards of data protection and security.


9. How long are my personal data stored?

Your personal data are stored for at least as long as is necessary to fulfil the relevant purposes. Beyond this period, the law prescribes for how long we have to retain your data. These retention requirements may continue to apply even if you are no longer our customer.

An overview of the statutory retention periods applicable in Austria is available here, for example (in German): Austrian Economic Chambers

https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-speicher-und-aufbewahrungsfristen.html

10. What rights do I have?

The GDPR provides the following rights with regard to your personal data. You have the right to:

  • access according to Article 15 of the GDPR,
  • rectification according to Article 16 of the GDPR,
  • erasure according to Article 17 of the GDPR,
  • restriction of processing according to Article 18 of the GDPR,
  • data portability according to Article 20 of the GDPR,
  • object according to Article 21 of the GDPR,
  • decisions that are not based solely on automated processing, including profiling, according to Article 22 of the GDPR.

No matter which right you want to assert, you can send us your request in one of two ways:

  • by letter, personally signed and accompanied by a copy of your ID, sent to
    Intermarket Bank AG
    c/o data protection officer
    Am Belevedere 1, 1100 Vienna
  • by email, with a qualified electronic signature, sent to datenschutz@intermarket.at

Please understand that in cases of doubt, we may ask for further information on your identity. This is also for your own protection to ensure that only authorised persons have access to your data.

If you do not receive a timely answer to a request or if you feel that we have not handled your request in a lawful manner or if you consider that your right to data protection has been infringed, you may also lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority
Wickenburggasse 8, 1080 Vienna
Telephone: +43 1/52 152-0
Email: dsb@dsb.gv.at
https://www.dsb.gv.at

We use cookies in various places on our website. Cookies are small text files that recognise users when they return to the site. However, no personal details such as your name or address are stored. In other words: you cannot be identified by the relevant information. We use cookies to tailor our offers to your needs and to analyse how these offers are used. You can set your browser to consult you before a cookie is used or to block the use of cookies altogether. In general, you can also use our offers without cookies.


Web analytics

To improve the statistical evaluation of the flow of visitors to our website, we compile statistics in cooperation with our German service provider Webtrekk Statistiken. These statistics do not contain any personal data.

You can object to your data being stored by Webtrekk by placing a cookie called webtrekkOptOut. This objection remains in effect until you delete the cookie.

 

Version 1.0 of 24 May 2018