Data protection
All information about data protection you need to know.
Things you should know
Important information on data protection
Privacy Policy
Information pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR) on the processing of personal data.
We hereby inform you about the processing of your personal data and the data protection claims and rights to which you are entitled. The content and scope of the data processing depends largely on the products and services you have requested or which are agreed with you.
1. Who is responsible for data processing and whom can you contact?
Raiffeisen Tech Romania SRL,
Calea Floreasca 246C, Cladirea de birouri Sky Tower, Bucharest, Sector 1
Email: dataprivacy@raiffeisen-tech.com
The Data Protection Officer of Raiffeisen Tech Romania SRL:
Raiffeisen Tech GmbH
Mooslackengasse 12,
1190 Wien, Austria
Email: dpo@raiffeisen-tech.com
2. What data are processed and from what sources do they originate?
We process the personal data that we receive from you, your employer or other third parties within the scope of the business relationship. In addition, we process data that we have permissibly received from publicly accessible sources (e.g. company register, register of associations, land register or media) or that are legitimately transmitted to us by other companies affiliated with Raiffeisen Tech GmbH. Personal data may include, for example, your personal details and contact data (e.g. name, address, date and place of birth, nationality, etc.) or legitimation data (e.g. specimen signature, identification data). In addition, it may also include data for the execution of payments (e.g. account details) as well as data for the fulfilment of our contractual obligations, information from your electronic transactions with Raiffeisen Tech GmbH (e.g. cookies) and other data comparable to the categories mentioned.
3. For which purposes and on which legal basis are data being processed?
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act 2018.
to fulfil contractual obligations (Art. 6 para. 1 lit. b DSGVO)
The processing of personal data (Art. 4 No. 2 DSGVO) is carried out in particular for the provision of services and the execution of our contracts with you and the execution of your orders as well as for the implementation of pre-contractual measures. The specific details regarding the purpose of data processing can be found in the respective contract documents and terms and conditions.
for the fulfilment of legal obligations (Art. 6 Para. 1 lit. c DSGVO)
The processing of personal data may be necessary for the purpose of fulfilling various legal obligations (e.g. from the law on limited liability companies (GmbHG) etc.) to which Raiffeisen Tech GmbH is subject within the scope of your consent (art. 6 para. 1 lit a DSGVO)
If you have given us your consent to process your personal data for specific purposes (e.g. transfer of data to the recipients named in the consent), the data will only be processed in accordance with the purposes and to the extent agreed in the declaration of consent. A given consent can be revoked at any time with effect
for the future to safeguard legitimate interests (Art. 6 para. 1 lit f DSGVO).
If necessary, data processing may be carried out to protect legitimate interests of us or third parties. In the following cases, data processing takes place to safeguard legitimate interests. Examples of such cases are:
Measures to protect customers and employees as well as the property Raiffeisen Tech GmbH
measures to prevent and combat fraud;
within the scope of legal prosecution;
Measures for business management and further development of services and products;
4. Who receives my data?
Within the Bank, those units or employees receive your data, as required by them to fulfill their contractual, legal and / or regulatory obligations and legitimate interests. In addition, contractors (especially IT and back-officeservice providers) will receive your data as long and to the extent as they need the data to perform their respective service. All processors are contractually obliged to treat your data confidentially and to process the data for the provision of the respected services.
In the event of a legal or regulatory obligation, public bodies and institutions (e.g. courts, tax authorities, etc.), other institutions and our auditors may be recipients of your personal data. A transfer to third countries does not take place.
5. How long will my data be stored?
We process your personal data, as far as necessary, for the whole duration of the entire business relationship (beginning with the conclusion of a contract, its execution and ending with its termination) as well as in accordance with the mandatory storage and documentation obligation as required by law, in particular pursuant to the GDPR (Regulation 2016/679/EU) and applicable Romanian legal provisions.
6. Which personal data protection rights do I have?
You have the right to information, rectification, deletion or restriction of the processing of your stored data, a right to object to processing and a right to data portability in accordance with the requirements of data protection law. If you wish to exercise your rights, please contact dataprivacy@raiffeisen-tech.com. If, in your view, the response to your rights was not carried out in accordance with the GDPR, you are welcome to contact us again or file a complaint with the Romanian Data Protection Authority, 28-30 G-ral Gheorghe Magheru Bld., Sector 1 010336, Bucharest, Romania, +40 318059211, www.dataprotection.ro.
7. Am I obliged to providing personal data?
As part of the business relationship, you must provide us with all personal information that is necessary to enter into and to maintain the business relationship with you, and also those data that we are required by law to collect. If you do not provide us with these data, we will generally decline either to conclude or to complete the contract, or we will be unable to execute an existing contract or we would be forced to terminate such contract. However, you are not obliged to give your consent to the processing of data if such data is not necessary for the performance of a contract or is not required by law or regulation.
8. Is there automated decision-making?
As a matter of principle, we do not use a fully automated decision-making process in accordance with Article 22 of the DSGVO to establish and conduct the business relationship. No profiling within the meaning of Art. 4 No. 4 DSGVO takes place.
9. Is there a data transfer to a third country or to an international organization?
A data transfer to third countries (e.g. USA) is possible with your consent when visiting our Website (via Cookies). Please refer to the Cookie Policy under: (LINK) In addition, data may be transferred to Raiffeisen Tech Romania’s (sub-)processors in third countries. These are obliged to comply with European data protection and security standards.