Information on data processing
The General Data Protection Regulation (GDPR) comes into force in the European Union on 25 May 2018. It contains regulations about the processing and protection of your personal data. This document provides you with a concise overview of our data protection policy. More detailed information can be found at www.erste-am.at/en/privacy.
Who is responsible for processing personal data?
Sparkasse Schwaz AG
Franz-Josef-Straße 8 – 10
Contact for issues relating to data protection:
Sparkasse Schwaz AG
Franz-Josef-Straße 8 – 10
1. What personal data are processed and where are they obtained?
We process the following personal data:
− Master and identification data such as first and last name, e-mail address, and if necessary telephone number, date of birth, hobbies, etc. when you provide this information to us
− The results of processing to fulfil contracts and declarations of consent
− Data to meet legal and regulatory requirements
The following personal data are processed about you as our customer:
• Master and identification data (such as name, address, date of birth, telephone number, tax status, ID information, etc.).
• Customer relationship management (such as hobbies, interests, etc.).
• Product, service, and contract data (such as products held, types of account access, etc.).
• Images, video and audio recordings (such as videos and recorded telephone calls).
• The results of processing to fulfil contracts and declarations of consent.
• Data to meet legal and regulatory requirements.
Most of your personal data that we process was provided by you: for example when you signed up for our newsletter or submitted an enquiry.
Data can also come from the following sources:
− Public sources such as the trade register and register of associations
− From other institutions in the Erste Asset Management GmbH group
− From sales partners or other contractual partners of Erste Asset Management GmbH
We may also receive data from government agencies or from individuals acting under government mandate, such as from a court or the Financial Market Authority. You have the right to receive a detailed, individual list from us.
2. For what purposes and on what legal basis are my personal data processed?
We are a management company pursuant to the Austrian Investment Fund Act 2011 and pursuant to the Alternative Investment Fund Manager Act. We process your personal data in connection with this activity. In detail, this means:
Processing for contract fulfilment
We are permitted to render certain services for you depending on the type of contracts that we have concluded with you. This can be an agreement relating to a special purpose fund, or can be a management agreement, for example. We must process your data to this end. Our offerings are just as diverse as the wide range of contracts that we enter into. The scope of data processing is specified in the terms of the respective contract.
Processing to fulfil legal obligations
Certain legal regulations and purposes also require that we process your personal data, such as:
− Monitoring insider trading, conflicts of interest, and market manipulation: the Securities Supervision Act 2018, the Stock Market Act, the EU Market Abuse Regulation 596/2014
− Ascertaining your identity, transaction monitoring, reporting suspicious activity: Financial Market Money Laundering Act and the EU Wire Transfer Regulation 847/2015
− Provision of information to public prosecutors, courts, and criminal financial authorities pertaining to criminal proceedings based on intentional financial crimes: Austrian Banking Act, criminal procedural code, criminal financial code
Processing based on legitimate interests
We or third-party agents have a legitimate interest in processing data in the following cases:
− Measures for the prevention of fraud, fraud transaction monitoring
− Data processing for exercising legal claims
− Recording telephone calls, for example for complaints and for documenting declarations that are relevant for transactions
Processing personal data for the purposes of direct marketing can also be a legitimate interest.
Processing based on declaration of consent
If there is no contract, legal obligation, or legitimate interest, data processing can also be legal when you have given us your consent or authorisation to do so. The scope and contents of this data processing are always defined by the specific consent that you have granted. You can revoke this consent at any time.
The revocation has no impact on the legality of data processing up to the point in time that the consent is revoked. In other words, revocation has no retroactive effect.
3. Am I obligated to provide my personal data? What happens when I do not wish to do so?
We require certain personal data from you for our business relationship. If we do not know your name and e-mail address, we cannot send you any newsletters or information about our new products, or invitations to interesting events. We also cannot manage your special purpose fund without this information. If you do not wish to provide your personal data to us, we may be unable to offer you certain products and services. If we are only permitted to process your data based on your consent, you are not obligated to give this consent or provide your data.
4. Are any decisions made based on automated processing, including profiling?
We employ no automated decision-making processes pursuant to Article 22 GDPR at the beginning of or during our business relationship.
5. To whom are my personal data passed on?
Your personal data can be passed on to:
− Companies, units, and persons (employees and contract agents) within the group headed by Erste Asset Management GmbH when these entities need these data to fulfil contractual, legal, or supervisory obligations and to realise their legitimate interests
− Public agencies and institutions when we are legally obligated to do so, for example the Austrian Financial Market Authority, tax authorities, etc.
− Third parties contracted by us, such as IT and back office service providers, when they require these data for their activities. Third parties are contractually required to treat your data confidentially and to only process them for the provision of the relevant services
− Third parties when this is required for contract fulfilment or based on legal regulations; your data may also be passed on to third parties when you have consented to this forwarding.
6. Are my personal data forwarded to a non-EU country?
Our processors can work with sub-processors in non-EU countries. These sub-processors are obligated to comply with Austrian data protection and security standards. You can find detailed information at https://www.sparkasse.at/erstebank/wir-ueber-uns/datenschutz-sicherheit.
7. How long are my personal data stored?
Your personal data are stored for as long as required to fulfil the relevant purposes in any case. Beyond this, the law requires us to retain personal data for a certain period of time. These retention obligations may also apply when you are no longer our customer or an interested party. You can find an overview of the legal retention obligations that apply in Austria here, for example: https://www.wko.at/service/wirtschaftsrecht-gewerberecht/eu-dsgvo-speicher-undaufbewahrungsfristen.html.
8. What are my rights?
The GDPR grants you the following rights pertaining to your personal data.
• The right to access (Article 15 GDPR).
• The right to rectification (Article 16 GDPR).
• The right to erasure (Article 17 GDPR).
• The right to restrict processing (Article 18 GDPR). • The right to data portability (Article 20 GDPR).
• The right to object (Article 21 GDPR).
• The right to not be subject to decision-making based solely on automated processing, including profiling (Article 22 GDPR)
You can find detailed information (especially important information about the right to data portability) at https://www.erste-am.at/en/privacy
Regardless of which right you wish to exercise, you can submit your request to us in any of three ways:
− By regular mail (please sign and include a copy of a photo ID) to Erste Asset Management GmbH Am Belvedere 1, A-1100 Vienna
− In person at our offices, or
− By e-mail (only with a qualified electronic signature) to email@example.com
Please understand that we will demand additional information about your identity in cases of doubt. This serves your own protection so that no unauthorised persons can access your data.
If you do not receive an answer to a request in good time, feel that we have not processed your request in accordance with the law, or if you feel that your data protection rights have been violated in some other way, you can file a complaint with the responsible supervisory authority:
Austrian Data Protection Authority
Wickenburggasse 8 A-1080 Vienna, Austria
Telephone: +43 1 52 152-0