Data privacy

Privacy notice (GDPR-compliant)

We attach great importance to protecting your personal data. We have set out below what personal data we collect from you when you visit this website, the purposes for which we process these data, our legal basis for doing so and the rights that you have to protect your data.

I. Who is responsible for this website?

The data controller as defined by the General Data Protection Regulation is:

Deutscher Sparkassen- und Giroverband e.V.
Charlottenstrasse 47
10117 Berlin
Germany
Phone: +49-30-20225-0
Fax: +49-30-20225-250
Email: info@dsgv.de
Website: www.dsgv.de

If you have any questions about this privacy notice or about how our Association, the Deutscher Sparkassen- und Giroverband, protects your data, you can contact our data protection officer at any time:

Datenschutzbeauftragter
Deutscher Sparkassen- und Giroverband e.V.
Charlottenstrasse 47
10117 Berlin
Germany
Email: datenschutz@dsgv.de

II. SSL encryption (HTTPS protocol)

We use SSL encryption to make sure that the data you send us are protected as effectively as possible. You can tell whether a connection is protected in this way because the page link in the address bar of your browser will contain the prefix “https://”. Unencrypted pages are tagged “http://”. Thanks to SSL encryption, none of the data that you send to this website – for example, when you send a request or log in – can be read by third parties.

III. Data processing during your visit to our website

1. Data required to display the website and to ensure its stability and security

Every time our website is accessed, our system automatically captures data and information about the computing system used by the requesting device. The data and information are saved in log files on the server. The following data are captured:

  • IP address of the device you are using
  • name of the file accessed
  • date and time of the request
  • volume of data transmitted
  • request status (successful / unsuccessful)
  • browser type and release and operating system in use
  • referrer URL (i.e. the last web page you visited)

We cannot link these data to a specific individual, and they do not enable us to draw any conclusions about the user’s identity. This information is not stored along with other personal data about the user.

2. Purpose of data processing and legal basis

The system needs to save your IP address temporarily so that the website can be delivered to your device. For this to happen, your IP address must be stored for the duration of the session.

Other than this, data are stored to ensure website functionality. These data also help us to optimise the website and maintain the security of our IT systems. If any unlawful use were to be made of our website, these data would serve to establish any legal infringements.

The data described here are used in order to take steps prior to entering into a contract or in order to perform a contract within the meaning of Article 6(1)(b) GDPR. These data can, furthermore, be used to protect the legitimate interests of the Deutscher Sparkassen- und Giroverband pursuant to the weighing of interests defined in Article 6(1)(f) GDPR.

3. Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of data captured in order to make the website available to you, this means when your current session ends.

Data saved in log files will be deleted within 30 days at the latest. It is possible to store them for longer, but if this happens the user’s IP address must be deleted or modified to prevent the identification of the requesting client.

IV. Cookies and session IDs

This website uses cookies. A cookie is a standardised text file that is saved by your browser for a defined period. Cookies permit the storage of local information such as language settings and temporary identifiers so that the server that placed the cookie can retrieve these whenever the user returns to the website.

If you do not want cookies to be saved on your device, you can prevent this by choosing an appropriate setting in your browser software. You can also use these settings to delete any cookies already saved. However, if functional (technically essential) cookies are deactivated you will no longer be able to draw on the full functionality of the website.

Below you can see what kind of cookies we use and what information they send:

Functional cookies

1. Description, scope and purpose of data processing

We use functional cookies, i.e. cookies which are essential for the operation and delivery of functions, to make it safe and easy for you to use this website. They enable users to navigate the pages and manage the modules or functions provided by the website. Without these cookies, the use of the website might under certain circumstances be impossible or limited. For some functions, the browser needs to be recognised again when the user moves on to another page. Other functional cookies allow user decisions to be taken into account.

The data captured with the aid of these functional cookies are not used in order to generate user profiles. These cookies save and send the following data:

  • current session ID
  • acknowledgements of certain website content, such as product advice
  • settings for website search functions
2. Lawfulness of processing

The legal basis for processing data by means of functional cookies is set out in Article 6(1)(f) GDPR in conjunction with Section 25(2) no. 2 of the German Telecommunications-Telemedia Data Protection Act (TTDSG).

3. Duration of storage

Nearly all the functional cookies used are session cookies. The data saved in these are deleted automatically when you end your visit.

Analytical cookies / Google Analytics with your consent

1. Description, scope and purpose of data processing

This website uses Google Analytics, a web analysis service provided by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), which in this respect acts as a processor on our behalf (Art. 28 GDPR).

Google Analytics uses cookies that permit the analysis of your use of this website for statistical purposes. This means measuring browser flow (page views, links clicked, browser settings). The input you provide on forms or other specific content cannot be recorded. Google Analytics will use the information it processes on behalf of the Deutscher Sparkassen- und Giroverband to generate reports on website use in order to measure reach and optimise the website.

The information generated from your use of the website may also be sent to a Google server in the United States of America and stored there. However, the IP anonymisation activated for this website means that Google will abbreviate your IP address prior to storage.

In order to ensure that standards of data protection are upheld when processing takes place in third countries (in particular the United States of America), Google Ireland Ltd as our service provider has agreed standard contractual clauses with its subcontractors (in particular Google LLC) founded on Module 3 of the Standard Contractual Clauses adopted  bythe European Commission on 4 June 2021 for the transfer of personal data to third countries (https://business.safety.google/adsprocessorterms/sccs/eu-p2p-intra-group/).

2. Lawfulness of processing

The legal basis for processing these data is your consent as set out in Article 6(1)(a) GDPR in conjunction with Section 25(1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG).

3. Duration of storage

The data processed in conjunction with Google Analytics and linked to cookies are deleted within 26 months at the latest.

V. Subscription service

1. Description, scope and purpose of data processing

Our website offers the opportunity to subscribe free of charge to receive our press releases and statements. When registering for the subscription service, the following data are sent to us via the input template:

  • email address (required)
  • title, forename, surname and company (optional)

The following data are also captured upon registration:

  • IP address of the requesting device
  • date and time of registration

So that data can be processed, reference is made during registration to this Privacy Notice and your consent is requested during a double-opt-in procedure. This means that upon registering you will receive an email at the email address you provided asking you to confirm your registration.

If you do not confirm your registration within 14 days, your information will be automatically deleted. Only if you confirm registration within the time allotted will your email address be saved for the purpose of sending you the newsletter.

The newsletter is sent by means of “EMMA”, an email dispatch programme owned by the Savings Banks Finance Group. To process the orders, our Association has contracted a service provider: Sparkassen-Finanzportal GmbH, Friedrichstrasse 50, 10117 Berlin – a company belonging to the Savings Banks Finance Group. This company has undertaken not to pass on your personal data to third parties.

To optimise the subscription service and content for your benefit – and only if you consent to the personalisation of your newsletter when registering – we make use of the opportunity to measure and evaluate open and click-through rates. Open rates tell us what percentage of newsletter recipients actually open and hence read the newsletter. Click-tracking measures which of the links embedded in the newsletters are clicked and how frequently. Evaluating these enables us to tailor the presentation of the newsletter individually. This helps to ensure that you do not receive newsletters that will not interest you.

2. Lawfulness of processing

The legal basis for processing these data after the user has registered for the subscription service is set out in Article 6(1)(b) GDPR in conjunction with Section 25(1) of the German Telecommunications-Telemedia Data Protection Act (TTDSG).

3. Duration of storage

Once your registration has been confirmed, your email address will be saved for as long as your subscription remains active.

4. Option to terminate and remove

You can revoke the use of your email address for the subscription service – in other words, withdraw any consent you have granted – at any time. You will find a link enabling you to unsubscribe at the bottom of every email. If you unsubscribe to the subscription service, we will anonymise your email address after seven days and only store it in this form to prevent any future data abuse.

VI. Data processing for publication orders

1. Description, scope and purpose of data processing

Our website offers you the option to order publications free of charge. When you do this, the following data are sent to us via the input template:

  • title and full name (forename, surname)
  • company (optional)
  • email address
  • address to which the publication should be posted
  • publication requested
  • additional comments (optional)

Capturing your postal and/or email address serves to send you the publication(s) requested.

2. Lawfulness of processing

The legal basis for processing data when the user orders publications is the performance of a contract as set out in Article 6(1)(b) GDPR.

3. Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is usually three months after receipt of your order.

VII. Data processing when you contact us

1. Description, scope and purpose of data processing

On our website you will find data enabling you to contact us by letter, phone, fax or email. If you make use of this opportunity, any personal data that you provide in the process will be saved. None of the data captured in this process will be passed on to third parties. The data are used solely for the purpose of communicating with you.

2. Lawfulness of processing

These data are processed in order to take steps prior to entering a contract or to perform a contract, as set out in Article 6(1)(b) GDPR. The data may likewise be processed to protect the legitimate interests of the Deutscher Sparkassen- und Giroverband in the light of a weighing of interests as set out in Article 6(1)(f) GDPR.

3. Duration of storage

The data are deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is usually when the conversation with the user comes to an end. The conversation is deemed to end when circumstances indicate that the matter concerned has been fully resolved.

VIII. Links to social media accounts

Our website contains icons for the social network Facebook and the microblogging service Twitter. These services are operated by the companies Meta Platforms Ireland Ltd (“Facebook” and Twitter International Company Inc. (“Twitter”).

These are not plug-ins, but only links to the provider concerned so that posts can be shared. Clicking the icon opens the target page in question in a separate tab/window, where you must then log in with your data. No referrer data are sent to the target page, so that the social media provider cannot see what page the user was on before this visit.

For more information about how these providers process data, please consult the privacy policies published by the operators concerned.

For Facebook: https://www.facebook.com/policy.php
For Twitter: https://twitter.com/privacy

IX. Transfers to third parties

We will never disclose your personal data to third parties for the purposes of advertising or marketing without previously obtaining your express consent. Under certain circumstances, however, we may have to make your data accessible to third parties for the purpose of operating the website and the services it offers, e.g. to a service provider who hosts the website and the data generated on the website. These companies have confirmed to us that they comply with all the relevant statutory requirements of data protection.

Moreover, we may be required by law to pass data on to third parties, e.g. public investigators.

Apart from the exceptions specified above, we will not disclose your personal data to third parties without obtaining your explicit prior consent.

X. Rights of data subjects


Notice of your right to object under Article 21 GDPR

1. Objection on particular grounds

You have the right to object at any time, on grounds relating to your personal situation, to the processing of data concerning you based on Article 6(1)(e) GDPR (public interest) and Article 6(1)(f) GDPR (weighing of interests); this also applies to any profiling as defined in Article 4 no. 4 GDPR that is derived from these provisions.

If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or unless processing serves the establishment, exercise or defence of legal claims.

2. Objection to processing for direct marketing

In isolated cases, we process your data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing, including any profiling related to such direct marketing.

If you object to processing for direct marketing purposes, your savings bank will no longer process your personal data for such purposes.

You can submit your objection informally, preferably to:

Deutscher Sparkassen- und Giroverband e.V.
Charlottenstrasse 47
10117 Berlin
Germany

Email: info@dsgv.de


Wherever the processing of your personal data is based on your consent, you have the right under Article 7(3) GDPR to withdraw the consent you gave under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Moreover, as a data subject within the meaning of GDPR, you can assert the following rights vis-à-vis the controller:

1. Right of access

Article 15 GDPR grants you the right to obtain information from us about the personal data concerning you that we process. In particular, you can request information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom your data have been or will be disclosed, the envisaged period for which the data will be stored, the existence of a right to rectify or erase data or to restrict or object to their processing, the existence of a right to lodge a complaint, the source of your data insofar as they were not collected from you, and the existence of automated decision-making, including profiling, and, at least in these cases, meaningful information about the logic involved.

2. Right to rectification

You have the right to obtain from the controller the rectification of inaccurate personal data and/or the completion of incomplete personal data. The controller must rectify the information without undue delay.

3. Right to restriction of processing

Article 18 GDPR grants you the right to instruct the controller to restrict the processing of your personal data if you contest the accuracy of the data, if the processing is unlawful but you oppose erasure of the data, if we no longer need the data but you require them for the establishment, exercise of defence of legal claims, or if, pending verification, you have objected to processing pursuant to Article 21 GDPR.

4. Right to erasure

Article 17 GDPR grants you the right to obtain from us the erasure of personal data about you that we have stored as long as processing is not necessary for the exercise of the right of freedom of expression and information, for compliance with a legal obligation, or for reasons of public interest or for the establishment, exercise or defence of legal claims.

5. Right to data portability

Article 20 GDPR grants you the right to ask us to send you your personal data in a structured, commonly used and machine-readable format or to transmit the personal data that you have stored with us to another controller.

6. Right to lodge a complaint with a supervisory authority

You have the right, in accordance with Article 77 GDPR, to lodge a complaint with a supervisory authority. As a rule you are free to contact the supervisory authority at your habitual residence or place of employment or where our company is domiciled. The competent supervisory authority in Berlin is the Commissioner for Data Protection and Freedom of Information:

Die Berliner Beauftragte für
Datenschutz und Informationsfreiheit
Friedrichstrasse 219
10969 Berlin
Germany

General Contact
Deutscher Sparkassen- und Giroverband e.V.
Charlottenstrasse 47
10117 Berlin Germany


+49 30 20 22 50


+49 30 20 22 52 50