SaarLB > Footer > Data protection

SaarLB
Landesbank Saar

Ursulinenstraßen 2
66111 Saarbrücken

PO box: 66104 Saarbrücken

Phone: +49 681 383-01
Telefax: +49 681 383-1200
E-Mail: service@saarlb.de

LBS
Landesbausparkasse Saar

Beethovenstraße 35-39
66111 Saarbrücken

PO box: Postfach 10 19 62
66019 Saarbrücken

Phone: +49 681 383-02
Telefax: +49 681 383-2100
E-Mail: service@lbs-saar.de
www.lbs.de

Landesbank Saar
Vertriebsbüro Mannheim

Willy-Brandt-Platz 5-7
68161 Mannheim

Phone: +49 621 124769-10
E-Mail: service@saarlb.de

Landesbank Saar
Vertriebsbüro Trier

Nikolaus-Koch-Platz 4
54290 Trier

Phone: +49 651 9946-6138
E-Mail: service@saarlb.de

Landesbank Saar
Vertriebsbüro Koblenz

Peter-Klöckner-Straße 5
56073 Koblenz

Phone: +49 261 952 184 61
E-Mail: service@saarlb.de

SaarLB France –
Succursale de la Landesbank Saar

Résidence Le Premium
17-19, rue du Fossé des Treize
67000 Strasbourg Cédex
Frankreich

Phone: +33 3 88 3758-70 
Telefax: +33 3 88 3693-78
E-Mail: service@saarlb.fr

SaarLB France –
Centre d’affaires

203, rue du Faubourg Saint Honoré
75008 Paris
Frankreich

Phone: +33 1 45 6363-52
Telefax: +33 1 45 6371-22
E-Mail: service@saarlb.fr

Data protection policy

GENERAL INFORMATION

The following information provides a simple overview of what happens to your personal information when you visit this website. Personal data are any data by which you can be personally identified. For detailed information on the subject of data protection, please refer to our data protection policy provided below this text.

DATA COLLECTION ON THIS WEBSITE

Who is responsible for the data collection on this website?
The data processing on this website is carried out by the website operator. You can find their contact details in the section “Information on the controller” in this data protection policy.

How do we collect your data?
On the one hand, your data are collected by having you provide them to us. This can be, for example, data that you enter in a contact form.

Other data are collected automatically or with your consent by our IT systems when you visit the website. These are mainly technical data (e.g. internet browser, operating system or time of page retrieval). These data are collected automatically as soon as you enter this website.

What do we use your data for?
Part of the data is collected in order to ensure that the website does not contain any errors. Other data may be used to analyse your user behaviour.

What rights do you have regarding your data?
You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the rectification or erasure of these data. If you have given your consent to data processing, you can revoke this consent at any time for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time with regard to this and other questions on the subject of data protection.
Analysis tools and third-party tools
When visiting this website, your surfing behaviour may be statistically analysed. This is done mainly with so-called analysis programs.

Detailed information on these analysis programs can be found in the further explanation.

EXTERNAL HOSTING

This website is hosted by an external service provider (host). The personal data collected on this website are stored on the host’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website traffic and other data generated by a website.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 (b) GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 (f) GDPR).

Our host will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to these data.

We use the following host:

EWERLE – Internet Marketing
Robert-Koch-Weg 6
66292 Riegelsberg


Conclusion of an agreement on contract data processing

In order to ensure processing in accordance with data protection, we have concluded an agreement on contract data processing with our host.

DATA PROTECTION

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection policy.

When you use this website, various kinds of personal data are collected. Personal data are any data by which you can be personally identified. This data protection policy explains what data we collect and what we use them for. It also explains how this is done and for what purpose.
We would like to point out that data transmission on the internet (e.g. communication by email) can have security gaps. A complete protection of the data against access by third parties is not possible.

INFORMATION ON CONTROLLER

The controller for data processing on this website is:

SaarLB
Landesbank Saar
Ursulinenstraße 2
66111 Saarbrucken
Tel.: 0049 681-383-01
Email: service@saarlb.de

The controller is the natural person or legal entity that alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

STORAGE PERIOD
Unless a more specific storage period is stated within this data protection policy, your personal data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the data will be erased once these reasons no longer apply.

Data protection officer required by law

We have appointed a data protection officer for our company.
SaarLB
Landesbank Saar
Claudia Lemmer
Ursulinenstraße 2
66111 Saarbrucken
Tel.: 0049 681-383 1682
Email: datenschutz@saarlb.de

REVOCATION OF YOUR CONSENT TO DATA PROCESSING

Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to the data collection in specific cases and to direct marketing (Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 PARA. 1 (E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL GROUNDS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS DATA PROTECTION POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA IN QUESTION UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).
IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).

RIGHT OF APPEAL TO THE COMPETENT SUPERVISORY AUTHORITY

In the event of breaches of the GDPR, data subjects shall have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged breach. The right of appeal shall be without prejudice to any other administrative or judicial remedy.

RIGHT TO DATA PORTABILITY

You have the right to have data that we process automatically on the basis of your consent or in performance of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct porting of the data to another controller, this will only be done insofar as it is technically feasible.

SSL OR TLS ENCRYPTION

For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

INFORMATION, ERASURE AND RECTIFICATION

Within the framework of the applicable statutory provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if applicable, a right to rectification or erasure of these data. For this as well as for other questions on the subject of personal data, you can contact us at any time.

RIGHT TO RESTRICT THE PROCESSING

You have the right to request the restriction of the processing of your personal data. For this purpose you can contact us at any time. The right to restrict processing exists in the following cases:
If you dispute the accuracy of the personal data we store on you, we will usually need time to investigate this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.

If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.

If we no longer need your personal data, but you need them to exercise, defend or enforce legal claims, you have the right to request restriction of the processing of your personal data instead of erasure.
If you have lodged an objection in accordance with Art. 21 para. 1 GDPR, a balance must be struck between your interests and ours. As long as it has not been determined whose interests override, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural person or legal entity or for reasons of important public interest of the European Union or a Member State.

COOKIES

Our website pages use so-called “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically erased at the end of your visit. Permanent cookies remain stored on your terminal device until you erase them yourself or until they are automatically erased by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or to display advertising.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) are stored on the basis of Art. 6 para. 1 (f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of their services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 (a) GDPR); consent can be revoked at any time.

You can set your browser so that you are informed about the placement of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

If cookies are used by third parties or for analysis purposes, we will inform you separately within the framework of this data protection policy and, if necessary, request your consent.

COOKIE CONSENT WITH BORLABS COOKIE

Our website uses Borlabs Cookie’s cookie consent technology to obtain your consent to store certain cookies in your browser and to document it in compliance with data protection requirements. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter referred to as Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser to record the consents you have given or the revocation of those consents. These data are not shared with the Borlabs cookie provider.
The collected data will be stored until you ask us to erase it or until you erase the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected. Details on Borlabs Cookie’s data processing can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

Borlabs cookie consent technology is used to obtain consent for the use of cookies as required by law. The legal basis for this is Art. 6 para. 1 sent. 1 (c) GDPR.

SERVER LOG DATA

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• browser type and browser version
• operating system used
• referrer URL
• host name of the accessing computer
• time of the server request
• IP address

These data are not merged with other data sources.
The collection of these data is based on Art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of their website – for this purpose, the server log files must be recorded.

CONTACT FORM

If you send us requests via the contact form, your details from the request form, including the contact details you provided there, will be stored by us for the purpose of processing the request and in the event of follow-up requests. We do not pass on these data without your consent.

The processing of these data are based on Art. 6 para. 1 (b) GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 para. 1 (f) GDPR) or on your consent (Art. 6 para. 1 (a) GDPR) if this has been requested.
The data you entered in the contact form will remain with us until you ask us to erase it, revoke your consent to store it, or until the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

REQUEST BY EMAIL, PHONE OR FAX

If you contact us by email, phone or fax, your request, including all personal data resulting from it (name, request), will be stored and processed by us for the purpose of processing your request. We do not pass on these data without your consent.

The processing of these data are based on Art. 6 para. 1 (b) GDPR, if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the requests addressed to us (Art. 6 para. 1 (f) GDPR) or on your consent (Art. 6 para. 1 (a) GDPR) if this has been requested.
The data you sent to us through the contact form will remain with us until you ask us to erase it, revoke your consent to store it, or until the purpose for storing the data no longer applies (e.g. after we have completed processing your matter). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

SOCIAL MEDIA PLUGINS WITH SHARIFF

Social media plugins are used on this website (e.g. Facebook, Twitter, XING, LinkedIn).
You can usually recognise the plugins by the respective social media logos. To ensure data protection on this website, we only use these plugins together with the so-called “Shariff” solution. This application prevents the plug-ins integrated on this website from transmitting data to the respective provider when you first enter the page.

Only when you activate the respective plugin by clicking on the corresponding button is a direct connection to the provider’s server established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited this website with your IP address. If you are logged into your respective social media account (e.g. Facebook) at the same time, the respective provider can assign your visit to this website to your user account.

Activating the plugin constitutes consent within the meaning of Art. 6 para. 1 (a) GDPR. You can revoke this consent at any time with effect for the future.

MATOMO (FORMERLY PIWIK)

This website uses the open source web analytics service Matomo. Matomo uses technologies that enable the cross-page recognition of the user for the analysis of user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before storage.

With the help of Matomo, we are able to collect and analyse data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were visited and from which region they come. We also collect various log files (e.g. IP address, referrer, browsers and operating systems used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, and the like).

The use of this analysis tool is based on Art. 6 para. 1 (f) GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both their website and their advertising. If corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Art. 6 para. 1 (a) GDPR; the consent can be revoked at any time.

IP anonymisation
We use IP anonymisation for the analysis with Matomo. Your IP address is truncated before analysis so that it can no longer be clearly assigned to you.

Hosting
We host Matomo exclusively on our own servers, so that all analysis data remains with us and is not passed on.

HANDLING OF APPLICANT DATA

We offer you the opportunity to apply for a job with us (e.g. by email, post or via the online application form). In the following, we will inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated strictly confidentially.

Scope and purpose of data collection
If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Section 26 of the German Federal Data Protection Act (new version) [BDSG-neu] according to German law (Initiation of an Employment Relationship), Art. 6 para. 1 (b) GDPR (General Contract Initiation) and – if you have given your consent – Art. 6 para. 1 (a) GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG-neu and Art. 6 para. 1 (b) GDPR for the purpose of handling the employment relationship.

Data retention period
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 (f) GDPR). The data are then erased and the physical application documents are destroyed. The storage is intended in particular for proof purposes in the case of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g. due to an impending or pending legal dispute), the data will only be erased when the purpose for continued storage no longer applies.

Retention for a longer period of time can also take place if you have given corresponding consent (Art. 6 para. 1 (a) GDPR) or if statutory retention obligations oppose the erasure.

Admission to the applicant pool
If we do not make you a job offer, it may be possible to admit you to our applicant pool. In the event of acceptance, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.

Inclusion in the applicant pool takes place exclusively on the basis of your express consent (Art. 6 para. 1 (a) GDPR). The submission of the consent is voluntary and is not related to the current application process. The data subject may revoke his/her consent at any time. In this case, the data will be irrevocably erased from the applicant pool, provided that there are no statutory reasons for retention.

The data from the applicant pool will be irrevocably erased no later than two years after consent has been given.

You can undertake your bank transactions in online banking via our web branch.

The data processed as part of online banking (in particular access and authentication data such as use code, PINs, TANs, online banking entries and such transaction data as booking rates, payment recipients, account data, references, transfer and credit card information) is used by us exclusively for the purposes of providing online banking and implementing payments.

We may be obliged as a result of statutory requirements (in particular from the Money Laundering Act, Lending Act and Payment Service Supervision Act) to transfer your transaction data to state institutions.
In addition, the data when technically providing online banking and handling payments is passed to our payment service providers. They process your data exclusively at our request and to our instructions (so-called contract processor under Article 28 GDPR) and have undertaken appropriate technical and organisational measures to protect your data.

For particular international transfers and separately requested urgent transfers, the data contained in the transfer may be passed on via international payment service providers (in particular SWIFT with its head office in Belgium and TARGET2) to the recipient’s bank.

The legal basis for handling payments is the implementation of our contract with you, Article 6 para. 1 sent. 1 (b)) GDPR. The legal basis for the statutorily required transfer of data to third parties and their storage beyond our contractual relationship is Article 6 para. 1 sent. 1 (c)) GDPR.

We store the data processed as part of the online banking for as long as this is required for technical provision and contract implementation. We also process your data for as long as we are obliged to do so under statutory and supervisory law requirements, in particular from tax and fee law.

SWIFT
For bank transfers to foreign destinations and specially commissioned rapid transfers, the data contained in the transfer are transmitted to the financial institution of the beneficiary using the Society for Worldwide Interbank Financial Telecommunication (SWIFT), headquartered in Belgium, which is the only payment notification service operating globally.

Payments within Europe are processed in the operating centres in the Netherlands and Switzerland.
Under the “Agreement between the EU and USA on the processing of payment data and their transfer to the US finance ministry for the purposes of tracking the financing of terrorism (Terrorist Finance Tracking Program – TFTP)” (so-called SWIFT agreement), US authorities receive access to the transfer data transferred via SWIFT and stored in the European SWIFT operating centres for the purposes of combating international terrorism. Transfers within the EURO payment area (SEPA) are excluded from this agreement.
Data from payment orders to other countries outside Europe remain stored in the SWIFT operating centres in the Netherlands and the USA for reasons of system security. The access by US security organisations to the SWIFT payment data for countries outside Europe stored in the operating centre in the USA is subject exclusively to US law.

We currently use the Microsoft Teams application for collaboration when making telephone calls, web conferences and online seminars etc. It is possible to participate in web conferences and online seminars with or without an image, by dialling in by phone or via a web browser. Some connection metadata, such as the IP address of external participants, email address, duration and fact of creating a connection etc. are stored to ensure information security and the ability of the system to function.
If you are invited to use other web conference or webinar systems as our employee by another institution or a third party, you will find the relevant information in their data protection declarations.


LEGAL BASIS

For you as a SaarLB employee: If in connection with using “web conferences” or “telephone conferences” personal data is not required to justify, implement or end the employment relationship, although it is certainly an elementary element when using “web conferences” or “telephone conferences”, the legal basis for data processing is Art. 6 Para. 1 Letter f GDPR. In these cases our interest is in effectively implementing “web conferences” or “telephone conferences”.
For you as the external participant the legal basis for data processing when implementing “web conferences” or “telephone conferences” is Art. 6 Para. 1 Letter b GDPR if the “web conferences” or “telephone conferences” are conducted as part of contractual relationships. If there is no contractual relationship the legal basis is Art. 6 Para. 1 Letter f GDPR. Here too our interest is in the effective implementation of “web conferences” or “telephone conferences” combined with the requirements for technical data protection and information security.


WHICH DATA ARE PROCESSED

When using “web conferences” various data categories are processed. The scope of the data also depends on which data you provide before or during participation in a “web conference”.

The following data are processed as pure connection data:

  • Information on the user: First name, last name (optional), email address.
  • Meeting metadata: Participant IP addresses, device/hardware information, start and end time and duration of the meeting.

To participate in “telephone conferences” or enter the conference room, you must dial the target number provided to you.
When using “telephone conferences” only a few data types are used: When dialling in by phone, this is limited to the incoming call number as well as the start and end time.


WHO RECEIVES YOUR DATA

Personal data processed in connection with participation in “web conferences” or “telephone conferences” are never passed to third parties if they have not been designated for transfer. Please note that content from “web conferences” or “telephone conferences” as well as personal meetings are frequently used to communicate with customers, potential customers or third parties and are therefore designated for transfer.
Microsoft as the provider of Teams declares the following on data protection: https://privacy.microsoft.com/de-de/privacystatement

The moderators of the meeting in our company ensure as part of the technical and organisational options that only invited people can actually take part. But we cannot guarantee that only invited people will take part. It cannot be excluded that other people become aware of the information via hands-free devices or the screen.
Before using the tool we have checked key issues relating to information security such that as far as technically possible, no unauthorised access to the data presented is provided to third parties.


STORAGE PERIOD

Video conference content is not saved. The connection and content data (e.g. of chats) are stored for the statutory storage period and then deleted.


TRANSFER TO THIRD PARTY COUNTRIES

With regard to data transfer, the service provider Microsoft makes assurances that stored data is kept up until the end of 2022 mostly and after that exclusively in Europe, primarily in Germany. During transmission over the internet data is fundamentally not subject to geographical restrictions and is therefore partially moved and processed globally. For any third party country transfer the data protection regulations are met by additional guarantees and standard contractual clauses.


REVOCATION RIGHT UNDER ART. 21 GDPR

As a registered user or invited guest for a special web conference or telephone call, you have the option for reasons arising from your personal situation at any time to cancel the registration as an internal person through IT and as an external person through your SaarLB contact. In addition, you can have the data that is stored about you modified at any time if it is incorrect. Reference is made to Section 3 (REVOCATION OF YOUR CONSENT TO DATA PROCESSING) of this data privacy policy with regard to revocation.
If you revoke it is no longer possible to participate in telephone calls, telephone conferences, webinars or web conferences via the tool used.

Our SaarLB Vis-à-Vis customer portal is provided to interested loan customers as a medium for tracking the status of their project, e.g. a loan application, on a daily basis and electronically uploading the documents required by SaarLB.

REGISTERING AND LOGGING INTO A USER ACCOUNT

After receiving your consent as a customer, our advisers create a customer account. When logging onto our platform for the first time, we obtain consent under Art. 6 Para. 1 lit. a GDPR to process and store your user activities along with your user ID using the informed entry of your user name and password. Your consent is provided voluntarily.

As soon as other people from the company are to use the portal, they must also be created and registered: In order to use our portal and access our services and content, customers must stipulate people from their business who act as users and register as users of the customer portal by providing personal data. The registration takes place using consent to the data processing under Art. 6 Para. 1 lit. a GDPR which was issued based on informed registration after being made aware of the usage terms and data protection information in the registration request email on the website’s registration page.

As part of the registration process, the bank customer advisor acting as a database administrator states the following personal data of the customer’s user as compulsory fields in an entry mask:

• Personal data: User’s first and last name
• Communication data: Email, telephone

As a registered user of our platform you have the opportunity to have the customer adviser cancel the registration at any time. In addition, you can have the data that is stored about you modified at any time. Reference is made to Section 3 (REVOCATION OF YOUR CONSENT TO DATA PROCESSING) of this data privacy policy with regard to revocation.

WHEN USING THE PLATFORM AS A CUSTOMER’S REGISTERED USER

Each time a page on the platform is accessed and a file is called up, general data on this process is automatically saved in a log file with the pseudonym user ID. This covers:

• Activities on the platform (incl. creating and modifying the data related to the process, or downloading and uploading documents)
• Name of the file called up
• Date and time of the call-up
• The transferred data quantity
• Notification of whether the call-off was successful
• Description of the type of web browser used
• The operating system used

Purpose of data processing:

• Developing and optimising the platform
• Creating (aggregated) statistics that cannot be traced to individual people
• Documents on actions and activities relating to transactions aimed at arranging contracts between SaarLB and the customer
• if permitted by law and necessary: detection and prevention of abuse and faults.

We use some terms in this data protection policy that are also used by the legislator, in particular in the European General Data Protection Regulation (GDPR). As it is important to us that you can understand this data protection policy, we explain below some of the important terms in alphabetical order:

Contract processor: This is a natural person or legal entity, authority, institution or other organisation that processes personal data on behalf of the responsible party.

Affected person: This is each identified or identifiable natural person whose personal data will be processed by the party responsible for processing data.

Browser: This is a program that displays websites, for example Mozilla Firefox or Google Chrome.

Cookies: These are small text files that contain a characteristic series of characters (cookie ID) and are stored via an internet browser on your device (e.g. smartphone or computer) if you do not prevent this by technical means. Cookies enable visited websites and services to differentiate your individual browser from others. A particular internet browser can therefore be recognised and identified via the unique cookie ID. It is therefore possible to facilitate the use of our website as you only have to enter certain data once for example. If possible, we use cookies that are deleted again when you close your browser (so-called session cookies). We also use cookies that are stored on your computer for a longer period of time (so-called persistent cookies). In addition to the option to configure your browser such that it does not accept cookies, you can delete cookies already set at any time via an internet browser or other programs. Please note however that not using cookies may result in not all functions being fully usable on our website or services.

Third parties: A third party is a natural person or legal entity, authority, institution or other organisation (not including the affected person), the responsible party, the processor and persons under the direct supervision of the person in charge or the processor, who is authorized to process the personal data.

Restricting the processing: This is marking stored personal data such that its future processing (for example with a view to particular processing purposes) is restricted.

Declaration of consent: This is any declaration of intention in the form of a declaration or other clear confirmation of treatment voluntarily issued by the person concerned in an informed and unmistakable manner for the specific situation in which the person concerned makes clear that he/she consents to have his/her relevant personal data processed.

Recipient: This is a natural person or legal entity, authority, institution or other organisation to whom the personal data is disclosed, regardless of whether it is a third party or not.
IP address: This is an address assigned to your device (e.g. smartphone or computer) on the internet, so that your device can be addressed and is reachable there.

Personal data: This is all information that relates to an identified natural person or one that can be identified (hereinafter referred to as the “affected person”). A person is considered to be identifiable if they can be identified directly or indirectly in particular by assignment of an identifier such as a name, code number, location data, online code or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

Processing: This is any procedure executed with or without the assistance of automated processes or any series of procedures performed in conjunction with personal data, such as collecting, recording, organising, filing, saving, adapting or changing, exporting, querying, using, disclosing personal data by transmitting, distributing or any other form of provision, comparing or linking, restricting, deleting or destroying said data.

Responsible entity or person responsible for processing: This is the natural person or legal entity, authority, institution or other organisation that, alone or together with others, makes decisions regarding the purposes and means of processing personal data.

The data protection policy is currently valid and is dated 24/05/2018. It may be necessary to modify this data protection policy if our website develops or as a result of implementing new technologies. We reserve the right to undertake appropriate changes.

Downloads

Die deutsch-französische Regionalbank

La banque régionale franco-allemande

error:

Ihr Ansprechpartner

Philipp Werthmüller

Communication & Media
Phone: +49 681 383-1264
philipp.werthmueller@saarlb.de