Terms and Conditions of Use

Home > Privacy Policy

Data Privacy Policy

The protection of your personal data is of great importance to us. Sberbank Europe handles your personal data responsibly and in compliance with all applicable statutory data protection provisions and banking legislation. Read more about our data processing methods in the following data privacy policy of Sberbank Europe.

Personal data we process

The following personal data becomes known to Sberbank in the course of the banking relationship:

  • the identity (e.g. name, birthdate, etc.), contact and corporate information of the account holder, any trustor and any beneficial owner to the extent indicated in the contractual documentation, any application form in connection therewith and the know-your-customer forms (that is, the customer questionnaire, the know-your-customer documentation form and the supporting documents provided therewith, the PEP (i.e. politically exposed person) statement and the identification of beneficial owner),
  • identification data and authentication data,
  • the fact that there is an account relationship with Sberbank,
  • any financial information, assigned rating or other information on the financial standing of the account holder or any of its affiliates and any transaction-related information that becomes known to Sberbank in the course of the banking relationship, in particular transactions with or routed via Sberbank or as otherwise provided to Sberbank by the customer, as well as any account balance, value and maturity of outstanding claims, available credit lines and collateral which you have provided.
  • data for the fulfilment of statutory and regulatory requirements and obligations
  • data derived from the use of our website (e.g. via cookies)

Purpose and legal basis of the processing of personal data

The legal basis for the collection and processing of personal data depends on the specific context in which we collect it.

  • For the fulfillment of contractual obligations (Art 6 (1) (b) GDPR) and 26 Federal Data Protection Act)

    In order to execute banking transactions, it is necessary to enter into a contractual relationship with the bank. Personal data is processed within the framework of this contractual relationship for fulfilling all necessary pre-contractual steps, as well as all steps necessary for executing transactions once the contract is in place.

  • For the fulfillment of legal obligations (Article 6 (1) (c) GDPR)

    In some cases Sberbank is processing your personal data due to applicable legal obligations and banking regulations we are subject to (e.g. Austrian Banking Act (BWG), Financial Markets Anti-Money Laundering Act (FM-GwG), Tax laws, etc.). These could include identity check and verification, fraud prevention, creditworthiness assessment, etc.

  • On the basis of your consent (Art. 6 (1) (a) GDPR)

    If we have obtained your consent, Sberbank processes your data only to the extent of the consent granted. You can withdraw your consent at any time, in whole or in part, with effect for the future and by the same means via which you granted your consent. Additionally you can unsubscribe from any marketing communications we may (upon your consent) send you, by clicking on the respective link sent to you in the marketing e-mails. The withdrawal of the respective consent does not affect the lawfulness of processing based on consent before its withdrawal.

  • For the protection of legitimate interests (Art 6 (1) (f) GDPR)

    Furthermore, we may process your data based on legitimate interests of Sberbank or a third party. These legitimate interests include, in particular:

    - effective business administration and development;
    - improving our processes and practices;
    - to ensure compliance with internal guidelines and policies as well as applicable laws and business standards;
    - to avoid or mitigate damages to our customers, our employees, us and third parties;
    - Measures which allow us to improve and further develop our products and services (especially needs and quality), incl. complaints management, unless you have objected to processing for this purpose under Art. 21 GDPR;
    - Measures concerning the security and safety of our customers, our employees, and our property;
    - Measures to safeguard and secure Sberbank’s IT environment and operations;
    - Legal action;
    - Fraud prevention;
    - Etc.

Special categories of personal data (or sensitive data)

Special categories of personal data are personal data revealing racial and ethnic origin, political opinions, religious beliefs or philosophical beliefs, or union memberships, or the processing of genetic data, biometric data for the unambiguous identification of a natural person, health or sexual life data; or sexual orientation. Sberbank Europe does not process any special categories of personal data (or sensitive data) for fulfilling the purposes listed above.

Recipients of your personal data:

Within the Bank only authorized personnel has access to personal data. Sberbank has implemented appropriate technical and organizational measures to ensure the security and protection of your data and to prevent any unauthorized access by third parties. Data can be disclosed to recipients outside of the bank only for fulfilling legal/regulatory obligations or when explicit consent releasing us from banking secrecy under the Austrian Banking Act (§ 38 BWG) has been provided. The recipients to whom Sberbank could disclose personal data can be generally grouped in the following categories:

  • Shareholder company
  • Our subsidiary banks
  • Financial institutions, financial companies and financial services providers
  • Society for Worldwide Interbank Financial Telecommunication (S.W.I.F.T.)
  • Insurance companies
  • (Supervisory) authorities
  • Austrian National Bank
  • Ministry of Finance
  • Administrative authorities, courts and public corporations
  • External legal representatives, notaries, tax consultants, auditors and annual auditors
  • Tax authorities
  • Creditor protection associations
  • IT service providers
  • Other service providers and partners
  • Collection agencies for the purpose of debt recovery

In case some of the recipients of data are established and operating outside of the EU, Sberbank has ensured appropriated safeguards are in place prior to any disclosure (e.g. via standard contractual clauses, binding corporate rules, or other data processing and data protection agreements). Sberbank is taking all necessary measures to ensure that all data recipients provide an appropriate level of data protection and are in compliance with applicable laws, regulations, business and market standards.

Term of processing personal data:

Your personal data will be kept as long as necessary for the fulfilment of the underlying purpose and furthermore as long as legal obligations (e.g. storage and documentation obligations according to the Austrian Federal Fiscal Code (BAO), the Austrian Commercial Code (UGB), Bankwesengesetz (BWG), Finanzmarkt-Geldwäschegesetz (FM-GwG), Wertpapieraufsichtsgesetz (WAG)), applicable limitation periods or other justified interests in retention (e.g. as evidence in ongoing proceedings) exist.

As soon as there are no legitimate purposes for the further storage of personal data, they will either be erased or anonymised. If this is not possible (e.g. because they are stored in backup archives), Sberbank will store your personal data securely and make it inaccessible to further processing until deletion is possible.

What personal data does Sberbank Europe collect when visiting our website?

When visiting our Website without requesting information or services, we collect the following data:

  • IP-address,
  • device identification,
  • information which of our Websites you have visited how long and in which order, including date and time, cookie number, products you have looked at or searched for,
  • the entire Uniform Resource Locators (URLs) of the sites you have looked at on our Website, and of the third party site from which you have come to our Website as well as the site you go after you leave our Website,
  • browser type and browser version,
  • operating system und platform.

The information is collected via interaction of our Website with your internet browser (e.g. Internet Explorer, Mozilla Firefox, and Google Chrome). Thereby, small text files ("Cookies") are placed on the used device. This analysis is performed by the Google Analytics service on our behalf.

Web Tracking-data/Google Analytics

Sberbank Europe Website uses Google Analytics a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on a computer, to help analyze how users use the Website. The information generated by the cookie about your use of the Website will be transmitted to and stored by Google on servers in the United States. In case IP-anonymization is activated on this Website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases, the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP-anonymization is active on this Website. Google will use this information on behalf of the operator of this Website for the purpose of evaluating your use of the Website, compiling reports on Website activity for website operators and providing them other services relating to website activity and internet usage. The IP-address that your Browser conveys within the scope of Google Analytics will not be associated with any other data held by Google.

By clicking on the Ok-Button in the cookie banner, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You may withdraw your consent to the placing of cookies by selecting the appropriate deactivation settings in your browser, however, please note that if you do this, you may not be able to use the full functionality of this Website.

You can also withdraw your consent to the collection of your data generated by the cookie about your use of this Website (including IP address) as well as the processing by Google on our Website with effect for the future by downloading and installing the Browser-Plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Further information on Google's and Google Analytics' terms of use and data protection can be found here: http://www.google.com/intl/de/analytics/privacyoverview.html. Sberbank Europe Website uses a special code ('_gat._anonymizeIp') which ensures the collection of your IP address in an anonymized form.

Your rights

In accordance with the statutory provisions, you have the right to obtain information about your data, their rectification or deletion, restriction of processing or object to processing, data portability and the lodging of a complaint with a supervisory authority.

The data protection authority responsible for Sberbank Europe AG is the Austrian Data Protection Authority.

Osterreichische Datenschutzbehorde

Barichgasse 40-42

1030 Wien

Tel: +43 1 52 152-0

Email: dsb@dsb.gv.at

Website: http://www.dsb.gv.at

Responsibilities and contact details

Data Controller

Data controller within the meaning of the General Data Protection Regulation (GDPR) and the applicable Austrian Data Protection Act is Sberbank Europe AG (hereinafter "we", "our" or "us").

Sberbank Europe AG

Schwarzenbergplatz 3

1010 Vienna, Austria

Tel: +43 1 22732 0

Email: office@sberbank.at

Data Protection Officer:

The Data Protection Officer of Sberbank Europe AG can be contacted via email under:

Sberbank Europe AG

Schwarzenbergplatz 3

1010 Vienna, Austria

Tel: +43 1 22732 0

Email: dataprotection@sberbank.at