The following personal data becomes known to Sberbank in the course of the banking relationship:
The legal basis for the collection and processing of personal data depends on the specific context in which we collect it.
In order to execute banking transactions, it is necessary to enter into a contractual relationship with the bank. Personal data is processed within the framework of this contractual relationship for fulfilling all necessary pre-contractual steps, as well as all steps necessary for executing transactions once the contract is in place.
In some cases Sberbank is processing your personal data due to applicable legal obligations and banking regulations we are subject to (e.g. Austrian Banking Act (BWG), Financial Markets Anti-Money Laundering Act (FM-GwG), Tax laws, etc.). These could include identity check and verification, fraud prevention, creditworthiness assessment, etc.
If we have obtained your consent, Sberbank processes your data only to the extent of the consent granted. You can withdraw your consent at any time, in whole or in part, with effect for the future and by the same means via which you granted your consent. Additionally you can unsubscribe from any marketing communications we may (upon your consent) send you, by clicking on the respective link sent to you in the marketing e-mails. The withdrawal of the respective consent does not affect the lawfulness of processing based on consent before its withdrawal.
Furthermore, we may process your data based on legitimate interests of Sberbank or a third party. These legitimate interests include, in particular:
- effective business administration and development;
- improving our processes and practices;
- to ensure compliance with internal guidelines and policies as well as applicable laws and business standards;
- to avoid or mitigate damages to our customers, our employees, us and third parties;
- Measures which allow us to improve and further develop our products and services (especially needs and quality), incl. complaints management, unless you have objected to processing for this purpose under Art. 21 GDPR;
- Measures concerning the security and safety of our customers, our employees, and our property;
- Measures to safeguard and secure Sberbank’s IT environment and operations;
- Legal action;
- Fraud prevention;
Special categories of personal data (or sensitive data)
Special categories of personal data are personal data revealing racial and ethnic origin, political opinions, religious beliefs or philosophical beliefs, or union memberships, or the processing of genetic data, biometric data for the unambiguous identification of a natural person, health or sexual life data; or sexual orientation. Sberbank Europe does not process any special categories of personal data (or sensitive data) for fulfilling the purposes listed above.
Within the Bank only authorized personnel has access to personal data. Sberbank has implemented appropriate technical and organizational measures to ensure the security and protection of your data and to prevent any unauthorized access by third parties. Data can be disclosed to recipients outside of the bank only for fulfilling legal/regulatory obligations or when explicit consent releasing us from banking secrecy under the Austrian Banking Act (§ 38 BWG) has been provided. The recipients to whom Sberbank could disclose personal data can be generally grouped in the following categories:
In case some of the recipients of data are established and operating outside of the EU, Sberbank has ensured appropriated safeguards are in place prior to any disclosure (e.g. via standard contractual clauses, binding corporate rules, or other data processing and data protection agreements). Sberbank is taking all necessary measures to ensure that all data recipients provide an appropriate level of data protection and are in compliance with applicable laws, regulations, business and market standards.
Your personal data will be kept as long as necessary for the fulfilment of the underlying purpose and furthermore as long as legal obligations (e.g. storage and documentation obligations according to the Austrian Federal Fiscal Code (BAO), the Austrian Commercial Code (UGB), Bankwesengesetz (BWG), Finanzmarkt-Geldwäschegesetz (FM-GwG), Wertpapieraufsichtsgesetz (WAG)), applicable limitation periods or other justified interests in retention (e.g. as evidence in ongoing proceedings) exist.
As soon as there are no legitimate purposes for the further storage of personal data, they will either be erased or anonymised. If this is not possible (e.g. because they are stored in backup archives), Sberbank will store your personal data securely and make it inaccessible to further processing until deletion is possible.
When visiting our Website without requesting information or services, we collect the following data:
The information is collected via interaction of our Website with your internet browser (e.g. Internet Explorer, Mozilla Firefox, and Google Chrome). Thereby, small text files ("Cookies") are placed on the used device. This analysis is performed by the Google Analytics service on our behalf.
Sberbank Europe Website uses Google Analytics a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on a computer, to help analyze how users use the Website. The information generated by the cookie about your use of the Website will be transmitted to and stored by Google on servers in the United States. In case IP-anonymization is activated on this Website, your IP address will be truncated within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases, the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP-anonymization is active on this Website. Google will use this information on behalf of the operator of this Website for the purpose of evaluating your use of the Website, compiling reports on Website activity for website operators and providing them other services relating to website activity and internet usage. The IP-address that your Browser conveys within the scope of Google Analytics will not be associated with any other data held by Google.
By clicking on the Ok-Button in the cookie banner, you consent to the processing of data about you by Google in the manner and for the purposes set out above. You may withdraw your consent to the placing of cookies by selecting the appropriate deactivation settings in your browser, however, please note that if you do this, you may not be able to use the full functionality of this Website.
You can also withdraw your consent to the collection of your data generated by the cookie about your use of this Website (including IP address) as well as the processing by Google on our Website with effect for the future by downloading and installing the Browser-Plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
In accordance with the statutory provisions, you have the right to obtain information about your data, their rectification or deletion, restriction of processing or object to processing, data portability and the lodging of a complaint with a supervisory authority.
The data protection authority responsible for Sberbank Europe AG is the Austrian Data Protection Authority.
Tel: +43 1 52 152-0
Data controller within the meaning of the General Data Protection Regulation (GDPR) and the applicable Austrian Data Protection Act is Sberbank Europe AG (hereinafter "we", "our" or "us").
Sberbank Europe AG
1010 Vienna, Austria
Tel: +43 1 22732 0
The Data Protection Officer of Sberbank Europe AG can be contacted via email under:
Sberbank Europe AG
1010 Vienna, Austria
Tel: +43 1 22732 0