Privacy policy

I. Name and address of the controller

Responsible for the collection, processing and use of your personal data within the meaning of the EU- General Data Protection Regulation is the:

msg for banking ag

Amelia-Mary-Earhart-Straße 14 | 60549 Frankfurt a. M., Germany

Phone: +49 69 580 045 – 0

E-mail: info-banking@msg.group

If you wish to object to the collection, processing and use of your data by msg for banking ag in accordance with these data protection provisions as a whole or for individual measures, you can send your objection by e-mail or letter to the above address

II. Name and address of the data protection officer

The data protection officer of the controller is

Claus Bauer

msg for banking ag

Robert-​ Bürkle-Straße 1, 85737 Ismaning, Germany

E-mail: datenschutz-banking@msg.group

III. General information on data processing

Why we use data

Our offers should be constantly improved and made more attractive. Only if we know which parts of our website are visited most frequently and for the longest time can we optimize the content of the msg website to meet your requirements. If you entrust us with personal information, this will only be used by msg for banking ag for the purposes of technical administration of the websites, customer management, product surveys and marketing to the extent necessary in each case. The better we understand your wishes, the faster you will find the information you require on our website.

Information on the collection of personal data

In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior.

If you are asked to provide personal information such as your name, address or telephone number on our website, this is subject to special provisions to which you are referred in the following wording:

“I agree that my personal data (including telephone number and/or e-mail address) may be collected, processed and used for the purpose of contract processing, prospecting, surveys and information”. The transfer to third parties, with the exception of companies of the msg-group, is excluded. I can revoke this consent at any time by contacting msg for banking ag, 60549 Frankfurt am Main, Germany.”

We use this data exclusively for the above-mentioned purposes. It will not be passed on to third parties outside msg for banking ag. The companies of the msg-​ group are an exception to this rule.

In addition to the data you provide us with, we use information in the way you use our website to guide you as quickly as possible to the information that may be of interest to you and to constantly optimize our website.

HTTPS encryption

We use HTTPS (the Hypertext Transfer Protocol Secure stands for “secure hypertext transfer protocol”) to transmit data tap-proof on the Internet.
All your data is secured and encrypted during the entire transmission from our website to our web server.
We have thus introduced an additional layer of security and comply with data protection by design (Article 25(1) GDPR).
By using TLS (Transport Layer Security), an encryption protocol for secure data transmission on the Internet, we can ensure the protection of confidential data.
You can recognize the use of this data transmission security by the small lock symbol at the top left of the browser, to the left of the Internet address (e.g. examplepage.com) and the use of the https scheme (instead of http) as part of our Internet address.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU-​ General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

Data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

IV. Provision of the website

Hosting

This website is hosted by Mittwald. The provider is Mittwald CM Service GmbH & Co,
Königsberger Straße 4-6, 32339 Espelkamp (hereinafter referred to as Mittwald).
Details of Mittwald’s privacy policy can be found at: https://www.mittwald.de/datenschutz.

The use of Mittwald is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Order processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Collection of personal data when visiting our website

When you visit our website, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect data that is technically necessary for us to display our website to you and to ensure stability and security. The following data is collected here:

• IP-​ address of the user
• Date and time of the request
• Content of the request (specific page)
• Amount of data transferred in each case
• Website from which the request comes
• Information about the browser type
• Operating system of the user
• Language and version of the browser software
• Websites from which the user’s system accesses our website
• Websites that are accessed by the user’s system via our website

This data is also stored in the log files of our system. This data is not stored together with other personal data.

Legal basis for data processing

The legal basis for the temporary storage of data and log files and the use of Mittwald as a hosting service provider is Art. 6 para. 1 lit. f GDPR.

Purpose of the processing

Temporary storage of the IP​ address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP​ address must be stored for the duration of the session. The IP​ addresses are required for problem diagnosis, website​ administration and demographic information.

The logged data is used exclusively for data security purposes, in particular to defend against attempted attacks on our web server and for statistical evaluations.

Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

If the data is stored in log files, this is the case after seven (7) days at the latest. Storage beyond this period is possible. In this case, the IP​ addresses of the users are deleted or distorted so that it is no longer possible to identify the accessing client.

Objection​ and removal option

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

V. Use of cookies

Description and scope of data collection

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. Cookies cannot execute programs or transfer viruses to your computer.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f GDPR.

Duration of storage

Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser.

Possibility of objection and removal

Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent. You can also use our cookie management tool to manage your consent at any time.

Cookie management tool

We use Borlabs Cookie as a cookie management tool on our website. We use this tool to store your cookie consent and you can edit your consent to individual cookies yourself at any time. The service provider is the German company Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany. You can find out more about the data processed through the use of Borlabs Cookie in the Privacy Policy at https://de.borlabs.io/datenschutz/.

VI. User registration for the closed member area on Banking.Vision

https://banking.vision.prod.msg.blank-studio.de/en/register/

Description and scope of data collection:

On our website, we offer users the opportunity to register without a password by providing personal data (e.g. for exclusive content, to register for events at and much more). The data is entered into an input mask and transmitted to us in encrypted form and stored. The data will not be passed on to third parties outside the group of companies. The following data is collected as part of the registration process:
– Salutation (mandatory field)
– First name (mandatory field)
– Surname (mandatory field)
– Company (mandatory field)
– E-mail (mandatory field)
As part of the registration process, the user’s consent to the processing of this data is obtained.

Legal basis for data processing:

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.

Purpose of processing/disclosure/legal basis:

Your registration is required to use certain content on our website. By entering your data, you agree to the use of your data in all companies in our group of companies. All the data you enter will be stored in our CRM system and marketing automation tools. The stored data will only be made available to employees of the msg group. Your data will be used to inform you about our products and services and, if necessary, to ask you about them. Of course, registration is voluntary. If you do not agree to this, you can revoke your consent and the processing of your data at any time and unsubscribe by e-mail. Inactive user accounts – accounts that the user has not logged into for one year – are removed from our CRM system and marketing automation tools.

Duration of storage:

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process if the registration on our website is canceled or modified.

Possibility of objection and removal:

As a user, you have the option of canceling your registration at any time. You can change the data stored about you at any time. Please contact the marketing department of msg for banking ag by e-mail at marketing-banking@msg.group

VII. Mail dispatch

To manage our email traffic (e.g. transactional emails for Banking.Vision and all other emails from our marketing automation tools), we use the “Amazon Simple Email Service” from the technical service provider Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, USA (“Amazon SES”). Amazon SES is responsible as a platform for organizing, sending and receiving emails and enables the connection to various email service providers and email clients.
When sending newsletters using Amazon SES, your registration data and profile data (e.g. e-mail address or, if applicable, name data for salutation purposes…) are first transmitted to Amazon Web Services servers and then forwarded to the actual mail client for the purpose of sending.
The server locations of Amazon Web Services are located within the EU (Dublin, Frankfurt, Paris, etc.). It is not possible for us to check and therefore cannot be ruled out that data may be transferred to Amazon Web Services, Inc. in the USA in individual cases.

Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the data collected during the registration process if the registration on our website is canceled or modified.

Legal basis for data processing

The use of Amazon SES is our legitimate interest in the best possible technical organization and handling of our e-mail traffic as well as the optimization of the provision of content and deliverability in accordance with Art. 6 para. 1 lit. f GDPR.

Order data processing

We have concluded an order processing agreement with Amazon SES (“Data Processing Addendum”, available at https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf), in which we oblige Amazon SES to protect the data collected from our customers and not to pass it on to third parties under any circumstances.
You can view the data protection provisions of Amazon Web Services, Inc. here: https://www.amazon.de/-/en/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJ

VIII. Marketing automation tool

HubSpot

This website uses the services of HubSpot, a software-based marketing service provided by HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

The parent company is HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA.

HubSpot serves as our customer relationship management (CRM) and marketing tool for managing and optimising communication with our website visitors and customers.

With the help of Hubspot, various customer service and customer management services can be digitally synchronised and processed via a central user interface. HubSpot enables lead generation, centralised email and newsletter marketing, contact management in the form of user segmentation and CRM, and the management of contact forms.

To perform its various functions, HubSpot uses cookies, which are small text files that are stored locally in the cache of your web browser on your device and enable us to analyse your use of the website. The cookies collect certain information such as your IP address, location, time of page view, etc. Information collected by HubSpot is stored on HubSpot’s servers and evaluated on our behalf.

To the extent required by law, we have obtained your consent to the processing of your data as described above in accordance with Art. 6 (1) lit. a GDPR in conjunction with § 25 TDDDG.

You can revoke your consent at any time with future effect. To exercise your right of revocation, please deactivate this service in the ‘Cookie Consent Tool’ provided on the website.

We have no influence over some topics and cookies that HubSpot sets (due to the use of the contact form, for example).

We base this processing on legitimate interest (Art. 6 para. 1 lit. f GDPR). Our legitimate interest here lies in providing the relevant services, e.g. for establishing contact and ensuring efficient customer communication.

Data may be transferred to a third country (in this case the USA) or an international organisation. Since July 2023, an adequacy decision by the EU Commission (Data Privacy Framework) has been in place, which recognises the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as a basis for data transfers to certified organisations in the USA. According to the list of certified companies published by the US Department of Commerce, Hubspot Inc. is listed as a certified company.

We have entered into a data processing agreement with HubSpot, which obliges HubSpot to protect our customers’ data and not to pass it on to third parties.

Further information about Hubspot’s privacy policy can be found at the following Internet address: https://legal.hubspot.com/privacy-policy

VIIII Newsletter

You have the option of subscribing to our newsletter on our website. Your e-mail address, title, first name, surname and company are required for registration. In addition, you can provide further information – such as department or job title – on a voluntary basis.

Registration for the newsletter takes place according to the so-called double opt-in procedure. After entering your data, we will send you an e-mail to your e-mail address asking you to confirm your registration for the newsletter. Only when you confirm your registration by clicking on a corresponding link will you be added to our mailing list and receive our newsletter from this point on. If you do not confirm your registration within 48 hours, we will block your information and delete it after one month.

When you register, we store the IP address you used, the time of registration and the time of confirmation of registration. This is done on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR and pursues the purpose of being able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

If you confirm your registration for the newsletter, we will store your data in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR in order to be able to send you our newsletter.

You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to marketing-banking@msg.group or by sending a message to the contact details given in the imprint.

We would like to point out that we evaluate your user behavior in a personalized manner when sending the newsletter in order to constantly optimize and improve our newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels. These are small one-pixel files with a user ID. This allows us to record when you read our newsletters, which links you click on in them and deduce your personal interests. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests.

The processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f) GDPR and serves to improve our services.

You can prevent tracking if you have deactivated the display of images in your e-mail program by default. In this case, the newsletter will not be displayed in full and you may not be able to use all the features. If you click on a link contained in the newsletter despite deactivating the image view, your click behavior will be recorded. If you display the images manually, the above-mentioned tracking will take place.

HubSpot Ireland Limited
HubSpot House
1 Sir John Rogerson’s Quay
Dublin 2
Ireland

X. Analysis tools

Matomo

This website uses the open source web analysis service Matomo. Matomo uses technologies that enable the cross-page recognition of the user to analyze user behavior (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymized before it is stored.

With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).

Legal basis for data processing:

The use of this analysis tool is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time via our cookie management tool.
We use IP anonymization for the analysis with Matomo. Your IP address is shortened before the analysis so that it can no longer be clearly assigned to you.

Order processing

We host Matomo with the following third-party provider:
Mittwald CM Service GmbH & Co KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract prescribed by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Google Analytics 4

Description of the service

This service allows users to measure traffic and engagement on their websites and mobile apps using customizable reports.

Processing company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data protection officer of the processing company

Below you will find the e-mail address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Purpose of the data

This list shows the purposes of data collection and processing.

• Marketing
• Analysis

Technologies used

This list contains all technologies with which this service collects data. Typical technologies are cookies and pixels that are placed in the browser.

• Tracking code
• Cookies

Collected data

This list contains all (personal) data collected by or through the use of this service.

• Device information
• Geographical location
• Browser information
• Device operating system
• Screen resolution
• Referrer URL
• Interaction data
• Date and time of the visit
• User behavior
• Visited pages
• Online identifiers
• Shortened IP address
• User ID
• Advertising identifier

Legal basis

The required legal basis for the processing of data is set out below

• Art. 6 para. 1 sentence 1 lit. a GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

European Union

Storage period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The customer can choose how long Google Analytics stores data. The maximum retention period is 14 months.

Transfer to third countries

When using this service, the data collected may be transferred to another country. Please note that in the context of this service, the data may be transferred to a country that does not have the necessary data protection standards. Below you will find a list of the countries to which the data is transferred. For further information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

• United States of America
• Singapore
• Taiwan
• Chile

Data recipient

The recipients of the data collected are listed below.

• Alphabet Inc., Google LLC, Google Ireland Limited

Click here to read the data processor’s privacy policy.

https://policies.google.com/privacy?hl=en

Click here to read the data processor’s cookie policy.

https://policies.google.com/technologies/cookies?hl=en

Click here to revoke on all domains of the processing company.

https://tools.google.com/dlpage/gaoptout?hl=de

Memory information

• Maximum limit for the storage of cookies: 2 years

Stored information

• Name: Google; Used to distinguish users; Type: cookie; Duration: 2 years;
• Name: Google; Used to maintain the session state; Type: cookie; Duration: 2 years;

LinkedIn Insight Tag

Description of the service

This is a conversion tracking and retargeting service.

Processing company

LinkedIn Ireland Unlimited Company

Wilton Place, Dublin 2, Ireland

Data protection officer of the processing company

Below you will find the e-mail address of the data protection officer of the processing company.

https://www.linkedin.com/help/linkedin/ask/TSO-DPO

Purpose of the data

This list shows the purposes of data collection and processing.

Marketing

Retargeting

Analysis

Technologies used

This list contains all technologies with which this service collects data. Typical technologies are cookies and pixels that are placed in the browser.

Cookies

Pixel

Collected data

This list contains all (personal) data collected by or through the use of this service.

Device information

IP address

Referrer URL

Timestamp

Browser information

Legal basis

The required legal basis for the processing of data is set out below

Art. 6 para. 1 sentence 1 lit. a GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

Singapore, European Union, United States of America

Storage period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data will be deleted after 90 days.

Transfer to third countries

When using this service, the data collected may be transferred to another country. Please note that in the context of this service, the data may be transferred to a country that does not have the necessary data protection standards. Below you will find a list of the countries to which the data is transferred. For further information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

Singapore

United States of America

Data recipient

The recipients of the data collected are listed below.

LinkedIn Ireland Unlimited Company

Click here to read the data processor’s privacy policy.

https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com

Click here to read the data processor’s cookie policy.

https://www.linkedin.com/legal/cookie_policy?src=li-other&veh=www.linkedin.com

Click here to revoke on all domains of the processing company.

https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com

Memory information

Below you can see the longest potential storage duration on a device set when using the cookie storage method and when using other methods.

Maximum limit for the storage of cookies: 6 months

Non-cookie storage: no

XI. Google Tag Manager

Description of the service

This is a tag management system. The Google Tag Manager allows tags to be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes from other tools are integrated via the Google Tag Manager. The Tag Manager makes it possible to control when a specific tag is triggered.

Processing company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data protection officer of the processing company

Below you will find the e-mail address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Purpose of the data

This list shows the purposes of data collection and processing.

• Tag management

Technologies used

This list contains all technologies with which this service collects data. Typical technologies are cookies and pixels that are placed in the browser.

• Website tags

Collected data

This list contains all (personal) data collected by or through the use of this service.

• Aggregated data on tag triggering

Legal basis

The required legal basis for the processing of data is set out below

• Art. 6 para. 1 sentence 1 lit. a GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

European Union

Storage period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data will be deleted as soon as it is no longer required for the purposes of processing.

Transfer to third countries

When using this service, the data collected may be transferred to another country. Please note that in the context of this service, the data may be transferred to a country that does not have the necessary data protection standards. Below you will find a list of the countries to which the data is transferred. For further information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

• Singapore
• Taiwan
• Chile
• United States of America

Data recipient

The recipients of the data collected are listed below.

• Alphabet Inc., Google LLC, Google Ireland Limited

Click here to read the data processor’s privacy policy.

https://policies.google.com/privacy?hl=de

Click here to read the data processor’s cookie policy.

https://policies.google.com/technologies/cookies?hl=de

XII. Social plugins (Facebook, LinkedIn, XING, YouTube)

So-called “social plugins” are used on our website. These are currently the plugins of the Facebook, LinkedIn, Xing and YouTube services. These plugins can be used to send data, including personal data, to service providers in the USA and may be used by them.
Shariff protection tools
The website itself does not collect any personal data via the social plugins or through their use. To prevent data from being transferred to service providers, including in the USA, without the user’s knowledge, msg uses the so-called Shariff solution. This solution ensures that no personal data is initially passed on to the providers of the individual social plugins when you visit our website. Only when you click on one of the social plugins can the data be transferred to the service provider and stored there. You can find more information about the Shariff solution on the website of the provider, Heise Medien Gmbh & Co KG: http://m.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

Privacy policy for the use of Facebook plugins

Plugins of the social network Facebook, provider Facebook Inc, 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our site. You can find an overview of the Facebook plugins here: http://developers.facebook.com/docs/plugins/. When you visit our pages, a direct connection is established between your browser and the Facebook server via the plugin. Facebook receives the information that you have visited our site with your IP address. If you click on the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Facebook. Further information on this can be found in Facebook’s privacy policy at
http://de-de.facebook.com/policy.php. If you do not want Facebook to be able to associate your visit to our pages with your Facebook user account, please log out of your Facebook user account.

Privacy policy for the use of LinkedIn

Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.
Further information on this can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy

Privacy policy for the use of XING

Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing XING functions is accessed, a connection to XING servers is established. As far as we are aware, no personal data is stored in the process. In particular, no IP addresses are stored or usage behavior evaluated. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Further information on data protection and the XING share button can be found in XING’s privacy policy at https://www.xing.com/app/share?op=data_protection

Privacy policy for the use of Google Maps

This site uses the map service Google Maps via an API. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
You can find more information on the handling of user data in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/

Privacy policy for the use of YouTube

We embed YouTube videos on some of our websites. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plug-in, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account at , you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. When a YouTube video is started, the provider uses cookies that collect information about user behavior. If you have deactivated the storage of cookies for the Google Ad program, you will not have to expect any such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser. The use of YouTube is in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.
Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy

XIII. Where will my data be processed?

We maintain publicly accessible profiles in social networks in order to get in touch with users, interested parties and customers active there and to be able to inform them about our services.
In the case of social networks such as Facebook, user data may be processed outside the European Union in third countries such as the USA. This can make it more difficult for users to enforce their rights. We endeavor to only integrate social networks that comply with EU data protection standards. And document this through their privacy policies and/or standard data protection clauses (SDC).
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. The data is generally used for market research and advertising purposes. In this way, personalized advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices and platforms on which you are logged in or have been logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a, Art. 7 GDPR).

Responsible party and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook). Please note that, despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the company policy of the respective provider.

Storage duration

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.
We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

– Facebook, pages, groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of an agreement on joint processing of personal data
Privacy policy: https://www.facebook.com/about/privacy
Opt- Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
– Google/YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Privacy policy: https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
– LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
Privacy policy https://www.linkedin.com/legal/privacy-policy
Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
– Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
Privacy policy / Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung

XIV. Where will my data be processed?

Your data will be processed in Germany. To the extent permitted by law, data processing also takes place in other European and non-European countries. A transfer to third countries is not planned.

XV. How secure is my data?

msg for banking ag has taken extensive technical and operational security precautions in accordance with applicable European law to protect your data from unauthorized access and misuse.

XVI. Will my data be passed on to third parties?

Data is not passed on to third parties, with the exception of companies in the msg group.

XVII. Rights of the data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right to information

You can request information free of charge about the scope, origin and recipients of the stored data as well as the purpose of the storage.

Right to rectification

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete. The controller must make the correction without delay.

Right to erasure

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) You revoke your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) The personal data concerning you has been processed unlawfully.
(5) The deletion of personal data concerning you is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) The personal data concerning you have been collected in relation to the offer of information society services referred to in Art. 8 (1) GDPR.

Right to data portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format.

Right of objection

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with the supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Legal notice:
This privacy policy has been automatically translated from German into English. In the event of any discrepancies or misunderstandings between the German and English versions, the German version shall prevail and be legally binding.