Log in
Open a term deposit account

Privacy policy

Table of contents

Status: 17/08/2023

 

Herewith we inform you about the processing of your personal data in accordance with Article 13 and 14 of the General Data Protection Regulation (GDPR) as well as about the rights you have under data protection and privacy law. The content and extent of data processing depend on the products and services you have requested or agreed upon with us
1. who is responsible for the data processing?

VakifBank International AG
Branch Office Germany
Alter Markt 54
50667 Köln

Phone: +49-221-280 64 67 – 0

Fax: +49-221-258 94 28
E-mail: infokoeln@vakifbank.de

The Branch Office of VakifBank International AG in Germany has nominated a Data Protection Officer (“DPO”) who is available to answer questions about the processing of your personal data. The DPO can be contacted via e-mail at datenschutz@vakifbank.at

 

2. What data do we processed and where do these data come from?
Data processing in the context of account opening and account management  
  • - Name and title
  • - Address and second address
  • - Date and place of birth
  • - Nationality
  • - E-mail address
  • - Phone number
  • - Residency (currency status)
  • - Profession
  • - Identification data (e.g. ID card data)
  • - Authentication data (e.g., specimen signature)
  • - Information on your financial status
  • - Documentation data (e.g. counselling protocols)
  • - Register data
  • - Video and phone recordings
  • - Information derived from our communication
  • - Account data (IBAN, BIC, account number, type of account, account balance, turnover or order data)
  • - Customer number
Data processing in the context of self-disclosure regarding tax residency (CRS, FACTA)  
  • - Name and title
  • - Address
  • - Date, place and country of birth
  • - Information whether the person is a U.S. person
  • - Information on tax residency (country, tax ID or justification for its absence)
Data processing in the context of Know Your Customer Questionnaire
 
  • - Name and title
  • - Address
  • - Date and place of birth
  • - Nationality
  • - E-mail address
  • - Phone number
  • - Residency (currency status)
  • - Employer (company, address)
  • - Profession
  • - Information on the background of the business relationship or domestic reference
  • -Information on the origin of the current/future assets
  • - Information and documents as proof of income/assets
  • - Information on the intended use of the assets
  • - Information on whether the account holder is a politically exposed person (PEP) and description of exposure
  • - Account data (passbook name, account number, account type, term, interest rate, control number, password, account balance or account status, transactions or order data)
  • - Specimen signature (only for legitimised savings book)
  • - Customer number
Data processing in the context of opening and management of time deposit accounts
  • - Name and title
  • - Address
  • - Information on possible US citizenship or tax liability / tax residency
  • - Date and place of birth
  • - Nationality
  • -Profession
  • - Marital status
  • - Phone number
  • - E-mail address
  • - Identification data (e.g. ID card data)
  • -Video and phone recordings of the video-identification
  • - Account data (account number, type of account, account balance or account balance, reference account, transactions or transfer transactions including related information)
  • - Type and origin of the funds
Data processing in the context of video-identification before opening a time deposit account
To make it easier for you to open a transfer account, we offer an online video-identification for the required identification. The video identification is conducted on our behalf and exclusively for our purposes by CRIF GmbH and WebID Solutions GmbH, who are obliged to comply with all applicable data protection regulations. We provide your personal data (name, date of birth, address, e-mail address, phone number and your preferred language). In the video-identification WebID employees take photos of you and your identification document (passport, ID card, driving license) via your camera. These are transmitted to us for identification and account opening.
Data processing in the context of guarantee facility agreements
  • - Name and title of the borrower and guarantor
  • - Account number
  • - Customer number
  • - Credit data (guarantee facility, term, processing fee, liability commission, expense reimbursement, debit interest, default interest)
  • - Pledge agreement for savings deposits: pledgee, passbook number, account number, account holder, password, legitimised person
  • - Pledge agreement life insurance: pledgee, life insurance policy, policyholder
  • - Mortgage: debtor

We process personal data you disclose to us as well as data we obtained from registers of debtors, land registers, the commercial register and register of associations, press, media, and the internet. If necessary for the provision of our services, we process personal data that we have received from third parties (e.g., SCHUFA, German Federal Central Tax Office) in a permissible manner (e.g., for the execution of orders, for the fulfilment of contracts or based on your consent).
3. For which purposes and on what legal basis are my data processed?
Data processing in the context of guarantee facility agreements
This data processing serves to fulfil the contract in the context of the business relationship for the provision of banking transactions and financial services with you as a customer (Art. 6 para. 1 lit. B GDPR) and to comply with the bank's legal obligations (Art. 6 para. 1 lit. c GDPR), such as reporting certain suspicious cases to the Money Laundering Reporting Office (Section 43 GwG), creditworthiness checks, identity and age checks, the fulfilment of tax control and reporting obligations and the assessment and management of risks in the bank and in the Group.
  • - Consultation of and data exchange with credit agencies (e.g. SCHUFA) to determine creditworthiness or default risks and the need for a seizure protection account or basic account,
  • - Assertion of legal claims and defence in legal disputes
  • - Risk management in the group of companies and the Group
  • - Prevention and investigation of criminal offences through video surveillance and collection of evidence
  • - Proof of withdrawals and deposits, e.g. at ATMs
  • - Measures for building and system security (e.g. access controls)
  • - Measures to safeguard domiciliary rights
  • - Measures to prevent and combat fraud (Fraud Transaction Monitoring)


If you have given us your consent (Art. 6 para. 1 lit. a GDPR) to process your data (e.g. for marketing activities or the setting of technically unnecessary cookies on our website), processing will only take place in accordance with and within the scope of the purposes specified in the consent. Any consent given can be revoked at any time free of charge with effect for the future. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018.
4. is there automated decision-making including profiling?
We do not use automated decision-making mechanisms as per Article 22 GDPR for deciding on whether to enter into a business relationship or the pertaining provision of services. Before applying such procedures in individual cases and as required by law, we will inform you about this separately.

Due to legal and regulatory requirements, we are obliged to combat money laundering, terrorist financing and criminal offences that endanger assets. In the process, data analyses (including payment transactions) are conducted. These measures protect you as well. We use scoring to assess your creditworthiness. It calculates the probability that a customer will meet his or her payment obligations in accordance with the contract. The calculation may include inter alia income, expenses, existing liabilities, occupation, employer, length of employment, experience from previous business relationships, repayment of previous loans in accordance with the contract as well as information from credit agencies. The scoring is based on a mathematically-statistically accepted and proven procedure. The calculated score values support us in our decision-making of product transactions and are included in the ongoing risk management.
5. Who receives my data?
Within VakifBank International AG only those units and employees have access to your data that need it to fulfill contractual, legal, and regulatory obligations. Moreover, commissioned processors will receive your data if needed to provide their services. These are companies that offer credit services, IT services, logistics, printing services, telecommunication services and debt collection. All processors are under the obligation to maintain banking secrecy about all facts of which they become aware, must treat those data confidential and shall only process your data within the scope of the provision of services. Within the VakifBank Group data may be transferred for administrative reasons, for risk management due to legal or regulatory obligations or because the processing of customer data is necessary.

If you open a time deposit account online, we forward your personal data to CRIF GmbH as our processor to perform video-identification. CRIF GmbH forwards to us the results and all the data you disclose.

According to the General Terms and Conditions agreed between us, we are obliged to maintain secrecy about all customer-related facts and evaluations of which we become aware (banking secrecy). We may only pass on information about you if it is required by law, if you have consented or if we are authorized to provide banking information. Under these conditions, recipients of personal data may be:




  • - Public authorities and institutions (e.g., Deutsche Bundesbank, BAFIN, financial authorities) if there is a legal obligation.
  • - Other credit and financial services institutions or comparable institutions to which we transmit personal data to carry out the business relationship with you.
  • - Other data recipients such as bodies for which you have given us your consent to transfer data to or for which you have released us from banking secrecy in accordance with your consent.
  • A data transfer to third countries outside of the EU / EEA only takes place if
  • - it is necessary to execute your orders (e.g., payment orders),
  • - it is required by law (e.g., reporting obligations under tax law),
  • - you gave us your consent to do so, or
  • - it is necessary in the context of a Data Processing Agreement.


Where a data transfer to third countries takes place and no adequacy decision of the European Commission as per Article 45 GDPR exists for the respective third country, such data transfer is based on appropriate safeguards as per Article 46 GDPR, such as standard contractual clauses (SCC) of the European Commission.
6. For how long will my data be stored?

If necessary, we store your personal data for the duration of the entire business relationship (from pre- contractual first contacts to contract execution and contract termination). We store your data beyond the end of our business relationship to fulfill legal retention or documentation requirements based on the German Commercial Code (HGB), the German Tax Code (AO), the German Banking Act (KWG), and the Money Laundering Act (GwG). The storage periods specified there are 2 to 10 years. Additionally, the statutory periods of limitation as per Sec. 195 ff of the German Civil Code (BGB), which in certain cases can be up to 30 years (whereby the general limitation period is 3 years), must be considered for the storage period in the context of preserving evidence.

7. What data protection rights do I have?
The GDPR grants data subjects the following rights:

In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of

The data subject shall have the right to obtain from us confirmation as to whether or not personal data concerning him or her are being processed, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification, erasure, restriction of processing or objection, the existence of the right to lodge a complaint, the source of the personal data if they were not collected by us, whether they will be transferred to a third country or to an international organisation, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about the details thereof.

In accordance with Art. 16 DSGVO, you can immediately request the correction of incorrect or the completion of your personal data stored by us.

Pursuant to Art. 17 DSGVO, you may request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.

Pursuant to Article 18 of the GDPR, you may request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, we no longer need the data and you object to their deletion because you need them to assert, exercise or defend legal claims. You also have the right under Art. 18 DSGVO if you have objected to the processing in accordance with Art. 21 DSGVO.

Pursuant to Art. 20 DSGVO, you may request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or you may request that it be transferred to another controller.

In accordance with Art. 7 para. 3 GDPR, you can revoke your consent to us at any time. As a result, we are no longer permitted to continue the data processing based on this consent in the future. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before 25 May 2018.

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent data protection supervisory authority (State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, P.O. Box 20 04 44, 40102 Düsseldorf, Tel.: 0211/38424-0, Fax: 0211/38424-999, e-mail: poststelle@ldi.nrw.de).
8. Am I obliged to provide data?
Within the scope of our business relationship, you must provide those personal data that are necessary for the establishment and execution of a business relationship and the fulfilment of the associated contractual obligations or which we are legally obliged to collect. Without this data, we will usually have to refuse the conclusion of the contract or the execution of the order or will no longer be able to perform an existing contract and may have to terminate it.

In particular, we are obliged under money laundering regulations to identify you before establishing the business relationship, for example by means of your identity card, and in doing so to verify your

name, place of birth, date of birth, nationality and your residential address. To enable us to fulfil this legal obligation, you must provide us with the necessary information and documents in accordance with Section 10 (6) GwG and notify us immediately of any changes that arise in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship requested by you.
9. information about your right to object on a case-by-case basis in accordance with Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 para. 1 lit. e GDPR (data processing in the public interest) and Art. 6 para. 1 lit. f GDPR (data processing on the basis of a balancing of interests), Contradiction to object. This also applies to profiling based on this provision within the meaning of Art. 4 (4) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. The objection can be made informally and should preferably be addressed to

VakifBank International AG

Branch Office Germany

Data Protection Officer

Alter Markt 54

50667 Köln

Tel: +49-221-280 64 67-0

Fax: +49-221-258 94 28

E-mail: datenschutz@vakifbank.at

10. Amendment of the Privacy Notice
Please note that changes in the legal situation, technical developments as well as changes to our range of services and organisational changes may make it necessary to adapt or update the data protection declaration.

We expressly reserve the right to amend this privacy policy, in particular due to changes in the legal situation or changes to banking processes and products. The current version of the privacy policy will be published on this website, stating the date of amendment.

How can we help you?

infokoeln@vakifbank.de

Write to us!

+49-221-280 64 67-0

Give us a call. You will find our opening hours here.

Email: infokoeln@vakifbank.de

Support: +49 221 280 64 67 0

Address:

VakifBank International AG, Branch Germany

Alter Markt 54

50667 Köln

Address:

VakifBank International AG,

Frankfurt am Main Branch

Mainzer Landstraße 69-71

60329 Frankfurt am Main

VakıfBank @socialmedia

Visit us at:

Linkedin Facebook Instagram

VakıfBank

Private customers

Corporate clients

Other

Legal

Log in
Open a fixed-term deposit account