Information on data protection regarding our data processing in accordance with Articles (Art.) 13, 14 and 21 of the Basic Data Protection Regulation (DSGVO)
We take data protection seriously and hereby inform you about how we process your data and which claims and rights you are entitled to according to the data protection regulations. Valid from 25 May 2018.
1. Body responsible for data processing and contact details
Responsible body in terms of data protection law
Contact details of our data protection officer:
2. Purposes and legal basis up which we process your data
We process personal data in accordance with the provisions of the Basic Data Protection Regulation (DSGVO), the Federal Data Protection Act (BDSG) and other applicable data protection regulations (details below). Which data is processed in detail and how it is used depends largely on the services requested or agreed upon in each case. Further details or additions regarding the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. in the context of the use of our website or our terms and conditions). In addition, this privacy information may be updated from time to time, as you can see on our website www.santanderassetmanagement.de.
2.1 Purposes for fulfilling a contract or pre-contractual measures (Art. 6 para. 1 b DSGVO)
The processing of personal data is carried out to execute our contracts with you and the execution of your orders as well as to carry out measures and activities within the framework of pre-contractual relations, e.g. with interested parties. In particular, the processing thereby serves the provision of financial services, especially in the area of investment and asset management in accordance with your orders and wishes and includes the services, measures and activities necessary for this purpose. This essentially includes contract-related communication with you, the traceability of transactions, orders and other agreements as well as quality control by means of appropriate documentation, goodwill procedures, measures for the control and optimization of business processes as well as for the fulfilment of general duties of care, management and control by affiliated companies (e.g. parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and tax evaluation of operational services, risk management, assertion of legal claims and defence in legal disputes; ensuring IT security (including system or plausibility tests) and general security, including building and plant security, securing and exercising domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of data, preventing and investigating criminal offences; monitoring by supervisory bodies or control authorities (e.g. auditing).
2.2 Purposes within the scope of our own legitimate interests or those of third parties (Art. 6 para. 1 f DSGVO)
Beyond the actual fulfillment of the contract or preliminary contract, we may process your data if necessary to protect our own legitimate interests or those of third parties, in particular for the following purposes:
- Advertising or market and opinion research, provided that you have not objected to the use of your data
- The obtaining of information and data exchange with credit agencies, insofar as this is beyond our economic control risk
- The testing and optimization of procedures for needs analysis;
- The further development of services and products as well as existing systems and processes
- The disclosure of personal data within the scope of due diligence in Company sales negotiations;
- For comparison with European and international anti-terrorist lists, as far as the legal obligations
- The enrichment of our data, including the use or research of publicly available data:
- Statistical evaluations or market analysis
- The assertion of legal claims and defence in legal disputes that are not are directly attributable to the contractual relationship
- Limited storage of the data, if deletion is not possible due to the particular type of storage or only with disproportionately high effort
- The development of scoring systems or automated decision-making processes
- The prevention and clarification of criminal offences, insofar as not exclusively for the purpose of fulfilling legal requirements
- Building and plant security (e.g. through access controls and video surveillance), insofar as this is not possible via general duties of care
- Internal and external investigations, security audits
- The possible listening in or recording of telephone conversations for quality control and training purposes
- Obtaining and maintaining certifications of a private or governmental nature
- Securing and exercising domiciliary rights by taking appropriate measures as well as by video surveillance for the protection of our customers and employees as well as for securing evidence of crimes and their prevention
2.3 Purposes within the scope of your consent(Art. 6 Abs. 1 a DSGVO)
A processing of your personal data for specific purposes (e.g. use of your e-mail address for marketing purposes) can also take place on the basis of your consent. As a rule, you can revoke your consent at any time. This also applies to the revocation of declarations of consent that were issued to us prior to the validity of the DSGVO, i.e. before 25 May 2018. You will be informed separately about the purposes and consequences of revocation or failure to grant consent in the corresponding text of the consent.
As a general rule, the revocation of a consent is only effective for the future. Processing that took place before the revocation is not affected and remains lawful.
2.4 Purposes to meet legal requirements (Art. 6 para. 1 c DSGVO) or in the public interest (Art. 6 para. 1 e DSGVO)
Like everyone who is involved in the business world, we are also subject to a variety of legal obligations. Primarily these are legal requirements (e.g. commercial and tax laws), but also, where applicable, regulatory or other official requirements. The purposes of processing may include identity and age verification, fraud and money laundering prevention, the prevention, combating and clarification of terrorist financing and asset-endangering criminal offences, comparisons with European and international anti-terrorist lists, the fulfilment of tax law control and reporting obligations and the archiving of data for data protection and data security purposes as well as audits by tax and other authorities. In addition, the disclosure of personal data may become necessary within the scope of official/judicial measures for the purpose of gathering evidence, criminal prosecution or enforcement of civil law claims.
3. The categories of data processed by us, if we do not receive data directly from you, and their origin
Insofar as this is necessary for the provision of our services, we process personal data permissibly received from other companies or other third parties (e.g. credit agencies, address publishers). In addition, we process personal data that we have permissibly taken, received or acquired from publicly accessible sources (such as telephone directories, commercial and association registers, registration registers, debtor registers, land registers, press, Internet and other media) and which may be processed.
Relevant categories of personal data may include in particular:
- Personal data (name, date of birth, place of birth, nationality, marital status, profession/industry and comparable data
- Contact details (address, email address, telephone number and similar data)
- Address data (registration data and comparable data)
- Payment/confirmation of cover for bank and credit cards
- Information about your financial situation (creditworthiness data including scoring, i.e. data for evaluation of the economic risk)
- Customer history
- Data about your use of the telemedia offered by us (e.g. time of the call of our web pages, apps or newsletters, clicked pages/links from us or entries and comparable data)
- Video data
4. Recipients or categories of recipients of your data
Within our company, those internal departments or organizational units receive your data that require it to fulfill our contractual and legal obligations or in the context of processing and implementing our legitimate interests. Your data will only be passed on to external parties in connection with the contract execution;
- In connection with the processing of the contract;
- For the purposes of fulfilling legal requirements according to which we are obliged to provide information, report or pass on data or if the passing on of data is in the public interest (see section 2.4);
- Insofar as external service providers process data on our behalf as contract processors or function providers (e.g. external computer centres, support/maintenance of EDP/IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation or data plausibility checks, data destruction, purchasing/procurement, customer management, lettershops, marketing, media technology, research, risk controlling, accounting, telephony, website management, auditing services, credit institutions, printing houses or companies for data disposal, courier services, logistics);
- On the basis of our legitimate interest or the legitimate interest of the third party for the purposes mentioned in Section 2.2 (e.g. to authorities, credit agencies, collection agencies, lawyers, courts, experts, companies belonging to the Group and committees and supervisory bodies);
- If you have given us your consent to transfer your data to third parties.
5. Duration of the storage of your data
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
In addition, we are subject to various storage and documentation obligations, which result from the German Commercial Code (HGB) and the German Fiscal Code (AO), among others. The periods of retention and documentation stipulated there are up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.
Furthermore, special legal regulations may require a longer period of retention, such as the preservation of evidence within the framework of the statutory limitation regulations. According to §§ 195 ff. of the German Civil Code (BGB), the regular limitation period is three years; however, limitation periods of up to 30 years may also be applicable.
If the data is no longer required for the fulfilment of contractual or legal obligations and rights, it will be regularly deleted, unless - temporary - further processing is necessary to fulfil the purposes listed under item 2.2 out of an overriding legitimate interest. Such an overriding legitimate interest shall also be deemed to exist, for example, if deletion is not possible or only possible with disproportionately high expense due to the particular type of storage and if processing for other purposes by suitable technical and organisational measures is not permitted.
6. Processing of your data in a third country or by an international organisation
Data will be transferred to countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if it is necessary to execute an order/contract from or with you, if it is required by law (e.g. tax reporting obligations), if it is in the scope of our own legitimate interest or that of a third party or if you have given us your consent.
The processing of your data in a third country may also be carried out in connection with the involvement of service providers in the context of order processing. Unless the EU Commission has decided on an adequate level of data protection in the country in question, we will ensure that your rights and freedoms are adequately protected and guaranteed in accordance with EU data protection regulations by means of appropriate agreements. We will provide you with the corresponding detailed information on request.
Information about suitable or appropriate guarantees and about the possibility of obtaining a copy from you can be obtained on request from the company data protection officer.
7. Your data protection rights
Under certain conditions you can assert your data protection rights against us
- Thus, you have the right to receive information from us about your data stored with us according to the rules of Art. 15 DSGVO (if necessary with restrictions according to 34 BDSG).
- Upon your request, we will correct the data stored about you in accordance with Art. 16 DSGVO if it is incorrect or inaccurate.
- If you so wish, we will delete your data in accordance with the principles of Art. 17 DSGVO, provided that other legal regulations (e.g. legal storage obligations or the restrictions according to 35 BDSG) or an overriding interest on our part (e.g. to defend our rights and claims) do not conflict with this.
8. Existence of an automated decision-making process in individual cases (including profiling)
We do not use purely automated decision-making procedures in accordance with Article 22 DSGVO. If we do use such a procedure in individual cases in the future, we will inform you of this separately if this is required by law.
Under certain circumstances, we may process your data partly with the aim of evaluating certain personal aspects (profiling).
In order to provide you with targeted information and advice on products, we may use evaluation tools. These enable us to tailor product design, communication and advertising, including market and opinion research.
Such methods can also be used to assess your creditworthiness and solvency as well as to combat money laundering and fraud. So-called "score values" can be used to assess your creditworthiness and solvency. Scoring involves calculating the probability using mathematical procedures with which a customer will meet his payment obligations in accordance with the contract. Such score values thus support us, for example, in the assessment of creditworthiness, decision-making in the context of product deals and are incorporated into our risk management. The calculation is based on procedures that have been mathematically and statistically recognized and proven procedures and is carried out on the basis of your data, in particular income, expenses, existing liabilities, occupation, employer, length of employment, experience from the previous business relationship, contractual repayment of previous loans and information from credit agencies.
Information on nationality as well as special categories of personal data according to Art. 9 DSGVO are not processed.
We may also process your personal data in order to carry out direct advertising. If you do not wish to receive advertising, you have the right to object to this at any time; this also applies to profiling, insofar as it is connected with such direct advertising. We will continue to respect these wishes in the future.
We will no longer process your data for the purposes of direct advertising if you object to the processing for these purposes.
Santander Asset Management German Branch
1. Visit of our websites
When you visit and use Santander Asset Management's websites, we may learn certain technical information (such as IP address, browser type, operating system, websites visited). We evaluate this information for statistical purposes only.
2. Use of personal data
If you provide us with your personal data, we use it to provide you with our services and personal customer service. Your data is used in particular to answer your inquiries.
4. External Links
This data protection declaration does not extend to external links which are deposited on our web pages. Whenever a link is included, we endeavour to ensure that the third party providers also comply with the provisions of data protection law. However, we have no influence on whether the third party provider continues to comply with the provisions of data protection law. We therefore ask you to inform yourself about the data protection declaration on the websites of the third-party providers.
Updated: 2 April, 2020