Data Privacy Statement and Information

Dear visitors to our website,

The information for our (potential) customers in accordance with Articles 13, 14 and 21 of the European General Data Protection Regulation (GDPR) can be called and printed out here:

Data privacy policy

Additional specific privacy notices:

Consultancy
Provision of information and publications
Events and general networking
Employees and similar individuals
Close relatives of members of the administration board, management board and upper management of LfA Förderbank Bayern

DATA PROTECTION PRINCIPLES FOR THE WEBSITE OF LFA FÖRDERBANK BAYERN

In this document, LfA Förderbank Bayern will inform you about the manner in which it processes personal data when you visit our website, fill out the contact form on our website to communicate with us or use the bank portal. We will also inform you about the rights granted to you by data protection regulations. In addition, this document will provide you with important information regarding actions that occur when you access social media via our website and watch YouTube videos embedded on our website. It also includes information about security measures.

1. Who is responsible for data processing (the controller), and whom can I contact?

The controller pursuant to Article 4 No. 7 of the GDPR is:

LfA Förderbank Bayern
Königinstraße 17
80539 Munich
Telephone: +49 (0)89 / 2124-0
E-mail address: info@lfa.de

You can contact our Data Protection Officer:

Dr. Georg Schröder, LLM

legal Data Schröder Rechtsanwaltsgesellschaft mbH
Prannerstr. 1
80333 Munich
Telephone: +49 (0)89 / 954 597 520
E-mail address: datenschutz@legaldata.law

2. What sources and data do we use?

We process the personal data that we collect when individuals use our website, bank portal and contact form.

The personal data we process includes, in particular, personal information (e.g. name, address), communication data (e.g. e-mail address, telephone numbers) and online data (e.g. IP address).

3. For what purpose do we process your data, and what is the legal basis for this activity?

Processing of personal data is governed by the European General Data Protection Regulation (GDPR) and the German Data Protection Act (Bundesdatenschutzgesetz). We process personal data when the following activities are initiated:

3.1 Use of the contact form

When you use to contact form on our website to initiate communications with us, we will retain the data that you provide to us (e.g. surname, given name, e-mail address). We must process this data in order to address your concern, respond to your questions, add you to our e-mail distribution list (e.g. press releases) or carry out your request. The legal basis for this processing is Article 6 (1) b and f of the GDPR. These regulations permit personal data to be processed if the processing is required to fulfil a contract to which the affected individual is a party, carry out pre-contractual measures or safeguard legitimate interests – should no contractual relationship arise following initial contact with the bank.

3.2 Use of the password-protected bank portal

We will retain the following personal data when you register on our bank portal: surname, given name as well as the mailing address and e-mail address that you provide. This data must be processed in order to identify and legitimise you when you use the portal. The legal basis for this processing is Article 6 (1) b of the GDPR. This section of the regulation permits personal data to be processed if the processing is required to fulfil a contract to which the affected individual is a party or carry out pre-contractual measures. The act of registration results in the creation of a contractual relationship between you and LfA. This relationship grants you the right to use the activated services in the bank portal. Where necessary, we will not only process your data to perform a contract, but will also safeguard the legitimate interests of LfA or third parties. This is done in part to ensure IT security and IT operations at LfA. The legal basis for this processing is Article 6 (1) f of the GDPR.

3.3 Visits to our website

When you use our website strictly for information purposes, that is, you do not register on the bank portal or use the contact form to communicate with us, we will collect only the personal data that your browser provides to our server. We will collect the following data when you visit our website:

IP address
Date and time of the visit
Time zone difference
Type of inquiry (GET / POST)
Visited host name (lfa.de, www.lfa.de, www.lfa-bank.eu etc.) via parameter “f=” if different from lfa.de
Visited page, including all sub-elements (HTML documents, images, Javascript)
Protocol used (http/1.0, 1.1 or 2.0)
HTTP status code
Transmitted file type and possible coding (e.g. text / html)
Transmitted data volume
URL from which the request came (referrer)
Browser used (name, version)
Version of operating system and possible enhancements the browser provides (user agent)
Browser’s preferred language
GeoIP identification of the calling IP, if possible (continent, country, city, latitude and longitude, time zone and postcode)

The legal basis for this processing is Article 6 (1) f of the GDPR. This section of the regulation permits personal data to be processed for the purpose of safeguarding legitimate interests. In this case, our legitimate interest involves the provision of the website to you and the safeguarding of its stability and security. Collection of the data cited above is technically required for these purposes.

4.Who obtains my data?

Your data can be accessed by those departments within LfA that require the data in order to fulfil the processing purposes described above. Service providers whom we contract and employ (processors) may receive the data for these purposes as well. In particular, the companies mentioned above in No. 3 may be provided with this data for these described purposes.

5. How long is your data retained?

We process and retain your personal data as long as it is needed to fulfil the processing purposes described above.

6. Is data transferred to a third country or international organisation?

Your personal data will not be transferred to third countries (countries outside the European Economic Area - EEA) or to an international organisation.

7. What data protection rights do you have?

Every data subject has the right of access to information (Article 15 of the GDPR), the right to rectification of data (Article 16 of the GDPR), the right to erasure of data (Article 17 of the GDPR), the right to the restriction of processing (Article 18 of the GDPR) and the right to data portability (Article 20 of the GDPR). The restrictions defined in Sections 34 and 35 of the German Data Protection Act apply to the right of access to information as well as to the right to erasure of the data. You also have a right to lodge a complaint with a data protection supervisory authority (Article 77 of the GDPR in conjunction with Section 19 of the German Data Protection Act). The responsible supervisory authority is the Bavarian Data Protection Authority (BayLDA), Promenade 27, 91522 Ansbach, Germany.

8. Social media

You can access the following social media via our website:

Facebook
Twitter
YouTube (Google)
XING
LinkedIn

Please note: If you access one of the following data protection policies or one of the agreements provided below, you will leave our website and will then visit the website of the social medium in question. The information contained there was produced without our input. We assume no responsibility for it as a result. We can provide no assurances about its timeliness, accuracy or completeness. Reference to a social medium does not constitute any approval by us in any form.

Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA
Facebook Data Policy
Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA
Twitter Privacy Policy
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Google Privacy Policy (YouTube)
XING AG, Dammtorstraße 30, 20354 Hamburg, Germany
Xing Privacy Policy
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Policy

Please note that we have no influence on how and what data reaches the social medium. When you activate the privacy policy or agreements, the social medium in question is informed that you have accessed a page of the medium in the Internet. If you are already registered with the social medium, it can assign your visit to your account with the social medium. If you have not registered, the social medium might collect or retain your IP address after you click on the privacy policy.

Some pages on our site also contain embedded videos from the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data will be transmitted to YouTube only if you permit YouTube videos to be played by clicking the button “continuous activation” found on any video on the LfA website. YouTube will install a cookie on your computer when you activate the button. LfA has no influence on the transmission and storage of cookies. You may permanently withdraw your authorisation of activation at any time here:

Permanently activate video display

As soon as you access a page containing embedded videos, your IP address will normally be sent to YouTube and cookies will be installed on your computer system. However, we have integrated our YouTube videos into the privacy-enhanced mode (in this case, YouTube always contacts Google’s DoubleClick service. However, personal data is not analysed as part of this under Google’s Privacy Policy). As a result, no information on visitors is retained by YouTube, unless they watch the video. When you click the video, your IP address will be sent to YouTube and YouTube will know that you have watched the video. If you are logged on to YouTube, this information will also be assigned to your user account (you can prevent this by logging out of YouTube before you watch the video). We have no knowledge of whether and how your data may then be collected and used by YouTube. We will also be unable to influence this process. Please refer to the YouTube Privacy Policy for more details.

9. Cookies

Cookies are small text files that are placed on your computer’s hard drive by your browser. We use necessary and functional cookies.

Necessary cookies:

Name of the cookie	Purpose	Length of storage
oecbw	Stores your cookie settings	90 days
PHPSESSID	Stores your current visit.	Session

Functional cookies:

YouTube
When you permit YouTube videos on our website to be played by clicking the button “continuous activation”, LfA will place a cookie on your computer for the purpose of storing your desired setting. But we do not retain any personal data when we place the cookie. We only store anonymised data to adjust the browser.

Name of the cookie	Purpose	Length of storage
YtCookieConsent	Stores the fact that the button "permanent activation" to play YouTube videos was selected.	90 days

When a video is played, the provider of the video may also place cookies on the users’ computer. LfA Förderbank Bayern has no influence over the storage.

10. Security measures

The personal data you provide to LfA Förderbank Bayern is protected by suitable technical and organisational measures. As a result, it is protected against accidental or intentional manipulation, loss, destruction, access by unauthorised persons or unauthorised disclosure to third parties. Our security measures are constantly reviewed and improved to reflect technological advances and organisational possibilities.

11. etracker

We use the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default.

The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.

The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.

You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.

Further information on data privacy at etracker can be found here.

12. Information on your right to object to processing under Article 21 of the GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data under Article 6 (1) f of the GDPR (data processing to safeguard legitimate interests).

If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing serves the purpose of establishing, exercising or defending legal claims.

Your objection can be submitted without using a special form. Where possible, it should be submitted to the addresses specified under No. 1.