DATA PROTECTION PRINCIPLES FOR THE WEBSITE OF LFA FÖRDERBANK BAYERN
In this document, LfA Förderbank Bayern will inform you about the manner in which it processes personal data when you visit our website, fill out the contact form on our website to communicate with us or use the bank portal. We will also inform you about the rights granted to you by data protection regulations. In addition, this document will provide you with important information regarding actions that occur when you access social media via our website and watch YouTube videos embedded on our website. It also includes information about security measures.
1. Who is responsible for data processing (the controller), and whom can I contact?
The controller pursuant to Article 4 No. 7 of the GDPR is:
We process the personal data that we collect when individuals use our website, bank portal and contact form.
The personal data we process includes, in particular, personal information (e.g. name, address), communication data (e.g. e-mail address, telephone numbers) and online data (e.g. IP address).
3. For what purpose do we process your data, and what is the legal basis for this activity?
Processing of personal data is governed by the European General Data Protection Regulation (GDPR) and the German Data Protection Act (Bundesdatenschutzgesetz). We process personal data when the following activities are initiated:
3.1 Use of the contact form
When you use to contact form on our website to initiate communications with us, we will retain the data that you provide to us (e.g. surname, given name, e-mail address). We must process this data in order to address your concern, respond to your questions, add you to our e-mail distribution list (e.g. press releases) or carry out your request. The legal basis for this processing is Article 6 (1) b and f of the GDPR. These regulations permit personal data to be processed if the processing is required to fulfil a contract to which the affected individual is a party, carry out pre-contractual measures or safeguard legitimate interests – should no contractual relationship arise following initial contact with the bank.
3.2 Use of the password-protected bank portal
We will retain the following personal data when you register on our bank portal: surname, given name as well as the mailing address and e-mail address that you provide. This data must be processed in order to identify and legitimise you when you use the portal. The legal basis for this processing is Article 6 (1) b of the GDPR. This section of the regulation permits personal data to be processed if the processing is required to fulfil a contract to which the affected individual is a party or carry out pre-contractual measures. The act of registration results in the creation of a contractual relationship between you and LfA. This relationship grants you the right to use the activated services in the bank portal. Where necessary, we will not only process your data to perform a contract, but will also safeguard the legitimate interests of LfA or third parties. This is done in part to ensure IT security and IT operations at LfA. The legal basis for this processing is Article 6 (1) f of the GDPR.
3.3 Visits to our website
When you use our website strictly for information purposes, that is, you do not register on the bank portal or use the contact form to communicate with us, we will collect only the personal data that your browser provides to our server. We will collect the following data when you visit our website:
Protocol used (http/1.0, 1.1 or 2.0)
HTTP status code
Transmitted file type and possible coding (e.g. text / html)
Transmitted data volume
URL from which the request came (referrer)
Browser used (name, version)
Version of operating system and possible enhancements the browser provides (user agent)
Browser’s preferred language
GeoIP identification of the calling IP, if possible (continent, country, city, latitude and longitude, time zone and postcode)
The legal basis for this processing is Article 6 (1) f of the GDPR. This section of the regulation permits personal data to be processed for the purpose of safeguarding legitimate interests. In this case, our legitimate interest involves the provision of the website to you and the safeguarding of its stability and security. Collection of the data cited above is technically required for these purposes.
4.Who obtains my data?
Your data can be accessed by those departments within LfA that require the data in order to fulfil the processing purposes described above. Service providers whom we contract and employ (processors) may receive the data for these purposes as well. In particular, the companies mentioned above in No. 3 may be provided with this data for these described purposes.
5. How long is your data retained?
We process and retain your personal data as long as it is needed to fulfil the processing purposes described above.
6. Is data transferred to a third country or international organisation?
Your personal data will not be transferred to third countries (countries outside the European Economic Area - EEA) or to an international organisation.
7. What data protection rights do you have?
Every data subject has the right of access to information (Article 15 of the GDPR), the right to rectification of data (Article 16 of the GDPR), the right to erasure of data (Article 17 of the GDPR), the right to the restriction of processing (Article 18 of the GDPR) and the right to data portability (Article 20 of the GDPR). The restrictions defined in Sections 34 and 35 of the German Data Protection Act apply to the right of access to information as well as to the right to erasure of the data. You also have a right to lodge a complaint with a data protection supervisory authority (Article 77 of the GDPR in conjunction with Section 19 of the German Data Protection Act). The responsible supervisory authority is the Bavarian Data Protection Authority (BayLDA), Promenade 27, 91522 Ansbach, Germany.
8. Social media
You can access the following social media via our website:
Please note: If you access one of the following data protection policies or one of the agreements provided below, you will leave our website and will then visit the website of the social medium in question. The information contained there was produced without our input. We assume no responsibility for it as a result. We can provide no assurances about its timeliness, accuracy or completeness. Reference to a social medium does not constitute any approval by us in any form.
Some pages on our site also contain embedded videos from the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data will be transmitted to YouTube only if you permit YouTube videos to be played by clicking the button “continuous activation” found on any video on the LfA website. YouTube will install a cookie on your computer when you activate the button. LfA has no influence on the transmission and storage of cookies. You may permanently withdraw your authorisation of activation at any time here:
Cookies are small text files that are placed on your computer’s hard drive by your browser. We use necessary and functional cookies.
Name of the cookie
Length of storage
Stores your cookie settings
Stores your current visit.
YouTube When you permit YouTube videos on our website to be played by clicking the button “continuous activation”, LfA will place a cookie on your computer for the purpose of storing your desired setting. But we do not retain any personal data when we place the cookie. We only store anonymised data to adjust the browser.
Name of the cookie
Length of storage
Stores the fact that the button "permanent activation" to play YouTube videos was selected.
When a video is played, the provider of the video may also place cookies on the users’ computer. LfA Förderbank Bayern has no influence over the storage.
10. Security measures
The personal data you provide to LfA Förderbank Bayern is protected by suitable technical and organisational measures. As a result, it is protected against accidental or intentional manipulation, loss, destruction, access by unauthorised persons or unauthorised disclosure to third parties. Our security measures are constantly reviewed and improved to reflect technological advances and organisational possibilities.
The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.
The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.
You can object to the outlined data processing at any time. Your objection has no disadvantageous consequences.
Further information on data privacy at etracker can be found here.
12. Information on your right to object to processing under Article 21 of the GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data under Article 6 (1) f of the GDPR (data processing to safeguard legitimate interests).
If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing serves the purpose of establishing, exercising or defending legal claims.
Your objection can be submitted without using a special form. Where possible, it should be submitted to the addresses specified under No. 1.