Data protection notice

This notice contains information on how your personal data is processed and your rights under data protection law. Which data is processed and how it is used depends largely on the subject matter of the contract and the agreed services. This information applies to all services we offer and to our clients, their authorized representatives or contact persons as well as potential clients with whom a contractual relationship does not yet exist.

1. Who is responsible for data processing and who can I contact?

Responsible party:

B. Metzler seel. Sohn & Co. Kommanditgesellschaft auf Aktien
Untermainanlage 1
60329 Frankfurt/Main, Germany

Phone (+49) 69 2104-0
Fax (+49) 69 281429
metzler@metzler.com
 

You can contact our Data Protection Officer at:

B. Metzler seel. Sohn & Co. Kommanditgesellschaft auf Aktien
Verena Anders
Untermainanlage 1
60329 Frankfurt/Main, Germany

Phone (+49) 69 2104-0
Fax (+49) 69 281429
datenschutzbeauftragter@metzler.com

2. Which data do we use?

We process personal data that we receive from our clients within the scope of our business relationship.

To the extent necessary for the purposes of our business activities, we also process personal data that we may obtain from publicly accessible sources (e.g. debtor registers, land registers, commercial and associations registers, the press, the internet) or that are legitimately transmitted to us by other companies of the Metzler Group or other third parties.

Relevant personal data includes personal details (e.g. name, address and other contact data, birth date and place, nationality), verification data (e.g. identity card data) and authentication data (e.g. signature, login data). It can also include order data (e.g. payment orders), data related to our contractual obligations (e.g. sales data during payment transactions), information on financial situation (e.g. bonus data, origin of assets), advertising and sales data (e.g. for event management), various documentation data (e.g. risk classifications) or other similar data.

3. Why do we process your data (purpose of processing) and what is the legal basis?

Your personal data is used on the basis of the EU General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG):

a. For fulfilling contractual obligations (Article 6 para. 1b of the GDPR)

Data is processed in connection with banking transactions, financial services, investment banking services and real estate investments within the framework of our client contracts or for executing pre-contractual measures that take place upon request. The purpose of data processing depends primarily on the specific service and may include an analysis of needs, asset management and support or execution of transactions.

b. In the context of balancing interests (Article 6 para. 1f of the GDPR)

Your data is processed beyond the actual fulfilment of the contract if necessary in order to protect our or a third party’s legitimate interests. For example:

  • Consultation and data exchange with credit agencies (e.g. SCHUFA) to identify risks,
  • Review and optimization of procedures for defining the need for direct client contact,
  • Advertising purposes, including invitations to events as long as you have not objected to the use of your data,
  • Enforcement of legal claims and defence in legal disputes,
  • Ensuring Metzler Bank's IT security and operations,
  • Prevention and investigation of fraudulent activity,
  • Video surveillance for protecting householder's rights and collecting evidence in case of a robbery or other fraudulent activity,
  • Measures for building and systems security (e.g. access control),
  • Measures for securing householder's rights,
  • Measures for business management and further development of services,
  • Risk controlling,
  • Building new client and business relationships.

c. With your consent (Article 6 para. 1a of the GDPR)

If you have consented to having your personal data processed for certain purposes (e.g. marketing emails), this processing is legal based on your consent. Your consent can be revoked at any time, even if consent was issued before the GDPR became effective, i.e. before 25 May 2018. However, revocation of consent does not affect the legality of the data processed before revocation.

d. Based on legal provisions (Article 6 para.1c of the GDPR) or for public benefit (Article 6 para. 1e of the GDPR)

We are also subject to various legal obligations, i.e. statutory requirements (e.g. German Banking Act, Money Laundering Act, Securities Trading Act, Tax Act) and regulatory requirements (e.g. the European Central Bank, the European Banking Supervisory Authority, the German Federal Bank and the Federal Financial Supervisory Authority). Purposes for processing data include credit assessment, identity and age verification, prevention of fraud and money laundering, prevention of market abuse, fulfilment of fiscal provisions for monitoring and reporting as well as assessment and management of risks for Metzler Bank and the Metzler Group.

4. Who receives my data?

As a client of B. Metzler seel. Sohn & Co. KGaA, your data is subject to banking secrecy provisions in accordance with No. 2 of our General Terms and Conditions of Business. Information about you may only be disclosed if the law requires it, if you have consented, if execution of client instructions requires it, or if authorization to provide banking information exists.

Intermediaries may also receive data required for client support purposes. In such case, recipients of personal data can be, for example:

  • Public authorities and institutions (e.g. the German Central Bank, the German Federal Institute for Supervision of Financial Services, the Committee of European Banking Supervisors, the European Central Bank, the tax authorities, law enforcement authorities) in the event of a legal or regulatory obligation.
  • Other credit and financial institutions or similar bodies to which we transmit personal data in order to carry out your business transactions (depending on the contract, these can be correspondent banks, custodian banks, stock exchanges, credit inquiry agencies).
  • Other Metzler Group companies for risk controlling purposes due to statutory or regulatory obligations.

Some service providers and vicarious agents mandated by us can receive data if they maintain banking secrecy. These are companies active in banking services, IT services, logistics, printing services, telecommunications, debt collection, consulting and sales and marketing.

Other third parties may receive your data if you have given us consent to transfer your data or if you have signed an agreement exempting us from banking secrecy.

5. Does my data get transmitted to any third country or international organization?

Data is transmitted to countries outside the European Union (so-called third countries) if:

  • necessary for the execution of your orders (e.g. payment and securities orders),
  • required by law (e.g. tax reporting obligations) or
  • you have given your consent.

6. How long is my data stored?

We process and store your personal data only as long as is necessary for fulfilling our contractual and legal obligations. Please note that our business relationship is a continuing relationship intended to last for several years.

Should the data no longer be required for fulfilling contractual or statutory obligations, it will be deleted unless further processing is required for the following purposes:

  • Fulfilment of commercial and tax storage obligations, e.g. the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG), with storage and documentation terms of up to ten years.
  • Safeguarding of evidence subject to statutory limitation periods. According to §§ 195ff of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.

If no contractual relationship exists as of yet, we will delete your data as soon as it becomes apparent that no such relationship is likely to develop or if you inform us that you do not want us to process your data.

7. What are my data protection rights?

All data subjects have the following rights governed by the GDPR: the right to information (Article 15), the right of adjustment (Article 16), the right of deletion (Article 17), the right of limit processing (Article 18), the right to dissent (Article 21) and the right of data portability (Article 20). The right to information and the right of deletion are restricted according to §§34 and 35 of the German Federal Data Protection Act (BDSG). Furthermore, you have the right to appeal to the competent data protection authorities (Article 77 of the GDPR and §19 of the BDSG).

Consent to personal data processing can be revoked at any time. This also applies to consent declarations that were issued before the data protection regulation came into effect on 25 May 2018. Please note that revocation will only affect future processing. Processing that took place before revocation remains unaffected.

8. Am I required to provide data?

You must provide the personal data required for establishing and conducting a business relationship and for fulfilling the associated contractual obligations as well as the data we are legally required to collect. Without this information, we will normally not be able to enter into a contractual agreement with you.

In particular, we are obliged under money laundering law to identify you on the basis of your identification document before establishing a business relationship and to collect and record your name, place of birth, date of birth, nationality, address and identification data. In order to comply with this legal obligation, we must insist you provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes throughout the course of the business relationship. Should you not have access to the required information and/or documents, we will not be permitted to establish or continue the business relationship you have requested.

Before a contractual relationship has started, you are not required to tolerate your data being used and you have the right to object to storage and processing of your data at any time. You can exercise your right to object via telephone, post, fax or email, and we will delete your personal data from our systems. You can find our contact details on our website at www.metzler.com.

9. To what extent do you use automated decision making?

Generally, we do not use fully automated decision making in accordance with Article 22 of the GDPR to establish and carry out business relationships. Should we use these procedures in your individual case, we will inform you specifically if required by law to do so.

10. Does profiling take place?

We process some of your data automatically with the aim of evaluating certain personal aspects (profiling). We use profiling in the following cases:

  • Due to legal and regulatory provisions, we may be required to combat money laundering, terrorist financing and asset-endangering crimes. To this end, data is evaluated (e.g. in payment transactions). These measures also serve to protect you.
  • We use evaluation tools that help us provide you with specific information about our services. These tools facilitate communication and advertising – including market and opinion research – catered to your requirements.
  • We use scoring to assess creditworthiness. This helps us calculate the probability with which a client will meet his payment obligations in accordance with the contract. Calculations may include income status, expenses, existing liabilities, occupation, employer, length of employment, experience from a previous business relationship, contractual repayment of previous loans as well as information from credit information agencies. Scoring is based on a mathematically and statistically recognized and proven procedure. The calculated scores support the decision-making process when concluding contracts and are part of our current risk management.

 


Information on your right to object pursuant to Article 21 of the General Data Protection Regulation (GDPR)

1. Individual right of objection

You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data, which is based on point e of Article 6(1) of the GDPR (data processing in the public interest) and point f of Article 6(1) of the GDPR (data processing on the basis balancing legitimate interests). This also applies to profiling within the meaning of Article 4(4) of the GDPR.

If you exercise your right to object, we will no longer process your personal data, unless we can provide evidence of compelling legitimate interests in processing that take precedence over your interests, rights and freedoms or if processing is necessary to assert, exercise or defend legal claims.

2. Right to object to personal data processing for direct marketing purposes

In certain cases, we may process your personal data for direct marketing purposes. You have the right to object to this at any time. This also applies to profiling insofar as it is connected with direct marketing.

If you object to data processing for direct marketing purposes, we will no longer process your personal data for such purposes.

An objection can be exercised informally in a message addressed to:

B. Metzler seel. Sohn & Co. Kommanditgesellschaft auf Aktien
Untermainanlage 1
60329 Frankfurt/Main, Germany

Fax (+49) 69 281429​​​​​​​
metzler@metzler.com