General Data Protection Notices for External Websites of the Deka Group

1. Content of these notes

This data protection notice applies to websites of the Deka Group where reference is made to this data protection notice (hereinafter "External Deka Website"). It applies in addition to any data protection notice on the External Deka Website. In the event of a contradiction, the information on the External Deka Website shall take precedence.

This data protection notice does not apply to the websites at deka.de, which have separate data protection information.

In the following, we explain how we handle your personal data when you visit us on the External Deka Website. In addition, we inform you about your rights under the General Data Protection Regulation (GDPR).

2. Data controller and data protection officer

The data controller within the meaning of the GDPR for the processing of your data by the External Deka Website is the company indicated there in the imprint.

Below you will find the contact details of the data protection officer for the following companies:
 
  • DekaBank Deutsche Girozentrale
  • Deka Investment GmbH
  • Deka Immobilien Investment GmbH
  • WestInvest Gesellschaft für Investmentfonds mbH
  • Deka Vermögensmanagement GmbH
 
The contact details of the data protection officer are:

DekaBank Deutsche Girozentrale
Data Protection Officer
Mainzer Landstrasse 16
60325 Frankfurt am Main

E-Mail: datenschutz@deka.de

3. Individual functions of the website

In the following, we explain how we manage your data when you use individual functions of our External Deka Website. Not all External Deka Websites have the functions listed below.
 
3.1 Maps (Google Maps)

We may use services of Google Ireland Limited, Gordon House Barrow Street, Dublin 4, Ireland on our website to display maps (e.g. locations of properties). To display the map, the processing of your IP address by Google is required. In addition, Google collects data about your use of the map and data may be transmitted to the parent company Google LLC 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

In order to use the map, you may first have to activate it with a click. By activating the map function, you consent for the duration of the browser session that we transmit data to Google LLC in the USA, an "unsafe third country" as defined by the GDPR. Details on your consent to the transfer to an unsafe third country in this regard can be found in section 5.
With regard to the map service provided by Google, Google's privacy policy applies. There you will also find information about Google's privacy settings. By using Google Maps, you enter into a direct user relationship with Google. If you are logged in to Google with a user account, Google may assign the use of the map to your user account. The legal basis for this data processing is our legitimate interest in engaging a specialized map provider.
 
3.2 Videos (YouTube)

We may use services of YouTube LLC, 901 Cherry Ave, San Bruno CA 94066, USA on our website to display videos. We use the so-called " Privacy-Enhanced Mode" for this. With the extended data protection mode, no cookies are set to analyze user behavior. This means that no data on user activity is collected in order to personalize video recommendations. Instead, video recommendations are based on the actual video. Videos played in Privacy-Enhanced Mode do not affect which videos are recommended to you on YouTube.

To watch the video, you may need to click to enable the video feature first. By activating the video function, you consent for the duration of the browser session that we transmit data to YouTube LLC and Google LLC in the USA, an "unsafe third country" as defined by the GDPR. Details on your consent to the transfer to an unsafe third country in this regard can be found in section 5. To withdraw your consent with regard to YouTube videos, please close the browser window.
The display of the video requires the processing of your IP address by YouTube. In addition, YouTube collects data about your use of the video and data may be transmitted to the parent company Google LLC 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. With regard to YouTube videos, Google's privacy policy applies. There you will also find information on privacy settings of Google.
 
The legal basis for this data processing is our legitimate interest in engaging a specialized video provider that provides sufficient bandwidth.
 

4. Analysis of the website visit for statistical purposes.

4.1 Log files

Every time a page is visited, technical data is collected by our - as well as all other - web servers. However, we do not assign these to any person.
When you visit an individual page, our web servers record the address (URL) of the page visited, the date and time of the visit, any error messages and, if applicable, the operating system and browser software of your end device as well as the website from which you are visiting us in a log file by default. We also store the IP address of your computer in our log files.

The log file data is used by us exclusively to ensure the functionality of our services (e.g. error analysis, ensuring system security and protection against misuse) and is deleted after 7 days or shortened in such a way that a personal reference can no longer be established.
 
As far as log file data qualifies as personal data in individual cases, the legal basis for the processing of log file data is our legitimate interest (error analysis, ensuring system security and protection against misuse).
 
4.2 Adobe Analytics

If you give us your consent to data processing for statistical purposes, we use the "Adobe Analytics" analytics service to determine how visitors use our website. The recording of usage behavior takes place without direct reference to your person (pseudonymized). Your IP address is only stored in shortened form.

With your consent to data processing for statistical purposes, you also consent to the transfer of your data to companies (as named below) in unsafe third countries. Details of your consent in this regard can be found in section 5.

You can adjust your cookie and privacy consents here at any time.
We use, subject to your consent, Adobe Analytics, a web analytics service provided by Adobe Systems Software Ireland Limited, 4-6 Riverwalk Citywest Business Campus, Dublin 24, Ireland ("Adobe").
 
We collect the following information:
 
  • Which individual pages you access on our website.
  • Your browsing activity, including the URLs of our company's websites you visit.
  • The URL of the page with the link you clicked to get to our website.
  • Information about your browser and device, such as device type, browser type, advertising identifier, operating system, connection speed, and display settings.
  • Your shortened IP address, which helps us determine your approximate location.
 
If information about the use of the website is transmitted to a server of Adobe, then our settings ensure that the IP address is only stored in abbreviated form before geolocating is performed (rough determination of the location of the accessing computer).

Adobe uses the collected information on our behalf and in accordance with our instructions to evaluate the use of the website by users and to compile reports on website activity. We use the evaluations and reports to tailor our website to the needs of our customers, e.g., to determine from which regions a particularly large number of users visit us, which content is particularly popular, and which end devices visitors use.

Adobe may in turn use subcontractors. A list of Adobe subcontractors is available at www.adobe.com/ie/privacy/sub-processors.html. Adobe's subcontractors may also be located in a country outside the EU or EEA, including, without limitation, Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA95110, USA and Adobe Systems India Private Limited, Level 2, Elegance Building, Campus 217, Mathura Road, Jasola District Complex, Jasola, New Delhi, Delhi, 110025 India.

The legal basis for the processing is your consent. The storage period of the data is 36 months.
 

5. Consent to data transfer to unsafe third countries

You give us your consent - withdrawable at any time with effect for the future - to transfer your data to companies in non-EU countries for which there is no EU Commission decision stating that the country has a level of protection for personal data adequate to that of the EU (so-called "unsafe third country"), whereby no measures have been taken (e.g. contractual agreements) to compensate for this deficit.

The companies and countries are each listed in section 4.

You can adjust your cookie and privacy consents here at any time.
To withdraw consent for data transfer to unsafe third countries, please uncheck all optional checkboxes.
 
By giving your consent, you expressly agree to our transfer of your data to the aforementioned companies in unsafe third countries, in particular the USA, while accepting the risks mentioned below.
Processing is conducted in these countries without having to comply with the EU data protection principles of lawfulness, fair processing, transparency, purpose limitation, data minimization, accuracy and storage limitation, integrity and confidentiality. In addition, your rights to information, access, rectification, erasure, restriction of processing, data portability and objection guaranteed under EU law may not be guaranteed in these countries.

The rule of law (e.g. the principle of proportionality), respect for human rights and fundamental freedoms (e.g. the right to protection of personal data) in the country concerned may not meet EU standards. This is the case, for example, with respect to public security, defense, national security and criminal law regulations, as well as access to and handling of personal data by public authorities. There may also be insufficient protection for onward transfers of personal data to other unsafe third countries. Administrative or judicial enforcement of your rights may be limited in unsafe third countries compared to the EU.

Unsafe third countries also may not have data protection supervisory authorities comparable to those in the EU or those may not operate effectively. Authorities in unsafe third countries may not have sufficient enforcement powers and assistance and advice for data subjects, and supervisory authorities may not cooperate with those in the EU.

In the U.S. specifically, government agencies can also access data more easily and extensively, without proportionality and necessity restrictions comparable to those in the EU. In addition, you cannot litigate compliance with data access requirements by non-U.S. government entities.
 

6. Additional Notes

6.1 Mandatory data

All fields with mandatory information are marked with an asterisk ("*") on our website. Without this information, the use of the corresponding function is not possible.

6.2 Data recipients

Within the data controller, your data will be sent to the relevant departments, e.g. the marketing department.

For the technical operation of the website, we may use technical service providers within the EU who are bound by instructions, e.g. for software development, maintenance and hosting.

A transfer to countries outside the European Economic Area only takes place if this is explicitly stated.

6.3 Criteria for the storage period

We determine the storage period for your data based on the specific purposes for which we use the data. In addition, we are subject to statutory retention and documentation obligations, which arise in particular from the German Commercial Code (HGB) and the German Fiscal Code (AO). Finally, the storage period is also assessed according to the statutory periods of limitation, which are, for example, according to §§ 195 et seq. of the German Civil Code (BGB), generally three years.

7. Explanations of terms

7.1 Terms

In the following, we explain some legal and technical terms used in this Data Protection Notice.

Personal Data:
Personal data is any information relating to an identified or identifiable natural person.
 
Processing:
A processing of personal data is any operation related to personal data, such as collection via an online form, storage on our servers or use to contact us.
 
Cookie:
A cookie is a small text file that is stored on your computer. The contents of this file are transferred to the server that set the cookie each time you visit a website. Details of the cookies used on our website can be found in the cookie information of the External Deka Website.
 
IP address:
The IP address is a number that your internet provider assigns to your terminal device, either temporarily or permanently. With a complete IP address, it is possible to identify the connection owner in individual cases, for example, on the basis of additional information from your internet access provider.

Standard data protection clauses
Standard clauses of the EU Commission that we agree with service providers in non-EEA countries in order to establish
an appropriate level of protection there in terms of the GDPR. The text of the standard data protection clauses is available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32010D0087 (Appendix).


7.2 Legal Basis
The GDPR only permits processing of personal data if there is a legal basis. We are required by law to inform you of the legal basis for processing your data.


In the following, we explain the terminology used in this context.
Legal Basis
Designation
Explanation
Art. 6 para. 1 lit. a)
GDPR
Consent
This legal basis allows processing if and to the extent that you have given us consent. When you visit our website, we may show you a window with which you can give us consent to certain data processing. You can withdraw your consent at any time or give it subsequently.
Art. 6 para. 1 lit. f)
GDPR
legitimate interests
According to this legal basis, we are permitted to process as far as this is necessary to protect our legitimate interests (or those of third parties) and your conflicting interests do not override these.

8. Your rights

By law, we are obliged to inform you about your rights under the GDPR. We explain these rights below. You are entitled to the rights under the conditions of the respective data protection regulation. The following description does not grant you any further rights.
 
1. Access
 
You have the right to request confirmation from us as to whether we are processing personal data relating to you; if this is the case, you have a right of access to this personal data and to the information listed in detail in Article 15 of the GDPR.
 
2. Correction
 
You have the right to demand that we immediately correct any inaccurate personal data concerning you and, if necessary, complete any incomplete personal data, Art. 16 GDPR.
 
3. Erasure
 
You have the right to demand that we delete personal data concerning you without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.
 
4. Restriction of processing
 
You have the right to demand that we restrict processing if one of the conditions listed in Art. 18 GDPR applies, e.g. if you have objected to processing, for the duration of the review by us.
 
5. Data portability
 
You have the right, under certain conditions, to receive data relating to you that you have provided to us in a structured, common and machine-readable format, and the right to transmit it and to have it transmitted to the extent technically feasible, Art. 20 GDPR.
 
6. Right to complain
 
You have the right to lodge a complaint with a supervisory authority, irrespective of any other administrative or judicial remedy, if you consider that the processing of personal data concerning you by us infringes the GDPR, Article 77 GDPR. You may assert this right before a supervisory authority in the Member State of your residence, workplace or the place of the alleged infringement. You can find the contact details of the supervisory authorities in Germany here: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html and those of the EU here https://edpb.europa.eu/about-edpb/about-edpb/members_en
 
7. Withdrawal (of consents)
 
If you have given us a data protection consent, you have the right to withdraw this at any time with effect for the future. This also applies to data protection consent that you gave us before the GDPR came into force.
 
8. Objection
 
You also have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, provided that we base the processing on Art. 6 (1) lit e. or f GDPR. We will then no longer process this data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR).
 
If your personal data is used by us for direct marketing (e.g. by means of e-mail), you have the right to object to the use of your data for these purposes at any time. This also applies to profiling, as far as this is connected with direct marketing. Profiling means the use of personal data to analyze or predict certain personal aspects (e.g. interests).