Information pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR) on the processing of personal data
We hereby inform you about the processing of your personal data and the data protection claims and rights to which you are entitled
Who is responsible for data processing and whom can you contact?
Responsible for data processing:
Raiffeisen Bank International AG (hereinafter referred to as “Bank” or “RBI”)
Am Stadtpark 9 1030 Vienna
Telephone +43 1 71707-0
Contact data of the Data Protection Officer of the Bank:
Werner Müller Phone +43 1 71707-8603
Which data are processed and from which sources do they come?
We process the personal data that we receive from you as part of your subscription to our service “Nicole”.
Personal information includes your personal details and contact information (e.g., name,county age, nationality,number of persons in a household, e-mail address, phone number). In addition, this includes income/expense data as provided by you via our website.
For which purposes and on which legal basis are data being processed?
We process your personal data in accordance with the provisions of the European General Data Protection Regulation no. 679/2016 (GDPR) and the Austrian Data Protection Act 2018.
As part of your consent according to art.6 (1) (a) from GDPR
If you have given us your consent to the processing of your personal data for specific purposes, processing will only take place in accordance with the scope and for the purpose as set out in and agreed within your given consent. The data will be stored and processed within the testing phase of this service for the purposes of market analyses and statistical evaluations of the test results. A given consent may be withdrawn at any time with effect for the future. The withdrawal does not affect the lawfulness of the data processing and transfer which took place on the basis of the consent up to the withdrawal.
The evaluation of your data processed at RBI for the purpose of
• providing you with individual information with the purpose of helping to identify your needs and with the opportunity of meeting them, by enabling you to enter in contact with Raiffeisen Bank SA, which will provide you with offers of banking products and services for a period of at least until end of December 2019 based on your consent;
• developing the functionality of the applications such that they are tailored to your interest, as well
• further improving the usability of our service ”Nicole”. Legitimate interest of this service, is to provide the user with financial information based on the peer group (provided and maintained by RBI) and based on the personal information that the user provided. Consent is requested for this purpose on the website.
• is based on our legitimate interest for the marketing of our services.
The evaluation of the data for this purpose takes place only as long as you have not objected to this.
The following data, which either RBI itself has collected itself or which you have transmitted to RBI, will be evaluated:
- Monthly net income
- Number of household members
- Information regarding expenses
- data regarding planned acquisitions (e.g. car)
- E-Mail Address
- Phone number
Data from services, website and communication
The information provided below is intended to inform the users of the testing platform about the placement, use and management of cookies in the context of Raiffeisen making available a platform to test connection and functionality of the computer programs and applications used to provide a payment service.
Data relating to the use of electronic services and websites, functions of the websites and apps as well as e-mail messages between you and RBI, information about viewed websites or content and links accessed, including external websites, content response time or download errors, and the usage period of websites and information on the use and subscriptions of newsletters of RBI. This information is collected by way of using automated technologies, such as cookies or web beacons (counting pixels used to register e-mails or websites), or web-tracking (recording and analysis of surfing behavior) on nicoleknows.io and using external service providers or software (for example Google Analytics).
What are cookies?
We use the term “cookie” to refer to cookie modules and similar technologies by means of which information can be collected automatically.
An “Internet Cookie” (also known as “browser cookie” or “HTTP cookie” or just “cookie”) is a small file made of letters and figures which will be stored on the computer, mobile device or any other equipment an user uses to access the Internet.
Cookies are installed further to a request sent by a web-server to a browser (for instance, Internet Explorer, Firefox, Chrome). Once installed, cookies have a limited lifetime, and remain “passive”, meaning that they neither contain any software programs, viruses or spyware, nor will they access any information on the hard-drive of the user on the equipment of which these were installed.
A cookie has two parts:
- the name of the cookie; and
- the content or value of the cookie.
In technical terms, only the web-server which sent the cookie may access it again when an user returns to the website associated to the respective web-server.
Which the lifetime of cookies?
The lifetime of cookies may vary significantly, depending on the purpose of their placement. Cookies are grouped in the following categories which determine also their lifetime:
- Session cookies – a “session cookie” is a cookie which is deleted automatically when the user closes the browser.
- Persistent or fixed cookies – a “persistent” or “fixed” cookie is a cookie that remains stored on the user’s device until it reaches a certain expiry date (which can be in the range of minutes, days or even years), or until this is cleared by the users at any time in the browser’s settings.
What type of information is stored and accessed using cookies?
Cookies store information in a small text file which allows recognition of the browser. This testing platform recognizes the browser until cookies expire or are cleared.
How can cookies be stopped?
The deactivation or refusal to receive cookies may render the testing platform difficult to visit, and limit the possibilities to use it.
All modern browsers allows the cookie settings to be changed. These settings may be usually accessed in the “Options” section or in the “Preferences” menu of the user’s browser.
For detailed instructions about these settings, the following links may be used:
Cookie settings in Internet Explorer
Cookie settings in Microsoft Edge
Cookie settings in Firefox
Cookie settings in Chrome for Desktop
Cookie settings in Chrome for Android
Cookie settings in Safari
Technical data of end-user-devices
Information about devices and systems used for accessing websites or portals and apps or other means of communication, such as internet protocol addresses or types and versions of operating systems and web browsers, and additional device identifications and advertising identifications or location information and other comparable data on devices and systems.
Data on user-generated content
Information uploaded on nicoleknows.io, such as manual input of financial data.
Who receives my data?
Within the Bank, those units or employees receive your data, as required by them to fulfill their contractual, legal and / or regulatory obligations and legitimate interests. In addition, contractors like our IT providers AllAboutApps, which store the data on the cloud solution GoogleClouds (but do not have direct access to it). The storage and process is regulated via our procurement agreement which includes extensive GDPR and data protection sections. In additional to the IT provider, our mail provider also receives your information in order to send you a confirmation e-mail after signing up to our product ‘Nicole’.
In addition, our local Raiffeisen bank (RBRO) will receive the personal data you have provided in order to be able to contact you with product offering, if you have explicitly consented to this transfer when registering on the website. RBRO’s processing activities regarding your personal data have been brought to your attention by way of the Information Notice prior to your consent to be contacted by RBRO.
Is there a data transfer to a third country or to an international organization?
A transfer of data to third countries (outside the European Economic Area – EEA) will only take place if you have given us your explicit consent. In addition, data may be transferred to RBI’s subsidiaries or processors in third countries or subcontractors of RBI’s processors in third countries. These are obliged to comply with European data protection and security standards. Information about this can be obtained from us.
How long will my data be stored?
We process your personal data, as far as necessary, for the whole duration of the entire business relationship (beginning with your consent and ending with the withdrawal of your consent) as well as in accordance with the mandatory storage and documentation obligation as required by law. The data will be stored and processed within the testing phase of this service for the purposes of market analyses and statistical evaluations of the test results.
The data can be deleted on demand, by sending an e-mail to email@example.com . RBI AG will ensure that the data stored on their premises and on the premises of the third party providers will be deleted.
Which data protection rights do I have?
You have the right to access, rectification, erasure or restriction of the processing of your stored data, a right to object to processing and a right to data portability in accordance with the requirements of data protection law. Complaints can be addressed to the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria, www.dsb.gv.at.
Am I obliged to providing data?
As part of the business relationship, you must provide us with all personal information that is necessary to enter into and to maintain the business relationship with you, in order to provide you with our service. If you do not provide us with these data, we will be unable to execute the service. . However, you are not obliged to give your consent to the processing of data if such data is not necessary for the performance of our service.
Is there automated decision-making?
In general, we do not use fully automated decision-making within the meaning of Article 22 GDPR in order to establish and/or to conduct a business relationship. If we should use such procedures on a case-by-case basis, we will inform you accordingly by separate notice as so provided for by law.
Necessary Cookies: Cookies, which are necessary for the basic functions of the website, are used by us because of contract performance obligations.
Functional Cookies: Cookies, which allow us to analyze the use of the website, are used by us on the basis of legitimate interest.
Marketing Cookies: Cookies, which allow us to offer you advertisement tailored to your interests, are also used by us on the basis of legitimate interest.
Some Cookies are saved on your terminal until you delete them. They enable us to recognize your browser the next time you visit us. Most of the Cookies we use are deleted after your visit on our website (so called Session Cookies).
Cookies can be blocked, deactivated or deleted. Therefore, a variety of different tools are available (including browser controls and settings). You can find information hereto in the “help area” of the web browser you use. If all Cookies used by us are deactivated, upon others the display of the website may be limited.
You can prevent the general storage of Cookies by adjusting your browser software accordingly. However we point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plug-in available under the following link: