Share

Data protection

Aareal Bank AG welcomes you to our website and thanks you for your interest in our company. The protection of your personal data is a serious matter for us and we want you to feel safe during the visit on our websites. Personal Data collected while visiting our website will be processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the data protection rules of the Federal Republic of Germany.

We will treat any personal data you may transmit to us with reasonable care and in compliance with data protection rules. Your data will not be used for any other purpose and will not be forwarded to third parties. For confidential messages, please use the regular mail service for your own safety.

Collection and processing of personal data

In most cases, you can visit the website of Aareal Bank AG without providing any personal data to us. We only get to know the name of your internet provider and the so-called IP address he has allocated to you, the websites from which you accessed our site and the websites you visit within our internet presence. This information is evaluated for statistical purposes only, the individual user identity remains anonymous. Evaluation takes places on the basis of Article 6 (1)(f) GDPR.

Further personal data will only be collected and processed when you submit it to us (i.e. to order information material), and will be processed solely for the purpose of dealing with your inquiry. The provision of personal data by you, e. g. by using the contact form or e-mail, constitutes your consent to the processing of your personal data according to Article 6 (1) (b) GDPR.

If you have given your consent to the processing of personal data, you have the right to revoke your consent to the processing at any time. This also applies to the revocation of declarations of consent that were given to us before the GDPR was valid, i.e. before 25 May 2018. Please note that the revocation takes effect for the future only. The revocation does not affect the legality of the data processed until the revocation.

Use and disclosure of personal data and purpose limitation

In accordance with the applicable data protection laws and regulations, any data received or collected in connection with the services provided by Aareal Bank Group will only be collected, processed and used for the purpose of performing the relevant contract or processing your specific request and to safeguard our own legitimate interests with regard to the advisory services and support for our (prospective) clients as well as a product design that meets our clients' needs. Your personal data will only be passed on to those departments that need your data for the processing of your enquiry, unless mandatory national laws require transmission to a government institution or authority. To the extent that further processing of your personal data is not required by law, we will use your data only for as long as it takes to process your request.

Necessary cookies and consent to further cookies

This website uses cookies. Cookies are small text files that are stored on your device when you visit our website and enable, facilitate or improve the use of our website. Cookies that are absolutely necessary for the functions of our website (necessary cookies) are permitted by law to be stored on your device. For the use of other cookies (e.g. web analysis cookies) we require your consent.

To obtain your consent, we use the “Cookiebot” service provided by Cybot A/S (Havnegade 39, 1058 Copenhagen, Denmark). When you first visit our website, Cookiebot displays a dialogue box (banner) that allows you to give your consent to certain categories of cookies. Your selection, together with other data, is stored encrypted on servers within the European Union for a period of twelve months for verification purposes (Art. 7 (1) GDPR).

Your selection is also stored on your device under the name “CookieConsent” as a (necessary) cookie for a period of twelve months and automatically taken into account each time you visit our website. However, you can also delete this cookie beforehand via your browser settings.

After 12 months or after a premature manual deletion of the “CookieConsent” cookie, you must make a new selection when you visit our website.

Details on the scope of the data collected by Cookiebot and the handling of such data can be found here: https://www.cookiebot.com/en/privacy-policy/

Web analytics cookies

This website uses the "Piwik/Matomo" web analytics tool. The analysis of user behaviour is important, as this helps us to analyse the demand for specific content and to optimise our offer.

Piwik/Matomo collects the following data: date, number of actions on the website, time spent on the website, country of origin, browser version, operating system, number of new and returning visitors, referring URL, conversion rate.

The Piwik/Matomo version we use anonymises the IP addresses, so that users are not identifiable. The Piwik/Matomo analytics tool works by placing a small text file called a cookie on your device. Piwik/Matomo uses “persistent cookies”, which remain saved on your device after your visit. The cookie is set from the domain “aareal-bank.com” and has the following name: _pk_id.12345 (number serves as an example and is assigned individually). The cookie expires after one week and allows us to:

  • recognise visitors who have visited our website before and to create anonymised user profiles to improve our website's user friendliness;
  • achieve approximate geolocalisation;
  • rectify any errors on the website and improve our service.

Right to object to the use of cookies

If you have consented to the use of web analysis cookies, you can prevent the analysis of user behaviour as a whole for the future by blocking the setting of cookies in your browser by the corresponding domain (aareal-bank.com; gb.aareal-bank.com; nb.aareal-bank.com). Please check the help function of your browser for instructions on how to block cookies.

You also have the option at any time to change your selection of the admissibility of web analysis cookies made for our website via the Cookiebot service for the future. To do this, call up the “cookie settings” at the bottom of our website and activate or deactivate the desired cookie categories by setting or removing the respective check marks.

Embedding of YouTube videos

(1) We have embedded YouTube videos in our online services. They are uploaded to www.YouTube.com and embedded on our website in "Privacy-Enhanced Mode", i.e. YouTube does not place any cookies on your computer and no data are transmitted about you as user to YouTube unless you play the videos. Only when you play the videos cookies are placed and the data named in paragraph 3 is transmitted. We have no influence over this data transfer. You can find details of YouTube's use of cookies in the cookie policy of Google at https://policies.google.com/technologies/types?hl=en.

(2) If cookies are stored by YouTube on your computer, it will transmit them to our website. So you as user have complete control over the use of cookies. You have the option of stopping the use of cookies. To do this, you have to change the settings in your Internet browser (e.g. Internet Explorer, Mozilla Firefox, Opera, Safari). Cookies that have already been stored can be deleted at any time. That can also be done automatically. But if cookies are deactivated for our website, it may be that not all functions of the website can be used in their entirety.

(3) Playing the YouTube videos transmits the following data to YouTube:

  • IP address
  • Date and time of the request
  • Address of the website accessed
  • Access status/HTTP status code
  • Data volume transmitted, in Bytes
  • Length of the video
  • Website from which the request comes (link)
  • Browser used
  • Operating system and its user interface
  • Language and version of the browser software

This occurs irrespective of whether you use a user account to log in to YouTube or whether you do not have such an account. If you are logged in at Google, your data are allocated directly to your account. If you do not want allocation with your profile on YouTube, you have to log-out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and/or personalised website appearance. That storage occurs, even for users who are not logged in, to produce personalised, relevant advertising and to inform other users of the social network about your activities on our website. You have the right to stop the collection of these user profiles. To exercise it, you have to contact YouTube.

(4) You can find further information on the purpose and scope of data collection and processing by YouTube in the data protection declaration by YouTube. You can find there further information about your rights and setting options for protecting your privacy: policies.google.com/privacy Google processes your personal data also in the USA and is certified under the EU-US-Privacy-Shield, www.privacyshield.gov/EU-US-Framework.

Online consent to changes to terms and conditions in customer contracts

We offer our customers the option of agreeing to changes to terms and conditions electronically. This not only saves resources and protects the environment, but also makes it easier for our customers to give their consent. In this context, we use an online solution operated by finone GmbH, Stephanstr. 3, 60313 Frankfurt am Main, Germany. finone GmbH acts as our processor and processes personal data in accordance with our instructions.

Initially, the technical data required to provide the online solution, such as the IP address, is processed. If consent is given, the data actively entered by our customers and a time stamp will also be processed.

The described personal data is processed to be able to provide the online solution to our customers, to be able to prove the consent of our customers, to protect against misuse and to ensure the security of the systems used. This is also our legitimate interest (Art. 6 para. 1 sentence 1 f GDPR).

All people who use the offer to give their consent electronically via the named online solution are affected by this processing.

The personal data collected for displaying the content will be deleted after the session has ended. All other data that serves as proof of consent will be deleted after the end of the contractual relationship, unless another legally recognized legal basis (in particular duties to maintain availability or archiving obligations) permits further processing.

Complaints procedure in accordance with the Supply Chain Due Diligence Act (LkSG)

We provide the possibility to report complaints to us in accordance with the LkSG. We have set up our systems in such a way that anonymous reporting is possible. If you send us personal data as part of the reports, this personal data is processed in strict confidentiality on a need-to-know basis. This means that within the bank, only those departments that need the data collected in connection with the report to process your report and fulfill the bank's legal obligations will have access to it.

In the case of reports via our reporting channel, the personal data transmitted by the reporting person will be processed by our subprocessor People intouch B.V., Olympisch Stadion 6, 1076 DE Amsterdam, The Netherlands. The reporting channel is used to collect and forward the information to the persons responsible in-house. In the case of telephone reports, the spoken word is converted into written text and made available to us in text form. In individual cases, personal data may be passed on to investigative or supervisory authorities if there is a legal obligation to do so. Otherwise, the identity of the reporting person will only be disclosed (also within the bank) if the relevant consent has been obtained.

The processing of the data provided to us serves to handle the report and, if necessary, to implement follow-up measures. The legal basis for the processing is Art. 6 para. 1 sentence 1 lit. c) GDPR in conjunction with Section 8 LkSG.

Additional processing of personal data carried out in the context of establishing contact serves to prevent misuse of the contact options and to ensure the security of our systems (Art. 6 para. 1 sentence 1 lit. f) GDPR).

All persons who have disclosed their identity when submitting a report or who were named by the whistleblower in the context of the report are affected by this processing. A transfer of data to a third country is not planned but may take place to individual group companies under the above-mentioned conditions in individual cases concerning reports with a foreign linkage. If data is transferred to a third country, the transfer is carried out exclusively in accordance with the GDPR (in particular Art. 44 ff. GDPR). In the case of data transfers to third countries without an adequacy decision by the EU Commission, we take additional protective measures, e.g. by concluding standard data protection clauses.

The personal data collected as part of a report will be deleted as soon as the processing of the respective report has been completed and no other legally recognized legal basis (in particular statutory retention or archiving obligations) permits further processing of the personal data. The statutory retention period for the report documentation is 7 years.

Data security

Aareal Bank AG takes technical and organisational measures in order to protect the data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our safety measures are consistently being improved in accordance with the technological development. In addition, our employees are obliged to respect the data security provisions and are bound by banking confidentiality.

Information with regard your personal data and further rights

Controller of the data processing on this website:

Aareal Bank AG
Paulinenstr. 15
65189 Wiesbaden

In line with the legal provisions, Aareal Bank AG has appointed a Data Protection Officer. Should you have any questions concerning the processing of your personal data, you may contact him directly.

            By E-Mail: 

            datenschutz(at)aareal-bank.com

            or

            Datenschutzbeauftragter
            (Data Protection Officer)
            c/o Aareal Bank AG
            Paulinenstr. 15
            65189 Wiesbaden

On your request we will provide you with the information in accordance with the data protection regulation, whether and which of your personal data are stored by us. In addition you have the right to rectification, erasure, restriction of processing and the right to data portability.

Right to object

On grounds relating to your particular situation you have the right to object at any time to processing of your personal data which is based on Article 6(1)(e) (processing of data for the performance of a task carried out in the public interest) or (f) (processing of data for the purposes of legitimate interests).

Your revocation can take place form-free and should be directed if possible to:

Aareal Bank AG

Informationssicherheit und Datenschutz
(Information security & data protection)
Paulinenstrasse 15
65189 Wiesbaden

If you object to the processing, we will no longer process your personal data, unless we have compelling and legitimate interests that override your interests, rights and freedoms, or the processing of the data is necessary for the establishment, exercise or defence of legal claims.

If you believe that your data are not being processed properly, you have a right to lodge a complaint with the competent supervisory authority. Please address your complaint to:

The Data Protection Officer of Hesse
PO Box 3163
65021 Wiesbaden