The following privacy notice provides an overview of how your data are collected, processed and used in connection with our business relationship.
The following information is intended to give you an overview of how we process your personal data and what your rights are under data protection laws. Which data are processed in detail and how they are used depends largely on the specific contractual relationship.
The controller is:
KfW IPEX-Bank GmbH
60325 Frankfurt am Main, Germany
Tel: +49 69 74 31-33 00
Fax: +49 69 74 31-85 36
You can contact our data protection officer at:
KfW IPEX-Bank GmbH
60325 Frankfurt am Main, Germany
We process personal data that we have received from our customers in connection with our business relationship, that we have acquired from publicly accessible sources (e.g. commercial registers, media, Internet), that we have obtained from our customers with their consent or that is justifiably transferred to us by other companies or other third parties.
Relevant personal data are, in particular, personal details (name, address and other contact details, date and place of birth and nationality, job title), identification data (e.g. ID data) and authentication data (e.g. sample signature).
KfW IPEX-Bank uses your authentication information (e.g. user name and password) to give only you access to confidential data.
Therefore, you should
We process your personal data pursuant to the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgestz - BDSG) and other applicable legal provisions.
Data are processed to carry out banking transactions and financial services as part of contract fulfilment or to carry out pre-contractual measures upon request. Data are primarily processed in order to meet the requirements of the specific financing project and may include analyses of an investment's economic viability and social impact, advice and the execution of transactions.
If necessary, we also process your data to protect our justified interests or the justified interests of third parties. For example:
If you have given us your consent to process personal data for specific purposes, such processing is legal on the basis of your consent. Consent is given voluntarily and may be withdrawn at any time. This also applies to the withdrawal of declarations of consent. Please note that the withdrawal will only take effect for the future. Processing that was carried out before consent was withdrawn is not affected by this.
In addition, as a bank we are subject to various legal obligations, i.e. statutory re-quirements (e.g. German Banking Act (Kreditwesengesetz - KWG), Money Laundering Act (Geldwäschegesetz - GwG), Securities Trading Act (Wertpapierhandelsgesetz - WpHG), tax laws) and regulatory requirements (e.g. the European Central Bank, the European banking regulators, the German Bundesbank and the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht). The data are processed for purposes including measures for identity and age verification, fraud and money laundering prevention, the fulfilment of tax control and reporting obligations as well as risk evaluation and management.
Within the bank, the departments that need your data to fulfil the contractual relationship and legal obligations will be given access to your data.
Service providers and persons employed by us in the performance of our obligations (Erfüllungsgehilfen) may also obtain data for these listed purposes. They are contractually bound to the same data privacy standards, may only process your personal data to the same extent and for the same purposes as we do and are subject to our instructions. These are companies operating in the fields of banking services, consulting, and sales and marketing.
With respect to transferring data to recipients outside the bank, it is important to note that we comply with the applicable data privacy regulations. We may only disclose information about you if required to do so by law, if you have given your consent or if we are authorised to provide such information. Under these conditions, recipients of personal data could include:
Other data recipients may be those bodies in respect of which you have given us your consent to the transfer of data.
If necessary, we process and store your personal data as long as necessary to satisfy contractual and legal obligations.
In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (Handelsgesetzbuch - HGB), the German Fiscal Code (Abgabenordnung - AO), the German Banking Act (Kreditwesengesetz - KWG), the German Money Laundering Act (Geldwäschegesetz - GwG) and the German Securities Trading Act (Wertpapierhandelsgesetz - WpHG). The periods for retention and documentation stipulated in these laws range from two to ten years. Finally, the storage period also depends on the statutory limitation periods, which may be as long as thirty years according to Articles 195 ff. of the German Civil Code (Bürgerliches Gesetzbuch - BGB), whereby the regular limitation period is three years.
As soon as data storage is no longer necessary to execute the contractual relationship, there are no statutory retention periods and in individual cases there are no predominant justified interests for further storage, your data will be deleted.
Data may be transferred to third countries (countries outside the European Economic Area (EEA)) to the extent permitted by data privacy requirements, for example, if the data transfer is required to execute your contractual relationship, is prescribed by law or you have given us your consent. Insofar as personal data are transferred by KfW IPEX-Bank from the European Union/the European Economic Area to its branches and representative offices, KfW IPEX-Bank will make use of instruments that are conform with data protection requirements in order to ensure that the branches and representative offices process such data with due care in accordance with European standards (EU model clauses and, in the event of legally dependent branches and representative offices, a guarantee declaration under data protection laws, the content of which can be accessed electronically via the following link: guarantee declaration(PDF, 372 KB, non-accessible)).
Every person affected has the right to information about the processing of his or her personal data, the right to rectification, the right to deletion, the right to restrict pro-cessing, the right to withdraw consent and the right to data transferability within the framework of legal requirements. In addition, there is a right of appeal to a data protection supervisory authority.
Within the framework of our contractual relationship, you only have to provide the personal data necessary to enter into and execute a business relationship and fulfil the associated contractual obligations. Without this information, we will generally not be able to enter into or execute the contract with you or your company. In particular, under the money laundering provisions, we are obligated to identify you on the basis of your identification document before entering into the business relationship and to collect and record your name, place of birth, date of birth, nationality, address and identification data.
In order for us to comply with this legal obligation, you may have to provide us with the necessary information and documents in accordance with the Money Laundering Act and notify us immediately of any changes arising in the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship you or your company has requested.
We do not use automated processes to initiate a decision on entering into and executing your business relationship.
We do not process your data automatically with the aim of evaluating certain personal aspects (profiling or scoring).
You have the right to raise an objection, at any time, for reasons arising from your particular situation, to the processing of your personal data that is carried out on the basis of data processing in the public interest and data processing performed to reconcile interests; this also applies to profiling on the basis of this provision.
If you raise an objection, we will no longer process your personal data, unless we can provide compelling evidence as to why processing is worthwhile that override your interests, rights and freedoms, or unless processing serves to assert, exercise or defend legal claims.
In individual cases we process your personal data for direct marketing purposes. You have the right to raise an objection to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling, insofar as it is associated with direct advertising of this kind.
If you object to data processing for direct advertising purposes, we will no longer process your personal data for such purposes.
Objections may be raised informally and should be addressed to:
KfW IPEX-Bank GmbH
60325, Frankfurt am Main, Germany
Tel: +49 69 74 33-00
Fax: +49 69 74 31-85 36