You can rely on the protection and security of your personal data: we consider it our responsibility to protect your privacy when processing your personal data. The following privacy notices provide an overview of the processing of your data and the rights you have under data protection regulations when using the products and services of KfW IPEX-Bank GmbH.
The controller is:
KfW IPEX-Bank Gesellschaft mit beschränkter Haftung (hereinafter: 'we' or 'us')
60325 Frankfurt / Germany
Phone: +49 69 74 31-3300
Fax: +49 69 74 31-8536
You can contact our data protection officer at:
KfW IPEX-Bank GmbH
Data protection officer
60325 Frankfurt / Germany
We process personal data that we receive from our customers, business partners and website visitors in connection with the use of our website, the use of our portals, subscription to newsletters and in connection with our business relationships with these groups.
Personal data processed by us refers in particular to personal details (such as name, address, telecommunications data, date and place of birth, marital status), identification data (such as ID, residence registration data), contractual data, advertising and sales data, documentation data, registration data and similar information.
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG) and other applicable legal regulations.
For technical reasons, it is necessary to collect and store certain personal data when you visit our website, such as the IP address, the date and duration of your visit, the websites used, the identification data of the used browser and operating system type and, if applicable, the website from which you arrived at our site. The legal basis for processing your personal data in this context is Article 6(1)(1)(f) GDPR.
However, the products and services cited as examples below, which you can find on our website, require you to provide personal data in order to use them.
The processing of your personal data in this context is generally a prerequisite for concluding and performing a contract with you or entering into a preliminary agreement with you. You are not legally obligated to make your personal data available to us. Without these data, however, we will not be able to perform the relevant contract with you. The legal basis for this processing is Article 6(1)(1)(b) GDPR. This provision permits the processing of personal data if the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps prior to entering into a contract.
Moreover, we store and process your data for inquiries for the purpose of customer information and support. You can object to this type of processing at any time. Any further use and disclosure of your data does not take place. The basis for the processing of your personal data in this context is Article 6 Paragraph 1 Subparagraph 1 lit. f GDPR. According to this, the processing of personal data is permitted if this is necessary to purpose legitimate interests, except where such interests are overridden by the interests of the data subject which require protection of personal data. We have a legitimate interest in optimizing prospect/customer support. We protect the data concerned in such a way that we do not see any major disadvantages for you.
If you have given us your consent to process personal data for specific purposes (e.g to send our newsletter), this consent serves as the legal basis for processing the data (Article 6(1)(1)(a) GDPR). Consent which has been granted may be revoked at any time. This also applies to revoking declarations of consent that were issued to us before the GDPR took effect, i.e. before 25 May 2018. If consent is revoked, the legality of data processing carried out before consent was revoked is not affected.
The legal basis for processing your personal data in this context is Article 6(1)(1)(f) GDPR unless we have, in individual cases, obtained your consent. Pursuant to this provision, processing personal data is permissible if this is necessary for the purposes of legitimate interests except where such interests are overridden by the interests or fundamental rights of the data subject which require that the personal data are not processed. We have a justified interest in aligning our offers with customer behaviour and optimising them. We believe that these interests prevail since, as an international financial institution, we must control and optimise our offers in order to fulfil our promotional mandate. The alignment with our customers allows us to offer and optimise services according to the needs and interests of our customers. We protect the relevant data in such a way that we do not see any overriding disadvantages for you.
The legal basis for processing your personal data in this context is Article 6(1)(1)(f) GDPR. Our justified interest consists of complying with applicable legal provisions, maintaining the security of our IT systems and, in case of non-compliance with legal requirements or violations of security regulations, responding adequately to such circumstances, for instance by asserting legal claims. We believe that these interests prevail since, as a bank, we are subject to a significant number of regulatory requirements and have a responsibility towards our customers to ensure that the corresponding requirements and security regulations are complied with. We protect the relevant data in such a way that we do not see any overriding disadvantages for you.
You can access various social media channels from our website.
Caution: When choosing one of the following links, you will leave our website and be directed to the website of a social media platform. Any information available there was created without any involvement from us and we are therefore not responsible for this content. We do not accept any liability for the information being up-to-date, accurate or complete. Any reference to social media does not imply any approval on our part.
Particularly for reasons of data protection compliance, the relevant social media cannot be accessed directly. Corresponding notes are therefore displayed. In addition, you may first have to click on integrated buttons, thus giving your express consent to communication with the social media platform. Only after that will the browser connect you by establishing a direct connection with the social media platform’s servers.
Please keep in mind that we are not aware of nor do we influence how and what data find their way to the social media platform.
By activating the button, you will provide the social media platform with the information that you have opened one of the web pages of the platform on the Internet. If you are already registered with the social media platform, it will be able to link your visit with your account on the social media platform. However, even if you have not yet registered with the social media platform, it is not possible to preclude the possibility that it will collect and/or store your IP address after you click on the platform.
Within the bank, the departments that need your data to fulfil our contractual and legal obligations receive access to your data. Service providers and subcontractors whose services we use may also receive data for these purposes if they observe banking secrecy and data protection. With regard to the transfer of data, we have undertaken to maintain confidentiality concerning all customer-related facts and assessments about which we become aware (banking secrecy).
We may only disclose information about you to third parties if required to do so by law, if you have given your consent or if we are authorised to provide such information for other reasons. Under these conditions, recipients of personal data could include:
Other data recipients may be bodies for which you have given us your consent to transfer data, or for which you have exempted us from banking secrecy by agreement or consent.
If you need further information on individual recipients, please do not hesitate to contact us.
Data are not transferred to entities in countries outside of the European Union (known as third countries), with the exception of the cases specified in these privacy notices or other KfW IPEX-Bank GmbH privacy policies.
In the event of a transfer to a third country, this shall be conducted under the application of appropriate guarantees of an adequate level of data protection (Article 44ff GDPR).
How long personal data are stored is based on the respective processing purposes. It is not possible to list the various storage periods in detail in a reasonable format here. The criteria to determine the specific individual storage periods are the following:
If the statutory prerequisites are met, you have the following rights in accordance with Articles 15 to 22 GDPR:
With respect to the right of access and the right to erasure, the restrictions pursuant to Articles 34 and 35 of the German Federal Data Protection Act apply.
In addition, there is a right to lodge a complaint with a data protection supervisory authority (Article 77 GDPR).
In the context of undisclosed assignments for the granting of securities in business transactions, KfW IPEX-Bank GmbH is given the name, address and contractual data of the relevant debtors from the grantor of the collateral or from the seller of the receivables for the purpose of the adequate individualisation of the security collateral required by law. Insofar as the assigned receivables are not liquidated by KfW IPEX-Bank GmbH, the data are collected and stored exclusively for administrative purposes (recording of the receivables assigned as collateral) and they are not processed further in any form. In this situation, KfW IPEX-Bank GmbH is not subject to any notification requirement with regard to the data owners in accordance with Article 14(5)(b) GDPR.
There is no transfer of the data to third parties or to bodies in a third country during the course of such an undisclosed assignment. The data are deleted after the expiry of the statutory storage obligations. There is no automated individual decision-making, including profiling.
KfW IPEX-Bank uses your authentication information (e.g. user name and password) to give only you access to confidential data.
Therefore, you should
You can revoke consent that you have granted to process data at any time. This does not, however, affect the legality of processing carried out before consent was revoked. If you revoke your consent, we shall no longer process the data for these purposes.
Right to object in individual cases in accordance with Article 21 GDPR
You have the right to object at any time to the processing of your personal data, which is based on the performance of tasks carried out in the public interest or a balancing of interests (Article 6(1)(1)(e) and (f) GDPR), insofar as reasons arise from your particular circumstances which preclude such data processing. This also applies if automated individual decision-making is used (Article 22 GDPR). If you raise an objection, we shall no longer process your personal data for these purposes unless we are able to provide evidence of compelling reasons for the processing which are worthy of protection and which override your interests, rights and freedoms, or unless the processing serves the purpose of establishing, exercising or defending legal claims.
In individual cases, we process your personal data in order to conduct surveys about your satisfaction with KfW IPEX-Bank GmbH products, to inform you about similar promotional products or to initiate or nurture business contacts. You have the right to raise an objection at any time to the processing of your personal data for the purposes of such measures. If you object to data processing for the purpose of direct marketing, we shall no longer process your personal data for such purposes. There is no requirement as to the form of such an objection. Please send your objection to one of the following addresses:
|By post: |
KfW IPEX-Bank GmbH
60325 Frankfurt / Germany
In addition to processing personal data in the context of using the website and receiving newsletters, KfW IPEX-Bank GmbH processes personal data in other specific areas of activity. Further data protection information on these processing activities can be found below:
Status: May 2022