Who is responsible for processing personal data?
The following company is responsible for processing your data:
Erste Asset Management GmbH
Am Belvedere 1
Contact for issues relating to data protection:
Erste Asset Management GmbH
Am Belvedere 1, A-1100 Vienna
Responsible authority for data protection issues:
Austrian Data Protection Authority
Wickenburggasse 8, A-1080 Vienna
Telephone: +43 1 52 152-0
Is there a data protection officer pursuant to Article 37 GDPR?
Article 37 of the GDPR lists instances where the controller must appoint a data protection officer in any case. Among other cases, a data protection officer must be appointed when the core activities of the company consist of processing operations which, by virtue of their nature, their scope, and/or their purposes, require regular and systematic monitoring of data subjects on a large scale. With regards to the “core activity”, recital 97 of the GDPR states that the core activity always pertains to data processing as the primary activity but not to data processing as an ancillary activity.
The primary activity of Erste Asset Management GmbH and ERSTE-SPARINVEST Kapitalanlagegesellschaft m.b.H. is the management of investment funds. For this reason, the appointment of a data protection officer is not mandatory at this time. You can contact us at any time if you have any questions or concerns about data protection.
What personal data are processed?
We process the following personal data:
- Master and identification data such as first and last name, e-mail address, and if necessary telephone number, date of birth, hobbies, etc. when you provide this information to us
- The results of processing to fulfil contracts and declarations of consent
- Data to meet legal and regulatory requirements
Please note: This is simply a general list. We do not have all of the data specified above in every case. You have the right to receive a detailed, individual list from us upon request at any time. Please contact firstname.lastname@example.org to this end.
Where do you obtain the personal data that you process?
Most of your personal data that we process was provided by you: for example when you signed up for our newsletter or submitted an enquiry.
Data can also come from the following sources:
- Public sources such as the trade register, property register, bankruptcy database, or register of associations
- From other institutions in the Erste Asset Management GmbH group
We may also receive data from government agencies or from individuals acting under government mandate, such as from the Financial Market Authority, guardianship or criminal courts, public prosecutors, or court-appointed notaries. You have the right to receive a detailed, individual list from us.
For what purposes and on what legal basis are my personal data processed?
We are a management company pursuant to the Austrian Investment Fund Act 2011 and pursuant to the Alternative Investment Fund Manager Act. We process your personal data in connection with this activity. In detail, this means:
Processing for contract fulfilment
We are permitted to render certain services for you depending on the type of contracts that we have concluded with you. This can be an agreement relating to a special purpose fund, or can be a management agreement, for example. We must process your data to this end. Our offerings are just as diverse as the wide range of contracts that we enter into. The scope of data processing is specified in the terms of the respective contract.
Processing to fulfil legal obligations
Certain legal regulations and purposes also require that we process your personal data, such as:
- The Austrian Banking Act; monitoring insider trading, conflicts of interest, and market manipulation: the Securities Supervision Act 2018, the Stock Market Act, the EU Market Abuse Regulation 596/2014
- Ascertaining your identity, transaction monitoring, reporting suspicious activity: Financial Market Money Laundering Act and the EU Wire Transfer Regulation 847/2015
- Provision of information to public prosecutors, courts, and criminal financial authorities pertaining to criminal proceedings based on intentional financial crimes: Austrian Banking Act, criminal procedural code, criminal financial code
Processing based on legitimate interests
We or third-party agents have a legitimate interest in processing data in the following cases:
- Measures for the prevention of fraud, fraud transaction monitoring
- Data processing for exercising legal claims
- Recording telephone calls, for example for complaints and for documenting declarations that are relevant for transactions
Processing personal data for the purposes of direct marketing can also be a legitimate interest.
Processing based on declaration of consent
If there is no contract, legal obligation, or legitimate interest, data processing can also be legal when you have given us your consent or authorisation to do so. The scope and contents of this data processing are always defined by the specific consent that you have granted. You can revoke this consent at any time.
The revocation has no impact on the legality of data processing up to the point in time that the consent is revoked. In other words, revocation has no retroactive effect.
Am I obligated to provide my personal data? What happens when I do not wish to do so?
We require certain personal data from you for our business relationship. If we do not know your name and e-mail address, we cannot send you any newsletters or information about our new products, or invitations to interesting events. We also cannot manage your special purpose fund without this information. If we cannot verify your identity, the law prohibits us from accepting you as a special purpose fund client. If you do not wish to provide your personal data to us, we may be unable to offer you certain products and services. If we are only permitted to process your data based on your consent, you are not obligated to give this consent or provide your data.
Are any decisions made based on automated processing, such as profiling?
We employ no automated decision-making processes pursuant to Article 22 GDPR at the beginning of or during our business relationship.
To whom are my personal data passed on?
Your personal data can be passed on to:
- Companies, units, and persons (employees and contract agents) within the group headed by Erste Asset Management GmbH when these entities need these data to fulfil contractual, legal, or supervisory obligations and to realise their legitimate interests
- Public agencies and institutions when we are legally obligated to do so, for example the Austrian Financial Market Authority, tax authorities, etc.
- Third parties contracted by us, such as IT and back office service providers, when they require these data for their activities. Third parties are contractually required to treat your data confidentially and to only process them for the provision of the relevant services
- Third parties when this is required for contract fulfilment or based on legal regulations, for example the recipient of a wire transfer and their payment transaction service provider.
Your data may also be passed on to third parties when you have consented to this forwarding.
Are my personal data forwarded to a non-EU country?
(All links as of May 2018)
Our processors can work with sub-processors in non-EU countries. These sub-processors are obligated to comply with Austrian data protection and security standards.
We will provide you with a list of current service providers in non-EU countries as well as information about the basis on which the data are forwarded upon request.
How long are my personal data stored?
(All links as of May 2018)
Your personal data are stored for as long as required to fulfil the relevant purposes in any case. The law also stipulates for how long we must keep the data. These retention obligations may also apply when you are no longer our customer or an interested party. You can find an overview of the legal retention obligations that apply in Austria here, for example:
What security measures are applied in data processing?
We place high value on data protection and data security. We have taken all technical and organisational measures needed to secure our data processing. This especially pertains to the protection of your personal data. We protect these data against unauthorised and unlawful processing, unintentional loss, unintentional destruction, and unintentional damage. These measures include the use of modern security software and encryption methods, physical access control, and precautions to prevent and defend against external and internal attacks.
What about cookies, social networks, web analytics, and re-targeting?
Web analytics: We forward personal data to the service provider Webtrekk GmbH for the purposes of anonymised statistical analyses of the user flow on our web sites. You can prohibit the forwarding of your data.