Erste Asset Management GmbH, Czech Republic Branch, Privacy Policy
We consider privacy and personal data protection to be our primary duty. We only handle personal data in accordance with the applicable law. Please read the Privacy Policy of Erste Asset Management GmbH, Czech Republic Branch to discover the principles we follow to ensure the confidentiality and security of your personal data.
What will you learn about personal data?
A. General information relating to personal data protection
1. What is the GDPR?
2. How is personal data protection enshrined in Czech legislation?
3. Why is personal data protection so important?
4. Principles and basic terms contained in the legislation on personal data protection.
B. Processing your personal data at Erste Asset Management GmbH
5. Who are the controller and processor of your personal data?
6. How do we process your personal data?
7. What sources do we obtain your personal data from?
8. What is the purpose of processing your personal data?
9. To whom may we provide your personal data?
10. How long can we keep your personal data?
11. What security rules apply to protecting your personal data?
12. How do we deal with cookies, social networks and monitoring our websites?
C. Your rights
13. What rights do you have with regard to personal data protection?
14. How can you exercise your rights?
The Erste Asset management GmbH Czech Republic Branch Privacy Policy is a generally applicable document relating to the protection and processing of personal data of natural persons. Our company complies with a number of obligations relating to the processing of personal data of natural persons, which we have to maintain, particularly with regard to the fulfilment of contractual obligations, obligations imposed by law or obligations towards public authorities. In this respect we would not be able to provide our products and services at all to a customer, who is a natural person, without obtaining their personal data. Outside the framework of the obligations set out above, we are also, in justified cases, authorised to process personal data in the legitimate interests of our company. According to the legislation, we do not need to require express consent to process personal data for the reasons listed above. Any processing of personal data is always carried out in accordance with these principles and in a manner that prevents their unauthorised use or misuse. Since our company does not only process personal data of natural persons who are our customers, the following information also applies, as appropriate, to the processing of personal data of other natural persons, such as former customers, our suppliers (natural persons) or other partners, unless the nature of the matter requires another solution.
***
A. General information concerning personal data protection in the Czech Republic.
A general regulation on personal data protection, referred to by the English abbreviation of “GDPR” – General Data Protection Regulation, came into effect in the European Union on 25 May 2018. The GDPR specifies how personal data may be processed and how it must be protected. The text below summarised the main points relating to this issue.
1. What is the GDPR?
The GDPR is a European Union regulation. It is directly applicable in each member state and therefore also in the Czech Republic. Any individual whose data are processed may refer directly to the GDPR. You can find the text of the regulation here: https://eur-lex.europa.eu/legal-content/CS/TXT/PDF/?uri=CELEX:32016R0679&from=CS
2. How is personal data protection enshrined in the Czech legislation?
The European Union has not only issued the GDPR, but an entire “personal data protection package”. This also includes a new directive on personal data protection in criminal cases. How does the directive differ from the regulation? Unlike the regulation, the directive has first to be transposed into domestic law, the new directive on the protection of personal data in criminal matters was thus transposed into Act No. 110/2019 Coll., on personal data processing. Apart from that, the directive leaves room for member states to make minor changes to various aspects, unlike the GDPR itself.
With respect to areas where the regulation allow member states to do so, the Czech Republic implemented the regulation through the Act No. 110/2019 Coll., on personal data processing. In the event of any discrepancy between the regulation and the Act, the text of the GDPR will prevail.
3. Why is personal data protection so important?
Personal data protection is a fundamental right. In the same way as your right to freedom or security, the right to personal data protection is enshrined in the Charter of Fundamental Rights of the European Union.
In the public, private and economic areas, there must be a balance between the interests of those who process personal data and determines the purposes of processing (controller), and the so-called “data subjects” – that is, for example, between you and your bank, or between you and a management company. These rules are contained in the GDPR and also in the Personal Data Protection Act.
4. Principles and basic terms contained in the legislation on personal data protection
In order to be able to discuss personal data protection, it is important to clarify some basic terms. We have also provided the relevant references to the GDPR articles to enable you to search for a definition should you wish. Please bear in mind that this is only a summary, with extremely reduced content.
What are personal data?
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name or identification number.
Article 4 (1) GDPR.
What is covered by personal data processing?
The term “processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure (by transmission, dissemination or otherwise making available), alignment or combination, restriction, erasure or destruction.
Article 4 (2) GDPR.
What does “controller” mean?
The term “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Article 4 (7) GDPR.
What does “processor” mean?
The term “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Article 4 (8) GDPR.
B. Processing your personal data at Erste Asset Management GmbH
We only process the personal data of our investment fund shareholders to the extent necessary to meet our obligations are manager and administrator of investment funds managed by Erste Asset Management GmbH. This mainly involves keeping records of purchases and redemptions of investment fund units, maintaining a list of unit holders, which is replaced by a separate register of records of booked units and settling complaints and claims from investors. Česká spořitelna, a.s. works on a contractual basis as the principal personal data processor.
5. Who are the controller and processor of your personal data
Information on the personal data controller responsible for processing your personal data:
Erste Asset Management GmbH
having its registered office at Am Belvedere 1, 1100 Vienna, Republic of Austria
Co ID: FN 102018b
Operating through its branch office
Erste Asset Management GmbH, Czech Republic branch
having its registered office at Prague 4, Budějovická 1518/13a, postcode 140 00
Co ID: 04107128
entered in the Commercial Register held at the Municipal Court in Prague, Section A, Insert 77100
6. How do we process your personal data
Our company will only process your personal data to the extent necessary to meet the following purposes. We primarily process contact and identification details and data obtained in relation to your investment in our investment funds. We also process the personal data of other people where their personal data are important for us in relation to the performance of a contractual or other legal relationship. The categories of personal data we process are:
Identifying information – name, surname, title, birth number or date of birth, permanent address, ID number (identity card, passport or other similar document), signature – for a natural person engaged in business also a tax ID and company ID. These are all the personal data we use to confirm your unique and fixed identity.
Contact information – primarily your contact address, telephone number, e-mail address and other similar information. These are the personal data we use to contact you.
Information relating to your investment – records of purchases and redemptions of investment fund units, information on investment or personal accounts, information on any enforcement, inheritance or insolvency proceedings, or on relationships with the account holder (authorised agent, legal representative, creditor, etc.), country of residence for tax purposes.
The categories listed above are general examples. Should you wish to receive a detailed and individualised copy of your processed data, you can contact us in the manner set out in Article 14.
7. Source of the personal data
If you have invested in our investment funds, we primarily obtain your personal data from Česká spořitelna, a.s., with which you have concluded an agreement for investment services.
We also obtain your personal data directly from you, if you ask us for information or send us a complaint. Another source might be contractual documentation, two-way communication during the performance of contractual obligations, publicly accessible registers of legal and natural persons, state bodies or state officials – the Czech National Bank, the Police of the CR, notaries or executors.
8. What is the purpose of processing your personal data
Performance of statutory and contractual obligations
We are a management company pursuant to Act No. 240/2013 Coll., on management companies and investment funds. As a consequence of the conclusion of a contract between you and Česká spořitelna, a.s. and your decision to invest in our investment funds, we primarily process your personal data in order to comply with our statutory obligations. The legal basis for processing your personal data (identification and contact) is compliance with the following laws in particular:
· Act No. 240/2013 Coll., on management companies and investment funds,
- Act No. 164/2013 Coll., on international cooperation in tax administration (this Act imposes an obligation to exchange information with other financial institutions on persons who are subject to tax obligations in another country)
- Act No. 253/2008 Coll., on selected measures against the legitimisation of proceeds of crime (this Act imposes an obligation to identify and monitor clients)
- Decree No. 58/2006 Coll., on the manner of keeping separate records of investment instruments and records based on separate records of investment instruments
- The performance of the aforementioned statutory obligations is primarily for the following purposes:
- the proper and prudent provision of investment services and the performance of obligations imposed on our company in connection with the provision of investment services;
- the handing over of information on foreign accounts in accordance with applicable international treaties and other legal regulations (FATCA, GATCA);
- customer checks pursuant to the Act on selected measures against the legitimisation of proceeds of crime and financing of terrorism;
- performance of reporting obligations for public authorities
- prevention of fraudulent behaviour;
- performance of obligations relating to the exercise of enforcement, inheritance, executory or insolvency proceedings;
- performance of archiving obligations.
Processing your personal data on the basis of a legitimate interest of Erste Asset Management GmbH
In certain cases we will process your personal information in order to protect the rights and legitimate interests of Erste Asset Management GmbH. This type of processing may be carried out without your consent. However, the range of reasons that entitle us to carry out this type of processing is limited. We will always carefully assess whether this legitimate interest actually exists. A legitimate interest might be, for example:
- measures to prevent crimes;
- the exercise of legal claims and resolution of any disputed agendas;
- recording telephone calls to document how well your requests are dealt with;
- measures to protect our company’s assets, our customers and third parties;
- managing relationships with our clients and communications relating to your investment, or dealing with your requests.
9. Recipients and processors of personal data
We process and store personal data within the framework of Erste Asset Management GmbH and Česká spořitelna, a.s. We carefully select the persons who work with us on the basis of guarantees that will ensure the technical and organisational protection of your personal data. Only processers who are employed on a contract to process personal data may process personal data for Erste Asset Management GmbH. In accordance with legal requirements, Erste Asset Management GmbH, Czech Republic branch may provide your personal data to the following recipients:
- a company that provides personal data processing for us;
- State authorities, within their statutory powers;
- the regulator for the purposes of supervising the activities of Erste Asset Management GmbH, Czech Republic branch.
Transmission of personal data to third countries
Compliance with legal obligations with regard to maintaining a list of unit holders and records of purchases and redemptions of units requires us, in some cases, to transfer your personal data for processing outside the Czech Republic. This is mainly to satisfy obligations relating to Act No. 164/2013 Coll. on international cooperation in tax administration.
10. The length of time your personal data is stored
We process personal data for the duration of a contractual relationship or other legal title that allows us to process your personal data. This means that we have established strict internal rules according to which the legality of our retention of personal data is verified, as well as the fact that we do not retain the data for longer than we are entitled to. After expiry of the legal reason, we will delete the relevant personal data. If necessary, we may process selected personal data even when the purpose for which it was provided to Erste Asset Management GmbH has expired (e.g. with respect to the enforcement of claims in court).
We only keep your personal data for as long as is absolutely necessary and archive it in accordance with statutory time limits imposed by law (generally for a period of 10 years from the termination of the contractual relationship).
Storage, archiving and the other operations referred to above are carried out for Erste Asset Management GmbH by Česká spořitelna, a.s. as processor, on the basis of a contract.
11. What security measures are applied to the processing of personal data
The protection of your personal data is our priority. We implement all necessary technical and organisational measures to safeguard your personal data during processing. We protect personal data against unauthorised and unlawful use or unintended loss. These measures include the use of state-of-the-art security software, access control and measures to prevent against both internal and external electronic attacks. All persons who come into contact with data during its processing are bound by a duty of confidentiality.
12. How do we deal with cookies, social networks and monitoring our website?
Cookies
Various sections of our website use cookies. Cookies are small text files that allow you to recognise a returning user. With cookies, the webpages accessed remember the tasks and settings of the individual users and these data do not have to be entered repeatedly. Cookies do not serve to obtain any sensitive personal data. We use cookies to adjust our offers to your needs and to analyse how these offers are taken up. We use both so-called “technical cookies,” which are necessary for the operation of the website itself and do not require your consent, and so-called “non-technical cookies,” which we may store on your device as a user only with your consent, in accordance with the Electronic Communications Act and the GDPR.
Social media and automatic image downloading
Our company uses presentations based on various social media platforms. If you use this service, after connecting to this service, your browser will give your service provider your IP address or other information such as cookies when you connect to the service. Our company is not responsible for transmitting this information.
Website analytics tools
In order to obtain a better evaluation of our website traffic, we sent anonymous statistics to an external service provider. These data do not contain any direct or indirect person-identifiable data or IP addresses.
13. Your rights in relation to personal data protection
We process your personal data in a transparent and correct manner, in accordance with statutory requirements. However, you also have the right to contact us at any time to obtain information about the manner of processing your personal data or in order to exercise the rights listed below, which relate to personal data.
- Right of access to personal data, pursuant to Article 15 GDPR
- Right to rectification of personal data, pursuant to Article 16 GDPR
- Right to erasure of personal data (the right to be forgotten) pursuant to Article 17 GDPR
- Right to restriction of processing of personal data, pursuant to Article 18 GDPR
- Right to portability of personal data, pursuant to Article 20 GDPR
- Right to object to the processing of personal data, pursuant to Article 21 GDPR
- Right not to be subject to a decision based solely on automated processing, pursuant to Article 22 GDPR
Right of access to personal data - you have the right to request a copy of your personal data processed by Erste Asset Management GmbH and information on its scope, the recipients to whom it has been disclosed, how they have been acquired and for how long they will be stored.
Right to rectification of personal data - it is important for us that your personal data be correct and complete. If you believe that the personal information, we hold about you is inaccurate or incomplete, you have the right to ask us to update or supplement it.
Right to erasure of personal data (the right to be forgotten) - we place great importance on ensuring that your personal data are only processed in accordance with legal regulations. If you have reason to believe that this is not the case, you have the right to request that your personal data be deleted. Potential grounds for deletion are that your personal data are not necessary for the purpose for which they were processed, that you have withdrawn consent to their processing, that the data have been processed unlawfully or have to be erased in order to comply with legal obligations.
Right to restriction of processing of personal data - you have the right to request that the processing be restricted if you believe that your personal data are inaccurate or that the processing of personal data is illegal, but you do not wish to erase them, or you have objected to their processing, but it is unclear whether our legitimate interest prevails over your legitimate interests. Should you request it, we may process your personal data even when it is no longer necessary for the purpose for which it was provided to you (for example, in connection with the enforcement of a claim in court, for which you need the personal data we have processed).
Right to portability of personal data - in the case of automated processing of personal data based on a contract or consent you have given us, you are entitled to the so-called portability of such data which will be provided to you in a structured, commonly used and machine-readable format (such as an Excel file). You may also have the right to request that your personal data be passed directly to another personal data controller.
Right to object to the processing of personal data - you may at any time object to the processing of personal data we process for legitimate interest. Should you raise an objection, we may only continue to process your personal data if we demonstrate serious legitimate reasons for its processing. In the case of processing your personal data for direct marketing purposes, you may object at any time to such processing, which will terminate the processing for these purposes.
Right to withdraw consent for the processing of personal data (marketing activities) – if you have given us consent to process your personal data for purposes that require consent, you have the right to withdraw this consent at any time. The processing of personal data that took place before the withdrawal of consent remains lawful.
Right not to be subject to a decision based solely on automated processing - our company does not perform any automated decision making or profiling in the processing of your personal data pursuant to Article 22 GDPR
14. How can you exercise your rights
You can contact us directly with any inquiries regarding the processing of your personal data or requests to exercise your rights through a form that you can download at the end of this policy, or you can contact any branch of Česká spořitelna, a.s.
How long does it take to settle the request?
We will respond to any requests concerning the exercise of your rights without undue delay, within 30 days of receipt of the request. However, should the request be extremely complex or should we receive a large number of other requests, the deadline may be extended by a further two months. We will always keep you informed of any such extension, including the reasons that led to it. We will communicate with you in your preferred manner (email, letter).
Should there be any doubt, we may request additional information to verify your identity in order to respond to your personal data processing request. This is desirable to prevent any unauthorised persons from accessing your personal information.
Are any fees charged for responding to my request?
No, your requirements, as far as they concern the processing of your personal data, are settled free of charge. However, if the request is clearly unreasonable or disproportionate, in particular because it is repeated, we may require a reasonable fee to cover administrative costs.
Right to file a complaint with the Supervisory Authority
If you believe that your personal data has been infringed or that we have not complied with your claim in accordance with the law, you have the right to file a complaint with the Supervisory Authority (the Office for Personal Data Protection).
Office for Personal Data Protection:
Pplk. Sochora 27
170 00 Prague 7
telephone: +420 234 665 111
e-mail: posta@uoou.cz
web: https://www.uoou.cz/
Should you wish to file a request to obtain your personal data or exercise your rights relating to personal data protection, click below.
What are my rights?
The GDPR grants you the following rights pertaining to your personal data. You have the right to:
- Access, pursuant to Article 15 GDPR
- Rectification, pursuant to Article 16 GDPR
- Erasure, pursuant to Article 17 GDPR
- Restriction of processing, pursuant to Article 18 GDPR
- Data portability, pursuant to Article 20 GDPR
- Objection, pursuant to Article 21 GDPR
- No decision-making based solely on automated processing, including profiling, pursuant to Article 22 GDPR
What does the right to access mean?
You have the right to demand a confirmation of whether we process your personal data. If this is the case, you also have the right to information about this personal data and to the following information:
- Purposes of processing
- Categories of personal data that are processed
- Recipients or categories of recipients to whom the personal data have been disclosed or will be disclosed, especially recipients in non-EU countries and at international organisations
- If possible the planned duration that the personal data will be stored for or, if this is not possible, the criteria that are applied to determine this duration;
- The existence of the right to have your personal data rectified or erased; restriction of or objection to this processing
- Right to file complaints with a supervisory authority
- All available information about the source of the personal data when the data are not collected from the data subject
- Whether automated decision-making including profiling are used pursuant to Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and consequences of such processing for the data subject.
An explanation of how exactly to exercise your rights can be found here.
What does the right to rectification mean?
It is important to us that your data are correct and complete at all times. If you suspect that they are incorrect or incomplete, you can request that we rectify or complete the data. An explanation of how to exercise this right can be found here.
What does the “right to erasure” and the “right to be forgotten” mean?
We attach considerable importance to only processing your data in accordance with the rules of the GDPR and DSG 2018. Should you have reason to believe that this is not the case, you can request that your personal data be erased. Reasons for this can be:
- The personal data are no longer required for the purposes for which they were collected or processed in some other manner.
For example: Your personal data must be erased when they were solely collected to establish a special purpose fund or to send newsletters (sole purpose) and you have not consented to the processing of these data for other purposes. In this case, there is no need to process the data further after the termination of the special purpose fund or when you have unsubscribed from the newsletter and after the retention obligation no longer applies. The legal retention obligations are described here. - You revoke your consent on which the processing was based pursuant to Article 6 (1) a) GDPR or Article 9 (2) a) GDPR, and there is no other legal basis for processing.
For example: You have consented to the processing of your personal data for individual product offers from a third-party provider (sole purpose). As soon as you revoke this consent, your personal data must be erased. Exceptions: There are other purposes or justifications for processing and you are also in a customer relationship with the third-party provider, for example. - You file an objection against processing pursuant to Article 21 (1) GDPR, and there are no overriding legitimate grounds for processing.
For example: You can file an objection when an entity is processing your personal data without your consent just because this entity claims to have a legitimate interest in doing so (and there is no other justification). When you contest this and there was no legitimate interest, your personal data must be erased. Your objection was successful. - Your personal data were processed unlawfully.
Unlawfully processed personal data must be erased. - The erasure of your personal data is mandated by EU law or the law of the member state.
This refers to laws or other regulations that demand the erasure of personal data. - The personal data were collected in connection with the offer of information society services pursuant to Article 8 (1) GDPR.
This is a special protection afforded to minors who use online services.
This was a brief summary of the right to erasure. This should not be confused with the “right to be forgotten”.
The “right to be forgotten” pertains to personal data that have been made public. This means that when a person who originally published the data is required to erase the data (because one of the reasons for deletion above applies), this person must also then inform all persons who received the data in question as a result of their publication that the data in question must be erased. This rule is rather complicated. These provisions of the GDPR pertain to Internet search engines in particular.
An explanation of how to exercise your right to erasure and to being forgotten can be found here.
What does the right to restrict processing mean?
We attach considerable importance to always processing your data in accordance with the rules of the GDPR and DSG 2018. Should you have reason to believe that this is not the case, you can request that the processing of your personal data be restricted. However, this is only possible for the following legitimate reasons:
- You contest the correctness of your personal data. You can demand that the processing of your personal data be restricted for the duration of the period required by the data controller to verify the correctness of your personal data.
Opinions can differ. But further processing can be restricted for the time during which a matter is being clarified so that the contested personal data do not have to be erased or changed immediately. It could turn out that the data were correct after all. - The processing of personal data is unlawful. But instead of having your personal data erased, you “only” wish to have their use restricted.
The GDPR gives you the right to choose. If you do not wish to have unlawfully processed data erased immediately, you can demand that they remain stored, but that they may no longer be used. - Data controllers no longer need your personal data for processing. However, they need the data to assert, exercise, or defend legal claims.
When your personal data should in fact be erased but are needed so that you can exercise or defend your own rights, they can still be processed for these purposes. - You have filed an objection against processing pursuant to Article 21 (1) GDPR. Restricted processing can be demanded until it is determined whether the legitimate interests of the controller override your interests.
Further processing can be restricted for the time during which a matter is being clarified so that the contested personal data do not have to be erased immediately. It could turn out that the processing was justified after all.
An explanation of how to exercise your right to restrict processing can be found here.
What does the right to data portability mean?
Your personal data belong to you. Because of this, you have the right to receive this data in a structured, common, and machine-readable format. This pertains to data that you have provided to us and that are processed by means of automated systems based on your consent or for contract fulfilment. You can also demand that we forward these personal data directly to another controller.
In what form will I be given the data?
We provide the data as a standard format (e.g. as an Excel file). An explanation of how to exercise this right can be found here.
Was does the right to object mean?
Your data may only be processed when there is a legitimate interest in doing so.
If such a legitimate interest is claimed, you must be informed of this. If you feel that there is no legitimate interest, you can raise an objection. This is especially the case when your personal data are used for direct marketing. If the controller is unable to prove any legitimate reasons for further processing, the controller will not be permitted to continue processing your data after you object. Except for processing for the purposes of direct marketing. Your objection has absolute effect here.
An explanation of how to exercise your right to object can be found here.
What does your right to not be subject to decision-making based solely on automated processing, including profiling, mean?
We do not employ automated decision-making pursuant to Article 22 GDPR for entering into or fulfilling business relationships. More information can be found here. For this reason, the right to object to this does not apply.
What information am I required to provide?
We must verify your identity for every enquiry so that your financial data do not fall into the wrong hands and so that another person cannot erase your data against your will. Please understand that we will demand additional information about your identity in cases of doubt. This serves your own protection so that only authorised persons can access your data.
How can I submit a request?
Regardless of which right you wish to exercise, you can submit your request to us in any of three ways:
- By regular mail (please sign and include a copy of a photo ID) to Erste Asset Management GmbH, Am Belvedere 1, A-1100 Vienna
- In person at our offices, or
- By e-mail (only with a qualified electronic signature) to datenschutz@erste-am.com
Please explain your case as concretely as possible so that we can process it without delay. Please pay particular attention to the information about your right to data portability.
How long will it take for my request to be processed?
We will provide you with the information about relevant measures immediately, in any case within one month after receipt of your request.
This period can be extended by a further two months when the complexity and number of requests requires this additional time. We will inform you of a possible deadline extension and the reasons for this within one month after the receipt of your request in any case.
How will my request be processed?
We treat the data that you provide to us confidentially. But e-mails cannot always be trusted. In terms of security, e-mails can be compared with a postcard, not with a letter in a sealed envelope. Because we do not want to send you your data on a postcard, we will send you the information by regular mail.
What are the key considerations relating to my right to data portability?
We only forward data directly to third parties when you
- expressly instruct us to do so,
- release us from our obligation to banking secrecy, and
- when the third party in question is a financial services provider, attorney, notary, tax consultant, accountant, or government agency.
Does it cost anything when I exercise my rights?
No, the requests are processed free of charge. Exception: When requests are submitted for reasons that are clearly unjustified or to an excessive extent, we are entitled to demand a reasonable fee. This covers the administrative costs for the notification, refusal, or implementation of the requested measure.
Can I file a complaint?
Our employees will be pleased to assist you with all complaints, questions, and suggestions relating to data protection. We are certain that we can work together to find a solution to nearly every problem.
If you do not receive an answer to a request in good time, feel that your data protection rights have been violated, or feel that we have not processed your request in accordance with the law, you can file a complaint with the responsible supervisory authority:
Austrian Data Protection Authority
Barichgasse 40-42
A-1030 Vienna, Austria
Telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
https://www.dsb.gv.at/
Every person who has suffered tangible or intangible damages due to a violation of the GDPR or of § 1 or Article 2 (1) of the DSG 2018 is also entitled to compensation from the controller or processor pursuant to Article 82 GDPR. The general provisions of civil code apply in such cases. Please note that the Austrian Data Protection Authority is not responsible for damage claims, but the local court that is responsible for matters of civil law in your district. You can also file motions and lawsuits with the regional court whose competence covers the district where the defendant resides or has its offices. You can find the competent court here: https://www.justiz.gv.at/
Valid from May 2018
Cookies
Our online services use various methods to obtain information about you, your surfing patterns and your device. To do this we access your web browser memory and store "identifiers" (such as cookies) there. This allows us, for a specific length of time, to recognise you and your device.
We use cookies to analyse the access of our website and to create content and offers that meet your needs. In your browser settings you can choose to be asked for your consent before using a cookie or generally block the use of cookies. Only the cookie category "Essential", which is necessary for the functioning of the website, cannot be deactivated. These cookies do not store any personal data.
We distinguish the following four processing purposes:
1. Integral to the use of our online services
What is it about? This data processing is essential to enable you to use our online services, such as the website. This involves, for example, your preferred language setting. Or information required for billing partner services.
Can you prevent this data processing? No. Without this data processing you will not be able to use our online services.
2. Web analysis
What is it about? We have a legitimate interest in statistically evaluating the use of our online services (in accordance with § 7 of the Data Protection Act). For this purpose, we collect pseudonymous data about your interaction with our online services (such as our website) and evaluate this data in aggregated form.
Can you prevent this data processing? Yes, you can. You can prevent these sorts of analysis by changing your data protection settings.
Important: If you erase all cookies on your computer, you will also erase this opt-out cookie. If you still want to opt out of your data being collected by Adobe and Contentsquare, you must reset the opt-out cookie. The opt-out cookie is set per browser and computer.
3. Social Media Platforms
What is it about? To ensure adequate data protection, we do not display the content of social media platforms by default. To see the content cookies for social media platforms must be accepted. Only then the browser establishes a direct connection with the respective servers and transmits information.
Can you prevent this data processing? Yes, because this data processing is only permitted with your prior consent. If you wish to revoke your consent, please change your privacy settings.
4. Marketing
What is it about? If you agree, we also process your data to show you website and advertising content that might be of interest to you. To do this, we also process - with your consent - your surfing behaviour on other websites, not just those of Erste Asset Management. For this re-targeting, we set cookies with unique identifiers when you visit our website. We pass these identifiers for example on to advertising networks, web services, data management platforms, media agencies and publishers. Your IP address is also technically processed in this step. This enables us to offer you customised advertising, offers and services.
Can you prevent this data processing? Yes, because this data processing is only permitted with your prior consent. If you wish to revoke your consent, please change your privacy settings.
Services & providers used by us
In order to perform the data processing described above, we use various service providers. You can read here short descriptions of these services, and their processing purposes.
Essential or necessary cookies
The operation and provision of the website also requires a number of technically necessary or essential cookies, which are listed here.
TrustCommander Consent Management Platform (Essential)
Service provider: TrustCommander, Paris
We use CommandersAct Consent Management Platform to obtain, manage and document cookie consent. The operator of this platform is "Fjord Technologies" in France.
Adobe Systems Software Ireland (Web analysis)
Service provider: Adobe Systems Software, Ireland
We use Adobe Analytics from Adobe Systems Software Ireland (Ireland, USA). Adobe Analytics uses cookies to distinguish requests from different browsers and to store useful information that an application can use later. They can also be used to assign browser information to customer records. Analytics mainly uses cookies to anonymously define new visitors, analyse click data and track historical activity on the website, e.g. responses to specific campaigns or the duration of the sales cycle.
ContentSquare Analytics (Web analysis)
Service provider: ContentSquare SAS, Paris
Our website uses Contentsquare S.A.S. to analyze your usage behavior and for marketing purposes. ContentSquare guarantees the shortening of your IP address, so that all data is collected anonymously.
YouTube (Social Media Platforms)
Service provider: Google, USA
YouTube is a video hosting and sharing platform operated by Google. YouTube collects user data via videos embedded in websites and aggregates this with profile data from other Google services to display targeted advertising to web visitors on its own and other websites. The YouTube cookie is also used as a unique identifier to track video viewing. We use YouTube to embed videos on our website. The videos are loaded from YouTube.
Google (Marketing)
Service provider: Google, USA
Google Ads
To optimise our Google campaigns, we use Google Ads Conversion Tracking from Alphabet Inc. (USA). This service stores data on your device and enables us to anonymously statistically evaluate the use of our website. As soon as you click on an advert in Google, Google stores a conversion cookie on your computer. When you visit certain pages on our website, we can see which keywords you used in the Google search, that you clicked on a specific Google advert and were redirected to this page. Data is transmitted to Alphabet Inc. in the USA via Google Ads. This is necessary for the collection and billing of the displayed advertising. This personal data is stored and processed in the USA.
Google Ads tags are only set with your consent. You can find more information on the Google Ads conversion and data protection landing page. Please also read the data protection provisions of Google Ads and the privacy policy and terms of service of Google.
Google Remarketing
We use Google Remarketing, an advertising service provided by Google. The operator of Google is Alphabet Inc. (USA). Google Remarketing allows us to use your website visits and interactions with our advertising on other websites in the Google network, for example to display targeted ads that match your interests. Google Remarketing stores a cookie on your device as soon as you access our website. This cookie enables us to statistically evaluate your use of the website. The information obtained, along with your IP address, is transmitted to Google in the USA and stored there. Google uses this information to recognise you on other websites in the Google advertising network and to show you our adverts. Google also transmits this information to third parties if this is legally required or if third parties process this data on behalf of Google. Google Remarketing transmits data to Alphabet Inc. in the USA that is required for collecting and billing for the displayed advertising. This personal data is stored and processed in the United States.
You can prevent or control the storage of Google Remarketing cookies by setting your browser accordingly. You can also delete cookies that have already been stored on your computer. You can prevent the remarketing feature from running on your computer by making the appropriate settings on Google. The Google remarketing tags are only set after your consent. You can find more information on the Google Remarketing landing page. Please also read the Google Remarketing data protection provisions.
Google Display & Video 360
Our website uses Google Display & Video 360 features. Google uses cookies to improve the advertising experience and advertising efficiency. This enables us to show you targeted and customised advertising and to measure and optimise the success of our marketing measures. Cookies expire after the periods listed below. This period begins with the last user interaction on the website. When you visit certain pages on our website, we can see which ads you have seen and what you clicked on before you were directed to that page. In addition, we can use the conversion cookie to recognise when certain actions are performed on our website, such as sending a contact form or purchasing a product.