This data protection notice explains which data we gather from visitors to our premises, for what purposes we process this data and your rights as a data subject regarding the processing of this data.

1 Who is responsible for data processing and who can you contact?

Controller:
DZ BANK AG
Deutsche Zentral-Genossenschaftsbank, Frankfurt am Main
(DZ BANK)Platz der Republik
60325 Frankfurt am Main
telephone.: +49 69 7447-01
fax: +49 69 7447-1685
e-mail: mail@dzbank.de

You can contact our data protection officer at the same address at the bottom (DZ BANK AG)

or via
telephone: +49 69 7447-94101
fax: +49 69 427267-0539
e-mail: datenschutz@dzbank.de

2 What sources and data does DZ BANK use?

DZ BANK's premises are not usually open to the public, and access is only feasible by appointment. When you make an appointment, we gather your data directly from you. The data is recorded by our reception staff. In addition to your name and possibly the name of the company on whose behalf you are visiting, the data gathered also provides information on who you are visiting and at what time. If you are given a temporary access pass, we also note its number.

3 For what purpose does DZ BANK process your data and on what legal grounds?

DZ BANK provides for restrictive access controls to protect their staff on their premises, but above all to protect the information and data on our customers and contract partners which is processed on those premises. Only authorised persons are allowed access. An individual may be granted an authorisation through consultation with a member of DZ BANK staff working on the premises. The individual must apply for the access authorisation and a member of DZ BANK’s staff will meet the individual at the reception. We record visitor pass numbers so we can check these passes have been returned or block them if they are lost.
This meets all necessary legal requirements, including those under the EU's general data protection regulation (GDPR). We are also pursuing our legitimate interests in making our buildings generally secure and exercising our domiciliary rights. Art. 6 para. 1 c and f GDPR serves as the legal basis for our data processing.

4 Who receives your data?

For our reception services, DZ BANK may also use external service providers who then process data solely on DZ BANK's instructions.
We only analyse personal data if there is reason to do so. If anyone breaches the building rules or commits a crime, or if the law so requires, we may pass their details to the security authorities or external lawyers.

5 For how long is your data stored?

We delete your personal data after four weeks at the latest unless national law requires us to keep it longer.
In deviation from this, a longer retention period applies for the Frankfurt am Main site, but no longer than a maximum of 180 days.

6 What are you rights as a data subject?

Every data subject has a right of access in accordance with Article 15 of the GDPR, a right to rectification in accordance with Article 16 of the GDPR, a right to erasure (“right to be forgotten”) in accordance with Article 17 of the GDPR, a right to restriction of processing in accordance with Article 18 of the GDPR, a right to data portability in accordance with Article 20 of the GDPR, a right to object in accordance with Article 21 of the GDPR (specific infor-mation provided later on in this data protection notice). You also have the right to lodge a complaint with a supervisory data protection authority in accordance with Article 77 of the GDPR.

7 Are you obliged to provide your data?

In principle, our safety strategy for our premises provides that we record the data above. Therefore, you cannot access our premises without providing your data.

8 Information regarding your right to object under Art. 21 GDPR

8.1 Your right to object in specific cases
At any time, you have the right to object to the processing of your personal data on grounds relating to your particular situation under Art. 6 para. 1 f GDPR (data processing based on legitimate interest of DZ BANK).
If you object, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or the processing is for the purpose of establishment, exercise or defence of legal claims.

8.2 Objection
Objections may be made via any of the contact channels detailed above. There are no formal requirements for submitting objections.

9 Updates

We modify and/or update this data protection notice, particularly in response to new technological developments, in response to amended statutory and/or official requirements and organisational changes. These modifications and/or updates are posted on our website at www.dzbank.com/dataprotection. Upon request, we provide our current data protection notices as a file (PDF) or on paper, but we recommend you always refer to our website for the most recent updates. If any changes are made, we will always check if we are required to inform you of them proactively and, should this be the case, we will fulfil our obligation to do so. Otherwise, we will only replace files or printouts with the latest versions if this is something that you have requested.

As at: 20.02.2019