HYPO NOE Landesbank für Niederösterreich und Wien AG will collect, process and use personal data only in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (Datenschutzgesetz, DSG) as amended from time to time, as well as handle it in conformity with the Austrian Telecommunications Act (Telekommunikationsgesetz, TKG).
Controller responsible for data processing
HYPO NOE Landesbank für Niederösterreich und Wien AG
Hypogasse 1, 3100 St. Pölten
Company register number 99073 x
Company register court: St. Pölten Regional Court (Landesgericht St. Pölten)
Contact details of the data protection officer responsible for HYPO NOE Landesbank für Niederösterreich und Wien AG and all group subsidiaries:
Use of push notifications
The apps of HYPO NOE use push notifications pursuant to the supplementary terms and conditions of Hypo Electronic Banking. It cannot be ruled out that the manufacturer and/or operator of your device receives this data and transfers it to the USA or other third countries.
Access to device functions
Apps can use numerous functions of your device. The app will use the camera (to record QR codes and invoices), photos/media/data, the network connection (to transfer data), the device ID (to connect devices), the Google service configuration, the location data (for queries regarding the location of branches and cash dispensers), the system tools (for push notifications) and the memory (to execute the app). These functions are accessed so that the app’s functions can be used and only if this is absolutely necessary for the execution of a particular action by the app (principle of least privilege). If you prohibit an app to access certain functions altogether by adjusting the respective settings on your device, this might entail strong restrictions of the app’s usability or the general inability to use the app. Requirements to access further functions of your devices may be added with time as the app is updated. Please note that you give your consent to the use of the functions by downloading or updating the app and that no separate consent will be requested.
Facebook visitor tracking pixel
Insofar as you have given your consent to the use of a Facebook visitor tracking pixel, we use the visitor tracking pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) in connection with our Internet presence. This way, user activity can be tracked as soon as users are redirected to the website of a vendor after having clicked on a Facebook ad. This process is aimed at analysing the effectiveness of Facebook ads for statistic and market research purposes, and could help optimise future advertising activities.
The data collected is anonymous for us meaning that we are not able to draw any conclusions as to the identity of the users. However, the data is stored and processed by Facebook which means that connecting the data to the respective user profile is possible and Facebook may use said data for its own advertising activities in accordance with the Facebook data policy (https://www.facebook.com/about/privacy/). You can enable Facebook and its partners to place advertisements on and outside of Facebook. Furthermore, a cookie may be stored on your computer for such purposes.
Following the link below, users can object to retargeting via Website Custom Audiences (“WCA”) in the future and thus prevent targeted ads from being disseminated on the basis of WCA within a closed member area: https://www.facebook.com/ads/website_custom_audiences/
As a user of Facebook you can object to the processing procedure of the Facebook product “Conversion Pixel” in the future by following this link: http://www.youronlinechoices.com/de/praferenzmanagement/ (available in German only).
Cookies are small text files and enable us to determine frequency of use and number of users on our website. You can entirely disable acceptance of cookies via your browser settings. Please have a look at the instructions provided by your browser’s manufacturer to see how individual settings work. Should you disable certain technical and/or functional cookies via your browser settings, this may limit the functionality of our website.
Moreover, the cookie banner, which is displayed when you first open our website, allows you to separately select which types of cookies our website may use and to which extent. Please note that certain cookies which are necessary to properly display the website (but do not contain any personal data) cannot be unselected as they are required cookies. Other cookies – in particular those regarding preferences, statistics and marketing – will be used only with your prior consent.
The settings you have selected and any consent you may have granted can be edited or revoked at any time by clicking on the following link.
Cookies for conversion tracking and remarketing
If a user visits certain sites of the HYPO NOE website and the cookie has not yet expired, Facebook, Google, Adform and HYPO NOE see that the user clicked on an ad or a banner and was redirected to this site. Every client gets a different cookie. The cookie is valid for a maximum of 120 days.
In addition, HYPO NOE also uses remarketing in connection with Facebook, Google AdWords and Adform. Facebook, Google and Adform place ads and banners on internet websites using saved cookies based on the user’s previous visits to this website. In this case, too, the relevant cookies do not contain any information allowing for a personal identification of users. Please note that Facebook, Google and Adform have their own privacy policies which are independent from those of hyponoe.at. We do not assume any responsibility or liabilities for these policies and processes. Please make yourself familiar with the privacy policies of Facebook, Google and Adform before using our website. Users who do not want to participate in conversion tracking or remarketing can deactivate these functions here.
For HYPO NOE, this type of analysis is part of its internet services, our aim being to further improve the website and better adapt it to user needs and preferences.
The websites https://wohnrechner.at/ and https://rechner.hyponoe.at/ use Universal Analytics (and Google Remarketing), a web analysis service operated by Google Inc. (“Google”), to analyse web page use. We can analyse online behaviour in relation to time, geographical location, type, and the operating system of the device used (PC, laptop, tablet, mobile phone), the browser used, and the use of our web pages. Based on such analysis, we can optimise what information is provided to our users (for instance, indicate the nearest branch) and how the website is displayed on different devices (PC, laptop, tablet, mobile phone).
Google will use this information, on behalf of the website operator, to analyse your use of the websites, to prepare reports on website activities and to provide further services related to website and internet use to the website operator.
However, if IP anonymisation is enabled, which is the case for this websites, Google will truncate your IP address within member states of the European Union or other states which are party to the Agreement on the European Economic Area. This way, clear assignment of the IP address is no longer possible. The IP address transferred from your browser by Universal Analytics will not be merged with other data from Google. You can prevent the storage of cookies through a corresponding setting of your browser software; please note, however, that then you might not be able to use all functions of this website in full. However, as user data is collected not only via cookies, their deletion does not fully prevent data from being collected by the Measurement Protocol.
You can also prevent Google from obtaining the data generated by the cookie and related to your use of the website (incl. your IP address) and from processing this data, by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en-GB.
The homepage and electronic services of HYPO NOE may use Google Maps API of Google Inc. having its registered office in the USA to visualise geographical information. We use these services in particular to help you find our branches or cash dispensers. When using Google Maps via our website, Google will also collect, process and use data concerning the use of Maps functions by persons visiting the website.
If you are logged into Google or a related service, your data will also be directly attributed to your account. If you do not wish that your data is attributed to your Google account, you must log out before using Google Maps functions. Google stores your data as usage profiles and uses it for advertising and market research purposes and/or to customise its services. The above data is analysed (even for users who are not logged in) to provide customised ads and to inform other users of the social network about your activities on our website. You have a right to object to the generation of such usage profiles, however, your wish to exercise said right must be addressed to Google.
Google Tag Manager
This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and no personal data is stored. The Google Tag Manager triggers other tags, which in turn collect data if necessary. However, the Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, it remains valid for all tracking tags if they are implemented with the Google Tag Manager.
With respect to HYPO NOE 24/7 Internet banking, tracking data is collected and stored in anonymised form with the help of Piwik PRO for optimisation purposes. The tracking data is anonymised by truncating the IP address, stored exclusively in the data centre of the bank and not passed on to third parties. You can deactivate tracking at any time in the Internet banking under “My banking”.
- Our online presences in social networks and/or on social platforms serve the purpose of communicating with and providing information to clients and/or interested parties.
- In this context, the processing of user data may take place outside the EU, which might render exercising user rights more difficult. Some of our partners (who are described in more detail below) are domiciled in the USA and process data from there. The Court of Justice of the European Union does not consider the USA to ensure a suitable level of data protection (C-311/18; http://curia.europa.eu/juris/liste.jsf?oqp=&for=&mat=or&lgrec=de&jge=&td=%3BALL&jur=C%2CT%2CF&num=C-311%252F18&page=1&dates=&pcs=Oor&lg=&pro=&nat=or&cit=none%252CC%252CCJ%252CR%252C2008E%252C%252C%252C%252C%252C%252C%252C%252C%252C%252Ctrue%252Cfalse%252Cfalse&language=en&avg=&cid=10811326). In particular, there is a risk that your data can be accessed by US authorities for control and surveillance purposes, and be subjected to data retention, with no legal remedies being available to object to such practices. With regard to these applications, we have requested your explicit consent. For more details on this matter, please refer to the information provided by the respective operators of social networks below or made available via a link.
- Facebook and Instagram usually process user data collected when the website is being accessed for market research and advertising purposes, e.g. to generate usage profiles. These usage profiles may, among other things, serve to place ads corresponding to user interests. For this purpose, cookies are stored on the user’s device which make it possible to save the user’s interests and the user behaviour. In addition, it is also possible to store user data from multiple devices within usage profiles (this concerns in particular users logged into the respective platform). We are able to place target group oriented ads and to carry out an anonymised analysis of the usage of our online presence.
- We process personal data on the basis of our legitimate interest in effectively informing and communicating with our users pursuant to Article 6(1)(f) GDPR. If the user is requested to consent to data processing (a declaration of consent, e.g. by activating a check box or pressing a button), the legal basis for data processing is formed by Article 6(1)(a) GDPR and Article 7 GDPR. For a detailed description of the processing and options to object, please refer, among other things, to the information provided by the respective vendors.
Facebook Ireland Limited (hereinafter “Facebook”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is a company of Facebook group and is, in the subsequently briefly stated scope, Controller in connection with a large number of its own data processings. You can find detailed information as to what data is processed by Facebook and for what purposes in Facebook’s data protection information: https://www.facebook.com/about/privacy
There, you can also find further information about your respective data protection rights and the settings you can change to protect your privacy.
The Facebook site of HYPO NOE is a business profile. As website operator, Facebook makes summarised statistical data and insights - so-called “Page Insights” - available to HYPO NOE thanks to which HYPO NOE gains insights into how visitors interacted with the profile page of HYPO NOE. In this context, the Facebook servers record, based on certain “events”, if, how and which (groups of) persons interact with these sites and their contents. The individual events recorded by Facebook are determined exclusively by Facebook, meaning that site operators can neither create, nor change or affect these events in any way. HYPO NOE only receives access to the summarised Page Insights but not to the personal data processed within the scope of events for insight data. Please consider, however, that as site operator in Insights, HYPO NOE can attribute your profile to the “likes” for the respective site if you have liked HYPO NOE’s site and set your “like” settings for Facebook sites to “public”. Based on a special agreement on the processing of personal data in events for Page Insights, in connection with generating such events, and their consolidation in Page Insights, both HYPO NOE and Facebook together are Controllers within the meaning of Article 26 GDPR. Furthermore, Facebook and HYPO NOE entered into an additional agreement to the aforementioned agreement which entered into force on 31 August 2020. With regard to any other forms of processing of personal data in connection with a website and/or its contents for which no mutual decision as to their purpose and means is made, both HYPO NOE and Facebook remain autonomous and independent Controllers. It is explicitly stated in this context that HYPO NOE does not transmit any data generated via Facebook to third countries. Should Facebook transmit data within its own sphere of responsibility, it shall be solely responsible for such activities. Facebook is also responsible for making information on the processing for Page Insights available to you and for enabling you to exercise your rights as data subject in this context. For detailed information on this matter, please visit https://www.facebook.com/legal/terms/information_about_page_insights_data
In addition, cookies are usually stored on the users’ devices. However, it is Facebook that is responsible for the processing of the aforementioned data. You can find further information on cookies here: https://www.facebook.com/policies/cookies/
The nature and scope of collection of personal data when visiting a Facebook site also depend on the user’s behaviour and thus can, to a certain degree, be influenced by the user. Please consider that when using certain interactive functions on Facebook (e.g. the comment function or the “Like”-button), comments and likes are visible to other users and to HYPO NOE as provider of the Facebook site. In particular, your public posts with the link @starkverwurzeltbyhyponoe are also visible to the public on our fan page. This enables direct user attribution due to the personal data shared in the process. Photo comments are public and visible to all Facebook users.
It is, at all times, possible to visit the Facebook site of HYPO NOE without leaving comments or liking posts. It is also not mandatory to register with Facebook in order to be able to see the most recent posts, however using the interactive functions on Instagram usually does require prior registration.
All registered Facebook users have been asked to consent to the processing of their data; hence the processing of data takes place on the legal basis of Article 6(1)(a) and Article 7 GDPR.
You can find further information on processings and possibilities to object (opt-out) here: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads and: https://www.youronlinechoices.com
Requests for information and the exercise of user rights can best be carried out directly via Facebook. Only Facebook has access to the data of its users and can directly take relevant measures and provide information. Information on stored data: https://www.facebook.com/settings? tab=your_facebook_information
Users can contact us via our Facebook site by either sending us a private message (Messenger) or commenting on a post. If you contact us via Facebook, in particular your user name, the text of your request and possibly further personal data will be disclosed to us. We store this data to be able to answer your request. However, you can also contact our colleagues or even our data protection officers (email@example.com) in a personal and confidential manner should you have any questions relating to HYPO NOE and our Facebook site. The data we collect in connection with your request/you contacting us on data protection matters will be deleted by us one year after the receipt of the last message (section 31 Administrative Penal Act (Verwaltungsstrafgesetz, VStG)). To the extent that other statutory retention requirements apply, said data will be stored until the expiry of such statutory retention requirements.
Instagram LLC is a company of Facebook group and is, in the subsequently briefly stated scope, Controller in connection with a large number of its own data processings. You can find detailed information as to what data is processed by Instagram and for what purposes in Instagram’s data protection information: https://help.instagram.com/519522125107875?helpref=page_content
There, you can also find further information about your respective data protection rights and the settings you can change to protect your privacy.
Please note that Instagram LLC and/or Facebook, as Controller responsible for processing, may process (user) data collected in connection with the use of Instagram outside the EU. This could entail risks, as for example enforcing user rights might be impeded. In this context, please also see the information concerning the transfer of personal data to the USA provided under the heading “Social media”.
The Instagram site of HYPO NOE is a business profile which is why it has the function “Instagram Insights”. Thanks to this function, a part of the data collected by Instagram/Facebook when the site is being used is made available to us in the form of an anonymous statistical analysis. This statistical analysis comprises only the audience, the content, and the activity on our Instagram site. In concrete terms, said analysis comprises the following data: Number of likes attributable to our photos and videos, number of comments to our photos and videos, number of persons having seen a photo or video, number stating how often a photo or video was shared, number stating how often a photo or video was reported as spam, number of clicks on the site and that the user no longer likes the site.
This information is transmitted to HYPO NOE by Instagram/Facebook in an anonymised form and cannot be traced back to you. However, this does not necessarily mean that the collection and processing of data by Instagram/Facebook takes place in an anonymised manner. In addition to the above, Instagram/Facebook process - independently from the log in status of their users - further personal data of users, e.g. by using tracking and analytics tools. Insofar as your user behaviour is analysed by tracking or analytics tools used by Instagram/Facebook when visiting our Instagram site, such data processing takes place outside of our sphere of influence. In terms of data protection law, Facebook is the Controller responsible for the processing in such cases. Thus, please contact Instagram/Facebook directly, if you have any questions concerning tracking or analytics tools.
The nature and scope of collection of personal data when visiting an Instagram site also depend on the user’s behaviour and thus can, to a certain degree, be influenced by the user. We therefore explicitly inform you that you use Instagram and its functions on your own account. This applies in particular to the use of interactive functions (e.g. sharing, commenting, liking). Please consider that when using certain interactive functions on Instagram (e.g. the comment function or the “Like”-button), comments and likes are visible to other users and HYPO NOE as provider of the Instagram site. Posts containing the hashtag #hyponoe or #starkverwurzelt and mentioning @hypo.noe are visible also to persons not registered on Instagram. This enables direct user attribution due to the personal data shared in the process. Photo comments are public and visible to all other Instagram users. HYPO NOE itself cannot influence the interactive functionalities and likes, or other activities on the HYPO NOE Instagram site. Thus, HYPO NOE is not Controller within the meaning of data protection law. Nature, scope and duration of the processing and the retention of personal data on Instagram is also determined by Instagram/Facebook so that in this context, too, Instagram/Facebook is the responsible party.
It is, at all times, possible to visit the Instagram site of HYPO NOE without leaving comments or liking posts. It is also not mandatory to register with Instagram in order to be able to see the most recent posts, however using the interactive functions on Instagram usually does require prior registration. The data required for creating a profile and the data processing related thereto do not fall within our sphere of responsibility; Instagram/Facebook are solely responsible for the processing of data in this context. At this point, we would like to draw your attention to the possibility of changing the privacy settings of your profile. For detailed information on this matter, please visit https://help.instagram.com/155833707900388/?helpref=hc_fnav&bc=Instagram-Hilfe&bc=Datenschutz%20und%20Sicherheitsbereich
Users can contact us via our Instagram site by either sending us a private message or commenting on a photo. If you contact us via Instagram, in particular your user name, the text of your request and possibly further personal data will be disclosed to us. We store this data to be able to answer your request. However, you can also contact our colleagues or even our data protection officer (firstname.lastname@example.org) in a personal and confidential manner should you have any questions relating to HYPO NOE and our Instagram site. The data we collect in connection with your request/you contacting us on data protection matters will be deleted by us one year after the receipt of the last message (section 31 Administrative Penal Act (Verwaltungsstrafgesetz, VStG)). To the extent that other statutory retention requirements apply, said data will be stored until the expiry of such statutory retention requirements.
We have included YouTube videos in our online offer which can be accessed directly via our website. However, no data is transmitted to YouTube unless you play the video. HYPO NOE cannot influence such a data transfer in any way. By visiting the website, YouTube receives the information that you have accessed the relevant subpage of our website. This takes place independent of whether you are logged into a YouTube user account or not.
If you are logged into Google, your data will be directly attributed to your account. If you do not wish that your data is attributed to your YouTube account, you must log out before playing the video. YouTube stores your data as usage profiles and uses it for advertising and market research purposes and/or to customise the design of the YouTube website. The above data is analysed (even for users who are not logged in) to provide customised ads and to inform other users of the social network about your activities on our website. You have a right to object to the generation of such usage profiles, however, your wish to exercise said right must be addressed to YouTube.