Thank you for visiting our website. In the following, we would like to inform you about the handling of your data in accordance with Art. 13 of the EU General Data Protection Regulation (GDPR).
The controller for the processing and use of data through this website is
Commerzbank AG, 60311 Frankfurt am Main, Group Communications
Data Protection Officer: Roland Wolf, e-mail: email@example.com
2. Collection and processing of personal data
2.1 Server log files
When you visit our website your browser transmits system-related information to the server. We, the website operator or page provider, collect data about access to the website on the basis of our legitimate interest (see Art. 6 (1) point (f) GDPR) and store these data as “server log files” on the website server.
The following data are always logged:
- the domain and URL called up
- the date and time of access: day/month/year/time
- the volume of data transmitted
- the type of HTTP request
- the web page from which access takes place (referrer URL)
- the HTTP status code
- the anonymised IP address of the requesting computer or mobile device, i.e. the address is shortened in the log in such a way that a reference to a specific person cannot be established
- basic information about the device you use to access the website, such as your browser, browser version, the operating system and the screen resolution of the requesting computer.
The aforementioned data are processed by us or by our data processor for the following purposes:
- ensuring the establishment of a connection to the web page
- evaluation of system security and stability
- preparation of the web page in your browser
- for other administrative purposes, such as the identification of orphaned links
The server log files are stored for a maximum of 28 days and then erased. The data are stored for security reasons, such as being able to clarify cases of abuse. If data must be retained for reasons of furnishing evidence, they are excluded from erasure until the incident has been definitively resolved.
2.2. Log-in for employees and comment function
Commerzbank employees and pensioners can log into the part of the website closed to the public from outside the Bank’s network using their private devices. The prerequisite for this is registration on the Commerzbank Diversity Portal.
To log in via the Diversity Portal, it is necessary for technical reasons to allow the storage of cookies at least for the duration of the visit. When you log into the closed part of the website, the server saves your name, access code and IP address.
This is done on the basis of our legitimate interests within the meaning of Art. 6 (1) point (f) GDPR and serves to enable us to maintain the confidentiality of information that we wish to make available only to our employees and to protect our security as the website operator: if your comment infringes against applicable law, we may be prosecuted for it, which is why we have an interest in the identity of the author of the comment or post.
As a logged-in user, you can post comments under your real name and rate posts. These posts remain permanently stored. As long as no replies have been posted, you can erase your own comments completely. If there are reply comments, you can erase the text of your post, in which case your name will be erased. Instead of the text, a note will appear to this effect: “The employee has erased their comment. Replies to the comment will be preserved.”
Comments from employees that leave the Bank are automatically anonymised on the next working day.
The website is hosted by OVERMANN NETWORKS GmbH, Friedrich-Ebert-Straße, TechnologiePark 75/Haus 51, 51429 Bergisch Gladbach, firstname.lastname@example.org. The hosting party receives the aforementioned data as the processor.
When you access this website, the server sets a technical cookie (JSSIONID), which is necessary for the functioning of the website. It assigns an anonymised ID (session ID) to your browser for the duration of your visit in order to bundle related requests to the server and to be able to assign them to a session. At the end of the user session, the session cookie automatically expires. The session cookie does not allow any inferences to be made about you personally.
Your consent to measure your use of the website, or your refusal to give consent, will be stored in a cookie (commerzbanker) on your computer if your browser configuration permits this. The storage period for this cookie is two years. After this cookie has expired, or if you erase the cookie in the meantime, you will be asked for your consent again on a subsequent visit.
For technical reasons, it is necessary to accept session cookies for the functioning of the website and the log-in to the closed area of the staff magazine.
2.5. Tracking technologies
If you have given us your consent in the data protection dialogue when first accessing the website, we use technologies (scripts) on this website from Google Analytics, a Google Inc. web analysis service, to collect and store statistical data for marketing and optimisation purposes. For the use of the Google Tag Manager (GTM), which we use for tracking and analysis of the website, a URL is called up. Through this process, your complete IP address is transmitted to Google. The GTM itself does not set any cookies.
For the storage of access data in Google Analytics, the IP address is shortened in such a way that direct inferences about you personally are not possible.
The storage period for the data linked to the anonymised IP addresses in Google Analytics is two years. After that the data are erased.
The data processing is based on your consent (Art. 6 (1) point (a) GDPR) and in the interests of finding out how often our web pages have been accessed by different users.
Without your consent the tracking software will not run when you visit this website. Consent also applies to subsequent visits if you allow cookies to be stored on your computer and the corresponding cookie is valid. The storage period for these cookies is a maximum of two years. If you do not consent to the storage of cookies on your computer, you will have to answer the dialogue to request your consent each time you visit the website.
Irrespective of this, you can object to processing at any time. To do so, please use the following options:
Cookies: You can object to the storage of cookies in the consent dialogue when you first access this website. You can also prevent the storage of cookies by adjusting the corresponding browser software setting; however, we would like to point out that in this case you may not be able to use this website to its full extent, and that this website will no longer function if cookies including session cookies are blocked completely.
Google Analytics: You can also prevent the recording of data generated by the cookie and related to your use of the website (including your IP address) for Google and the processing of these data by Google by downloading and installing the browser plug-in available via the following link http://tools.google.com/dlpage/gaoptout?hl=de.
Alternatively, by clicking on this link you can prevent Google Analytics from recording data about you within this website. By clicking on the link above you will download an “opt-out cookie”. Your browser must therefore allow the storage of cookies for this purpose. If you erase your cookies regularly, it will be necessary to click on the link again each time you visit this website.
Here you will find further information on the use of data by Google Inc:
https://policies.google.com/privacy/partners?hl=en (data collected by Google partners)
https://adssettings.google.de/authenticated (settings for advertising displayed to you)
On our web pages, we provide e-mail links and/or contact forms through which you can submit topic-specific enquiries/concerns to the editorial team. In order to be able to respond to your concerns or questions, we also collect personal data such as your name, e-mail address and the matter you have raised, and if necessary further data such as your address and telephone number.
2.7. Social media plug-ins
For reasons of data protection, we do not integrate social media plug-ins directly into our web magazine. No data are transmitted to social media services such as Facebook or Twitter by accessing our pages.
You can share pages by clicking on Facebook, Twitter or LinkedIn buttons. If you click on one of the social media buttons, data are transferred to the respective platform.
Via your Facebook profile you can activate further settings for data processing for advertising purposes or object to the use of your data for advertising purposes. You can access the settings here:
Profile settings on Facebook: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Cookie deactivation page of the US website: http://optout.aboutads.info/?c=2#!/
Cookie deactivation page of the European website: http://optout.networkadvertising.org/?c=1#!/
Instagram privacy information: https://facebook.com/help/instagram/155833707900388
LinkedIn privacy information: https://www.linkedin.com/legal/privacy-policy?_l=en_EN
2.8. Integration of third-party services and content and external links
Videos and multimedia files on this website are usually played from our own servers. However, some pages of the magazine may also contain links to external platforms such as YouTube or other web pages. When you access external links, data are transferred from your computer to the respective external provider. This is usually your IP address, the page from which you access the external content and information about the browser you are using.
Depending on the configuration of your browser software, your computer automatically loads these linked pages in the background when you access a web page with external links (link prefetching). This behaviour is not influenced by our servers. You can prevent this in most browsers by configuring them accordingly.
2.9. Storage duration
For security reasons we store log file data for 28 days.
The storage period for the cookie for tracking consent or non-consent is two years.
The storage period for the Google Analytics cookies is two years.
The storage period for data related to IP addresses in Google Analytics is two years.
Comments posted by employees remain stored for an unlimited period of time if the comment author does not erase them. When the employee leaves the Bank’s employment, the author’s name is anonymised while the content of the comment is preserved.
3. Information disclosure
Commerzbank will only disclose your personal data to third parties if:
• you have given your express consent pursuant to Art. 6 (1) sentence 1 point (a) GDPR;
• the transfer is permissible pursuant to Art. 6 (1) sentence 1 point (f) GDPR, as is necessary, for example, for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data;
• we are legally obliged to transfer the data pursuant to Art. 6 (1) sentence 1 point (c) GDPR;
• the transfer is necessary pursuant to Art. 6 (1) sentence 1 point (b) GDPR for the initiation, implementation and processing of contractual relationships with you.
4. Your rights as a user
Pursuant to Art. 15 GDPR, you have the right to obtain access to information about your personal data that we process or have processed. This applies in particular to the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed and the planned storage period, as well as the origin of your data if they were not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the details thereof. You can also obtain information from us about your other rights in this context: the right to data portability, rectification, restriction of processing, erasure, objection and the right to lodge a complaint.
For this purpose please contact: Commerzbank AG, Data Protection Officer, 60311 Frankfurt, e-mail email@example.com
4.2 Data portability
Pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us on the basis of consent or a contract, in a structured, commonly used and machine-readable format, or to request that these data be transmitted to another controller.
Pursuant to Art. 16 GDPR, you have the right to obtain rectification or completion of your personal data stored by us.
4.4 Restriction of processing
Pursuant to Art. 18 GDPR, you have the right to obtain restriction of the processing of your personal data from us if:
• the accuracy of the data is contested by you;
• the processing is unlawful but you oppose erasure;
• we no longer need the data, but you need them for the establishment, exercise or defence of legal claims;
• you have lodged an objection to the processing pursuant to Art. 21 GDPR.
Pursuant to Art. 17 GDPR, you have the right to obtain the erasure of your personal data stored by us, provided that we do not need to continue processing the data
• to fulfil a legal obligation;
• for the establishment, exercise or defence of legal claims;
• for reasons of public interest or to exercise the right to freedom of expression and information.
Pursuant to Art. 7 (3) GDPR, you have the right to withdraw your consent, once granted, with respect to Commerzbank at any time. In this case, we will not be allowed to continue data processing that was based on this consent for the future.
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. For Commerzbank AG, this is Der Hessische Beauftragte für Datenschutz und Informationsfreiheit in Wiesbaden.
Commerzbank AG 2020