Privacy statement for the website in compliance with the EU General Data Protection Regulation (GDPR)
The technology of Internet and electronic data processing can give some people the feeling that they have lost the overview of where and for what purpose their data is being stored. Trust in the careful and secure handling of customer data is especially important in the financial sector. That is why we wish to explain to you, as a visitor to our websites, how the SECB ensures the confidentiality of personal data and respects privacy rights.
The SECB privacy statement applies to all the websites for which it is responsible. Websites belonging to the SECB can contain links to external companies, to which this privacy statement does not apply.
1. Responsible for matters pertaining to the EU General Data Protection Regulation is:
SECB Swiss Euro Clearing Bank GmbH
Data Protection Officer
60486 Frankfurt am Main
E-mail: datenschutzsecb [dot] de
The data protection officer can be reached via the contact information listed above.
The SECB ensures the confidentiality of your personal data by seeing to it that our employees adhere to confidentiality obligations, and that the in-house data protection officer and the internal audit ensure compliance with the data protection declaration and the statutory data protection regulations.
2. Personal data and the use thereof
Personal data includes all information that relates to an identified or identifiable natural person. This data includes information such as your name, your address, your telephone number, your e-mail address or your IP address. Information that is not considered to be personal data is that with which we cannot establish a relation to your person (or only with an unreasonable amount of effort), such as through the anonymization of the information. The processing of personal data (e.g. collection, searching, usage, storage or transmission) always requires a legal basis or your permission.
3. Data transmitted through the browser/Internet technology
The SECB, or the provider of the sites, automatically collects and stores information in so-called server log files which your browser automatically transmits to us (e.g. browser type, browser version, operating system used, referrer URL, host name of the company establishing access, time of the server request, IP address, etc.).
This data is not assignable to specific people. No aggregation of this data with other data sources takes place. We reserve the right to examine this data if concrete indications of illegal usage become known to us.
The IP address will be anonymized by the provider in the server log files and stored for a maximum of 10 days. This means that no person-related evaluation can take place. Regardless of this, the provider saves the complete IP address on its server for a maximum of 10 days for legal reasons.
4. Use of your personal data
The use of our website is basically possible without provision of personal data. Excepted from this is the establishing of contact with us through the contact form on our website, as well as the opening of a user account for customer access to our website. The personal data that we request for these purposes is only used for correspondence with you or processed solely for the purpose for which you have provided the data to us. You can object to the use of this personal data at any time. We assure you that your personal data will not be provided to third-parties unless we are legally compelled to do so or if you have given us your prior permission. If we have engaged service providers for the conducting and handling of production processes, the contractual relationships will be regulated as stipulated by the German Federal Data Protection Act.
If you choose to send inquiries to us using our contact form, then we ask you for your first and last names, your company name and e-mail address. Furthermore, you can enter your individual message to us in the message field.
We make the information on our website available in the password-protected area. We only provide access upon request to people who are part of a financial institution that has an account relationship with us. You must set up a user account with us to receive access. For the registration, we will request the following data from you: gender, language, first and last name, the name, city and postal code of your financial institution and a telephone number.
All users are free to delete their user account at any time. All stored data is deleted when the user account is deleted.
Except for the cases mentioned above, we do not create any personal user profiles.
We use so-called cookies (small text files with configuration information). Cookies are small text files that are sent to your browser within the scope of your visit to our website by our web server and then retained on your computer for a later call up of our website. We only use so-called “session cookies” (also called temporary cookies), which are those that are temporarily saved only for the duration of your use of our websites. Once the session ends, and as soon as you stop using your browser, the cookies are deleted.
Most browsers are preset so that they automatically accept cookies. However, you can deactivate the saving of cookies or set your browser so that it notifies you before cookies are saved. Users who do not accept cookies may possibly be unable to access certain areas on our website.
6. Hyperlinks to external websites
So-called hyperlinks to websites from other providers are found on our website. When you activate these hyperlinks, you are directly routed from our website to the website belonging to the other provider. This can be recognized by the change to the URL, among other things. We cannot assume responsibility for the confidential handling of your data on these third-party websites, since we have no influence over whether these companies comply with data protection requirements. Please inform yourself directly on these websites about how they handle your personal data.
7. Your rights as a user of our website
The GDPR foresees the following rights for you as the person affected by the processing of personal data:
According to Art. 15 of the GDPR, you can request information from us about the processed personal data. In particular, you can request information about the purpose of the processing, the categories of the personal data, the categories of recipients to whom your data was or will be disclosed, the planned storage duration, the existence of a right to rectification, deletion, limitation of processing or objection, the existence of a right to appeal, the origin of your data if this was not collected by us, about transmission to a foreign country or to an international organization, as well as the existence of automatic decision making including profiling and potentially also detailed information about such.
According to Art. 16 of the GDPR, you can immediately request the rectification of incorrect data or the completion of the personal data stored by us.
According to Art. 17 of the GDPR, you can request the deletion of your personal data stored by us, as long as the processing thereof is not required for the exercising of the right to free expression and information, the meeting of a legal obligation, for reasons of public interest or for the enforcement, execution or defense of legal claims.
According to Art. 18 of the GDPR, you can request the limitation of processing of your personal data if the correctness of the data is contested by you, the processing thereof is improper, if we no longer need the data and you reject the deletion thereof because it is needed for the execution, exercising or defending of legal claims. You are also entitled to the right stipulated in Art. 18 of the GDPR if you have raised objection to the processing in accordance with Art. 21 of the GDPR.
According to Art. 20 of the GDPR, you can request receipt of your personal data that you have provided to us in a structured, accessible and machine-readable format or you can request the transmission thereof to other authorities.
According to Art. 7, Para. 3 of the GDPR, you can retract the permission once granted to us at any time. The consequence of this is that we may no longer continue the data processing based on this permission in the future.
According to Art. 77 of the GDPR, you are entitled to complain to a supervisory authority. The supervisory authority in charge of data protection issues is the “Commissioner for Data Protection of Hesse”: www.datenschutz.hessen.de.
8. Information about your personal data that is stored by us / storage duration / deletion
We only store your personal data to the extent that it is legally permitted. Deletion of the stored personal data occurs if the user retracts his permission to store it, or if the knowledge of this data is no longer required to meet the purpose for which it was saved, particularly if the user account is deleted or if the storage thereof is impermissible for other legal reasons.
Upon request, we will provide you with the personal data that we have stored about you. If, despite our efforts to maintain correct and current data, inaccurate data is stored with us, then we will immediately correct it.
You have the option at any time of checking the personal data that has been provided to us, to change or to delete it, by sending an e-mail to: datenschutzsecb [dot] de
If you wish to delete the stored data, then this will also be completed immediately upon your request. If deletion is not possible for legal reasons, then a block is placed upon your personal data. However, please note that if your data is deleted, then we can no longer offer the services described here.
9. Data security and security measures
We undertake to protect your privacy and handle your personal data confidentially. To avoid manipulation, loss or misuse of your data stored by us, we undertake comprehensive technical and organizational security measures, which are regularly reviewed and adapted to the technical state of the art. Among these measures is the use of recognized encryption methods (SSL or TSL).
We point out to you that due to the structure of the Internet, it is not possible for us to monitor adherence to the data protection rules and the above-listed security measures for people or institutions not within our scope of responsibility. Specifically, data that is provided in an unencrypted format – e.g. sent by e-mail – can be read by third parties. We have no technical influence upon this possibility. Users are responsible for protecting the data they provide through encryption methods or otherwise from misuse. The transmission of messages through our contact form and the user registration are SSL/TSL encrypted.
You can contact the SECB data protection officer at any time if you would like information that has not been provided in this privacy statement, or if you seek further details about a specific issue.