The protection of your privacy and of your personal data is a major concern to us. We process your personal data in compliance with the relevant data protection laws. In addition, we maintain up-to-date technical and organisational measures to ensure data protection and data security. All information security technologies used by us are state-of-the-art and updated on a continuous basis. Our security concepts are continuously adapted as knowledge changes.
In the following text, we would like to inform you about how we process your personal data when you use the V-Bank End Client App.
1 General
V-BANK AG is the provider of this mobile application (hereinafter “App”).
This App is an app for iOS and Android devices that offers extensive services relating to (securities) account information and communication with your bank on mobile end devices. V-BANK AG provides the App in this connection. All functions and associated data are collected and processed via V-BANK AG. The App enables you, within the scope of your business relationship with V-BANK AG, to display client data such as (securities) account information and enables access to the electronic mailbox.
2 Scope of application
This privacy notice informs you about the processing of personal data within the scope of using our App. With regard to data processing within the scope of online banking, hence outside of the App, the dedicated privacy notice regarding the website applies thereto.
3 Definitions
3.1 Personal data
Personal data is all information that relates to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Art. 4(1) GDPR).
3.2 Processing
Processing includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data (Art. 4(2) GDPR).
4 Controller
Controller of the App within the meaning of Art. 4(7) GDPR is:
V-BANK AG
Arnulfstrasse 58
80335 München
Tel.: +49 89 7408000Fax: +49 89 740800222
E-mail: info@v-bank.com
5 Data protection officer
V-BANK’s data protection officer is:
Marcel Müller
Data Protection Officer
V-BANK AG
Arnulfstrasse 58
80335 München
Tel.: +49 89 7408000
Fax: +49 89 740800222
E-mail: datenschutz@v-bank.com
6 Data processing
Within the scope of your use of our V-BANK End Client App, we process your data for the purposes described in more detail in the following text based on the legal basis mentioned below.
6.1 General provisions regarding the use
Following the initial set-up of the App (for details see Clause 6.2a), a connection to the servers of V-BANK and the service providers commissioned for this purpose on its behalf is established to show your bank data (e.g. (securities) account balances and turnover) in the App. Afterwards, the entire data traffic is processed under V-BANK’s responsibility.
6.2 Purposes of data processing and legal basis
Unless otherwise described in the following sections, the legal basis of data processing within the scope of using the App follows from Art. 6(1) Sentence 1(b) GDPR. In this case, the processing of your data is necessary to make the V-BANK End Client App functions available to you.
a. Initial set-up of the App
As a user, you need a Google/Apple account to download the App from the corresponding store. In this process, we have no influence on the data use by Google/Apple. In this case, the terms of use and privacy notice of Google/Apple apply.
Following the installation of the App, an initial set-up is not necessary. Rather, you require your known registration data and online banking access data (access identification/PIN) from the E-Banking system already set up for you. Where two-factor authentication is implemented, it will be conducted in the Online Banking area and not in the App.
In this process, the processing of basic user data regarding registration processes (such as the user name) is required in order to be able to provide you with unrestricted use of our App, in particular, to establish a connection to V-BANK AG. Such data is not stored on your device, but is transmitted to the service provider commissioned by us, same as with the E-Banking system already set up for you.
b. Use of Google Firebase Crashlytics
We use Google Firebase Crashlytics by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to collect information regarding errors or crashs which may occur in our App. As a result, we can improve and constantly further develop the stability and quality of our App. If the App crashes, crash reports will be transmitted to Google Ireland Limited, Ireland, in real time and analysed in order to be able to improve the stability of the App. These crash reports contain information - related to your use of our App - regarding the device type, operation system, region by IP address, platform, App version, language, time of the crash and corresponding stack traces.
The transmission and analysis of your data to and by Google Ireland Limited, Ireland, will only take place with your prior consent pursuant to Art. 6(1) Sentence 1(a) GDPR. We will ask for your consent under the tab “Allowing Tracking” within the scope of acknowledging the privacy notice for this App. In addition, you may select the “Allowing Tracking” tab under the menu points “Settings”, “Data Protection”.
You have the possibility to revoke your consent with prospective effect. You may declare the revocation of your consent by deselecting the “Allowing Tracking” tab under the menu points “Settings”, “Data Protection”.
Further information regarding the data protection at Crashlytics can be obtained from https://firebase.google.com/products/analytics
c. Use of Google Analytics for Firebase
We use Google Analytics for Firebase by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) to track various events (e.g., a specific screen is opened, logout method used, etc.). As a result, we can improve and constantly further develop the stability and quality of our App.
The transmission and analysis of your data to and by Google Ireland Limited, Ireland, will only take place with your prior consent pursuant to Art. 6(1) Sentence 1(a) GDPR. We will ask for your consent under the tab “Allowing Tracking” within the scope of acknowledging the privacy notice for this App. In addition, you may select the “Allowing Tracking” tab under the menu points “Settings”, “Data Protection”.
You have the possibility to revoke your consent with prospective effect. You may declare the revocation of your consent by deselecting the “Allowing Tracking” tab under the menu points “Settings”, “Data Protection”.
For more information regarding data protection at Google Analytics please visit
https://firebase.google.com/products/analytics
d. Session cookies
We use so-called session cookies on our web pages. These session cookies are exclusively stored for the period during which you use our web pages. The session cookies used by us only serve to identify users as long as they are logged into our web pages. After termination of each session, the session cookies are deleted. Any use of session cookies beyond this purpose does not take place.
The legal basis for the use of session cookies is Art. 6(1) Sentence 1(f) GDPR. We pursue our legitimate interest to technically ensure the operation as well as the retrieval and use of our website.
e. Storing your IP address and authentication data
To prevent unauthorised logins, the processing of online banking authorisation data is required (access identification/PIN, two-factor authentication where applicable) in addition to storing your IP address. Processing of such data is required in order to be able to provide you with unrestricted use of our App. The data is not stored on your device, but in our service environment, and is also transmitted to the service provider commissioned by us, same as with the E-Banking system already set up for you.
6.3 Data security
We maintain up-to-date technical measures to ensure data security, in particular, to protect your personal data from data transmission hazards and against third parties gaining unauthorised access to your data. These are adapted to the current state of the art from time to time. Data is transmitted via SSL encrypted connections.
6.4 Data recipients
Basically, your data is only passed on at your request by using the functions of the V-BANK End Client App. The recipient of your data is V-BANK AG or other service providers involved in the use of the App’s functions.
The service providers specialised in processing your data have been carefully selected by us and are monitored on a regular basis. They process personal data only on our behalf and strictly in compliance with our instructions based on corresponding contracts regarding commissioned data processing.
In addition, we only transmit your personal data where there is a legal obligation to do so. The transmission is based on Art. 6(1) Sentence 1(c) GDPR (e.g. to police authorities within the scope of criminal investigations or to supervisory data protection authorities).
6.5 Storage period of personal data
Unless otherwise stated under Clause 6.2, we process and store your data only to the extent to which this is required for the period during which you use our App. Your personal data will be immediately deleted if it is no longer required for the purposes for which it has been processed by us.
Where your personal data is required for the assertion and processing of claims under civil law, it will, in accordance with general limitation periods, be stored for three (3) years from the end of the year in which the claim arose and you have become aware of the claim-substantiating facts or would have had to become aware of them without gross negligence (Sections 195, 199 of the German Civil Code [BGB]).
Where special statutory retention obligations exist additionally, we will store your personal data until such obligation is met. Following the expiry of such time periods, the data concerned will be routinely deleted.
7 Rights of the data subject
7.1 Revocation of your consent
1. If you have given us your consent to the processing of your personal data (Art. 6(1) Sentence 1(a) GDPR), you may revoke such consent at any time. The revocation of your consent is with prospective effect. The lawfulness of processing your personal data until the time of your revocation will remain unaffected. Please address your revocation to:
V-BANK AG’s data protection officer:
Marcel Müller
Data Protection Officer
V-BANK AG
Arnulfstrasse 58
80335 München
Tel.: +49 89 7408000
Fax: +49 89 740800222
E-mail: datenschutz@v-bank.com
2. If you revoke your consent pursuant to Clause 1, we will process your personal data collected in that connection to fulfil your request. Your personal data is processed in compliance with a legal obligation based on Art. 6(1) Sentence 1(c) GDPR.
7.2 Legitimate interests in data processing and objection
1. Where we process your personal data based on our legitimate interests (Art. 6(1) Sentence 1(f) GDPR), you may object to such data processing at any time. We will comply with your objection unless opposed by important reasons as defined by Art. 21 GDPR.
2. If you oppose to data processing, we will process your personal data collected in this connection to fulfil your request. Your personal data is processed in compliance with a legal obligation based on Art. 6(1) Sentence 1(c) GDPR.
7.3. Additional rights of the data subject
1. You may request from us at any time in accordance with the GDPR that we
- provide you with access to your personal data processed by us (Art. 15 GDPR),
- rectify inaccurate personal data concerning you (Art. 16 GDPR),
- erase your personal data stored by us (Art. 17 GDPR),
- block your personal data (Art. 18 GDPR), and/or
- release or transmit your personal data (Art. 20 GDPR).
2. Please address your requests to
V-BANK’s data protection officer:
Marcel Müller
Data Protection Officer
V-BANK AG
Arnulfstrasse 58
80335 München
Tel.: +49 89 7408000
Fax: +49 89 740800222
E-mail: datenschutz@v-bank.com
3. If you assert your rights pursuant to Clause 7.3.1 against us, we will process your personal data collected in this connection to fulfil your request. Your personal data is processed in compliance with a legal obligation based on Art. 6(1) Sentence 1(c) GDPR.
4. Irrespective of your rights pursuant to Clause 7, you may lodge a complaint with a supervisory authority if you are of the opinion that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR).
8 Amendments to the privacy notice
We reserve the right to adapt this privacy notice to the current legal requirements and changes in our services. The privacy notice as amended from time to time applies to your website visit. The updated privacy notice will apply from the point in time at which it is made available to you.
As of April 2021
End of the privacy notice