In connection with the use of our HCOB portal, we collect and process personal data from you. This is done for the purposes and to the extent described below. We only pass on your data to third parties as described below.
Registration to use our HCOB portal
To be able to use our HCOB portal, we collect the following personal data from you as part of the registration process:
– Personal identification details:
– First name, surname.
– Contact information
– E-Mail address
– Telephone number, if applicable
– Company address, if applicable
– Job title.
Identification
We are legally obligated under the German Money Laundering Act (Geldwäschegesetz – GWG) to clearly identify you. For this purpose, we additionally process the following person-al data from you:
– Identification data (e.g., ID data)
– information on marital status, if applicable
– information on the matrimonial property regime, if applicable
– profession, if applicable
– information about your financial situation (credit data, rating data, origin of assets), if ap-plicable
– documentation data (e.g., consultation records), if applicable
– Registry data, if applicable.
Use of the HCOB-Portal
While using the HCOB portal, we also process the following personal data from you:
– Access and authentication data
– User ID, PINs, TANs
– Password and
– Possession elements, i.e., something that only the user possesses (e.g., token from the end device assigned to the user)
– Signature data
– Signature
For certain electronic declarations via the HCOB portal, we require verification of your identity through an advanced electronic signature as defined in Article 3 (11) or a qualified electronic signature as defined in Article 3 (12) of Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.
We process your personal data insofar as this is necessary to fulfil the contract with you. The legal basis for this is Art. 6 (1) lit. b GDPR. In addition, we have a legitimate interest in fulfilling our contractual obligations as the provider of the HCOB portal to the company for which you work and use our HCOB portal. Ultimately, the processing of your personal data is also in the legitimate interest of the company for which you work, enabling it to use our HCOB portal for its business purposes. The legal basis for this is Art. 6 (1) lit. f GDPR. We are also subject to various legal obligations, i.e. statutory requirements (e.g. German Bank-ing Act, Money Laundering Act, Securities Trading Act, tax laws) and banking supervisory requirements (e.g. European Central Bank, European Banking Authority, Deutsche Bun-desbank and German Federal Financial Supervisory Authority). The purposes of processing include credit checks, identity and age checks, fraud and money laundering prevention, the fulfilment of control and reporting obligations under tax law and the assessment and man-agement of risks. The legal basis in this respect is Art. 6 (1) lit. c GDPR.
Data sharing
Within Hamburg Commercial Bank AG, those departments that need your data to fulfil our contractual and legal obligations will receive it. Additionally, processors we employ (Art. 28 GDPR) may receive data for these purposes. These are companies in the categories of financial and credit services, IT services, logistics, printing and archiving services, telecommunications, debt collection, advice and consulting. Regarding the sharing of data with recipients outside Hamburg Commercial Bank AG, it should first be noted that we are obligated to maintain confidentiality about all customer-related facts and assessments that we become aware of, in accordance with the General Business Conditions that may have been agreed upon between you and us (banking secrecy). We may only share information about you if is required by law, if you have given your consent or if we are authorized to provide banking information. Under these conditions, recipients of personal data may include:
– Public authorities and institutions (in particular the Deutsche Bundesbank, the German Federal Financial Supervisory Authority, the European Banking Authority, the European Central Bank, financial authorities, tax authorities, law enforcement authorities) in the event of a legal or regulatory obligation.
– Other credit and financial service institutions or comparable entities with which we share personal data in order to initiate or conduct the business relationship with you (depend-ing on the contract: e.g., correspondent banks, custodian banks, stock exchanges, credit agencies, rating agencies (especially Fitch Ratings, Moody’s, Standard & Poor’s), credit card companies), particularly in the context of banking information, fund management, loan processing, collateral management, video legitimization, securities services, pay-ment card processing (debit cards/credit cards), and payment transactions.
Other data recipients may include those entities for which you have given us your consent to share data with or for which you have released us from banking secrecy in accordance with an agreement or consent, particularly other credit and financial service institutions or comparable entities (e.g., credit agencies, rating agencies, credit card companies).
Data transfer to third countries
Data will only be transferred to third countries (countries outside the European Economic Area – EEA) if this is necessary for the execution of orders initiated by you (e.g. payment and securities orders) or is required by law or if you have given us your consent
Provision of personal Data
When using our HCOB portal, you only need to provide the personal data that is required to identify you and to use the portal or that we are legally obliged to collect. Without this data, we will usually have to refuse access to the HCOB portal or terminate existing access. In particular, we are obliged under money laundering regulations to identify you before you use the HCOB portal, for example by means of your identity card, and to collect in particular your name, place of birth, date of birth, nationality and residential address.
To comply with this legal obligation, you must identify yourself during the registration process for using the HCOB portal through our processor using the VideoIdent/eID procedure in accordance with Section III. If you do not provide us with the necessary information and documents or do not wish to participate in the VideoIdent/eID procedure, we will not be able to grant you the requested access to the HCOB portal.
Automated Individual Decision-Making
In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish and conduct the business relationship, i.e. no procedures in which decisions are made exclusively by automated means. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.
Use of Cookies
When you visit the HCOB portal, we also collect and use data from you to make your use of our HCOB portal more convenient. We also use so-called cookies. Cookies are small text files that are stored on your end device when you access the HCOB portal. You can find out more about the term and function of cookies and other data protection and technical terms below under ‘Help in understanding data protection terms’. Cookies cannot transmit viruses or malware to your computer, but they can contain information that enables the user to be identified. A distinction is made between transient cookies, which are deleted as soon as your browser is closed, and persistent cookies, which are stored beyond the respective session and rec-ognise you upon your next visit to the website. Regarding functionality, a distinction is made between technically necessary and non-necessary cookies. We only use technically necessary cookies.
Technically necessary cookies
The cookies that are technically necessary for the operation of the HCOB portal and its func-tions are listed below. These are usually set in response to an action you have taken. These include registration, login or settings like language or cookie preferences. It is possible to disable these cookies in your browser. However, in this case, the error-free functionality of the HCOB portal can no longer be ensured.
Download technically necessary cookies
Right to object under Article 21 GDPR
If we process your data based on the legitimate interests of Hamburg Commercial Bank AG or third parties, or in the public interest, you as the data subject have the right to object to the processing of your data for reasons arising from your particular situation (Article 21(1) GDPR). The objection can be made without any formal requirements. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. If you effectively object to the processing of your personal data, we will inform the company you work for and delete your personal access to the HCOB portal. In this case, it will no longer be possible to use the HCOB portal.