Data Protection Policy

The following information serves to inform you about the processing of your personal data and the data protection claims and rights to which you are entitled. This information does not change your contractual or legal rights and obligations. The content and scope of the data processing is largely based on the service you have requested or has been agreed with you.

1. Who is responsible for data processing and who can I contact?

Your data is collected and processed by:
Raiffeisen Apart GmbH
Mooslackengasse 12, 1190 Vienna
Email: immobilien@raiffeisen-wohnbau.at

You can reach the data protection officer appointed by us at:

Mag. Daniela Bollmann, LL.M.
Am Stadtpark 9, 1030 Vienna
E-Mail: datenschutzbeauftragter@rbinternational.com
Phone: +43-1-71707-8603

2. Which data do we process and from which sources does this data come?

We process personal data that we receive from you directly, data that we have legitimately received from business information services (CRIF GmbH), address services, creditor protection associations (KSV 1870 Holding AG), data from publicly accessible sources (e.g. company register, register of associations, land register, media), as well as data legitimately received from other companies affiliated with us.

We process your personal and contact details (such as name, address, telephone number, email, date of birth), financial identification data (such as your bank details and customer numbers), insurance data, data on the business relationship, data for Sales and Marketing purposes, AML (Anti Money Laundering) and compliance data (such as such as data on the source of funds or trusteeships), tax data (such as VAT numbers) and, if applicable, electronic protocol and identification data (such as your electronic signature, logging data or cookies) and other data comparable to the categories mentioned.

3. What is the purpose and legal basis of our data processing?

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act 2018.

a) to fulfill contractual obligations (Article 6 Paragraph 1 Letter b GDPR):

The processing of personal data (Article 4 No. 2 GDPR) takes place

The processing of personal data (Art. 4 No. 2 DS-GVO) takes place for the provision of property development services, the implementation of real estate transactions, the planning and construction of real estate, the rental of real estate and the implementation of brokerage transactions, and can include the preparation of offers and the conclusion and administration of contracts as well as brokerage services, and serves to implement our contracts with you and to prepare for the conclusion of the contract.

The specific purpose of data processing depends on the respective business and can be found in the respective contract documents.

b) to fulfil legal obligations (Art. 6 Para. 1c DS-GVO):

Processing of personal data may be necessary for the purpose of fulfilling various legal obligations to which we are subject (e.g. from the trade regulations).

Examples of such cases are:

  • the legally required measures to combat money laundering and terrorist financing, combat fraud and compliance with financial sanctions and, if necessary, obtain the necessary information and submit reports (e.g. reporting to the Austrian money laundering office in certain suspected cases);
  • the maintenance of statutory accounting and business records;

c) to protect legitimate interests (Article 6 Para. 1f GDPR):

If necessary, in the context of balancing interests in favour of our company or a third party, data processing can take place beyond the actual fulfilment of the contract to protect our legitimate interests or those of third parties. Examples of data processing to protect legitimate interests include:

  • General information emails and newsletters about services and products and related marketing information;
  • Testing and optimization of processes for needs analysis and direct customer contact
  • Advertising and marketing, unless you have objected to the use of your data in accordance with Article 21 GDPR; we also use evaluation tools to do this to develop services and products that are tailored to your interests and needs and to be able to inform you about new projects in a targeted manner;
  • Telephone recordings (for quality assurance measures or in the event of complaints);
  • Measures for business management and further development of services and products;
  • Measures to protect employees, customers, and the property of our company;
  • Measures to prevent and combat fraud, to combat money laundering, terrorist financing and criminal activities that endanger assets;
  • Measures for debt collection and legal prosecution;
  • Assertion of legal claims and defence in legal disputes;
  • Ensuring the IT security and IT operations of our company;
  • Prevention and investigation of crimes;
  • Joint group risk management.

These processing activities serve to ensure the diligent management of our company.

d) within the scope of your consent (Article 6 Paragraph 1a GDPR)

In some cases we need your consent so that we can carry out data processing. Such consent is given in separate declarations of consent and not in these data processing instructions. If you give us your consent to data processing for specific purposes, the data processing will also take place for the purposes and to the extent detailed in your declaration of consent. You can revoke such consent at any time with future effect.

4. Who receives my data?

Your data will be passed on to Raiffeisen-Leasing Gesellschaft mbH, Vienna, which conducts our business for us. Employees of Raiffeisen-Leasing Gesellschaft mbH only have access to your data insofar as this is necessary within the scope of their tasks.

Furthermore, we forward your data insofar as is necessary to

a) insurance companies for insuring risks or processing claims;

b) our suppliers and service providers as well as lawyers and notaries, insofar as this is necessary or expedient to provide the services contractually agreed with you;

c) service providers and processors who process your data for us according to our orders;

d) our customers, insofar as this is necessary or expedient in the context of the business relationship;

e) authorities at their request, insofar as they are legally authorized to do so, or if there are reporting obligations.

5. How long will my data be stored?

We store your data during our business relationship (from the initiation, processing to the termination of a contract) and also after the end of the business relationship, as long as this is due to statutory storage and documentation obligations, which result from the German Commercial Code (UGB) and the Federal Fiscal Code ( BAO), or is necessary for the protection or enforcement of rights. Members of the prospect file are deleted when logging off.

6. Am I obliged to provide my data?

As part of the business relationship, you must provide the personal data that is required for the establishment and implementation of the business relationship and that we are legally obliged to collect. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will not be able to carry out an existing contract. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the conclusion of the contract or the fulfilment of the contract or that is not required by law and/or regulation.

7. What data protection rights do I have?

In accordance with the General Data Protection Regulation, you have the right to information about the personal data that we process from you; to the correction, deletion or restriction of the processing of this data; a right to object to this data processing and a right to request the transfer of the data you have provided.

If you believe that we are infringing your rights when processing your data, you have the right to lodge a complaint with the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna. If you live or work in another member state of the European Union, you can also lodge your complaint with the supervisory authority responsible for data protection there.

8. Is decision making automated?

We do not use fully automated decision-making to establish and implement the business relationship, in accordance with Article 22 GDPR.