Data Protection Policy
Thank you for your interest in our web site and our company. Despite the fact that we check external links carefully, we assume no liability for the contents or safety of the sites accessed by means of these external links.
We protect your personal data to the highest possible degree during collection, processing, and your visits to our web site. Your data are protected as required by law. The following contains an explanation of the type of data that we collect when you visit our web site as well as of how we use this data.
- Master and identification data such as first and last name, e-mail address, and if necessary telephone number, date of birth, hobbies, etc. when you provide this information to us
- The results of processing to fulfil contracts and declarations of consent
- Data to meet legal and regulatory requirements
- Public sources such as the trade register, property register, bankruptcy database, or register of associations
- From other institutions in the Erste Asset Management GmbH group
- The Austrian Banking Act; monitoring insider trading, conflicts of interest, and market manipulation: the Securities Supervision Act 2018, the Stock Market Act, the EU Market Abuse Regulation 596/2014
- Ascertaining your identity, transaction monitoring, reporting suspicious activity: Financial Market Money Laundering Act and the EU Wire Transfer Regulation 847/2015
- Provision of information to public prosecutors, courts, and criminal financial authorities pertaining to criminal proceedings based on intentional financial crimes: Austrian Banking Act, criminal procedural code, criminal financial code
- Measures for the prevention of fraud, fraud transaction monitoring
- Data processing for exercising legal claims
- Recording telephone calls, for example for complaints and for documenting declarations that are relevant for transactions
- Companies, units, and persons (employees and contract agents) within the group headed by Erste Asset Management GmbH when these entities need these data to fulfil contractual, legal, or supervisory obligations and to realise their legitimate interests
- Public agencies and institutions when we are legally obligated to do so, for example the Austrian Financial Market Authority, tax authorities, etc.
- Third parties contracted by us, such as IT and back office service providers, when they require these data for their activities. Third parties are contractually required to treat your data confidentially and to only process them for the provision of the relevant services
- Third parties when this is required for contract fulfilment or based on legal regulations, for example the recipient of a wire transfer and their payment transaction service provider.
Starting on 25 May 2018, the General Data Protection Regulation or GDPR applies throughout the European Union. The GDPR stipulates how personal data may be processed and how they must be protected. You will find a summary of the basic information below.
What is the GDPR?
The GDPR is a regulation of the European Union. It applies directly in every member state, including in Austria. Every person whose data are processed can directly claim protection under the GDPR. Detailed information can be found here.
What does the GDPR govern?
The GDPR contains regulations about the processing of your personal data. The GDPR protects all information about you including your name, telephone number, investment, and hobbies. The principles in this regulation stipulate how your personal data may be stored and processed. Detailed information can be found here.
Why is the Austrian data protection law (DSG 2018) still in force?
The European Union has not only enacted the GDPR, but an entire “data protection package”. Part of this was also a new data protection directive. What is the difference between a directive and a regulation? Unlike a regulation, a directive must be implemented in national law. The GDPR also gives the member states leeway to govern individual aspects in greater detail than set forth in the GDPR itself.
Both of these aspects are being covered in Austria through the 2018 Data Protection Amendment Act, or the DSG 2018. We will of course also comply with the DSG 2018 when it is relevant for you and your relationship with us.
Why is the protection of my data so important?
Data protection is a fundamental right. Just as your right to freedom or security, your right to data protection is enshrined in the Charter of Fundamental Rights of the European Union. This EU Charter of Fundamental Rights applies to the relationship between you and government institutions.
The law also recognises that there must be a balance between the interests of entities processing personal data and the so-called data subjects in private and business affairs – for example between you and your bank. These rules can be found in the GDPR and DSG 2018.
Personal data say a lot about us and can reveal our hobbies, preferences, and wishes. And this is of course worth protecting. But we have to know your preferences in order to be able to offer you individualised service. One core element of data protection is that we find a way together in which we can and may process your data in your interests and under your supervision. Detailed information can be found here.
Where can I learn more about the GDPR and DSG 2018?
(All links as of May 2018)
The text of the GDPR can be found here:
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&
The text of the DSG 2018 can be found here:
https://www.ris.bka.gv.at/GeltendeFassung.wxe?Abfrage=Bundesnormen&Gesetzesnummer=10001597&FassungVom=2018-05-25
The EU Charter of Fundamental Rights:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:12012P/TXT
You can find more information about your rights on the following web sites:
Austrian Data Protection Authority:
https://www.dsb.gv.at/
European Commission:
https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en
(All links as of May 2018)
It is important to clarify some basic terms so that we can talk about data protection. We have also included the Article designations of the GDPR so that you can look these definitions up if you wish to do so. Please note that the information provided here is only a summary. The full text of the GDPR and the respective articles can be found here:
https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.DEU
What are personal data?
Personal data include all information that relate to an identifiable natural person (“data subject”). A natural person is considered to be identifiable when his or her identity can be determined directly or indirectly, for example by reference to a name or code number.
More information can be found in Article 4 (1) GDPR.
What does the processing of data include?
The term “processing” means any operation performed on personal data with or without the help of automated systems. This includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
More information can be found in Article 4 (2) GDPR.
What does “controller” mean?
The term “controller” refers to the natural or legal person, public authority, agency, or other body that decides on the purposes and means of processing personal data alone or jointly with others. One example of this is us as a management company.
More information can be found in Article 4 (7) GDPR.
What does “processor” mean?
The term “processor” means a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.
More information can be found in Article 4 (8) GDPR.
Who is responsible for processing personal data?
The following company is responsible for processing your data:
Erste Asset Management GmbH
Am Belvedere 1
A-1100 Vienna
Imprint
Contact for issues relating to data protection:
Erste Asset Management GmbH
Data Protection
Am Belvedere 1, A-1100 Vienna
E-mail: Datenschutz@erste-am.com
Responsible authority for data protection issues:
Austrian Data Protection Authority
Wickenburggasse 8, A-1080 Vienna
Telephone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
https://www.dsb.gv.at/
Is there a data protection officer pursuant to Article 37 GDPR?
Article 37 of the GDPR lists instances where the controller must appoint a data protection officer in any case. Among other cases, a data protection officer must be appointed when the core activities of the company consist of processing operations which, by virtue of their nature, their scope, and/or their purposes, require regular and systematic monitoring of data subjects on a large scale. With regards to the “core activity”, recital 97 of the GDPR states that the core activity always pertains to data processing as the primary activity but not to data processing as an ancillary activity.
The primary activity of Erste Asset Management GmbH and ERSTE-SPARINVEST Kapitalanlagegesellschaft m.b.H. is the management of investment funds. For this reason, the appointment of a data protection officer is not mandatory at this time. You can contact us at any time if you have any questions or concerns about data protection.
What personal data are processed?
We process the following personal data:
Please note: This is simply a general list. We do not have all of the data specified above in every case. You have the right to receive a detailed, individual list from us upon request at any time. Please contact datenschutz@erste-am.com to this end.
Where do you obtain the personal data that you process?
Most of your personal data that we process was provided by you: for example when you signed up for our newsletter or submitted an enquiry.
Data can also come from the following sources:
We may also receive data from government agencies or from individuals acting under government mandate, such as from the Financial Market Authority, guardianship or criminal courts, public prosecutors, or court-appointed notaries. You have the right to receive a detailed, individual list from us.
For what purposes and on what legal basis are my personal data processed?
We are a management company pursuant to the Austrian Investment Fund Act 2011 and pursuant to the Alternative Investment Fund Manager Act. We process your personal data in connection with this activity. In detail, this means:
Processing for contract fulfilment
We are permitted to render certain services for you depending on the type of contracts that we have concluded with you. This can be an agreement relating to a special purpose fund, or can be a management agreement, for example. We must process your data to this end. Our offerings are just as diverse as the wide range of contracts that we enter into. The scope of data processing is specified in the terms of the respective contract.
Processing to fulfil legal obligations
Certain legal regulations and purposes also require that we process your personal data, such as:
Processing based on legitimate interests
We or third-party agents have a legitimate interest in processing data in the following cases:
Processing personal data for the purposes of direct marketing can also be a legitimate interest.
Processing based on declaration of consent
If there is no contract, legal obligation, or legitimate interest, data processing can also be legal when you have given us your consent or authorisation to do so. The scope and contents of this data processing are always defined by the specific consent that you have granted. You can revoke this consent at any time.
The revocation has no impact on the legality of data processing up to the point in time that the consent is revoked. In other words, revocation has no retroactive effect.
Am I obligated to provide my personal data? What happens when I do not wish to do so?
We require certain personal data from you for our business relationship. If we do not know your name and e-mail address, we cannot send you any newsletters or information about our new products, or invitations to interesting events. We also cannot manage your special purpose fund without this information. If we cannot verify your identity, the law prohibits us from accepting you as a special purpose fund client. If you do not wish to provide your personal data to us, we may be unable to offer you certain products and services. If we are only permitted to process your data based on your consent, you are not obligated to give this consent or provide your data.
Are any decisions made based on automated processing, such as profiling?
We employ no automated decision-making processes pursuant to Article 22 GDPR at the beginning of or during our business relationship.
To whom are my personal data passed on?
Your personal data can be passed on to:
Your data may also be passed on to third parties when you have consented to this forwarding.
Are my personal data forwarded to a non-EU country?
(All links as of May 2018)
Our processors can work with sub-processors in non-EU countries. These sub-processors are obligated to comply with Austrian data protection and security standards.
We will provide you with a list of current service providers in non-EU countries as well as information about the basis on which the data are forwarded upon request.
How long are my personal data stored?
(All links as of May 2018)
Your personal data are stored for as long as required to fulfil the relevant purposes in any case. The law also stipulates for how long we must keep the data. These retention obligations may also apply when you are no longer our customer or an interested party. You can find an overview of the legal retention obligations that apply in Austria here, for example:
What security measures are applied in data processing?
We place high value on data protection and data security. We have taken all technical and organisational measures needed to secure our data processing. This especially pertains to the protection of your personal data. We protect these data against unauthorised and unlawful processing, unintentional loss, unintentional destruction, and unintentional damage. These measures include the use of modern security software and encryption methods, physical access control, and precautions to prevent and defend against external and internal attacks.
What about cookies, social networks, web analytics, and re-targeting?
Cookies: We use cookies on different parts of our web site. Cookies are small text files that allow users to be recognised when they return to our web site. However, no personal information such as your name or address are stored for this. This means that the information they contain cannot be used to identify you.
We use cookies to tailor our offerings to your needs and to analyse how these offerings are used. You can configure your browser to require your express consent before cookies are used, or to generally block the use of cookies. You can use our web site without accepting cookies.
Web analytics: We forward personal data to the service provider Webtrekk GmbH for the purposes of anonymised statistical analyses of the user flow on our web sites. You can prohibit the forwarding of your data.