Data Protection Policy for MultiportGo
Data Protection Policy for users of the MultiportGo app
The protection of your data is very important to us which is why we would like to inform you – additionally to the General Data Protection Policy of DZ BANK – about how your data are handled in our MultiportGo app.
DZ BANK AG is delighted about your interest in the company. We take a serious interest in the protection of your personal data and want you to feel safe when using MultiportGo.
Whenever you provide us with personal data, we treat it with the care customary in the banking industry and in accordance with statutory data protection regulations.
For confidential communications with us, please use regular post for your own security.
Personal data will only be collected, processed and used to the extent necessary in the framework of using of MultiportGo.
DZ BANK AG processes personal data, such as the date and time of your app usage or the operating system used, for the purpose of providing and visualising MultiportGo as well as for other aspects associated with its technical operation. The above-mentioned data are stored in logfiles in order to ensure functionality and security. The processing additionally serves the optimisation of MultiportGo.
The legal basis for the temporary storage of these data and the logfiles is Point (f) of Article 6 (1) of the EU General Data Protection Regulation (GDPR) (“legitimate interest”).
Under no circumstances will the collected data be sold or transferred to third parties except for when this has been specifically provided for in this Data Protection Policy.
DZ BANK AG processes and stores the above-mentioned personal data only for the period of time necessary to achieve the purpose of storage or for the fulfilment of an official requirement. Where the purpose of storage lapses or where a prescribed statutory retention period expires, the personal data will be blocked or erased routinely and in accordance with the statutory provisions.
Your communication via MultiportGo is https-encrypted. Where personal data are collected, they will therefore be transmitted in encrypted form.
MultiportGo is hosted on the servers of a partner and operated by that partner. This is a partner (processor) whom we have commissioned within the context of a contract in accordance with Article 28 GDPR. The thus-processed personal data are only processed to the extent necessary to provide the offered services.
We warrant that we only pass on your personal data to third parties to the aforementioned extent, unless we are legally entitled or obliged to do so or you have given us your prior consent. Where we avail ourselves of other service providers for performing and / or handling processing processes, these contractual relationships will be regulated in accordance with the provisions of data-protection law.
If DZ BANK customers are serviced by DZ BANK foreign branches, personal data is transferred to them in compliance with GDPR. DZ BANK foreign branches adhere to Head Office’s (Frankfurt) internal data protection policies and guidelines.
MultiportGo does not contain any plug-ins of social media platforms. Personal data are not therefore transmitted to social media platforms while you are in the MultiportGo app.
If you have any questions about MultiportGo, you can contact us or our support units by phone, e-mail or using the electronic form which you can find on our homepage (firmenkunden.dzbank.de/multiportinternational). If you contact us, we will process the information you provide (e-mail address, telephone number, contact details etc.) only to clarify your inquiry and to be able to ask possible follow-up questions.
The legal basis for the processing of these data, which are transmitted in the course of sending an inquiry, is Point (f) of Article 6 (1) GDPR (“legitimate interest”). Where the objective of the inquiry is the conclusion of a contract, the additional legal basis for processing is – additionally to the aforementioned – Point (b) of Article 6 (1) GDPR (“performance of a contract”). Where no other storage obligations arise, these data will be erased from our systems after your inquiry has been clarified.
In order to use MultiportGo, you must first register yourself, which will also include providing personal data. These data are transmitted to us and stored within the context of the EBICS process via the EBICS Application Form (www.ebics.dzbank.de).
The following data are collected during the registration process:
- Company name
- Business partner number (BP number)
- Company’s address
- Contact person at company
- Possibly the telephone and fax numbers and e-mail address of the contact person
- Names of staff members authorised to use the system
- Possibly the e-mail address and the telephone number of the authorised staff members
- Possibly the address of the authorised staff members
- Account number(s), bank sort code (BLZ) / IBAN, BIC
- Authorisations for processing EBICS payments
- Customer ID and User ID / subscriber ID
The following data are collected in the course of logging into the MultiportGo app:
- User name
- Date and time of login
The legal basis for the processing of the data is Point (b) of Article 6 (1) GDPR (“performance of a contract”) as the registration and the login area are necessary for the performance of the contract respectively for taking steps prior to entering into a contract. The registration and login serve to authenticate the user for the use of MultiportGo.
The above-mentioned data will be erased as soon as they are no longer necessary for achievement of the purpose (performance of the contract or steps taken prior to entering into a contract). After the contract has been entered into, it may be necessary to store personal data in order to comply with contractual or legal obligations.
The login logfiles are stored for security reasons and for support requests and are erased after expiry of the statutory retention period.
Notifications and logs can be called up from within the MultiportGo app for 7 (seven) days. In addition, you can configure the logging data autonomously within MultiportGo. This includes logs of debug notifications, logs of portal notifications, and the retention periods of these logs (maximum: 999 days).
The General Data Protection Regulation gives you the right of access, right to rectification, data portability, restriction of processing (blocking) and erasure of your data. With respect to certain legal bases for the processing of your data, namely with respect to processing operations based on a legitimate interest, you have a right of objection (Article 21 GDPR). Furthermore, you can withdraw any consent you have given at any time.
The exercise of these rights may depend on the processing operation concerned and can thus vary depending on the different processing operations. We would further like to draw your attention to your general right to complain to a supervisory authority.
The Controller responsible for the web pages and the data processing processes on these web pages is:
DZ BANK AG
Deutsche Zentral-Genossenschaftsbank, Frankfurt am Main
Platz der Republik,
D-60325 Frankfurt am Main
PO box: D-60265 Frankfurt am Main
Tel.: +49 69 7447-01
Fax: +49 69 7447-1685
If you would like to contact the Data Protection Officer of DZ BANK AG directly with your inquiry, he can be reached at:
DZ BANK AG
Deutsche Zentral-Genossenschaftsbank, Frankfurt am Main
Datenschutzbeauftragter / Data Protection Officer
D-60265 Frankfurt am Main
Tel.: +49 69 7447-94101
Fax: +49 69-427267-0539