New

Banking.Vision Read now

Support
Customer Portal
Logo
  • Privacy policy

Privacy policy msg for banking ag

Thank you for visiting our website and for your interest in msg for banking ag. In addition to providing comprehensive support to our customers, the protection of your personal data is very important to us.

Below you will find information about the activities we carry out in connection with your visit to our website in accordance with the applicable data security regulations, what information we may collect and how it is processed.

Any changes to the privacy policy will be updated on this page to keep you informed about what data msg for banking ag stores and uses.

The most important data protection information is listed below, organised by topic.

I. Name and address of the controller

The controller responsible for the collection, processing and use of your personal data within the meaning of the EU General Data Protection Regulation is:

msg for banking ag

Amelia-Mary-Earhart-Straße 14 | 60549 Frankfurt am Main, Germany

Telephone: +49 69 580 045 - 0

Email: info-banking@msg.group

If you wish to object to the collection, processing and use of your data by msg for banking ag in accordance with these data protection provisions, either in whole or for individual measures, you can send your objection by email or letter to the above address.

II. Name and address of the data protection officer

The data protection officer of the controller is:

Claus Bauer

msg for banking ag

Robert-Bürkle-Straße 1, 85737 Ismaning, Germany

Email: datenschutz-banking@msg.group

III. General information on data processing

Why we use data

We want to continuously improve our offerings and make them more attractive. Only if we know which sections of our website are visited most frequently and for the longest periods of time can we optimise the content of the msg website to meet your requirements. If you entrust us with personal information, msg for banking ag will use it for the purposes of technical administration of the websites, customer management, product surveys and marketing only to the extent necessary in each case. The better we understand your wishes, the faster you will find the information you are looking for on our websites.

Information about the collection of personal data

Below, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.

If you are asked to provide personal information such as your name, address or telephone number on our website, this is subject to special provisions, which are indicated by the following wording:

"I agree that my personal data (including telephone number and/or email address) may be collected, processed and used for the purposes of contract processing, attracting potential customers, conducting surveys and providing information. The data will not be passed on to third parties, with the exception of companies within the msg Group. I can revoke this consent at any time by contacting msg for banking ag, 60549 Frankfurt am Main."

We use this data exclusively for the above-mentioned purposes. It is not passed on to third parties outside msg for banking ag. The companies of the msg Group are an exception to this.

In addition to the data you provide us with, we use information about how you use our services to guide you as quickly as possible to the information that may be of interest to you and to continuously optimise our services.

Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

 

IV. Provision of the website

Collection of personal data when visiting our website

When you visit our website, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect data that is technically necessary for us to display our website to you and to ensure stability and security. The following data is collected here:

  • IP address of the user
  • Date and time of the request
  • Content of the request (specific page)
  • Amount of data transferred in each case
  • Website from which the request originates
  • Information about the browser type
  • User's operating system
  • Language and version of the browser software
  • Websites from which the user's system accesses our website
  • Websites accessed by the user's system via our website

This data is also stored in our system's log files. This data is not stored together with other personal data.

Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR.

Purpose of processing

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. IP addresses are required for problem diagnosis, website administration and demographic information.

The logged data is used exclusively for data security purposes, in particular to defend against attempts to attack our web server and for statistical evaluations.

Duration of storage

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after seven (7) days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to assign them to the calling client.

Right to object and right to erasure

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no right to object on the part of the user.

V. Use of cookies and third-party services

Description and scope of data collection

Consent to the use of services is given via Usercentrics Consent Management. It is not possible to visit the msg websites without first selecting and confirming the services used. The settings selected by the user can be expanded and/or revoked by the user at any time.

Usercentrics Consent Management Platform

To view the full privacy policy, you must deactivate your pop-up blocker.

VI. Registration for notifications of new posts on our blog

on the Banking.Vision website: https://banking.vision/

Description and scope of data collection:

On our website, we offer users the option of registering by providing personal data (e.g. to sign up for notifications about new posts on our blog). The data is entered into an input mask, transmitted to us in encrypted form and stored. The data is not passed on to third parties outside the group of companies. The following data is collected during the registration process:

  • Name (mandatory field)
  • Email (mandatory field)

During the registration process, the user's consent to the processing of this data is obtained. You can unsubscribe at any time by clicking on a link in an email notification.

Legal basis for data processing:

The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given their consent.

Purpose of data processing:

User registration is required to provide certain content and services on our website, for example to sign up for notifications of new posts on our blog.

Duration of storage:

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for data collected during the registration process if the registration on our website is cancelled or changed.

Right to object and right to erasure:

As a user, you have the option of cancelling your registration at any time. You can have the data stored about you changed at any time. Please contact the marketing department of msg for banking ag by email at marketing-banking@msg.group.

VII. User registration in the BAIS customer area

Description and scope of data collection:

On our website, we offer users the opportunity to register by providing personal data (e.g. to register for events or career events). The data is entered into an input mask, transmitted to us in encrypted form and stored. The data is not passed on to third parties outside the group of companies. The following data is collected during the registration process:

  • Salutation (mandatory field)
  • Title
  • First name (mandatory field)
  • Surname (mandatory field)
  • Company (mandatory field)
  • Position (mandatory field)
  • Email (mandatory field)
  • User account and password.

When the message is sent, the following data is also stored:

  • The user's IP address
  • Date and time of registration

After msg for banking ag has checked the registration, the user will receive the access data by email. The password can be changed by the user themselves in the customer area. During the registration process, the user's consent to the processing of this data is obtained.

Legal basis for data processing:

The legal basis for the processing of data is Art. 6 (1) (a) GDPR, provided that the user has given their consent.

Purpose of data processing:

User registration is required in order to provide certain content and services on our website, for example:

  • Information on user meetings
  • Product deliveries and release notes (download)
  • BAIS newsletter (download)

Duration of storage:

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for data collected during the registration process if the registration on our website is cancelled or changed, or if you object to the processing or submit a request for deletion.

Right to object and right to erasure:

The user has the right to withdraw their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In this case, please contact us at BAIS-Kundenregistrierung@msg.group. All personal data stored during registration will be deleted in this case.

VIII. Registration for use of the BAIS UserGroups forum

Description and scope of data collection:

On our website, we offer our customers the opportunity to register for use of the BAIS UserGroups forum by providing personal data. The data is entered into an input mask, transmitted to us in encrypted form and stored. The data is not passed on to third parties outside the group of companies. The following data is collected during the registration process:

  • First name (mandatory field)
  • Surname (mandatory field)
  • Company (domain) (mandatory field)

As a registered member of the BAIS-UserGroups forum, your posts and messages will be accompanied by the listed data and will therefore be visible to all registered members and users of the BAIS-UserGroups forum.

During the registration process, the user's consent to the processing of this data is obtained. You can unsubscribe at any time by sending an email to BAIS-UserGroups@msg.group.

Legal basis for data processing:

The legal basis for data processing is Art. 6 (1) (a) GDPR if the user has given their consent.

Purpose of data processing:

User registration is required to provide certain content and services on our website, for example to sign up for notifications of new posts on our blog.

Duration of storage:

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

This is the case for data collected during the registration process if the registration on our website is cancelled or changed.

Right to object and right to erasure:

As a user, you have the option to cancel your registration at any time. You can have the data stored about you changed at any time. Please contact us by email at BAIS-UserGroups@msg.group.

IX. Newsletter

You can subscribe to our newsletter on our website. To register, you will need to provide your e-mail address, title, first name, surname and company name. You can also voluntarily provide additional information, such as your department or job title.

Registration for the newsletter is based on the double opt-in procedure. After you have entered your data, we will send an email to your email address asking you to confirm your subscription to the newsletter. Only when you confirm your subscription by clicking on the corresponding link will you be added to our mailing list and receive our newsletter from that point onwards. If you do not confirm your subscription within 48 hours, we will block your information and delete it after one month.

When you register, we store the IP address you used, the time of registration and the time of confirmation of registration. This is done on the basis of Art. 6 (1) (f) GDPR and serves the purpose of verifying your registration and, if necessary, investigating any possible misuse of your personal data.

If you confirm your registration for the newsletter, we will store your details in accordance with Art. 6 (1) (a) GDPR so that we can send you our newsletter.

You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by clicking on the link provided in every newsletter email, by sending an email to marketing-banking@msg.group or by sending a message to the contact details provided in the legal notice.

Please note that when sending the newsletter, we evaluate your user behaviour in a personalised manner in order to continuously optimise and improve our newsletter. For this evaluation, the emails sent contain so-called web beacons or tracking pixels. These are small one-pixel files with a user ID. This allows us to record when you read our newsletters, which links you click on in them, and to deduce your personal interests. We use the data obtained in this way to create a user profile in order to tailor the newsletter to your individual interests.

The processing is carried out on the basis of Art. 6 (1) (f) GDPR and serves to improve our services.

You can prevent tracking by disabling the display of images in your email programme by default. In this case, the newsletter will not be displayed in full and you may not be able to use all functions. If you click on a link contained in the newsletter despite having disabled the display of images, your click behaviour will be recorded. If you display the images manually, the above-mentioned tracking will take place.

Use of Hubspot

Email marketing and data storage are carried out by the processing company:

HubSpot Ireland Limited

HubSpot House 1 Sir John Rogerson’s Quay

Dublin 2

Ireland

X. Email / contact form and BAIS newsletter

Description and scope of data collection:

Our website features a contact form that can be used to contact us electronically and subscribe to the BAIS newsletter. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. This data includes:

  • Salutation
  • Title
  • First name
  • Surname
  • Company
  • Position
  • Your email address (mandatory field)
  • Subject (mandatory field)
  • Your message (mandatory field)

When the message is sent, the following data is also stored:

  • The user's IP address
  • Date and time of registration

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.

Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.

In this context, no data will be passed on to third parties outside the msg group of companies. The data will be used exclusively for processing the conversation and, if consent is given to subscribe to the BAIS newsletter, for sending the newsletter by email.

Legal basis for data processing:

The legal basis for processing the data is Art. 6 (1) (a) GDPR if the user has given their consent.

Purpose of data processing:

The processing of personal data from the input mask serves us solely for the purpose of processing the contact request and storing the data, provided that the user has requested a subscription to the BAIS newsletter. In the case of contact by e-mail, there is also a legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage:

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and that sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

If the user has subscribed to the BAIS newsletter, the data will be stored until revoked or deleted by the user. The additional personal data collected during the sending process will be deleted after a period of seven (7) days at the latest.

Right to object and right to erasure:

The user has the right to withdraw their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of establishing contact will be deleted in this case.

If the user has subscribed to the BAIS newsletter, all personal data will be deleted after the objection or deletion request and no further BAIS newsletters will be sent.

XI. Social plugins (Facebook, Twitter, LinkedIn, XING, YouTube)

Our website uses so-called ‘social plugins’. Currently, these are plugins from Facebook, Twitter, LinkedIn, Xing and YouTube. These plugins can send data, including personal data, to service providers in the USA, among other places, where it may be used by them.

Shariff protection tools

The website itself does not collect any personal data via the social plugins or their use. To prevent data from being transferred to service providers, including those in the USA, without the user's knowledge, msg uses the Shariff solution. This solution ensures that no personal data is initially passed on to the providers of the individual social plugins when you visit our website. Only when you click on one of the social plugins can the data be transferred to the service provider and stored there. More information about the Shariff solution can be found on the website of the provider, Heise Medien GmbH & Co. KG

Privacy policy for the use of Facebook plugins

Plugins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated into our pages. You can recognise the Facebook plugins by the Facebook logo or the ‘Like’ button on our page. An overview of Facebook plugins can be found here: http://developers.facebook.com/docs/plugins/. When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our website with your IP address. If you click on the Facebook ‘Like’ button while you are logged into your Facebook account, you can link the content of our pages to your Facebook profile. This allows Facebook to associate your visit to our pages with your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Facebook.

Further information on this can be found in Facebook's privacy policy at

http://de-de.facebook.com/policy.php. If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, please log out of your Facebook user account.

Privacy policy for the use of X

Functions of the X service (formerly Twitter) are integrated into our pages. These functions are offered by X Corp., Building 2, Hyperloop Plaza, 865 FM-1209, Bastrop, TX 78602, USA. By using X and the ‘Re-Tweet’ function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transferred to X. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by Twitter.

Further information on this can be found in Xs privacy policy at https://x.com/de/privacy" target="blank"  You can change your privacy settings on X in your account settings at: https://x.com/settings/account" target="blank"

Privacy policy for the use of LinkedIn

Our website uses functions of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our pages that contains LinkedIn functions, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the LinkedIn ‘Recommend’ button and are logged into your LinkedIn account, LinkedIn can associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the data transmitted or its use by LinkedIn.

Further information can be found in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-​policy

Privacy policy for the use of XING

Our website uses functions of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages containing XING functions is accessed, a connection to XING servers is established. To our knowledge, no personal data is stored in the process. In particular, no IP addresses are stored or usage behaviour is evaluated. YouTube is used in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on data protection and the XING Share button can be found in XING's privacy policy at https://www.xing.com/app/share?op=data_protection

Privacy policy for the use of Google Maps

This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of an appealing presentation of our online offers and to make it easy to find the locations we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

For more information on how user data is handled, please refer to Google's privacy policy: https://www.google.de/intl/de/policies/privacy/

Privacy policy for the use of YouTube

We embed YouTube videos on some of our web pages. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plug-in, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. When a YouTube video is started, the provider uses cookies that collect information about user behaviour. Anyone who has deactivated the storage of cookies for the Google Ad programme will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you wish to prevent this, you must block the storage of cookies in your browser. YouTube is used in the interest of an appealing presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

Further information on the handling of user data can be found in YouTube's privacy policy at: https://www.google.de/intl/de/policies/privacy

XII. Online applications

If you apply using our online application form, all the data you provide will be stored in our applicant management system. msg systems ag will not pass this data on to third parties outside the group of companies.

Further information about online applications can be found at https://www.msg.group/en/privacy

XIII. Use of Google Tag Manager

Description of the service

This is a tag management system. Google Tag Manager allows tags to be integrated centrally via a user interface. Tags are small pieces of code that can track activities. Google Tag Manager integrates script codes from other tools. Tag Manager allows you to control when a specific tag is triggered.

Processing company

Google Ireland Limited

Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data protection officer of the processing company

Below you will find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Purpose of the data

This list presents the purposes of data collection and processing.

  • Tag management

Technologies used

This list contains all technologies used by this service to collect data. Typical technologies are cookies and pixels placed in the browser.

  • Website tags

Data collected

This list contains all (personal) data collected by or through the use of this service.

  • Aggregated data about tag triggering

Legal basis

The required legal basis for the processing of data is specified below.

  • Art. 6 para. 1 sentence 1 lit. a GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

European Union

Retention period

The retention period is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data will be deleted as soon as it is no longer required for processing purposes.

Transfer to third countries

When using this service, the collected data may be transferred to another country. Please note that as part of this service, the data may be transferred to a country that does not have the required data protection standards. Below is a list of the countries to which the data is transferred. For more information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

  • Singapore
  • Taiwan
  • Chile
  • United States of America

Data recipients

The recipients of the collected data are listed below.

  • Alphabet Inc., Google LLC, Google Ireland Limited

Click here to read the data processor's privacy policy.

https://policies.google.com/privacy?hl=de

Click here to read the data processor's cookie policy.

https://policies.google.com/technologies/cookies?hl=de

XIV. Use of Google Analytics

We use Google Analytics, a web analytics service operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland (‘Google’). Google Analytics uses ‘cookies’, which are text files placed on your device to help the website analyse how users use the site.

It cannot be ruled out that the information collected may also be transmitted to a Google server in a third country, in particular to a server of Google's parent company, Google LLC, located at 1600 Amphitheatre Parkway, Mountain View, California, USA, and stored there.

The basis for data exchange with Google LLC is governed by standard data protection clauses (SDC) in the ‘Contract Data Processing Terms for Google Advertising Products’ (https://privacy.google.com/businesses/processorterms/).

IP anonymisation has been activated on this website, so that your IP address is truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google LLC server in the USA and truncated there.

On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage, thereby enabling us to analyse website usage. Pseudonymous usage profiles may be created from the processed data. The truncated IP address transmitted by your browser within the scope of Google Analytics will not be merged with other Google data.

You can prevent cookies from being stored on your hard drive by not accepting cookies when you first visit an msg website or by selecting ‘Do not accept cookies’ in your browser settings. However, in this case, you may not be able to use all the functions of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plugin available at the following link to deactivate Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de.

For browsers on mobile devices, please click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting data on this website in the future. Please note that this opt-out cookie only works in this browser and only for this domain. If you delete your cookies in this browser, you will need to click on the link again.

The analysis of website usage constitutes a legitimate interest within the meaning of the relevant legal basis of Art. 6 para. 1 lit. f GDPR.

Further information on Google's use of data for advertising purposes, settings and options for objection can be found on Google's websites, for example at:

https://www.google.com/intl/de/policies/privacy/partners/ (‘Data use by Google when you use our partners' websites or apps’),

http://www.google.com/policies/technologies/ads (‘Data use for advertising purposes’),

https://www.google.com/settings/u/0/ads/authenticated?hl=de (‘Determine which advertisements Google shows you’).

XV. Google Ads

Description of the service

This is an advertising service. This service can be used to display personalised or non-personalised advertising to users.

Processing company

Google Ireland Limited

Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland

Data protection officer of the processing company

Below you will find the email address of the data protection officer of the processing company.

https://support.google.com/policies/contact/general_privacy_form

Purpose of the data

This list represents the purposes of data collection and processing.

  • Advertising
  • Analysis
  • Provision of services
  • Statistics

Technologies used

This list contains all the technologies that this service uses to collect data. Typical technologies include cookies and pixels placed in the browser.

  • Cookies

Data collected

This list contains all (personal) data collected by or through the use of this service.

  • Advertisements viewed
  • Cookie ID
  • Date and time of visit
  • Device information
  • Geographic location
  • IP address
  • Search terms
  • Advertisements displayed
  • Customer ID
  • Impressions
  • Online identifiers
  • Browser information

Legal basis

The legal basis required for the processing of data is specified below

  • Art. 6 para. 1 sentence 1 lit. a GDPR

Place of processing

This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.

European Union

Retention period

The retention period is the length of time for which the collected data is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data will be deleted as soon as it is no longer required for processing purposes. Log data is anonymised after 9 months and cookie information after 18 months.

Transfer to third countries

When using this service, the collected data may be transferred to another country. Please note that as part of this service, data may be transferred to a country that does not have the required data protection standards. Below is a list of countries to which data is transferred. For more information on security measures, please refer to the privacy policy of the respective provider or contact the provider directly.

  • Chile
  • Singapore
  • United States of America
  • Taiwan

Data recipients

The recipients of the collected data are listed below.

  • Alphabet Inc., Google LLC, Google Ireland Limited

Click here to read the data processor's privacy policy.

https://policies.google.com/privacy?hl=de

Click here to read the data processor's cookie policy.

https://policies.google.com/technologies/cookies?hl=de

Click here to opt out on all domains of the processing company.

https://safety.google/privacy/privacy-controls/

Storage information

  • Maximum storage period for cookies: 1 year

Stored information

  • Name: NID; This is used to provide advertising or retargeting.; Type: cookie; Duration: 6 months;
  • Name: __gads; This is used to provide advertising or retargeting.; Type: cookie; Duration: 1 year, 1 month;
  • Name: pm_sess; This is used to ensure that requests come from a user.; Type: cookie; Duration: 30 minutes;
  • Name: ANID; This is used to display advertising on websites outside of Google.; Type: cookie; Duration: 1 year, 1 month;
  • Name: _gcl_au; This is used to store and track conversions.; Type: cookie; Duration: 2 months, 29 days;
  • Name: FPGCLAW; This cookie is used to track campaign-related information about the user.; Type: cookie; Duration: 2 months, 29 days;
  • Name: FPGCLGB; This cookie is used to track campaign-related information about the user.; Type: cookie; Duration: 2 months, 29 days;
  • Name: _gcl_gb; This cookie is used to track campaign-related information about the user. Type: cookie; Duration: 2 months, 29 days;
  • Name: _gac_gb_<wpid>; This cookie is used to track campaign-related information about the user. Type: cookie; Duration: 2 months, 29 days;
  • Name: _gcl_aw; This cookie is set when a user arrives at the website by clicking on a Google advert. Type: cookie; Duration: 2 months, 29 days;
  • Name: YSC; This is used to store and track interaction. Type: cookie; Duration: Session;
  • Name: 1P_JAR; This is used to collect information about how the end user uses the website and what advertisements the end user may have seen before visiting this website. Type: cookie; Duration: 30 days;
  • Name: AID; This is used to link activity on other devices where the user has previously logged in with a Google account. Type: cookie; Duration: 1 year, 1 month;
  • Name: FPAU; This is used to collect information about users and their activities on the website through embedded elements for analysis and reporting purposes.; Type: cookie; Duration: 2 months, 29 days;

XVI. Marketing automation tool

This website uses the services of HubSpot, a software-based marketing service provided by HubSpot Ireland Ltd., 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

The parent company is HubSpot, Inc., 25 First Street, Cambridge, MA 02141 USA.

HubSpot serves as our customer relationship management (CRM) and marketing tool for managing and optimising communication with our website visitors and customers.

With the help of Hubspot, various customer service and customer management services can be digitally synchronised and processed via a central user interface. HubSpot enables the generation of leads, centralised email and newsletter marketing, contact management in the form of user segmentation and CRM, and the management of contact forms.

To perform its various functions, HubSpot uses cookies, which are small text files that are stored locally in the cache of your web browser on your device and enable us to analyse your use of the website. The cookies collect certain information such as your IP address, location, time of page view, etc. Information collected by HubSpot is stored on HubSpot servers and evaluated on our behalf.

To the extent required by law, we have obtained your consent to the processing of your data as described above in accordance with Art. 6 (1) (a) GDPR in conjunction with § 25 TDDDG.

You can revoke your consent at any time with effect for the future. To exercise your right of revocation, deactivate this service in the ‘Cookie Consent Tool’ provided on the website.

We have no influence on some topics and cookies that HubSpot sets (due to the use of the contact form, for example). We base this processing on legitimate interest (Art. 6(1)(f) GDPR). Our legitimate interest here lies in providing the relevant services, e.g. for establishing contact and ensuring efficient customer communication.

Data may be transferred to a third country (in this case the USA) or an international organisation. Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which identifies the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as a basis for data transfers to certified organisations in the USA. According to the list of certified companies published by the US Department of Commerce, Hubspot Inc. is listed as a certified company.

We have concluded a data processing agreement with HubSpot, which obliges HubSpot to protect our customers' data and not to pass it on to third parties.

You can find more information about Hubspot's privacy policy at the following internet address: https://legal.hubspot.com/de/datenschutz

XVII. Where is my data processed?

Your data is processed in Germany. Within the limits permitted by law, data processing also takes place in other European and non-European countries. There are no plans to transfer data to third countries.

We maintain publicly accessible profiles on social networks in order to get in touch with active users, interested parties and customers and to inform them about our services.

On social networks such as Facebook, user data may be processed outside the European Union in third countries, such as the USA. This can make it difficult to enforce user rights. We endeavour to only integrate social networks that comply with EU data protection standards. This is documented in their privacy policies and/or standard data protection clauses (SDCs).

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

The operators of social media portals can use the data collected in this way to create user profiles that store your preferences and interests. The data is usually used for market research and advertising purposes. In this way, personalised advertising can be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices and platforms on which you are or were logged in.

Please also note that we cannot track all processing operations on social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Adito Cloud customer portal

msg for banking ag has concluded a data processing agreement with the service provider affinis AG for the use of the ADITO CRM system in accordance with Art. 28 GDPR. affinis AG and its business partner ADITO implement the technical and organisational measures in accordance with Art. 32 GDPR in a proper manner.

The hosting provider HETZNER, which has been commissioned by ADITO as a cloud provider, ensures the implementation of the technical and organisational measures in accordance with Art. 32 GDPR (https://www.hetzner.com/AV/TOM.pdf); the processing and storage of data takes place within Germany.

Legal basis

Our social media presence is intended to ensure the most comprehensive presence possible on the internet. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a, Art. 7 GDPR).

Controller and assertion of rights

When you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook). Please note that, despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period

The data collected directly by us via our social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, you revoke your consent to its storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail

XVIII. How secure is my data?

msg for banking ag has implemented comprehensive technical and operational security measures in accordance with applicable European law to protect your data from unauthorised access and misuse.

XVIX. Will my data be passed on to third parties?

Data will not be passed on to third parties, with the exception of companies within the msg Group.

XVX. Rights of data subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

Right to information

You may request information free of charge about the scope, origin and recipients of the stored data as well as the purpose of storage.

Right to rectification

You have the right to rectification and/or completion vis-à-vis the controller if the personal data processed concerning you is incorrect or incomplete. The controller must rectify the data without delay.

Right to erasure

You may request that the controller erase the personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which the processing was based in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.

(4) The personal data concerning you has been unlawfully processed.

(5) The erasure of personal data concerning you is necessary to comply with a legal obligation under Union or Member State law to which the controller is subject.

(6) The personal data concerning you has been collected in relation to the services offered by information society services pursuant to Art. 8(1) GDPR.

Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR; This also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless he can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

As of: 30 September 2025