Authorisation procedure pursuant to Section 32 (1) of the German Banking Act Information on data processing

The Deutsche Bundesbank processes personal data to the extent necessary to fulfil its legal obligations. These data include data that the Deutsche Bundesbank has collected about you. With a view to providing details on data processing, notifying you of your rights and complying with its requirement to provide information pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR), the Deutsche Bundesbank hereby informs you of the following:

1. Contact address

Deutsche Bundesbank
Wilhelm-Epstein-Straße 14
60431 Frankfurt am Main
Postfach 10 06 02
60006 Frankfurt am Main

Telefon: +49 69 9566-0
Fax: +4969 9566-3077

2. Purpose of processing

Granting authorisation to conduct the corresponding banking business or financial services pursuant to Section 32 (1) of the German Banking Act (Kreditwesengesetz).

3. Legal basis for data collection

Section 32 (1) of the German Banking Act.

4. Categories of personal data processed

The categories of personal data processed are as follows:
address and contact details, CVs, information on trustworthiness, information on time commitment, information on mandates exercised, positions as managing directors and/or offices held on supervisory boards of other enterprises, information on relationships of family members, information on business relations, proof of identity, information on business activities, information on the origins of own and external funds, information on participatory relationships, group membership and other opportunities for influence

5. Intention to transmit personal data to recipients in a third country or to an international organisation

It is not the intention of the Deutsche Bundesbank to transmit your data to a recipient in a third country (countries outside the European Union and the European Economic Area) or to an international organisation.

6. Data recipients

Your data are processed within the Deutsche Bundesbank by the responsible members of staff. Furthermore, the data are transmitted to the Federal Financial Supervisory Authority (BaFin) and/or to the European Central Bank (ECB) as well in the context of cooperation on supervisory activities.

7. Duration of data retention

30 years

8. Your rights as the data subject

You, as the data subject, have the right of access (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR), the right to restriction of processing (Article 18 of the GDPR), the right to data portability (Article 20 of the GDPR) and the right to object (Article 21 of the GDPR). You also have the right to lodge a complaint with the competent supervisory authority, the Federal Commissioner for Data Protection and Freedom of Information.

9. Existence of automated decision-making (including profiling)

No automated decision-making takes place.

10. Quelle der personenbezogenen Daten

Where data are not collected by you as the requesting party, the data source is the reporting institution or a person authorised to represent the institution.

11. Basis for the provision of your data and consequences of failure to provide personal data

Section 32 (1) of the German Banking Act in conjunction with Section 14 of the Regulation Concerning Reports and the Submission of Documentation under the Banking Act (Anzeigenverordnung) in conjunction with the Holder Control Regulation (Inhaberkontrollverordnung).

The data provided in accordance with Section 32 (1) of the German Banking Act are mandatory for conducting banking business or financial services. The information is necessary for processing the application for authorisation. If the data are not provided, the application cannot be processed and authorisation will be denied pursuant to Section 33 (2) sentence 2 of the German Banking Act.