THE ENTITY RESPONSIBLE FOR YOUR PERSONAL DATA
We, ICF BANK AG WERTPAPIERHANDELSBANK, KAISERSTRASSE 1, 60311 FRANKFURT AM MAIN ("ICF"), are the entity responsible for all personal data you provide to us in the course of our business relationship.
CATEGORIES OF PERSONAL DATA WE COLLECT
We collect and process the following categories of personal data in particular:
Contact details such as full name, office address, work telephone number, work mobile number, work fax number and work email address, your mobile identification number, and the IP address of your computer when you use our website.
We do not generally require personal data from you when you visit our website. We only record
- the current IP address of your PC
- the date and time
- browser type
- the operating system of your PC
- and the pages displayed.
This data is automatically collected in log files when you visit our website for statistical and security purposes only. Individual users always remain anonymous.
Payment details, e.g. data necessary to process payments and prevent fraud, including credit card/EC card numbers, security codes and other billing information.
Other business transaction information, which must necessarily be processed as part of an agreement or other contractual relationship with ICF or which is voluntarily provided by you, such as orders placed, purchases, services and other business transactions, product feedback and other information you provide to us or which arises in connection with a business relationship.
Information about your preferences and interests that we receive from the web tracking or analytics technology referred to in our cookies policy, particularly when you use our website and content that we make available for download (e.g. when you register to download software, ebooks, white papers) or other online services that we offer. For example, we collect information about the content you download from our website and what you have clicked on or viewed and in what way.
Information we obtain from public sources, data bases and credit agencies.
To the extent we are legally obliged to do so for compliance purposes, nformation about, for example, legal disputes or litigation to which you or persons with whom you have business dealings are a party, and information about interactions with you that could be relevant for competition law/antitrust reasons.
Special categories of personal data. In the context of registering for events or seminars, we may ask you to provide information about your health at the time of registration so that we can identify and take into account any disability or special dietary requirements you may have. This information will only be used with your consent. If you do not notify us of any disability or special dietary requirements, we will be unable to make the appropriate arrangements.
THE PURPOSES FOR WHICH YOUR PERSONAL DATA IS USED
We will use your personal data for the following purposes only („Permitted Purposes“):
To initiate, perform and manage the ICF Group's contractual relationship with you (or your organisation), e.g. by executing transactions and ordering products or services, processing payments, performing accounting, auditing, billing and debt collection tasks, arranging shipments and deliveries, carrying out repairs and providing support services or other services commissioned or requested by you.
To maintain and protect the security of our products, services and websites or other systems, and to prevent and identify security risks, fraud or other criminal or unlawful behaviour.
For general compliance purposes, particularly to ensure compliance with our statutory and regulatory obligations and requirements, such as compliance screenings or notification requirements (e.g. under competition law, export laws, trading sanctions and embargoes, or to prevent economic crime or money laundering). This may entail the following measures: checking your contact details or identity against applicable sanctions lists and confirming your identify if we find a match, recording your partnerships with third parties if they could be relevant for competition law reasons, reporting to or submitting to audits by competent supervisory authorities, law enforcement agencies or other competent authorities.
To provide information within any existing business relationship involving similar or related products or services of ICF to the extent permitted under applicable law.
To settle disputes, to enforce our contractual agreements and to establish, enforce or defend legal claims, or
To ensure compliance with statutory obligations, e.g. retaining sales documents for tax purposes or sending disclosures and other notifications required by law.
Subject to you giving your explicit consent, we may also use your personal data for the following purposes:
To communicate with you via the communication channels you have agreed to in order to keep you abreast of the latest announcements, offers and other information about ICF products, technology and services (including marketing newsletters) as well as ICF events and projects;
To manage and conduct customer surveys, marketing campaigns, market analyses, competitions or other promotional activities or events; or
For profiling and automated processing: we collect information about your preferences based on your use of our website, products, content available for download (e.g. when you register to download software, ebooks, white papers) or other services that we offer online. We create a user profile based on this information (e.g. what content was downloaded and for how long and how often it was clicked on or viewed) so that we can customise and enhance the quality of our communication and interaction with you (for example through newsletter tracking or website analytics). The reason that we create these profiles is to identify the subject areas that could be of use or of interest to you and to inform you about them in a customised way. The algorithms we use apply this logic and automatically provide you with content and information tailored to you.
Please note: under Article 21(2) of the EU General Data Protection Regulation ("GDPR"), you have the right to object to the processing of your personal data for marketing purposes, including the right to object to the profiling described above. Please see the section on "Your rights" below for a de-tailed explanation of your rights and how you can assert and enforce them.
We will only communicate with you for marketing purposes (e.g. by emailing or calling you) if you have previously and, if required by law, explicitly given your consent thereto. You may withdraw your consent at any time if you no longer wish to receive marketing material from us.
We will not use your personal data to make automated decisions concerning you or create profiles in a manner different to the manner described above.
The legal bases for processing your personal data are set forth in Article 6 GDPR. Depending on which of the above Permitted Purposes we process your personal data for, the processing is done either to perform a contract or other business arrangement with ICF, to comply with our statutory obligations, or to protect the legitimate interests of ICF or third parties, subject always to the condition that your interests or fundamental rights and freedoms do not outweigh the foregoing and prevent such processing. If applicable, your personal data may also be processed based on your explicit consent to the extent you have given it.
HOW WE COLLECT AND USE YOUR PERSONAL DATA
Normally, we collect your personal data directly from you in the course of our interactions with you, e.g. when you visit our website, communicate with us regarding our products and services, place an order, subscribe for our newsletter or participate in our customer surveys. We do not receive personal data from third parties.
We may receive your personal data from third parties for the purposes of marketing campaigns if you have given us your explicit consent to do this. Where this is the case, you will be informed about this in accordance with applicable law.
WHERE PERSONAL DATA IS PROCESSED
ICF is a global enterprise. It is possible in the course of our business activities that we also forward your personal data to recipients in countries outside the European Economic Area ("third countries") which do not offer the same level of data protection as the level that exists in your home country. To the extent that this occurs, we abide by the applicable data protection requirements and put appropriate safeguards in place to ensure that your personal data is protected and secure; we do this in particular by incorporating EU standard contractual clauses in our agreements, which you can find http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF . Please contact us at any time if you would like to receive further information about these safeguards. You will find our contact details below.
HOW WE PROTECT YOUR PERSONAL DATA
To protect your personal data, we have put in place state-of-the-art physical, electronic and process-based safeguards that comply with statutory data protection requirements. These safeguards include the implementation of certain technologies and processes to protect your private sphere, such as secure servers, firewalls and SSL encryption. We act at all times in accordance with applicable laws and requirements relating to the confidentiality and security of personal data.
RECIPIENTS TO WHOM WE TRANSFER YOUR PERSONAL DATA
We may pass on your personal data as follows:
to our affiliates within the global ICF Group if and to the extent this is necessary for the above Permitted Purposes and is permitted by law. In such cases, these companies will only use the personal data for the same Permitted Purposes and subject to the same conditions as above. For more information about our group companies ICF Systems AG and NOVIS Software GmbH, please see https://www.icfbank.de/en/unternehmen/icf-bank.html
to service providers (so-called "processors") within or external to the ICF Group either domestically or abroad (e.g. shared services centres or cloud services) that we have commissioned to process personal data for the Permitted Purposes in our name and exclusively in accordance with our instructions. ICF retains control over and responsibility for your personal data and will put in place appropriate safeguards as required under applicable law in order to ensure the integrity and security of your personal data whenever such service providers are commissioned;
to courts, law enforcement agencies or other competent authorities or lawyers to the extent permitted by law and necessary in order to comply with a legal obligation or to identify, establish or defend legal claims;
to credit agencies and other companies in connection with credit decisions, to prevent fraud and for the purposes of debt collection.
Your personal data may also be passed on to third parties if we buy or sell parts of the business or assets; where this is the case, we may potentially disclose personal data to the prospective buyer or seller and their advisers. If ICF or essentially all of its assets are acquired by a third party, the personal data we have saved concerning customers and other contact persons will form part of the assets to be transferred.
We will otherwise only pass on your personal data if you instruct us to do so or consent to the transfer, if we have a legal obligation to transfer your personal data pursuant to a court or regulatory order, or if we suspect fraudulent or criminal behaviour.
HOW LONG YOUR PERSONAL DATA IS STORED
We will store your personal data for as long as is necessary to provide the commissioned services, ordered products or requested information and to perform and manage our business relationship with you. If you have asked us not to contact you, we will store this information for as long as is necessary to comply with your request. We also have a legal obligation to retain certain types of personal data for certain periods of time (e.g. pursuant to commercial or tax law record-keeping requirements). Your personal data will be erased without undue delay if it is no longer necessary for these purposes.
Under certain conditions stipulated by law, you may demand access to your personal data and demand its correction or erasure or restrictions to be placed on its processing. You may also object to the processing of your personal data or assert your right to data portability. In particular, you have the right to obtain a copy of the personal data we save concerning you. If you make such requests repeatedly, we may charge a fee. Please refer to Articles 15-22 GDPR for more precise information about your data protection rights.
If you have consented to the processing of your personal data, you may withdraw your consent at any time with prospective effect, in other words the withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw your consent, we will only continue to process your personal data to the extent that there is another legal basis for doing so or we have a legal obligation to do so.
If you would like to make any of the requests referred to above, please provide a brief description of the personal data in question, stating your name, address and data of birth for identity verification purposes, and send it to the address below. We may need you to provide an additional form of identification in order to protect your personal data from unauthorised access. We will review your request carefully and, if necessary, speak to you about how we can best accommodate your request.
If you have any concerns about the way in which we process your personal data or you wish to lodge a complaint, please contact us at the address below to have the matter investigated. If you are not satisfied with our response or you do not believe that we are processing your personal data in accordance with applicable law, you may lodge a complaint with the competent data protection authority in your country.
OBLIGATION TO PROVIDE PERSONAL DATA
In general, you provide us with your personal data voluntarily. Your refusal to give consent or to provide your personal data will not usually have any negative implications for you. However, there are certain cases in which ICF is unable to act without certain of your personal data, e.g. if the personal data is necessary in order to process your orders, to provide you with access to an online service or newsletter or to conduct a compliance audit required by law. In these cases, without the relevant personal data ICF is unfortunately unable to settle your inquiry/meet your request.
IF I AM UNDER 16 YEARS OF AGE
If you are under 16 years of age, you need the consent of your parents/guardian before you provide us with your personal data. Persons under the age of 16 are not permitted to send us their personal data without such consent.
CHANGES TO THIS POLICY
HOW YOU CAN CONTACT US
If you have any questions or wish to assert your rights, please contact our in-house Data Protection Officer at:
Phone +49 69 92877-0