Partner EntranceContactGerman

Data Protection and Privacy Statement

Trust is important, especially when it comes to your personal data. That is why we see it as our obligation to exercise the utmost care in the handling of your personal data and to do everything we can to protect your information from misuse.

Immobilien Rating GmbH adheres strictly to data protection laws in the collection and processing of your data. The following information explains in detail which data is collected when you visit our website and how we use this data.

This data protection declaration applies to the website of Immobilien Rating GmbH at Individual pages in this site may include links to other parties who are members of the UniCredit Group, or who are not associated with the UniCredit Group, and to whom this data protection declaration does not apply, which means we assume no liability whatsoever for such content.

  1. Which data is processed and what are the sources of this data?
  2. We process the personal data that we receive from you within the scope of our business relationship. We also process data that we have legitimately received from publicly available sources (such as commercial register, register of associations, land register, media).

    This personal data includes:

    • Your personal details (name, address, contact details, date of birth, place of birth, nationality, etc.)

    In addition, this data may also include the following:
    • Data relating to the fulfilment of our contractual obligations
    • Advertising and sales data
    • Documentation data (such as consulting records)
    • Register data
    • Information from your electronic communication with the bank (such as apps, cookies, etc.)
    • Processing results generated by Immobilien Rating itself
    • Data for compliance with legal and regulatory requirements

  3. For what purposes and an what legal basis is the data processed?
  4. We process your personal data in accordance with data protection regulations:

    For the fulfilment of contractual obligations (Section 6 Para. 1b DSGVO [Datenschutz Grundverordnung (General Data Protection Regulation (GDPR)]):
    The processing of your data (personal data, Section 4 (2) GDPR is necessary to handle banking transactions, provide financial services and to process insurance, leasing and property transactions with you.

    The purposes of data processing are based primarily on the specific product (such as account, credit, building society services, securities, deposits, procurements) and include, among other things:

    • Needs analyses
    • Advisory services
    The specific details for the purpose of data processing can be found in the respective contract documents and terms and conditions.

  5. Who has access to your data?
  6. Within Immobilien Rating GmbH, your data is received by those offices or employees that require your data to fulfil contractual, statutory and regulatory obligations and to safeguard legitimate interests. Furthermore, data processing companies acting on our behalf (especially IT and back-office service providers, and service line providers) receive your data if they require it to provide their respective services. Accordingly, all the data processing companies are contractually obligated to keep your data confidential and to process it only in the context of service provision.
    Public authorities and institutions, (such as the European Banking Supervisory Authority, European Central Bank, Austrian Financial Market Authority, fiscal authorities, etc.) and UniCredit S.p.A. as our parent company, may be granted access to your personal data if there is a statutory or regulatory obligation to do so.

  7. How long will your data be stored and processed?
  8. For the entire period of the business relationship (from the initiation, to the implementation, until the end of the contract) and beyond, in accordance with the legal safekeeping and documentation obligations. These are set out, among others, in:

    • the Austrian Company Code (UGB)
    • the Federal Fiscal Code (BAO)
    • the Austrian Banking Act (BWG)
    • the Financial Markets Money Laundering Act (FM-GwG)
    • the Austrian Securities Supervision Act (WAG)
    Moreover, the statutory limitation periods must be taken into consideration for the retention period, and in accordance with the provisions of the General Civil Code (ABGB), for example, these can extend to as long as 30 years in certain cases (the general limitation period is 3 years).

  9. Which data protection rights are you entitled to?
  10. At any time, you have:

    • the right of access, the right to rectification, right to erasure or the right to restriction of processing regarding your stored data
    • the right to object to the processing of your data
    • the right to data portability as set forth in the provisions of the Data Protection Law
    Any complaints should be directed to the Austrian Data Protection Authority:

  11. Are you obliged to provide data?
  12. You must provide such personal data which is necessary to establish and maintain our business relationship, as well as the information which we are legally required to collect.
    If you are not willing to provide this data to us, in most cases we are obliged to refuse to enter into a contract with you or to process your order. In such cases, we are no longer able to execute an existing contract and must therefore terminate it.
    However, you are not obliged to grant permission to process your data in the case of data that is not relevant for the fulfilment of the contract, or is not required for this purpose by legal and/or regulatory authorities.

  13. Is there automatic decision making including profiling?
  14. We do not use automated decision-making procedures as defined under Section 22 GDPR to reach decisions with regard to the creation or implementation of the business relationship.

  15. Cookies
  16. To make the user experience of our website as convenient as possible, we use so-called cookies. Cookies are small text files which enable the system to recognise a returning user. You can block the installation of cookies by activating a corresponding setting in your browser software.

  17. Data Security
  18. The security of your data is our highest concern. Our stated aim is to take all technical and organisational measures required to ensure that our data processing is carried out in a secure manner and to process your personal data in such a way that it is protected from access by unauthorised third parties.

    We make sure our IT infrastructure complies with the highest international security standards by using the most up-to-date security software, codes and encryption procedures.