data protection

We process personal data that we receive from you ourselves and data that we have permissibly received from business information services, address services, creditor protection associations and from publicly accessible sources (e.g. company register, land register, media) as well as data that is legitimately transmitted to us by other companies affiliated with us.

We process your personal details and contact data (such as name, address, e-mail, date of birth), household data and family circumstances (such as number of children and other dependants), identification data from public authorities (such as identification data), creditworthiness data (such as type and amount of income), financial identification data (such as your bank details and customer numbers), insurance data, where applicable, image and sound recordings (such as recordings in the course of online identification), business relationship data, marketing and sales data, where applicable, AML (Anti Money Laundering) and compliance data, tax data (such as UID numbers) and, where applicable, electronic log and identification data (such as your electronic signature, logging data or cookies), as well as other data comparable to the categories mentioned.

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and national data protection law.

a) for the fulfilment of contractual obligations (Art 6 para. 1 lit. b DSGVO):

The processing of personal data (Art 4 No. 2 DSGVO) takes place

- For the provision of leasing transactions including hire purchase as well as fleet management services and may include the preparation of offers, conclusion and management of contracts as well as the management and realisation of financing objects and fleets as well as the motor vehicles belonging to them;

- To conclude and arrange insurance policies;

- For the processing of applications for subsidies

in particular for the performance of our contracts with you and the execution of your orders as well as for the performance of pre-contractual measures.

The specific details of the purpose of the data processing depend on the respective product and can be found in the respective contract documents and terms and conditions.

b) for the fulfilment of legal obligations (Art 6 para. 1 lit. c DSGVO):

Processing of personal data may be necessary for the purpose of fulfilling various legal obligations as well as regulatory requirements to which our company is subject.

Examples of such cases are:

- The measures required by law to combat money laundering and terrorist financing, combat fraud and comply with financial sanctions and for this purpose, where applicable, obtaining necessary information and making reports (e.g. reporting to the Money Laundering Authority in certain suspicious cases);

- Credit assessment (scoring) when granting financing.

This scoring uses statistical comparison groups to assess the default risk of those seeking financing. The calculated "score value" is intended to enable a forecast of the probability with which an applied-for financing is likely to be repaid. To calculate this "score value", your master data (marital status, number of children, length of employment, employer), information on your general financial circumstances (income, assets, monthly expenses, amount of liabilities, collateral, etc.) and payment history (proper repayments of financing, reminders, data from credit agencies) are used. If the default risk is too high, the financing application is rejected;

- the keeping of legally required accounting and business records;

- internal and external company reviews, such as reviews by the Financial Services Authority, auditors or internal audit.

c) for the protection of legitimate interests (Art. 6 para. 1 lit. f DSGVO) in general:

Insofar as necessary, within the framework of balancing interests in favour of our company or a third party, data processing may take place beyond the actual fulfilment of the contract in order to safeguard the legitimate interests of us or third parties. Examples of data processing for the protection of legitimate interests are:

- Consultation of and data exchange with credit reporting services and creditor protection associations;

- General information emails and newsletters about services and products and related marketing information;

- Credit and risk assessments and calculation of rating classifications and probabilities of default and other risk management activities;

- Review and optimisation of procedures for needs analysis and direct customer contact;

- Telephone records (for quality assurance measures or in the event of complaints);

- Measures for business management and further development of services and products;

- Measures to protect employees and customers as well as the property of our company;

- Measures to prevent and combat fraud, money laundering, terrorist financing and crimes that endanger assets;

- Measures for debt collection and legal prosecution;

- Assertion of legal claims and defence in legal disputes;

- Ensuring IT security and the IT operation of our company;

- Prevention and investigation of criminal offences;

- Joint group risk management.

These processing activities serve the diligent management of our company.

d) for the protection of legitimate interests (Art. 6 para. 1 lit. f DSGVO) in the marketing of our services:

The evaluation of your data processed by us for the purpose of:

a) to provide or communicate to you information and offers from our company that are suitable for you, and

b) to develop services and products that are tailored to your interests and life situation.

is based on our legitimate interest in marketing our services. The evaluation of the data for this purpose is carried out in anonymised form and only as long as you have not objected to it.

The following data, which we have collected ourselves or which you have made available to us, may be evaluated for this purpose:

Personal data/master data

Gender, title, name, date of birth, country of birth, citizenship, marital status, education, profession, employer, identification data such as driving licence data, income data, address and other contact data such as telephone number or e-mail address and postal address, family relationships (without personal data of these persons), number of persons in the household, internal rating classifications such as our assessment of the income and expenditure situation and the assets and liabilities situation.

Data from services, website and communication

Data on the use of electronic services and websites, functions of websites and apps used, information on websites or content viewed and links accessed including external websites, information on response time to content or download errors and the duration of use of websites of our company. This information is collected using automated technologies such as cookies or web beacons (tracking pixels used to register email or website views), or by means of web tracking (recording and analysing browsing behaviour) on the website and using external service providers or software (for example, Google Analytics).

Technical data of end devices used

Information about devices and systems used to access websites, portals and apps or other communication options, such as internet protocol addresses or types and versions of operating systems and web browsers and, in addition, device identifiers and advertising identifiers or location information and other comparable data of devices and systems used.

User-generated content data

Information uploaded to websites or apps of our company, such as comments or personal entries and photos or videos and the like.

e) Within the scope of your consent (Art 6 para. 1 lit. a DSGVO).

In some cases, we need your consent in order to carry out data processing. These consents are given in separate declarations of consent and not in these notes on data processing. If you give us your consent to process data for specific purposes, the data will also be processed for the purposes and to the extent contained in your declaration of consent. Such consent can be revoked by you at any time with effect for the future.

 

 

We transmit your data, as far as this is necessary, to

a) insurance companies for the insurance of risks in connection with your leasing or hire-purchase contract or your financing object or the managed vehicle fleet;

b) current and potential risk partners, liability partners and guarantors (e.g. sureties, guarantors, pledgees) for risk assessment and to fulfil information obligations;

c) Refinanciers for the assessment of any collateral provided and for the fulfilment of information obligations;

d) creditor protection associations and credit agencies for the exchange of data in connection with risk assessments, combating money laundering and terrorist financing and fraud prevention as well as in the event of payment default;

e) where applicable, securitisation companies for the purpose of carrying out the securitisation of receivables arising from your business relationship with us, which may include disclosure to rating agencies, collateral or data trustees, service providers and purchasers of securities in this context;

f) where applicable, the European Investment Bank and the European Investment Fund for the purpose of assessing, granting and settling funding and making reports to the competent authorities;

g) where applicable, sales cooperation partners and their authorised dealers for the purpose of carrying out evaluations in connection with sales cooperations;

h) Raiffeisen Bank International AG, Vienna, the Austrian Regional Raiffeisen Banks and Raiffeisen Banks for risk assessment as well as for combating money laundering and terrorism financing and fraud prevention;

i) if applicable, Group companies for risk assessment and Group management;

j) service providers who provide services for us in connection with the conclusion and settlement of the business relationship as well as order processors who process your data for us in accordance with our orders;

k) dealers, suppliers and service providers for the provision of services in connection with the financing object;

l) if applicable, collection and intervention agencies for debt collection and the provision of related services;

authorities at their request, insofar as they are legally authorised to do so, or if reporting obligations exist.

We store your data during our business relationship (from the initiation and processing to the termination of a contract) and beyond in accordance with the statutory retention and documentation obligations.

In addition, the statutory limitation periods must be taken into account for the storage period.

As part of the business relationship, you must provide us with all personal information that is necessary to enter into and to maintain the business relationship with you, and also those data that we are required by law to collect. If you do not provide us with these data, we will generally decline either to conclude or to complete the contract, or we will be unable to execute an existing contract or we would be forced to terminate such contract. However, you are not obliged to give your consent to the processing of data if such data is not necessary for the performance of a contract or is not required by law or regulation.

In accordance with the General Data Protection Regulation, you have the right of access to the personal data we process about you, the right to rectify, erase or restrict the processing of this data, the right to object to this data processing and the right to request the transfer of the data you have provided to us. 

If you believe that we are violating your rights when processing your data, you have the right to lodge a complaint with the competent data protection supervisory authority.

For the establishment and implementation of the business relationship, we generally do not use fully automated decision-making in accordance with Article 22 DSGVO. In connection with products to be concluded online, an automated rejection of the online conclusion may occur if your information does not meet the requirements defined for the product. In these cases, please contact a customer service representative. If we use these procedures in other individual cases, we will inform you of this separately, insofar as this is provided for by law.

If you contact us by form on the website or by e-mail, the data you provide and transmit will be stored by us for a maximum of twelve months for the purpose of processing the inquiry and in case of follow-up questions. In this way, we pursue our legitimate interest in being able to offer you the best possible service and to open up ways for you to exchange information with us. If you do not wish your data to be shared and/or stored in this way, please send your objection to: datenschutz@rl.co.at. 

On our website, technically necessary cookies and other standard web control elements are used in particular to control and improve our Internet presence (JavaScript and tracking pixels). All data is collected anonymously. This allows us to collect information in order to check for which screen sizes, browsers and operating systems our website should be optimized. JavaScript is a programming language used to evaluate user interactions and to change, reload or generate content.

This website uses the "Raiffeisen Web Analytics" software for anonymous analysis of website usage. Your IP address will be made anonymous for analysis purposes by deleting the last 8 bits immediately when a website is accessed. For this purpose Cookies are used which enable an analysis of the website usage by users. Through the evaluation of this data valuable knowledge about the needs of these users can be gained. This knowledge contributes to further improving the quality of our offer. You can prevent this by setting up your browser in a manner that no Cookies are saved or do not give consent.

Upon others we collect the following data: visited websites, date and time of the visit, length of stay, browser version, screen resolution, operating system, the country and the referrer, this is the previously visited page from which a page was accessed.

GRZ IT Center GmbH acts as IT service provider for us, processing your data only within the scope of the provision of services.

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), if you have consented to this. Google Analytics uses cookies that are stored on your computer. The information generated by the cookie about your use of this website (including your anonymized IP address and IDs and the URLs of websites visited) will be transmitted to and stored by Google on servers in Europe. This website uses the IP anonymization option offered by Google Analytics. Your IP address will be shortened by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing us with other services relating to website activity and internet usage.

You can prevent Google from collecting your data in connection with Google Analytics by downloading and installing the browser plugin available at tools.google.com/dlpage/gaoptout.

In connection with Google Analytics, the Google Tag Manager is also used. Google Tag Manager is also a solution from Google that allows companies to manage website tags via an interface. The Google Tag Manager is a domain without cookies that does not collect any personal data. The Google Tag Manager triggers other tags, which in turn may collect data. We hereby point this out separately. The Google Tag Manager does not access this data. If a deactivation has been made by the user at domain or cookie level, this remains in place for all tracking tags that are implemented with Google Tag Manager.

At https://policies.google.com/terms/de, https://policies.google.com/technologies/partner-sites and https://policies.google.com/privacy/, respectively, you will find more detailed information on Google's terms of use and Google's privacy policy.

If you use the corresponding function and have given your consent, we use the Google Maps API service on our pages. This service is a service of Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. By integrating the service on our website, at least the following data are transmitted to Google, Inc.: IP address, time of visit of the website, screen resolution of the visitor, URL of the website (referrer), the identification of the browser (user agent) and search terms. The data transfer is independent of whether you have a Google account that you are logged in or whether you do not have a Google user account. If you are logged in, the data will be assigned with your account. If you do not wish assignment to your profile, you must log out before activating the button. Google, Inc. stores this data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google Inc. to exercise this right. For more information about the purpose and scope of data collection and processing by Google, Inc., please contact www.google.at/intl/de/policies/privacy/. We do not process the affected data.

Every time a user accesses our website and every time a file is retrieved or attempted to be retrieved from the server, data about this process is stored in a log file on the server. It is not directly traceable for us which user has retrieved which data. We also do not attempt to collect this information. This would only be possible in legally regulated cases and with the help of third parties (e.g. Internet service providers). In detail, the following data record is stored on the server about each retrieval: The IP address, the name of the retrieved file, the date and time of the retrieval, the amount of data transferred, the message whether the retrieval was successful, as well as the message why a retrieval may have failed, the name of your Internet service provider, if applicable, the operating system, the browser software of your computer and the website from which you visit us.

The legal basis for any processing of this personal data is our legitimate interest (Art. 6 para. 1 lit. f DSGVO). This is to be able to detect, prevent and investigate attacks on our website.

In addition, we process your personal data in special cases due to the legitimate interests of us or legal third parties in legal prosecution (Art. 6 para. 1 lit. f DSGVO) or by order of legally authorized authorities or courts (Art. 6 para. 1 lit. c DSGVO).

We generally store data for a period of three months to ensure the security of our website. Longer storage only takes place insofar as this is necessary to investigate detected attacks on our website or to pursue legal claims.

Cookies can be blocked, disabled or deleted. There are a variety of tools available to you to do this (including browser controls and settings). Information on this can be found in the help section of the web browser you are using. If you deactivate all cookies used by us, the display of the website may be restricted, for example.