Skip to main content
Raiffeisen Tech Data Protection

Data Protection

All information about data protection you need to know.

Data protection

Important about cookies we use

Information pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR) on the processing of personal data.

We hereby inform you about the processing of your personal data and the data protection claims and rights to which you are entitled. The content and scope of the data processing depends largely on the products and services you have requested or which are agreed with you.

1. Who is responsible for data processing and whom can you contact?

Responsible for data processing:
Raiffeisen Tech GmbH, Am Stadtpark 9, 1030 Wien
Telephone +43/1/71707 – 8817, E-Mail:
Contact data of the Data Protection Office:
Daniela Bollmann, LL.M , Am Stadtpark 9, 1030 Wien
Telefon: +43/1/71707 – 8603, E-Mail:

2. What data are processed and from what sources do they originate?

We process the personal data that we receive from you, your employer or other third parties within the scope of the business relationship. In addition, we process data that we have permissibly received from publicly accessible sources (e.g. company register, register of associations, land register or media) or that are legitimately transmitted to us by other companies affiliated with Raiffeisen Tech GmbH. Personal data may include, for example, your personal details and contact data (e.g. name, address, date and place of birth, nationality, etc.) or legitimation data (e.g. specimen signature, identification data). In addition, it may also include data for the execution of payments (e.g. account details) as well as data for the fulfilment of our contractual obligations, information from your electronic transactions with Raiffeisen Tech GmbH (e.g. cookies) and other data comparable to the categories mentioned.

3. For which purposes and on which legal basis are data being processed?

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act 2018.

  • to fulfil contractual obligations (Art. 6 para. 1 lit. b DSGVO)

The processing of personal data (Art. 4 No. 2 DSGVO) is carried out in particular for the provision of services and the execution of our contracts with you and the execution of your orders as well as for the implementation of pre-contractual measures. The specific details regarding the purpose of data processing can be found in the respective contract documents and terms and conditions.

  • for the fulfilment of legal obligations (Art. 6 Para. 1 lit. c DSGVO)

The processing of personal data may be necessary for the purpose of fulfilling various legal obligations (e.g. from the law on limited liability companies (GmbHG) etc.) to which Raiffeisen Tech GmbH is subject.

  • within the scope of your consent (art. 6 para. 1 lit a DSGVO)

If you have given us your consent to process your personal data for specific purposes (e.g. transfer of data to the recipients named in the consent), the data will only be processed in accordance with the purposes and to the extent agreed in the declaration of consent. A given consent can be revoked at any time with effect
for the future.

  • to safeguard legitimate interests (Art. 6 para. 1 lit f DSGVO)

If necessary, data processing may be carried out to protect legitimate interests of us or third parties. In the following cases, data processing takes place to safeguard legitimate interests. Examples of such cases are:

  • Measures to protect customers and employees as well as the property Raiffeisen Tech GmbH
    measures to prevent and combat fraud;
  • within the scope of legal prosecution;
  • Measures for business management and further development of services and products;

4. Who receives my data?

Within the Bank, those units or employees receive your data, as required by them to fulfill their contractual, legal and / or regulatory obligations and legitimate interests. In addition, contractors (especially IT and back-officeservice providers) will receive your data as long and to the extent as they need the data to perform their respective service. All processors are contractually obliged to treat your data confidentially and to process the data for the provision of the respected services.

In the event of a legal or regulatory obligation, public bodies and institutions (e.g. courts, tax authorities, etc.), other institutions and our auditors may be recipients of your personal data. A transfer to third countries does not take place.

5. How long will my data be stored?

We process your personal data, as far as necessary, for the whole duration of the entire business relationship (beginning with the conclusion of a contract, its execution and ending with its termination) as well as in accordance with the mandatory storage and documentation obligation as required by law, in particular pursuant to the following Austrian legal provisions: the Companies Code (Unternehmensgesetzbuch, UGB), the Federal Fiscal Code (Bundesabgabenordnung, BAO), the Banking Act (Bankwesengesetz BWG), the Financial Market Money Laundering Act (Finanzmarkt-Geldwäschegesetz, FM-GwG) and the Securities Supervision Act (Wertpapieraufsichtsgesetz, WAG).

Moreover,  the data storage is also subject to the statutory limitation periods, eg under the Austrian General Civil Code (Allgemeines Bürgerliches Gesetzbuch, ABGB) and may in certain cases last up to 30 years.

Data from the video-surveillance of the Bank will be deleted in principle after 90 days if no longer required for the purposes of video surveillance.

6. Which data protection rights do I have?

You have the right to access, rectification, erasure or restriction of the processing of your stored data, a right to object to processing and a right to data portability in accordance with the requirements of data protection law.
Complaints can be addressed to the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Austria,

7. Am I obliged to providing data?

As part of the business relationship, you must provide us with all personal information that is necessary to enter into and to maintain the business relationship with you, and also those data that we are required by law to collect. If you do not provide us with these data, we will generally decline either to conclude or to complete the contract, or we will be unable to execute an existing contract or we would be forced to terminate such contract. However, you are not obliged to give your consent to the processing of data if such data is not necessary for the performance of a contract or is not required by law or regulation.

8. Is there automated decision-making?

As a matter of principle, we do not use a fully automated decision-making process in accordance with Article 22 of the DSGVO to establish and conduct the business relationship. No profiling within the meaning of Art. 4 No. 4 DSGVO takes place.

9. Is there a data transfer to a third country or to an international organization? 

A transfer of data to third countries (outside the European Economic Area - EEA) will only take place if this will be necessary for the execution of our contractual obligation, or if so required by law or if you have given us your explicit consent.

In addition, data may be transferred to RBI's subsidiaries or processors in third countries or subcontractors of RBI's processors in third countries. These are obliged to comply with European data protection and security standards.