Data protection at helaba.com
Contact details of organisation responsible for this website
Name and contact details
Landesbank Hessen-Thüringen Girozentrale
Public Law Institution (Anstalt des Öffentlichen Rechts)
Neue Mainzer Straße 52- 58
60311 Frankfurt am Main
Germany
Tel: +49 69 / 9132-01
Data protection
Landesbank Hessen-Thüringen Girozentrale
Public Law Institution (Anstalt des Öffentlichen Rechts)
Data protection officer
Kaiserleistraße 29 - 35
63067 Offenbach
Germany
Tel: +49 69 / 9132-01
E-Mail: dtnschtzhlbd
Categories of personal data
When visiting our website, your internet browser automatically sends information to the server hosting our website. This information is temporarily stored in a so-called log file, which contains the time and date of your visit, your IP address and URL (log parameters) and is automatically deleted after your visit.
Furthermore, we use cookies and analytical tools when you visit our website and provide you with in the relevant sections of this data protection notice.
Why we process your data
We process your personal data in order to ensure that you enjoy a seamless connection to our website, to enable you to use our website as comfortably as possible, to analyse the security and stability of our systems as well as for administrative purposes and other services.
Data protection information
Helaba handles your data responsibly in all business relationships. Learn more about this and inform yourself about the processing of your personal data with the help of our current data protection information.
Cookies
When you visit our website, Helaba makes use of necessary and optional cookies. Cookies are small text files that are stored on your device and saved in your browser. Their purpose is to make our range of services more user-friendly, for example so that you do not have to re-confirm an automatically generated disclaimer more than once. Cookies that we use are so-called “session cookies” because they are automatically reset at the end of your visit to our website. Our cookies do not cause any damage to your device and do not contain any viruses.
Many websites and servers use cookies, a number of which contain what is known as a cookie ID. A cookie ID is a cookie's unique identifier. It consists of a string of characters which websites and servers can use to identify the specific web browser on which the cookie has been saved. This enables the websites and servers visited to distinguish an individual user’s browser from other internet browsers that contain other cookies. The unique cookie ID enables the specific internet browser to be recognised and identified.
If you do not wish to allow any cookies to be set on your device, you can choose to block them at any time in the privacy settings of your browser or delete cookies that have already been generated. Alternatively, you can revoke your consent to cookies in the cookie settings section.
Under certain circumstances, not all features of our website might then function properly.
Cookie settings
| cookie [publisher] | purpose | storage period / Follow-up processing | third country transfer |
|---|---|---|---|
| disclaimer_disclosureRequirements [helaba] | necessary: Verification when accessing certain (sub) areas of the website | session | no |
| disclaimer_residenceGermany [helaba] | necessary: Verification when accessing certain (sub) areas of the website | session | no |
| hideCookieNotice [helaba] | necessary: Saves that the cookie or data protection notice will not be requested every time you visit. | 30 days | no |
| WSESSIONID [helaba] | necessary: Standard cookie to use with PHP session data. | session | no |
| cookie [publisher] | purpose | storage period / Follow-up processing | third country transfer |
|---|---|---|---|
| _et_coid [etracker] | statistic: cookie detection | 2 years / Evaluation to improve the user experience of our website | no |
| allowLoadExternRessources [helaba] | statistic: Saves the user decision that external components may be loaded automatically. | 30 days / Evaluation to improve the user experience of our website | no |
| allowTracking [helaba] | statistic: Saves the user decision that visitor behavior may be tracked. | 30 days / Evaluation to improve the user experience of our website | no |
| BT_ctst [etracker] | statistic: Is used to detect whether cookies are activated in the visitor's browser or not. | session / Evaluation to improve the user experience of our website | no |
| BT_pdc [etracker] | statistic: Contains Base64-coded visitor history data (is customer, newsletter recipient, visitor ID, displayed smart messages) for personalization. | 2 years / Evaluation to improve the user experience of our website | no |
| BT_sdc [etracker] | statistic: Contains Base64-encoded data of the current visitor session (referrer, number of pages, number of seconds since the beginning of the session), which is used for personalization purposes. | session / Evaluation to improve the user experience of our website | no |
| isSdEnabled [etracker] | statistic: Detection of whether the visitor's scroll depth is measured. | 1 hour / Evaluation to improve the user experience of our website | no |
| cookie [publisher] | purpose | storage period / Follow-up processing | third country transfer |
|---|---|---|---|
| EDAAT [.adsrvr.org] | Marketing: Stores a temporary security token for EDAA sign-out pages such as http://www. youronlinechoices. com/ | 1 hour / evaluation for the playout of banners for marketing purposes | yes / United Kingdom |
| TDCPM [.adsrvr.org] | Marketing: Matching IDs to avoid redundant calls. | 365 days / evaluation for the playout of banners for marketing purposes | yes/ United Kingdom |
| TDID [.adsrvr.org] | Marketing: recognition of web profiles over time on different websites. | 365 days / evaluation for the playout of banners for marketing purposes | yes / United Kingdom |
| TTDOptOut [.adsrvr.org] | Marketing: Stores the decision to opt out of re-targeting. | 5 years / evaluation for the playout of banners for marketing purposes | yes / United Kingdom |
| TTDOptOutOfDataSale [.adsrvr.org] | Marketing: Stores the decision against selling data to third parties. | 5 years / evaluation for the playout of banners for marketing purposes | yes / United Kingdom |
Usage-based information (targeting/re-targeting)
On our website, we use a so-called re-targeting technology provided by The UK Trade Desk Ltd., 10th Floor, 1 Bartholomew Close, London EC1A 7BL, United Kingdom. With this technology, cookies (so-called third-party cookies) are stored on your device when you visit our website. These cookies are either permanent or temporary cookies that are automatically deleted after a certain period of time.
The use of re-targeting technology enables us to collect data for analytical, marketing and optimisation purposes, which helps us to improve our marketing activities and our website. The data is used by The UK Trade Desk to link advertising contacts and clicks on advertisements to the subsequent use of our website. The following data is collected:
- Advertising identifiers, device identifiers, cookies (storage of and access to information)
- Information about the use of the website and advertisements placed on it (personalisation)
- Information about the use of the website and optimised advertisements placed on it (ad selection, serving, provision and tracking)
You can stop the use of cookies at any time by revoking cookie consent in your browser settings. You can also delete cookies already stored on your device at any time or revoke your consent to their use in the cookies settings section. This will not have any negative consequences for the use or functionality of our website.
Web tracking
Our website uses analytics services exclusively to optimize the provided online information. The data collected (IP address, date or time of the request, content of the page accessed or the browser used, validity of the session token) does not allow any direct conclusions to be drawn about individuals. Helaba's analysis of user data is not aimed at identifying individuals or at profiling, e.g. in order to provide visitors to the website with online advertising.
For this purpose, we use the services of etracker GmbH from Hamburg, Germany (www.etracker.com) for the analysis of usage data:
Cookieless Tracking:
Cookies are not used at all, as the IP address is anonymized at the earliest possible stage by etracker and login or device IDs are converted into a unique key that is not assigned to a person. etracker does not use the data in any other way, combine it with other data or pass it on to third parties.
Cookie Tracking:
With your consent, cookies are used to enable statistical analysis of the use of this website by its visitors and the display of usage-related content or advertising. You can stop the storage of these cookies at any time by refusing to accept cookies in your browser settings. You can delete the cookies already stored on your device at any time or revoke their use without any negative impact on the use or functions of our website. You can use the cookie settings to make these adjustments.
The data generated is processed and stored exclusively in Germany and is thus subject to strict German and European data protection laws and standards. etracker has been independently audited and certified in this regard and awarded the ePrivacyseal data protection seal of approval.
More information regarding data protection at etracker can be found here.
Myra Security
Our website uses the services of Myra Security GmbH (DE), Landsberger Str. 187, 80687 Munich. The purpose of the service is for secure encrypted data transmission on the Internet (SSL), to improve worldwide website performance through the Myra Content Delivery Network (CDN) and to improve security and protection against hacker attacks through the Myra Hyperscale Web Application Firewall (WAF). Since we care a lot about your privacy, we've chosen Myra as a German IT security provider, that meets the high GDPR standards reliably, when processing your data. The legal basis for data processing is therefore our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. The service is mandatory for the technical security of our website.
More detailed information about GDPR and Myra Security can be found on the GDPR pages of Myra Security.
Newsletter
- are the owner of the email address provided, and
- have subscribed to the newsletter yourself using our form.
In order to send you the newsletters you have subscribed to, we will ask you for your contact details. The form contains clear definitions of what information is required and what is optional. This data is saved and used exclusively for the purpose of sending the newsletters. It is not passed on to third parties. By entering your contact details on the form, you are giving us consent to save your data as well as to use it in order to send the requested newsletters.
The email address supplied when registering for the newsletter is used exclusively for the purposes of sending the subscribed publications or providing information about changes to our content as well as technical or legal information. Your email address is not passed on to third parties. At the time of your registration to our newsletter, we save the IP address allocated by your internet service provider as well as the date and time of your registration. This data is necessary in order to be able to identify any improper use of your email address at a later time. You may cancel or manage your existing subscriptions at any time.
Contact form
If you wish to contact us, you can use one of the integrated contact forms on our website. You can find the general contact form at https://www.helaba.com/int/kontaktformular/. In addition, you can find contact forms on subpages of the website with which you can contact the appropriate person or department directly. The email address and message fields are required; all other fields are optional.
With sending the contact form you consent to the use of your personal data. The data you have entered will then be transmitted to Landesbank Hessen-Thüringen Girozentrale in an encrypted form, together with the date, time and URL of the website you are using. The data you provide will be used exclusively for processing your contact request and deleted after processing your request or at the latest after expiry of any retention or deletion periods that may apply.
Legal basis for processing your data
We process your personal data in accordance with applicable data protection legislation.
a. To the extent that you have provided us with your consent to process your personal data (in particular cookies, newsletters and contact forms), we process your data based on your consent pursuant to § 25 para 1 TDDDG, Article 6(1)(a) GDPR or Article 6(1)(a) GDPR.
b. Furthermore, we may process your data in order to protect our legitimate interests or those of third parties (Article 6(1)(f) GDPR). In particular, this is for the purpose of optimising our website. Such processing is carried out after careful consideration of your and our interests, in particular taking into account the type of personal data as well as the purpose and circumstances of processing personal data.
Recipients of personal data
Entities within the bank receive access to your personal data if they require it for processing purposes. Service providers and vicarious agents commissioned by us may also receive your personal data for these purposes. However, we will only transmit your personal data to third parties if there is a legal basis for this pursuant to Article 6(1) GDPR and/or service providers commissioned by us are acting as processors.
Transmission of data to third countries
Data transfer to entities outside the EU or the EEA (so-called third countries) only takes place in safe third countries for which an adequacy decision of the European Commission exists.
Retention period of personal data
We delete your personal data as soon as the purpose for which we collected and processed is no longer applicable. Beyond this point in time, we only store your personal data if this is required by law, regulation or other legal provisions. To the extent that deletion of certain personal data is not possible, it is marked with the aim of restricting its future processing.
Data subject rights
You have the right of access pursuant to Article 15 GDPR, the right to rectification pursuant to 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR, the right to object pursuant to Article 21 GDPR and the right to data portability pursuant to Article 20 GDPR. With regard to the right of access and the right to erasure, the restrictions pursuant to Sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply.
In addition, you have the right to lodge a complaint with a competent supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). Since 1 January 2024, the competent supervisory authority for Helaba is:
The Hessian Commissioner for Data Protection and Freedom of Information
(Der Hessische Beauftragte für Datenschutz und Informationsfreiheit)
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Germany
Credit Institutions Department
Tel: +49 611 / 1408-0
Fax: +49 611 / 1408-900-901
E-Mail: poststelle@datenschutz.hessen.de
Pursuant to Section 2 (1) of the Treaty on the Formation of a Joint Savings Bank Organization Hesse-Thuringia, the responsibility of the supervisory authority shall alternate between Hesse and Thuringia every four years. Starting 1 January 2028 it will be:
The Commissioner for Data Protection and Information Security of the Free State of Thuringia
(Der Thüringer Landesbeauftragte für Datenschutz und die Informationssicherheit)
Häßlerstraße 8
99096 Erfurt
Germany
Tel: +49 361 / 57-311 -2900
Fax: +49 361 / 57-311-2904
E-Mail: poststelle@datenschutz.thueringen.de
You may revoke your consent to the processing of your personal data at any time. The same applies to the revocation of declarations of consent issued to us before the EU General Data Protection Regulation came into force, i.e. before 25 May 2018. Please note that the revocation affects any future processing and does not affect any processing undertaken before the revocation.
Further information
During your visit to our website, we neither use any profiling techniques nor any fully automated decision-making processes
Integration of social media platforms
Helaba maintains social media accounts on Twitter, Instagram, Xing, LinkedIn and YouTube. The relevant pages can be accessed via a link on our website. Helaba does not use any social media plug-ins for this purpose so that any personal data can only be exchanged with the respective social media platforms after clicking on the link and with your explicit consent.
In the following, we inform you about the processing of personal data when using the social media presences (in German):
- 07.11.2024Datenschutzhinweise zum LinkedIn-Profil der Helaba
Datenschutzhinweise zum LinkedIn-Profil der Helaba
- 07.11.2024Datenschutzhinweise zum Instagram-Profil der Helaba
Datenschutzhinweise zum Instagram-Profil der Helaba
Supplementary data protection information on credit transfers
As part of the execution of the credit transfer, we transmit the data contained in the credit transfer (credit transfer data) directly or with the involvement of intermediaries to the payee's payment service provider. In connection with the transfer, service providers involved in the execution of the order may also carry out the necessary checks on the transfer data (in particular to identify and prevent payment fraud). The payee's payment service provider may provide the payee with all or part of the credit transfer data, including the payer's IBAN.
SWIFT transaction processing service
In the case of cross-border transfers and urgent domestic transfers, the transfer data may also be processed under joint responsibility with the Society for Worldwide Interbank Financial Telecommunication (SWIFT) messaging system based in Belgium and forwarded to the payee's payment service provider. For reasons of system security, SWIFT temporarily stores the transfer data in its data centers in the European Union, Switzerland and the USA. Further information and the main contents of the joint responsibility agreement with SWIFT can be found in the data protection information on the SWIFT transaction processing service.