kfw arrows Data Protection

KfW Capital GmbH & Co. KG Privacy Notice

You can rely on the protection and security of your personal data: we consider it our responsibility to protect your privacy when processing your personal data. The following data privacy information provides an overview of how your data is processed and what your rights are under data privacy regulations when using the products and services of KfW Capital GmbH & Co. KG.

1. Who is responsible for data processing and whom can I contact?

The following party is responsible:
KfW Capital GmbH & Co. KG,
as represented by KfW Capital Verwaltungs GmbH (hereinafter: “we”, “us” or “KfW Capital”)
Bockenheimer Landstraße 98 – 100
60323, Frankfurt am Main, Germany

Phone: +49 69 7431 8880
Fax: +49 69 7431 8881

You can reach our company data protection manager at:

KfW Capital
Bockenheimer Landstraße 98 – 100
60323, Frankfurt am Main, Germany
E-mail: Datenschutz-kfw-capital@kfw.de

2. Which sources and data does KfW Capital use?

We process personal data which we receive from our customers, business partners and website visitors in connection with the use of our website, subscription to newsletters and in connection with our business relationships with these groups.
Personal data processed by us refers in particular to personal details (such as name, address, telecommunications data, date and place of birth, marital status), identification data (such as ID, reporting data), contractual data, advertising and sales data, documentation data, registration data and similar information.

3. For what purpose does KfW Capital process your data and what is the legal basis?

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG) and other applicable legal regulations.

You may use virtually our entire website without submitting any personal data. However, the products and services cited as examples below, which you can find on our website, require you to provide personal data in order to use them.

3.1. General communications and use of the newsletter function – for the purpose of performing contractual obligations and on the basis of your consent:

  • General communications, particularly via the contact form
  • Processing other enquiries
  • Invitations
  • Newsletters
  • Other advertising purposes

The processing of your personal data in this context is, as a general rule, a prerequisite for concluding and performing a contract with you or entering into a preliminary agreement with you. You are not legally obligated to make your personal data available to us. Without these data, however, we will not be able to perform the relevant contract with you. The legal basis for this processing is Article 6(1)(1)(b)of the GDPR. This provision permits the processing of personal data if the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps prior to entering into a contract.

If you have given us your consent to process personal data for specific purposes (e.g to send our newsletter), this consent serves as the legal basis for processing the data (Article 6(1)(1)(a)of the GDPR). Consent which has been granted may be revoked at any time.

3.2 Analysis of user behaviour and direct marketing – for the purpose of safeguarding legitimate interests:

  • Testing and optimising demand analysis procedures for the purpose of directly approaching customers
  • Advertising or market research and polling, as long as you have not objected to the use of your data
  • Measures in relation to business management and the further development of services and products

The legal basis for processing your personal data in this context is Article 6(1)(1)(f)of the GDPR unless we have, in individual cases, obtained your consent. Pursuant to this provision, processing personal data is permissible if this is necessary for the purposes of legitimate interests except where such interests are overridden by the interests or fundamental rights of the data subject which require that the personal data are not processed. We have a legitimate interest in aligning our offers with customer behaviour and optimising them. We believe that these interests prevail since, as an international finance company, we must control and optimise our offers in order to fulfil our promotional mandate. The alignment with our customers allows us to offer and optimise services according to the needs and interests of our customers. We protect the relevant data in such a way that we do not see any overriding disadvantages for you.

3.3 Risk management and compliance – for the purpose of safeguarding legitimate interests:

    • Assertion of legal claims and defence in legal disputes
    • Prevention and investigation of criminal activities
    • Assurance of IT security and IT operations
    • Risk management at KfW Capital and KfW Group

The legal basis for processing your personal data in this context is Article 6(1)(1)(f)of the GDPR. Our legitimate interest consists in complying with applicable legal provisions, maintaining the security of our IT systems and, in case of non-compliance with legal requirements or violations of security regulations, responding adequately to such circumstances, for instance by establishing legal claims. We believe that these interests prevail since, as a finance company, we are subject to a significant number of regulatory requirements and have a responsibility towards our customers to ensure that the corresponding requirements and security regulations are complied with. We protect the relevant data in such a way that we do not see any overriding disadvantages for you.

3.4 Social media

You can access our social media channels (Facebook, YouTube, LinkedIn, Xing, Google+ and Twitter) from our website.

Caution: When choosing one of the following links, you will leave our website and be directed to the website of a social media platform. Any information available there was created without any help from us and we are therefore not responsible for this content. We do not accept any liability for the information being up-to-date, accurate or complete. Reference to social media does not imply any approval on our part.

Particularly for reasons of data protection compliance, the relevant social media cannot be directly accessed. Corresponding notices will therefore be displayed. In addition, you may first have to click on integrated buttons, thus giving your express consent to the communication with the social media platform. Only after that, the browser will connect you by establishing a direct connection with the social media platform’s servers.

Please keep in mind that we are not aware of nor do we influence how and what data find their way to the social media platform.

By activating the button, you will provide the social media platform with the information that you have opened one of the web pages of the platform on the Internet. If you are already registered with the social media platform, it will be able to link your visit with your account on the social media platform. But even if you have not yet registered with the social media platform, it is not possible to preclude the possibility that it will collect and/or store your IP address after clicking on the platform.

3.5 Cookies

Data are collected and further processed in anonymised form on this website in order to continually improve our web content. Cookies are small text files that are linked with the browser you are using and are stored on your hard drive, sending certain information to the person who set them.

The data are not used in any way to personally identify a visitor (if this were even technically possible) nor are they linked to the data about the bearer of the pseudonym.

3.6 Google Maps

If you decide to use services of the provider Google Maps API by clicking on the (link etc.), the data are processed by Google Maps on the basis of the information transmitted by Google Maps API, for the correctness and completeness of which KfW does not assume any liability, according to the following conditions:

This website uses Google Maps API, a map service of Google Inc., in order to present interactive maps and to generate routing maps. Google Maps is being operated and provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). The provision of an interactive map is in the legitimate interest of Google and of us. The legal basis for the data processing represents Art. 6 para. 1 sentence 1 lit. f) GDPR.

By using Google Maps, information about the usage of this website (including your IP addresses) can be transferred to a Google server in the US and stored there. Google will possibly transfer information that has been obtained through Maps to third parties, if this is required by law or insofar as third parties process these data on behalf of Google. Appropriate guarantees for the transfer from a third country to Google are available in the form of the Privacy Shield certification (see here for details).

Google will in no case merge IP addresses with other data from Google. Nevertheless it would be technically possible for Google to identify individual users on the basis of received data. It would be possible that Google processes personal data and personality profiles of website users for other purposes that we do not have or cannot have influence on. You have the option to deactivate the service of Google Maps and thus prevent the data transfer to Google by deactivating JavaScript in your browser. However, we want to point out that you cannot use the map display on our pages in this case.

The Google privacy policy and additional terms of service for Google Maps can be found under https://policies.google.com/privacy?hl=en and under https://www.google.com/intl/en_en/help/terms_maps.html

4. Who will have access to my data?

Within KfW Capital, the departments that need your data to fulfil our contractual and legal obligations receive access to your data. Service providers and agents employed by us (for instance assisting KfW for regulatory and functional purposes, in addition to consultants and service providers such as lawyers, tax consultants, asset servicers) may also receive data for these purposes, provided that they comply with data protection obligations.

We may only disclose information about you to third parties if required to do so by law, if you have given your consent or if we are authorised to provide such information for other reasons. Under these conditions, recipients of personal data could include:

  • Public bodies and institutions (for instance, KfW and other KfW Group companies, the Deutsche Bundesbank, the Federal Financial Supervisory Authority, the Federal Court of Auditors, courts of auditors in the German states, the Federal Parliament including its committees, European Banking Authority, the European Central Bank (ECB), the European Investment Fund (EIF), the European Investment Bank, the European Commission, German federal and state ministries, financial authorities and official bodies) in the event of a legal or official obligation
  • Other credit and financial services institutions or similar institutions (e.g. national promotional institutions) to which we transfer personal data for the purpose of managing our business relationship with you – including, if necessary, as part of a preliminary agreement process (e.g. commercial banks, credit agencies depending on the contract)
  • Service providers which process data on our behalf (e.g. data centres, tax consultants, asset servicers)
  • Experts, to the extent that they are necessary for the business process

Other data recipients may be bodies for which you have given us your consent to transfer data.

If you need further information on individual recipients, please do not hesitate to contact us.

5. Will any data be transferred to a third country or to an international organisation?

If KfW Capital transfers personal data to offices outside of the EU, known as third countries, requirements stipulated in data privacy regulations are complied with.

6. How long will my data be stored?

How long personal data are stored is based on the respective processing purposes. It is not possible to list the various storage periods in a reasonable format here. The criteria to determine the specific individual storage periods are the following:

  • If we only process data for the purpose of executing a contractual relationship, we store the data for the duration of the contractual relationship.
  • Where we process data in connection with anticipated legal disputes, we will store the data until the court proceedings have definitively been completed or until the claims at issue have become time-barred in accordance with the applicable civil law provisions. The general limitation period is three years.
  • In addition, we are subject to various storage and documentation obligations arising from the German Commercial Code (HGB), the German Fiscal Code (AO), the German Banking Act (KWG), the German Money Laundering Act (GwG) and the German Securities Trading Act (WpHG). The periods for retention and documentation stipulated in these laws range from two to ten years.

7. What are my data privacy rights?

If the statutory prerequisites are met, you have the following rights in accordance with Article 15 to 22 of the GDPR:

  • Right of access in accordance with Article 15 of the GDPR, i.e. the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where that is the case, access to this personal data and other information;
  • Right to rectification in accordance with Article 16 of the GDPR if personal data concerning you is not correct;
  • Right to erasure in accordance with Article 17 of the GDPR, e.g. when the personal data are no longer necessary in relation to the purposes for which they were processed;
  • Right to restriction of processing in accordance with Article 18 of the GDPR.

With respect to the right of access and the right to erasure, the restrictions pursuant to Sections 34 and 35 of the German Federal Data Protection Act apply.

In addition, there is a right to lodge a complaint with a data protection supervisory authority (Article 77 of the GDPR).

Right to revoke your consent

You can revoke consent that you have granted to process data at any time. This does not, however, affect the legality of processing carried out before consent was revoked. If you revoke your consent or effectively object to further processing on the basis of your consent, we will no longer process the data for these purposes

Information about your rights to object

If we process personal data to engage in direct advertising, you can object to processing at any time and without specifying any reasons.

There is no requirement as to the form of such objection. Please send your objection to one of the following addresses:

Postal delivery:

KfW Capital GmbH & Co. KG
Bockenheimer Landstraße 98 – 100
60323, Frankfurt am Main
E-mail: info-kfw-capital@kfw.de

Right to object in individual cases according to Article 21 of the GDPR

You have the right to object at any time to the processing of your personal data, which is based on a balancing of interests (Article 6(1)(1)(f)of the GDPR) insofar as reasons arise from your particular circumstances which preclude such data processing. This also applies if automated individual decision-making is used (Article 22 of the GDPR). If you raise an objection we will no longer process your personal data for these purposes unless we are able to provide evidence of compelling reasons for the processing which are worthy of protection and which override your interests, rights and freedoms, or unless the processing serves the purpose of establishing, exercising or defending legal claims.

Right to object under Telemedia Act Section 15

Pursuant to Section 15 of the German Telemedia Act (Telemediengesetz; TMG), website visitors may object to the storage of their visitor data collected in anonymised form, so that such data will no longer be collected in the future.