Information about the data protection according to DSGVO (the German basic regulation regarding the data protection) for natural persons
The following information about the data protection provides an overview of the collection and processing of your data.
With the following information, ICM InvestmentBank AG gives you an overview of the processing of your personal data as well as the information about your rights from the point of view of data protection law. Which data is processed in detail and in which way will be used depends on the requested or agreed services.
1. Who is responsible for the data processing and whom can you contact?
2. Which sources and data does ICM InvestmentBank AG use?
The ICM processes personal data that we receive from our customers as part of our business relationship. In addition, ICM processes – insofar as it is necessary for the provision of our services – personal data that the ICM legitimately obtains from publicly available sources (e.g. trade and association registers, press, internet) or transmitted by other third parties (e.g. a depository bank).
Relevant personal data is personal information (name, address and other contact information, date and place of birth and nationality), credentials (e.g. ID data) and authentication data (e.g. signature sample). In addition, these may include order data (e.g. payment order), contractual fulfilment data (e.g. revenue data in payment transactions), financial information, documentation data (e.g. advisory protocol), and other data comparable to those categories.
3. For what purpose ICM processes our data and on which legal basis the purpose of the processing is based?
The ICM processes personal data in accordance with the provisions of the European General Data Protection Regulation (DSGVO) and the German law regarding the data protection (BDSG):
3.1. For the fulfilment of contractual obligations (art. 6 section 1 b DSGVO)
The data are processed in the framework of the financial services provided in the context of the execution of our contracts with our customers or to take preventive measures following requests. The purposes of the data processing are based primarily on the specific product or services (e.g., funds, ETFs, stocks, bonds, other securities, brokerage, asset management) and may include, among others analyses of needs, advice, asset management and guidance, or the Execution of transactions. Further details on the data processing purposes can be found in the relevant contractual documents and the general terms and conditions.
3.2. Assessment of interests (Art. 6 section 1 f DSGVO)
Apart from the processing of your data for the fulfilment of the contract we use your data as well to protect our own legitimate interests or those of third parties. Examples:
Control and optimization of requirements analysis procedures for direct customer approach,
Advertising or market and opinion research, as long as you have not objected to the use of your data;
Submittal of legal claims and defence in legal disputes,
Ensuring IT security and IT operations of ICM,
prevention and investigation of criminal offenses,
Measures for the business control and further development of services and products,
Risk management within ICM InvestmentBank AG.
3.3. Consent (Art. 6 section 1 a DSGVO)
If you have given us consent to the processing of personal data for specific purposes (for example, disclosure of data within the Group), the lawfulness of such processing is based on your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent, which were issued to us before the validity of the DSGVO, i.e. before May 25, 2018. The revocation of consent does not affect the legality of the data processed until the revocation
3.4. Statutory requirements (Article 6 section 1 c DSGVO)
As a securities trading bank, we are subject to various legal obligations, i.e. legal requirements (for example, Banking Act, Money Laundering Act, Securities Trading Act, tax laws) as well as banking supervisory requirements (such as the European Central Bank, the European Banking Authority, the German Federal Bank and the Federal Financial Supervisory Authority). The purposes of the processing include, among others, identity and age checks, fraud and money laundering prevention, the fulfilment of tax control and reporting obligations, and the assessment and management of risks at ICM InvestmentBank AG
4. Who receives your data?
Service providers and agents appointed by us and that help us to fulfil the contracts, can get access to the data for these purposes on the basis of the Data Protection Act. These companies include the categories IT services, printing services, telecommunications and marketing. As a securities trading bank, ICM is required to maintain secrecy about all customer-related facts and assessments from which we obtain knowledge. We may only disclose information about you if required by law, if you have given your consent or if we are authorized to provide you with banking information. Under these conditions, recipients of personal data may, for example:
Public bodies and institutions (e.g. Deutsche Bundesbank, Bundesanstalt für Finanzdienstleistungsaufsicht, European Banking Authority, European Central Bank, tax authorities, law enforcement authorities) in case of a legal or regulatory obligation.
Other credit and financial service rendering institutions or similar entities to which we provide personal information for the purpose of conducting the business relationship with you, such as correspondence banks, custodians, exchanges, etc.).
other companies within the group of ICM InvestmentBank AG for risk management due to legal or regulatory obligations.
Other data recipients may be those for whom you have given us your consent to the data transfer or for whom you have released us from the data protection according to agreement or consent.
5. Are data transmitted to a third country or to an international organization?
A transfer of data to entities outside the European Union (so-called third countries) takes place insofar as:
it is required to execute your orders (e.g. payment and securities orders),
it is required by law (e.g. tax reporting obligations) or
You have given us your consent.
6. How long are your data stored?
We process and store your personal information as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be taken into account that our business relationship is a debt relation on the long term, with a duration of several years.
If the data are no longer required for the fulfilment of contractual or legal obligations, these are regularly deleted, unless their – temporary – further processing is necessary for the following purposes:
Fulfilment of commercial and tax-related storage requirements, such as the Commercial Code (HGB), the German Tax Code (AO), the German Banking Act (KWG), the Money Laundering Act (GwG) and the German Securities Trading Act (WpHG). The terms for storage and documentation specified there are up to ten years.
Preservation of evidence within the statutory limitation period. According to §§ 195 and following of the Civil Code (BGB) these prescription terms can be up to 30 years, whereas the regular prescription period is 3 years.
7. What are your rights with regard to the protection of your data?
Each person concerned has the right to obtain information (Article 15 DSGVO), the right of rectification (Article 16 DSGVO), the right of cancellation (Article 17 DSGVO), the right to restrict the data processing (Art. 18 DSGVO), the right of opposition (Art. 21 DSGV), the right of data transferability (Art. 20 DSGVO) and the right of appeal to the competent data protection supervisory authority (Art. 77 DSGVO).
In addition, you can make use of your right of objection at any time without stating any reasons and change or revoke the given declaration of consent with effect for the future. This request of revocation should be directed in writing to the responsible office of ICM InvestmentBank AG – Data Protection Officer – Friedrichstr. 34, 40217 Dusseldorf, firstname.lastname@example.org.
8. Are you obliged to provide your data?
In the framework of our business relationship, you must provide the personal information necessary to enter into a business relationship and to fulfil the contractual obligations therein contained, or that we are required to collect by law. Without this information we will generally not be able to conclude or execute the contract with you. According to the money laundering regulations, we are more specifically obliged to identify you prior to the establishment of the business relationship on the basis of your identity document and to record and store the name, place of birth, date of birth, nationality, address and identity card details. In order to comply with this legal obligation, you must provide the required information and documents according to the Money Laundering Act and to notify any changes resulting from the business relationship immediately. If you do not provide us with the necessary information and documents, we may not take up or continue the business relationship you wish to establish. Without this information we will generally not be able to conclude or execute the contract with you.
9. Are the decisions taken automatically?
In principle, we do not use automatic decision-making pursuant to Article 22 of the DSGVO in order to justify and implement the business relationship. If we use this procedure in individual cases, we will inform you separately if this is required by law.
10. Is there any profiling?
We partially process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling in the following cases:
On the basis of legal and regulatory requirements, we are committed to combating money laundering, the financing of terrorism and asset-related offenses. Thereto data evaluations (among others in payment transactions) are drawn up. These measures are also destined to protect you.
In order to provide you with targeted information and advice on products, we use evaluation tools. These enable needs-based communication and advertising, including market and opinion research.
Right of opposition
Information about your right of opposition under Article 21 (DSGVO – the General Data Protection Regulation)
1. Right of opposition with regard to individual cases
You have the right at any time, for reasons arising out of your particular situation, to oppose to the processing of your personal data pursuant to Article 6, section 1 letter (e) of the DSGVO (Data Processing in the Public Interest) and Article 6 section 1 letter f DSGVO (Data processing on the basis of an assessment of interests) takes place, objecting; this also applies to a profiling based on this provision within the meaning of Article 4 No. 4 DSGVO.
If you file an objection, your personal data will not be processed unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.
2. Right of opposition to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to send you direct marketing. You are entitled to oppose at any time to the processing of your personal data for the purposes of such advertising; this also applies to profiling insofar as it is associated with such direct marketing.
If you object to the processing for direct marketing purposes, we will not process your personal data for these purposes.
The objection can be filed without any form requirements at: