Information on data processing according to Art. 13 and 14 of the General Data Protection Regulation (GDPR)
Trust is important, especially when it comes to your personal data. That is why we see it as our obligation to exercise the utmost care in the handling of your personal data and to do everything we can to protect your information from misuse.
UniCredit Leasing adheres strictly to data protection laws in the collection and processing of your data. The following information explains in detail which data is collected when you visit our website and how we use this data.
The content and scope of the data processing are largely based on each of the products and services that you have requested or that have been agreed upon with you.
The data processing takes place within the framework of the UniCredit Leasing Group as joint processing within the meaning of Art. 26 GDPR. The companies involved in the data processing can be accessed via this link.
For the exercise of rights as a data subject in accordance with Art. 15 – 22 GDPR,
UniCredit Leasing (Austria) GmbH
1020 Vienna, Austria
If you have any questions regarding data protection, please email us at:
We will address your concern immediately.
We process the personal data that we receive from you directly or from our cooperation partners as part of the business relationship. We also process data that we have legitimately received from credit agencies¹, debtor registers² and from publicly available sources (such as commercial register, register of associations, land register, media).
Personal data according to Art. 13 GDPR include:
In addition, this data may also include the following:
Before the pre-contractual phase, the following data may be collected by our cooperation partners and transmitted to us with their consent:
Personal data according to Art. 14 GDPR also include
We process the personal data of representatives of legal entities, e.g., title, academic degree, official title, first name, last name, function, email address, telephone numbers (mobile and landline) – in this case, these data are either disclosed by them directly (Art. 13 GDPR) or by their employer (Art. 14 GDPR).
¹ CRIF GmbH
² KSV1870 Holding AG
We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Data Protection Amendment Act 2018
Examples of such cases:
We process personal data of representatives of legal entities in order to be able to interact with you or your employer, e.g. within the scope of cooperations or for the processing of leasing contracts and orders.
Within UniCredit Leasing (Austria) GmbH, those offices or employees that require your data to fulfil contractual, statutory and regulatory obligations and to meet legitimate interests receive it. Furthermore, the data processing company (especially IT service provider and back-office service provider and service line) commissioned by us receives your data, as long as they need it for fulfilling their respective service. Accordingly, all the data processing companies are contractually obligated to keep your data confidential and to process it only in the context of service provision.
Sharing of your personal data with suppliers or cooperation partners is always only carried out within the framework of the consents granted by you, which can be revoked by you at any time.
The public authorities and institutions (such as European Banking Authority, European Central Bank, Austrian Financial Market Authority, tax authorities, etc.) and the UniCredit Bank Austria AG as our parent company can be recipients of your personal data, if there is a legal or regulatory obligation.
Reference to baking secrecy: With regard to forwarding data to other third parties, we would like to point out that, as an Austrian financial institution, UniCredit Leasing (Austria) GmbH is obliged to comply with banking secrecy regulations in accordance with Section 38 of the BWG, and must therefore maintain confidentiality regarding all customer-related information and facts which have been entrusted or made accessible to the bank in the course of the business relationship. Therefore, we can share your personal data only if you have explicitly released us from banking secrecy in advance, in writing or if we have a legal or regulatory obligation or authorisation for it.
In this context, recipients of personal data can be other credit and financial institutions or similar institutions to which we send data in order to maintain the business relationship with you (depending on the contract, this can be, for example, credit service agencies, etc.).
We process your personal data, insofar as necessary, for the entire period of the business relationship (from the initiation, implementation, until the end of the contract) and beyond, in accordance with the legal safekeeping and documentation obligations. These are set out, among others, in:
Moreover, the statutory limitation periods, which, for example, in some cases can last up to 30 years (the general limitation period is 3 years) according to the General Civil Code (ABGB [Allgemeines Bürgerliches Gesetzbuch]), must be taken into consideration for the safekeeping period.
You have a right at any time to
You can also direct complaints to the Austrian Data Protection Authority (www.dsb.gv.at).
According to Art. 13 (Art. 14) GDPR, we hereby inform you that, in the context of the business relationship, you must provide personal data which is necessary to establish and maintain the business relationship, as well as the information which we are legally required to collect. If you do not provide this information to us, in principle, we have to reject the conclusion of the contract or the performance of the order or we will not be able to fulfil an existing contract any longer, and we must consequently terminate it. However, you are not obliged to grant consent for processing of any data that is not relevant or not required for legal and/or legal purposes for fulfilling the contract.
We do not use automated decision-making procedures as defined under Art. 22 of the GDPR to reach decisions with regard to the creation or implementation of the business relationship.
A credit assessment (credit scoring) is carried out before the contract is concluded. This involves using statistical comparison groups to assess the default risk of potential customers. The calculated score should make it possible to predict how likely it is that the financing that has been applied for will be repaid. The following data is used in the calculation of this score:
If the default risk is too high, the credit application is rejected; if applicable, an entry is made in the consumer loan register maintained by KSV 1870, and an internal warning notice is received. If a credit application has been rejected, it is visible for 6 months in the consumer loan register maintained by KSV 1870 in accordance with the decision of data protection authorities.
To make the user experience of our website as convenient as possible, we use so-called cookies. Cookies are small text files which enable the system to recognise a returning user. These cookies include operationally necessary cookies, cookies that are statistically used to analyse the usability of the page controls, and marketing cookies for comfort settings that allow you to make the best use of our website. You can find more information about these cookies below. The information stored here does not contain any personal data and cannot be traced back to individuals.For this purpose, we have commissioned various service providers (Google, e-dialog) to create records on the websites of www.unicreditleasing.at using cookies. Our service providers only receive anonymous data. UniCredit Leasing (Austria) GmbH receives the results in the form of statistical evaluations which are used to assess whether the design of our website meets the needs of our visitors.
In principle, cookies are only set on the UniCredit Leasing (Austria) GmbH website if the user has given their consent to this. The exception to this is operationally necessary cookies, without which the website cannot be reproduced correctly.
You can centrally manage your cookie settings for statistics and comfort settings and deactivate them if necessary. Please note that in the event of deactivation, not all functions of our website can be made fully available.Edit cookie settings
Necessary cookies help to make a website user-friendly by enabling basic functions such as page navigation. Without their use, the website cannot be reproduced correctly. These cookies can be blocked in the browser settings.
Statistics cookies help website owners understand how visitors interact with their website by collecting and reporting information anonymously.
Marketing cookies are set by our partners to display personalised advertising or interest-based content. By disabling these cookies, you will see advertisements that are of less interest to you.
The UniCredit Leasing website uses Google Maps, in particular during searches for locations. Google Maps is operated by Google Inc. By using this website, you agree to allow Google, its representatives or third-party providers, to collect, process and to use data which is collected automatically or entered by you.
You can find a summary here of the data which is transferred when using Google Maps: www.google.com/intl/de_ALL/policies/privacy/ – in addition to the IP address, other items are also included, such as smartphone GPS data, if one is used for the search, or details of the search activity.
UniCredit Leasing (Austria) GmbH cooperates with the social network LinkedIn Inc., Sunnyvale, California.
In the course of this collaboration, when using the respective service, your browser will automatically connect to the service provider selected (such as LinkedIn). In this case, data such as your IP address and other information will be transmitted to the respective service provider if you have previously visited its website. Where possible, we will prevent this data transfer from taking place, and it will only occur if you interact with the social media network. If you are logged into the social media network concerned, it can assign your visit to our website to your user account.
In addition, we use plugins for various platforms (such as the LinkedIn symbol). By clicking on the respective symbol, you agree to allow communication with the respective platform, including the transfer of information (such as your IP address) to the service provider concerned. For further information on how your data is used in such cases, kindly read the Data Protection Declaration of the service provider you have connected to.
The security of your data is our top priority. Our stated aim is to take all technical and organisational measures required to ensure that our data processing is carried out in a secure manner and to process your personal data in such a way that it is protected from access by unauthorised third parties.
We make sure our IT infrastructure complies with the highest international security standards by using the most up-to-date security software, codes and encryption procedures.
In addition we enhance the security of your data by using risk minimisation measures and preventive safeguards.
As of: 21/07/2021