Data Protection

The data processing takes place within the framework of the UniCredit Leasing Group as joint processing within the meaning of Art. 26 GDPR. The companies involved in the data processing can be accessed via this link.

For the exercise of rights as a data subject in accordance with Art. 15 – 22 GDPR,

UniCredit Leasing (Austria) GmbH
Rothschildplatz 1
1020 Vienna, Austria

Telephone: +43(0)50 505-64040
Email: info.leasing@unicreditgroup.at
Email: DPO_unicreditleasing@unicreditgroup.at

is responsible.

If you have any questions regarding data protection, please email us at:

DPO_unicreditleasing@unicreditgroup.at

We will address your concern immediately.

We process the personal data that we receive from you directly or from our cooperation partners as part of the business relationship. We also process data that we have legitimately received from credit agencies¹, debtor registers² and from publicly available sources (such as commercial register, register of associations, land register, media).

Personal data according to Art. 13 GDPR include:

• Your personal details (name, address, contact details, date of birth, place of birth, nationality, etc.)
• Identity verification data (such as identity card data) and authentication data (such as a sample signature)

In addition, this data may also include the following:

• Order data (such as payment orders)
• Data from the fulfilment of our contractual obligation
• Information regarding your financial status (such as creditworthiness data, scoring or rating data, etc.)
• Advertising and sales data
• Documentation data (such as consulting records)
• Register data
• Information from your electronic correspondence with UniCredit Leasing (Austria) GmbH (e.g., apps, cookies, etc.)
• Processing results generated by UniCredit Leasing (Austria) GmbH itself
• Data for compliance with legal and regulatory requirements

Before the pre-contractual phase, the following data may be collected by our cooperation partners and transmitted to us with their consent:

• Your personal details (name, address, contact details, date of birth, place of birth, nationality, etc.)
• Identification data (e.g. ID card data)
• Information regarding your financial status (such as credit rating data)
• Income
• Referring body
• Duration of the employment relationship

Personal data according to Art. 14 GDPR also include

• Your data from the fulfilment of our contractual obligations.
• Information regarding your financial status (such as creditworthiness data, scoring or rating data, etc.)
• Register data
• Information from your electronic correspondence with UniCredit Leasing (Austria) GmbH (e.g., apps, cookies, etc.)
• Processing results generated by UniCredit Leasing (Austria) GmbH itself
• Data for compliance with legal and regulatory requirements

We process the personal data of representatives of legal entities, e.g., title, academic degree, official title, first name, last name, function, email address, telephone numbers (mobile and landline) – in this case, these data are either disclosed by them directly (Art. 13 GDPR) or by their employer (Art. 14 GDPR).

¹ CRIF GmbH
² KSV1870 Holding AG

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Data Protection Amendment Act 2018

• for the fulfilment of contractual obligations (Art. 6 para. 1b GDPR):

  The processing of personal data (Art. 4 No. 2 GDPR) is carried out for the provision and arrangement of financial services and insurance, leasing and real estate business, in particular for the execution of our contracts with you and the execution of your orders and all activities required for the operation and management of a financial services institution.
  The purposes of data processing are primarily based on the specific product (e.g. real estate lease, rental purchase, etc.) and may include needs analyses, consulting and the execution of transactions.
  The specific details for the purpose of data processing can be found in the respective contract documents and terms and conditions.

• for the fulfilment of legal obligations (Art. 6 para. 1c GDPR):

  Processing of personal data may be necessary for the purpose of fulfilling various legal obligations (such as from the Banking Act (BWG [Bankwesengesetz]), Financial Markets Money Laundering Act (FM-GwG [Finanzmarkt-Geldwäschegesetz]), etc.) as well as regulatory requirements (such as of the European Central Bank, the European Banking Supervisor, the Austrian Financial Market Authority, etc.), to which UniCredit Leasing (Austria) GmbH is subject as an Austrian credit institution.

  Examples of such cases:

  • Providing reports to the money laundering unit in certain suspicious cases (Section 16 FM-GwG)
  • Providing information to financial crime prosecutors in the context of financial crime proceedings for a deliberate financial offence
  • Providing information to federal tax authorities in accordance with Section 8 of the Account Register and Account Entry Act [Kontenregister- und Konteneinschaugesetz].
• within the scope of your consent (Art. 6 para. 1a GDPR):

  If you have granted us consent to process your personal data, processing will only take place in accordance with the purposes set out in the declaration of consent and to the extent agreed therein. Any consent given may be revoked at any time with future effect (for example, you may object to the processing of your personal data for marketing and promotional purposes if you no longer consent to processing in the future).
  
  

• for the protection of legitimate interests (Art. 6 para. 1f GDPR):

  If necessary, within the framework of balancing of interests of UniCredit Leasing (Austria) GmbH or a third party, data may be processed, by us or by third parties, beyond the actual fulfilment of the contract, in order to safeguard legitimate interests. In the following cases, data is processed to safeguard legitimate interests:
  
  

  • Consultation of and data exchange with credit agencies (such as Austrian Credit Protection Association 1870) for the identification of credit risks and default risks
  • Review and optimisation of needs analysis and direct customer approach procedures
  • Advertising or market and opinion research, provided that you have not objected to the use of your data in accordance with Art. 21 GDPR;
  • Measures relating to business management and the enhancement of services and products
  • Measures for protecting employees and customers, as well as the property of UniCredit Leasing (Austria) GmbH
  • Measures for the prevention and combating of fraud (Fraud Transaction Monitoring)
  • In the course of legal proceedings

We process personal data of representatives of legal entities in order to be able to interact with you or your employer, e.g. within the scope of cooperations or for the processing of leasing contracts and orders.

Within UniCredit Leasing (Austria) GmbH, those offices or employees that require your data to fulfil contractual, statutory and regulatory obligations and to meet legitimate interests receive it. Furthermore, the data processing company (especially IT service provider and back-office service provider and service line) commissioned by us receives your data, as long as they need it for fulfilling their respective service. Accordingly, all the data processing companies are contractually obligated to keep your data confidential and to process it only in the context of service provision.

Sharing of your personal data with suppliers or cooperation partners is always only carried out within the framework of the consents granted by you, which can be revoked by you at any time.

The public authorities and institutions (such as European Banking Authority, European Central Bank, Austrian Financial Market Authority, tax authorities, etc.) and the UniCredit Bank Austria AG as our parent company can be recipients of your personal data, if there is a legal or regulatory obligation.

Reference to baking secrecy: With regard to forwarding data to other third parties, we would like to point out that, as an Austrian financial institution, UniCredit Leasing (Austria) GmbH is obliged to comply with banking secrecy regulations in accordance with Section 38 of the BWG, and must therefore maintain confidentiality regarding all customer-related information and facts which have been entrusted or made accessible to the bank in the course of the business relationship. Therefore, we can share your personal data only if you have explicitly released us from banking secrecy in advance, in writing or if we have a legal or regulatory obligation or authorisation for it.

In this context, recipients of personal data can be other credit and financial institutions or similar institutions to which we send data in order to maintain the business relationship with you (depending on the contract, this can be, for example, credit service agencies, etc.).

We process your personal data, insofar as necessary, for the entire period of the business relationship (from the initiation, implementation, until the end of the contract) and beyond, in accordance with the legal safekeeping and documentation obligations. These are set out, among others, in:

• the Austrian Company Code (UGB [Unternehmensgesetzbuch])
• the Federal Fiscal Code (BAO [Bundesabgabenordnung])
• the Austrian Banking Act (BWG)
• the Financial Markets Money Laundering Act (FM-GwG)

Moreover, the statutory limitation periods, which, for example, in some cases can last up to 30 years (the general limitation period is 3 years) according to the General Civil Code (ABGB [Allgemeines Bürgerliches Gesetzbuch]), must be taken into consideration for the safekeeping period.

You have a right at any time to

• obtain information regarding your stored data, to limit its processing, or to correct or delete it
• object to the processing of your data
• as well as a right to data portability in accordance with the requirements of data protection law, which you can direct to the data protection officer of UniCredit Leasing (Austria) GmbH.

You can also direct complaints to the Austrian Data Protection Authority (www.dsb.gv.at).

According to Art. 13 (Art. 14) GDPR, we hereby inform you that, in the context of the business relationship, you must provide personal data which is necessary to establish and maintain the business relationship, as well as the information which we are legally required to collect. If you do not provide this information to us, in principle, we have to reject the conclusion of the contract or the performance of the order or we will not be able to fulfil an existing contract any longer, and we must consequently terminate it. However, you are not obliged to grant consent for processing of any data that is not relevant or not required for legal and/or legal purposes for fulfilling the contract.

We do not use automated decision-making procedures as defined under Art. 22 of the GDPR to reach decisions with regard to the creation or implementation of the business relationship.

A credit assessment (credit scoring) is carried out before the contract is concluded. This involves using statistical comparison groups to assess the default risk of potential customers. The calculated score should make it possible to predict how likely it is that the financing that has been applied for will be repaid. The following data is used in the calculation of this score:

• Your core data (such as marital status, number of children, length of employment, employer, etc.)
• Information regarding your overall financial circumstances (such as income, assets, monthly expenses, debt situation, collateral, etc.)
• Data on payment behaviour (such as on-time loan repayment, payment reminders, details from credit agencies)

If the default risk is too high, the credit application is rejected; if applicable, an entry is made in the consumer loan register maintained by KSV 1870, and an internal warning notice is received. If a credit application has been rejected, it is visible for 6 months in the consumer loan register maintained by KSV 1870 in accordance with the decision of data protection authorities.

To make the user experience of our website as convenient as possible, we use so-called cookies. Cookies are small text files which enable the system to recognise a returning user. These cookies include operationally necessary cookies, cookies that are statistically used to analyse the usability of the page controls, and marketing cookies for comfort settings that allow you to make the best use of our website. You can find more information about these cookies below. The information stored here does not contain any personal data and cannot be traced back to individuals.

In principle, cookies are only set on the UniCredit Leasing (Austria) GmbH website if the user has given their consent to this. The exception to this is operationally necessary cookies, without which the website cannot be reproduced correctly.

You can centrally manage your cookie settings for statistics and comfort settings and deactivate them if necessary. Please note that in the event of deactivation, not all functions of our website can be made fully available.

Necessary cookies

Necessary cookies help to make a website user-friendly by enabling basic functions such as page navigation. Without their use, the website cannot be reproduced correctly. These cookies can be blocked in the browser settings.

Statistics

Statistics cookies help website owners understand how visitors interact with their website by collecting and reporting information anonymously.

• Adobe Analytics Adobe Analytics uses cookies to distinguish requests from different browsers and to store useful information that can be used later by an application. Cookies can also be used to attribute browser information. Analytics primarily uses cookies to anonymously define new visitors, analyse clickstream data, and track historical activity on the website, such as the response to specific campaigns or the length of the sales cycle. Storage time: 2 years

Marketing

Marketing cookies are set by our partners to display personalised advertising or interest-based content. By disabling these cookies, you will see advertisements that are of less interest to you.

• Google Ads, remarketing & display campaigns The completed contact forms on our websites, which were generated via Google ads, are counted. The tool also serves to retarget users on our websites. Storage time: 540 days

The UniCredit Leasing website uses Google Maps, in particular during searches for locations. Google Maps is operated by Google Inc. By using this website, you agree to allow Google, its representatives or third-party providers, to collect, process and to use data which is collected automatically or entered by you.

You can find a summary here of the data which is transferred when using Google Maps: www.google.com/intl/de_ALL/policies/privacy/  – in addition to the IP address, other items are also included, such as smartphone GPS data, if one is used for the search, or details of the search activity.

UniCredit Leasing (Austria) GmbH cooperates with the social network LinkedIn Inc., Sunnyvale, California.

In the course of this collaboration, when using the respective service, your browser will automatically connect to the service provider selected (such as LinkedIn). In this case, data such as your IP address and other information will be transmitted to the respective service provider if you have previously visited its website. Where possible, we will prevent this data transfer from taking place, and it will only occur if you interact with the social media network. If you are logged into the social media network concerned, it can assign your visit to our website to your user account.

In addition, we use plugins for various platforms (such as the LinkedIn symbol). By clicking on the respective symbol, you agree to allow communication with the respective platform, including the transfer of information (such as your IP address) to the service provider concerned. For further information on how your data is used in such cases, kindly read the Data Protection Declaration of the service provider you have connected to.

For more information on LinkedIn’s privacy policy, please visit www.linkedin.com/legal/privacy-policy

The security of your data is our top priority. Our stated aim is to take all technical and organisational measures required to ensure that our data processing is carried out in a secure manner and to process your personal data in such a way that it is protected from access by unauthorised third parties.

We make sure our IT infrastructure complies with the highest international security standards by using the most up-to-date security software, codes and encryption procedures.

In addition we enhance the security of your data by using risk minimisation measures and preventive safeguards.