Data protection information under the EU General Data Protection Regulation in Hungary
Please also visit the ’Data protection’ section of the homepage of Deutsche Bank AG.
Certain data processing and transmissions
1. Complaint handling
All personal data collected in connection with complaint handling is processed for 5 years.
2. Call recording
2.1. The bank may record and store its telephone conversations with the data subject for complaint handling, settlement and security purposes. In case of complaint made over the phone the Bank stores the audio recording for 5 years. In other cases for the period of time provided for by the relevant legislation.
2.2. The Bank shall assure the rehearsal of the record of the call as well as it shall provide the data subject with the minutes of the recorder call free of charge on data subject’s demand.
3. Transmission of data to the Central Credit Information System (CCIS)
3.1. As provided for by Act CXXII of 2011 on the central credit information system, the Bank shall provide certain personal data to the central credit information system (hereinafter referred to as CCIS).
3.2. The purpose of the processing of the data stored in the CCIS is to provide reliable and up-to-date credit information to players in the Hungarian financial sector to facilitate prudent lending
3.3. A more detailed information about data transmission to the Central Credit Information System can be found in the General Business Conditions, as amended from time to time.
4. Obligations under FATCA
The Bank under Section 288/A-288/B in the Bank Act and the Act XIX of 2014 on Agreement Between the Government of Hungary and the government of the United States of America to improve International Tax compliance to Implement Fatca (hereinafter referred to as ’FATCA’) shall transmit certain personal data to the National Tax and Custom Administration Authority (‘Tax Authority’) as provided for in Section 43/B-43/C in Act XXXVII of 2013 on Certain Rules of International Public Administration Cooperation Related to Taxes and Other Public Duties (hereinafter referred to as: “Tax Cooperation Act”, or “TCA”). The Tax Authority under Section 43/D in Administrative Cooperation Act shall transmit the data received from the Bank to the competent authority of the United States of America as defined by FATCA. For more information on FATCA please click on the following link: FATCA-notification
5. Obligations under CRS
Under Section 288/C-288/D in Bank Act, and under Section 43/H in Tax Cooperation Act the Bank shall transmit certain personal data to the Hungarian Tax Authority who forwards these data to the competent authority of a member state of the European Union or any other country. For more information on CRS please click on the following link: Information-about-CRS
6. Processing of personal data provided through electronic communications with the Bank
6.1. The Bank monitors its employee’s communication taking place through any electronic devices (’electronic communication’) according to paragraph 1-2 in Section 11 of the Labor Act. By doing so the Bank records the electronic communication of it employees including any communication taking place between a Bank employee and any external person (data subject).
6.2. The aim of the monitoring and the recoding of the communication is to filter any communication that violates the law or internal policies relevant in terms of criminal law or regulatory supervision; to detect any violation of laws and regulatory requirements, or mandatory policy provisions applicable to financial and / or investment service providers (in particular leakage of business, securities or bank secrecy or of confidential or non-public price sensitive information) as well as to comply with obligation to provide information to regulatory authorities upon their request.
6.3. The above mentioned legal and regulatory requirements include, in particular, the obligations under
Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (market abuse regulation);
Act CCXXXVII of 2013 on credit institutions and financial enterprises, regarding bank secrecy;
Act CXXXVIII of 2007 on investment firms and commodity dealers and the rules of their operating conditions, regarding security secrecy;
Articles 16(6)-(7) and (11) of Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments (‘MiFID II’), Articles 72-76 of the Commission Delegated Regulation (EU) supplementing Directive 2014/65/EU, as well as the Hungarian laws implementing the Directive;
Sections 14 and 20a of the German Securities Trading Act (Wertpapierhandelsgesetz).
6.4. The communication is recorded and processed by a data processor assigned by the Bank (Hewlett-Packard Limited, Amen Corner, Cain Road, Bracknell, Berks RG12 1HN, and Autonomy House, Cambridge Business Park, Cowley Road, Cambridge, CB4 0WZ, UK) in a dedicated data repository called ’Digital Safe’. The data is retained and processed by the Bank in the Digital Safe for the period determined by the applicable record retention requirements, but maximum for 10 years. In case the purpose of data processing requires a longer period of time (as an example, in case of an ongoing investigation by an authority) the length of retention time can be prolonged for the period justified by the purpose of such data processing.
6.5. For the above reason and in the above cases, the Bank’s management, the persons appointed by the management (including the direct supervisor of the employee, members of the Compliance, Legal, Human Resources and Internal Audit departments) as well as external legal and other professionals mandated by the Bank are entitled to examine the content of the messages sent and the content of communication taking place through electronic devices. In the course of the examination, persons associated with Deutsche Bank Group’s non-European entities may also inspect the electronic communications in order to perform their control responsibilities.
Budapest, 25 May 2018
Deutsche Bank AG Hungary Branch