Erscheinung:25.05.2018, Stand:updated on 22.10.2020 | Topic Compliance Information on data processing regarding requests from abroad for administrative assistance
The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) processes personal data to meet its legal and (pre-)contractual obligations. This also includes data which BaFin collected on you. To promote your awareness regarding data processing and your rights as well as to comply with our duty to provide information in accordance with Article 14 of the EU General Data Protection Regulation (GDPR), BaFin informs you as follows:
1. Contact details for BaFin and BaFin’s Data Protection Officer
Bundesanstalt für Finanzdienstleistungsaufsicht
Graurheindorfer Str. 108
53117 Bonn
Postfach 1253
53002 Bonn
Phone: 0228 / 4108 – 0
Fax: 0228 / 4108 – 1550
E-mail: poststelle@bafin.de or De-Mail: poststelle@bafin.de-mail.de
BaFin’s Data Protection Officer can be reached at: datenschutz@bafin.de
2. Purpose of processing
Processing the request for administrative assistance from foreign supervisory authorities
3. Legal basis for the collection of data
Art. 6 para. 1 lit. e GDPR in connection with sec. 4e para. 1 sentence 1 FinDAG (Act Establishing the Federal Financial Supervisory Authority) in connection with The German Insurance Supervision Act (Versicherungsaufsichtsgesetz – VAG), the German Securities Trading Act (Wertpapierhandelsgesetz – WpHG), the German Banking Act (Kreditwesengesetz – KWG)
4. Categories of processed personal data
The personal data held about you consist of contact details.
5. Intention to transfer the personal data to recipients in a third country or to an international organisation
BaFin intends to transmit your data to a recipient in a third country (non-member states of the EU and countries outside of the European Economic Area) or to an international organisation.
6. Recipient of data
National supervisory authorities of EU member states.
7. Time period for storing your data
5 years
8. Your rights as a data subject
In principle, as a data subject, you have the rights of access to personal data (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), erasure (Article 17 of the GDPR) and restriction of processing (Article 18 of the GDPR), the right to data portability (Article 20 of the GDPR) and the right to object to the processing (Article 21 of the GDPR). Moreover, you have a right to lodge a complaint with the data protection authority competent for BaFin, i.e. the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte(r) für den Datenschutz und die Informationsfreiheit).
9. Automated individual decision-making, including profiling
There is no automated individual decision-making.
10. Source of personal data
Foreign supervisory authorities