Erscheinung:25.05.2018, Stand:updated on 10.11.2020 | Topic Compliance Information on data processing regarding applications filed on the Reporting and Publishing Platform (MVP Portal)
The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) processes personal data to meet its legal and (pre-)contractual obligations. This also includes data which BaFin collected from you. To promote awareness regarding data processing and your rights and to comply with our duty to provide information in accordance with Article 13 and Article 14 of the EU General Data Protection Regulation (GDPR), BaFin informs you as follows:
1. Contact details for BaFin and BaFin’s Data Protection Officer
Bundesanstalt für Finanzdienstleistungsaufsicht
Graurheindorfer Str. 108
53117 Bonn
Postfach 1253
53002 Bonn
Phone: +49 (0)228/4108-0
Fax: +49 (0)228/4108-1550
E-mail: poststelle@bafin.de or De-Mail: poststelle@bafin.de-mail.de
BaFin’s Data Protection Officer can be reached at: datenschutz@bafin.de.
2. Purpose of processing
Access control to MVP Portal; review of authorisation to make entries into official databases
3. Legal basis for the processing of data
Article 6(1)(e) of the General Data Protection Regulation (GDPR) in conjunction with section 4e (1) sentence 1 of the German Act Establishing the Federal Financial Supervisory Authority (Finanzdienstleistungsaufsichtsgesetz - FinDAG) in conjunction with section 35 (9) of the German Investment Code (Kapitalanlagegesetzbuch – KAGB);
sections 3 (1) and 13 (1) sentence 1 of the German Securities Prospectus Act (Wertpapierprospektgesetz – WpPG);
sections 6 and 8 (1) sentence 1 of the German Capital Investment Act (Vermögensanlagengesetz – VermAnlG);
sections 3 (1) and 13 (1) sentence 1 of the WpPG in conjunction with section 6 (3) of the WpPG;
section 87 of the German Securities Trading Act (Wertpapierhandelsgesetz – WpHG) and section 7 of the German Regulation relating to the use of employees in the provision of investment advice, as sales force staff, in the provision of portfolio management, as sales supervisors or as compliance officers and to the reporting requirements pursuant to section 87 of the Securities Trading Act (Verordnung über den Einsatz von Mitarbeitern in der Anlageberatung, als Vertriebsmitarbeiter, in der Finanzportfolioverwaltung, als Vertriebsbeauftragte oder als Compliance- Beauftragte und über die Anzeigepflichten nach § 87 des Wertpapierhandelsgesetzes – WpHGMaAnzV);
section 89 (2) of the WpHG and section 19 (1) of the German Investment Services Examination Regulation (Wertpapierdienstleistungs-Prüfungsverordnung – WpDPV) in respect of the submission of the questionnaire and examination reports under section 89 of the WpHG;
Articles 5, 14, 16, 17 and 19 of Regulation (EU) No 596/2014 (Market Abuse Regulation – MAR);
section 26 (1) and (4) of the WpHG in conjunction with the German Securities Trading Reporting Regulation (Wertpapierhandelsanzeigeverordnung – WpAV);
Article 5 et seq. of Regulation (EU) No 236/2012 (EU Short Selling Regulation); section 120 of the WpHG;
sections 27, 37, 40 (1), 43, 44, 159 and 305 of the German Insurance Supervision Act (Versicherungsaufsichtsgesetz – VAG) and circulars on the requirements for formal reporting via data transmission to Insurance Supervision; section 1 et seq. of the German Insurance Reporting Regulation (Versicherungsberichterstattungs-Verordnung – BerVersV); section 1 et seq. of the German Regulation on the Supervision of Pensionsfonds (Pensionsfonds-Aufsichtsverordnung – PFAV); Article 304(1)(b) in conjunction with Article 312(1)(a) of Commission Delegated Regulation (EU) 2015/35; Article 21(2)(b) and Article 32(2) of Regulation (EU) No 1094/2010
4. Categories of processed personal data
The personal data held about you or a third party include in particular:
Names, date of birth, address details, contact details, securities account number, customer identification number.
5. Intention to transfer the personal data to recipients in a third country or to an international organisation
BaFin does not intend to transfer your data to a recipient in a third country (non-EU member states and countries outside the European Economic Area) or to an international organisation.
6. Recipient of data
The data are processed within BaFin only.
7. Time period for storing your data
5 years after deleting the account
8. Your rights as a data subject
In principle, as a data subject, you have the right of access to personal data (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), erasure (Article 17 of the GDPR) and restriction of processing (Article 18 of the GDPR), the right to data portability (Article 20 of the GDPR) and the right to object to the processing (Article 21 of the GDPR). Moreover, you have a right to lodge a complaint with the data protection authority competent for BaFin, i.e. the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte(r) für den Datenschutz und die Informationsfreiheit).
9. Automated individual decision-making, including profiling
There is no automated individual decision-making.
10. Source of personal data
Investment services enterprises, other credit institutions, asset management companies and operators of off-exchange markets on which financial instruments are traded. The data source is not generally accessible.
11. Basis for the provision of your data and consequences in the event of failure to provide your personal data
See no. 3 (above)
The provision of your personal data is required in order to set up access to the MVP Portal. Without the provision of your personal data it is not possible to use BaFin’s MVP Portal.