Protecting your data
- We treat your data responsibly and only for specified purposes
- We are aware of the sensitivity of the data you have entrusted to us.
- We do not process any personal data without a legal basis.
- We will never pass on your data to third parties without your explicit consent.
- We use several well-established measures (such as encryption) to prevent any misuse of your data.
- We follow the principle of data minimization.
Raisin GmbH (hereinafter: ’Raisin’) provides information on deposits and investment products of selected partners via our website. In addition, our customers can access the Online Banking System of Raisin Bank AG in Frankfurt (Germany) (hereinafter: ‘Raisin Bank’).
Raisin is aware that the personal data you have entrusted to us is sensitive. We ensure that the personal data that customers and prospective customers provide when using our services is always treated confidentially.
Personal data is any information that personally identifies you (or can be directly linked to you) such as your name, telephone number, address, and other information required for the provision of our services. This does not include information which cannot be directly linked to your person.
We protect the personal data of customers and prospective customers through the use of high-security standards as well as standard operating procedures, which have been created specifically to prevent any misuse of this information.
Customer Information about data processing in accordance with the EU General Data Protection Regulation (GDPR)
The protection of personal data is important to us at Raisin GmbH (hereinafter “Raisin”). Therefore, Raisin aims to comply with the data protection regulations in order to achieve sufficient protection and security of the customer data. With this document, we wish to inform you about the processing of your personal data by Raisin and the rights regarding data protection, to which you are entitled.
1. Who is responsible for data processing and who can you contact?
Responsible for the data processing is:
Schlesische Straße, 33/34
10997 Berlin, Germany
Phone: +49 30 770 191 295
Email address: firstname.lastname@example.org
Our corporate data protection officer can be reached at:
Data protection officer
Schlesische Straße, 33/34
10997 Berlin, Germany
Phone: +49 30 770 191 295
Email address: email@example.com
2. Which data is processed by us and what are the sources for this data?
We process personal data that we receive from you in the context of the customer relationship. The customer relationship begins with the initiation of a contract and includes the completion of the contract. We also process data that we obtained permissibly from publicly available sources (e.g. commercial register).
Personal data from you that we process includes for example:
first and last name, address, date and place of birth, nationality, occupational information, phone numbers, email address, bank account information, information on personal income, information on personal wealth, marital status, tax number, data from identification documents, login data, customer number, etc.
3. For what purposes and on what legal basis do we process the data?
a) To fulfil contractual obligations (Art. 6 (1) lit b) GDPR):
We process personal data (Art 4 No. 2 GDPR) in order to provide our services under the platform contract and other relevant required activities. Precontractual information that you provide as part of the registration process is also included.
b) To meet legal obligations (Art. 6 (1) lit c) GDPR):
We may process personal data for the purpose of fulfilling various legal obligations, e.g. due to taxation law etc.
c) Within the framework of your consent (Art. 6 (1) lit a) GDPR):
In case you give us consent for the processing of your personal data for specific purposes, we process data in accordance with the purposes and to the extent defined in the declaration of consent. You have the possibility to revoke your consent at any time with effect for the future.
d) To protect legitimate interests (Art. 6 (1) lit f) GDPR):
It is possible as a result of a balancing of interests that in favour of Raisin or third parties Raisin or a third party process data beyond the actual fulfilment of the contract to protect the legitimate interests of Raisin or third parties. Such processing is:
- Testing and optimization of requirements analysis and direct customer approach;
- Measures to manage the business, to improve services and to recover customers;
- Advertising or market and opinion research, unless you have not objected to this kind of usage of your personal data according to Art. 21 GDPR.
4. Who receives my personal data?
a) Within Raisin those departments and employees process your personal data, which need the data to fulfil the contractual obligations, legal obligations or legitimate interests.
b) In addition, data processors (e.g. external IT service providers) and distribution partners contracted by us process your personal data if they need the data to perform their respective services. All data processors and distribution partners have a contractual obligation to treat your data as confidential and to process the data only within the framework of the provision of their services to us.
c) Based on the fulfilment of legal obligations Raisin may be obliged under certain circumstances to forward data to public bodies and institutions.
d) Other persons may receive your data if you have given your consent for the transmission of data to such persons.
5. Does Raisin transmit my data to a third country or an international organization?
In principle, your personal data will not be transmitted to a third country or international organization. In any case, such transmission only occurs as part of a data processing agreement, express consent by you or based on a legal obligation and taking into account legal restrictions.
6. How long will my data be stored?
- Raisin stores your personal data no longer than absolutely necessary. In order to fulfil the contract, we store the data for the duration of the entire customer relationship.
- Based on legal retention and documentation requirements Raisin can store data beyond the customer relationship. This can derive for example from the German Commercial Code (Handelsgesetzbuch, HGB) and the German Tax Code (Abgabenordnung, AO). We take into account the statutes of limitation regarding storage. The Civil Code (Bürgerliches Gesetzbuch, BGB) provides for a general limitation period of 3 years and in certain cases even 30 years.
7. Which privacy rights do I have?
a) Right of information (Art. 15 GDPR):
Your right of information includes that you can request from Raisin a confirmation whether we process your personal data of you. If is this the case, you have the right to get information about this data and further information about how we process the data.
b) Right to rectification (Art. 16 GDPR):
If your information is not correct (anymore), you have the right to claim for rectification of incorrect personal data by us.
c) Right to erasure (Art. 17 GDPR):
You have the right to call for an immediate erasure of your data by us if any of the following applies:
- The keeping of personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You have revoked your consent and there is no other legal basis for processing.
- Your personal data has been processed without good reason.
- Your personal data must be deleted to meet legal requirements.
d) Right to restrict processing (Art. 18 GDPR):
The right to restrict processing includes that you can require limited data processing if any of the following applies:
- The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
- Raisin no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
- You have objected to the processing and the verification of whether the legitimate grounds of the controller override those of the data subject is still pending.
e) Right to object (Art. 21 GDPR):
If data processing takes place on the basis of a legitimate interest or of the public interest, you have the right to object to this data processing. Detailed information on your right of objection can be found at the end of this section.
f) Right to data portability (Art. 20 GDPR):
You have the right to receive your personal data provided to us in a portable format and ask us to transmit such data to another controller without hindrance from Raisin.
g) Right to complain:
In case you believe that we process your data against national or European data protection law, we kindly ask you to contact us, to find a solution together. In addition, there is a right to complain at the respective data protection supervisory authority.
h) Revocation of consent for data processing:
A consent to the processing of personal data can be revoked at any time without any form of requirements. This also applies with regard to the withdrawal of declarations of consent issued to us prior to the application of the GDRP, i.e. before 25 May 2018. We would like to point out that any revocation only applies for the future.
8. Am I required to provide personal data?
a) In the context of the customer relationship, you must provide the personal data necessary for the initiation and fulfilment of the customer relationship. Also, you must provide us with the personal data necessary for the fulfilment of legal obligations.
b) Should you disagree with the provision of these required personal data, we are not in a position to conclude or execute a contract with you.
9. Does Raisin use automated decision-making (including profiling)?
Raisin does not use automated decision-making in the sense of Art. 22 GDPR as part of the business relationship. Raisin processes your data partially automated to evaluate certain personal aspects (profiling) and to be able to provide the best possible service to you. In order to inform you about products in a targeted manner, we use evaluation tools that enable us to communicate and advertise on demand.
10. How can we change this customer information on data protection
If necessary, we can adjust this data protection information. You can find the latest version of this information at any time on our Internet Platform.
Information of your right to object pursuant to Art. 21 of the EU General Data Protection Regulation (GDPR)
1. Individual case-related right of objection
You have the right, for reasons arising out of your particular situation, to object at any time against the processing of your personal data, which is based on the Art. 6 (1) lit e) GDPR (data processing in the public interest) and Art. 6 (1) lit f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling within the meaning of Art. 4 (4) GDPR. In case you object, we will no longer process your personal data unless we can prove compelling reasons for the processing that outweigh your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims.
2. Right of objection against the processing of data for direct advertising
In individual cases, we process your personal data in order to operate direct advertising. You have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling, as far as it is related to such direct advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
3. Your objection can be communicated informally
We politely request you to direct this via phone or email to our customer service:
Email address: firstname.lastname@example.org
Information Regarding Money Transfers
For international bank transfers, Raisin Bank uses the Belgian-based ‘Society for Worldwide Interbank Financial Telecommunication’ (SWIFT), the only globally-active payment information service, to transfer the data included in the transaction to the partner banks. For reasons of system security, SWIFT temporarily stores the transaction data in its data centers in the Netherlands and in the USA.
Use of the email service provider “Exponea” – Data processing
Direct Marketing (Non-Customers)
Raisin processes the personal data of persons who have subscribed to receive personalized (targeted) newsletters. The legal basis for the processing of this data is consent according to Article 6(1)(a) of the GDPR. You have the right to revoke your consent at any time. Raisin processes this data as the controller within the meaning of Article 4(7) of the GDPR. The data processed for this purpose can include: email address, gender, login data, time-zone setting, operating system and platform, information on your visits including the URL, search terms, information about what you looked at or searched for on our website, website reaction times, download errors, duration of your visits to certain pages, information about website interaction (e.g. scrolls, clicks and mouseovers) and methods used for leaving the website, user activities, surfing on websites.
Direct Marketing (RAISIN Customers)
Raisin processes personal data for the purpose of providing targeted email marketing for existing customers. The data processed for this purpose can include: email address, gender, login data, time-zone setting, operating system and platform, information on your visits including the URL, search terms, information about what you looked at or searched for on our website, website reaction times, download errors, duration of your visits to certain pages, information about website interaction (e.g. scrolls, clicks and mouseovers) and methods used for leaving the website, user activities, surfing on websites. The legal basis for the processing of this data is our legitimate interest according to Article 6(1)(f) of the GDPR. Raisin processes this data as the controller within the meaning of Article 4(7) of the GDPR. You have the right to revoke your consent to the processing.
Personal data can be used when you use the Exponea platform. This data may include the following: (IP) address, last name, first name, gender, email address, login data, time-zone setting, operating system and platform, information on your visits including the URL, search terms, information about what you looked at or searched for on our website, website reaction times, download errors, duration of your visits to certain pages, information about website interaction (e.g. scrolls, clicks and mouseovers) and methods used for leaving the website, user activities, surfing on websites. Exponea processes this data as a processor within the meaning of Article 4(8) of the GDPR. The legal basis for the processing is our legitimate interest according to Article 6(1)(f) of the GDPR.
Exponea analyzes the personal data of Raisin website visitors (and customers) in order to create individual profiles in the context of providing a service. These profiles are used to predict future interests and display targeted (online) advertising. The aim is to present our website visitors with offers that they find relevant and interesting. The profiling is based on the (surfing) behaviour of website visitors. Raisin does not make any decisions on the basis of automated processing alone which entail legal consequences for our website visitors (and customers) or have a considerable adverse effect on them. We perform profiling solely for the purpose of providing our website visitors with more attractive offers for the purchase of goods and/or services and to adapt the content of websites to the preferences of website visitors. Within the framework of profiling, we do not process any special categories of personal data within the meaning of Article 9(1) of the GDPR.
The Mobile App uses Exponea to send messages to its users. To do so, it sends a previously generated anonymous device ID (token) to Exponea so that we can identify app users and send messages to them. Information on the functionality of Exponea is available under https://docs.exponea.com/docs/mobile-push-notifications.
Information about our website
Statistics and tracking services
Below you will find an explanation of the statistics and tracking services used on this website. All these services use “cookies”, which are text files placed on your computer, to help the website analyze how users use the site, as well as comparable technologies (e.g. storage of data in the local memory of your device, so-called local storage technology or tracking pixels that are used to (temporarily) store information about specific users or usage processes.
You can prevent cookies from being saved on your device at any time using your browser settings. However, we would like to point out that it may not be possible to use all functions of this website if cookies are disabled.
Different types of cookies are used for the optimal performance of our website.
Session cookies contain an identifier in the form of a so-called session ID and are automatically deleted when you close the browser. Using the session ID, various requests from your browser can be assigned to a common session and thus various functions such as the login function can be implemented. The session cookies are deleted when you log out or close the browser.
Permanent cookies are automatically deleted after a specified period, which can differ depending on the cookie. You can also delete the cookies early in the security settings of your browser at any time. These cookies enable us to recognize your device when you return to the website.
Technically required cookies. The main purpose of the technically required cookies is to technically enable the use of our services. The legal basis is Art. 6
Para. 1 lit. b GDPR. Deactivation of the technically required cookies is not offered.
We use technically necessary cookies in the following cases:
• for login authentication (e.g. when logging into the Raisin account);
• for load distribution;
• to save form data or your settings in connection with our cookie banner;
• in order to record which partner offer led you to our website and, if necessary, to be able to offer you the special partner conditions specified there;
• to note that information placed on our website has been displayed to you – so that it will not be displayed again the next time you visit the website.
Analysis cookies. Other cookies are used to analyze the use of our website for statistical purposes. They tell us, for example, which content on our website is particularly relevant and which type of device was used to visit the website. This enables us to make our offer more interesting and, if necessary, more user-friendly for our users. The information about the browsers and devices used enables us to adapt the page design to the most important browser types. We only use these analysis cookies if you agree to this use via our cookie banner. The legal basis for the data processing in connection with the analysis cookies is your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent by calling up the cookie settings and changing the relevant selection there.
We only use these marketing cookies if you agree to this use via our cookie banner. The legal basis for the data processing in connection with the marketing cookies is your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent by calling up the cookie settings and changing the relevant selection there.
The services used and their analysis and marketing cookies are explained below:
Bing Universal Event Tracking
The Web site uses Bing Universal event tracking (a service from Microsoft Inc., one Microsoft Way, Redmond, WA 98052-6399, USA). This service allows us to track the activities of the users of our website if they have been forwarded to our website via a display of Bing ads. In this case, a cookie is stored on your computer. On our website, a so-called Bing Universal event tracking tag is set. This is a code that, in conjunction with the cookie stored on your computer, stores anonymized data (such as the event type and event category) about your use of the site. This data is transferred to a Microsoft Inc. server in the United States and is stored there for a maximum of 180 days. By using our website, you consent to the processing of the data collected about you by Microsoft in the manner and for the purpose described above. You may oppose participation in the tracking at any time with effect for the future under this link.
This website uses the web analytics service Crazy Egg of Crazy Egg Inc. (‘Crazy Egg’) to collect statistical data about the usage of our website. With the help of Crazy Egg’s technology, visitor information is collected and sent to Crazy Egg’s server. With the help of cookies, the technology enables us to determine, analyse and visualize the activities of users when visiting our website. However, in this process, no personal data, such as names, addresses or telephone numbers, is saved by Crazy Egg, and the information collected is not forwarded to third parties. By using this website you agree to the processing of data about you by Crazy Egg in the manner described above and for the above-stated purposes. You can opt out of the collection and storage of data by Crazy Egg at any time by adjusting your browser settings. For guidance on how to do this, click on this link.
This website uses the so-called Facebook pixel of the social network Facebook (Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA). When you visit our website, the Facebook pixel is used to establish a direct connection between your browser and the Facebook server. This will give Facebook the information that you have visited this page with your IP address. This allows Facebook to associate the visit to our pages with your user account. The information obtained in this way can be used for the display of Facebook ads or for tracking functions. For more information, see the Facebook privacy statement. By using our website, you consent to the processing of the data collected about you by Facebook in the manner described above and for the aforementioned purpose. If you do not wish to collect data, you can disable it here.
Conversion tracking from AdWords is an analysis service from Google Inc. that links the data from the Google AdWords Network to the activity that is taking place on our website in order to generate conversion statistics. Cookies and usage data are collected. By using our website, you agree to the processing of the data collected about you in the manner and for the purpose described above. If you do not wish to participate in the tracking, please disable the saving of cookies in the appropriate setting of your browser.
AdWords Remarketing is a remarketing and behavioural targeting service from Google Inc. that links the activity that takes place on our website to the AdWords Network and the DoubleClick cookie to display interest-based recommendations. Cookies and usage data are collected. By using our website, you agree to the processing of the data collected about you in the manner and for the purpose described above. If you do not wish to receive interest-based recommendations, please disable the saving of cookies in the appropriate setting of your browser.
Our website uses an analysis service of HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA. HubSpot collects information about the use of our website by using cookies. The cookies track in particular but not conclusively the domain, IP address, initial timestamp, last timestamp, current timestamp, viewCount, session number, and session start timestamp. By using our website, you agree to the processing of the data collected about you by HubSpot in the manner and for the purpose described above.
LinkedIn website retargeting
LinkedIn website retargeting is a remarketing and behavioural targeting service from LinkedIn Corporation that connects the activity on our website to the LinkedIn network to display interest-based recommendations. To do this, this website uses the so-called LinkedIn insight tag. This tag deposits a cookie in the web browser of visitors to our website. We also receive aggregated and anonymous reports from LinkedIn about ad activity and information about how you interact with our site. The LinkedIn insight tag allows you to collect meta data such as IP address, timestamp, and events (such as visited page). All data is encrypted. The LinkedIn browser cookie is stored in your browser until the cookie is deleted or expires (the cookie has a six-month validity period from the time the user’s browser last loaded the Insight tag). By using our website, you agree to the processing of the data collected about you in the manner and for the purpose described above. You can opt out of the analysis of your usage behaviour through LinkedIn and the display of interest-based recommendations. To do this, click the “Decline on LinkedIn” checkbox (for LinkedIn members) or “Decline” (for other users) at this link.
In the Mobile App we use Firebase (https://www.firebase.com/), a framework maintained by the Google subsidiary Firebase residing in San Francisco (1600 Amphitheatre Parkway, Mountain View, CA 94043) USA, through which we track and administer the following real-time functions––
Tracking of user behaviour through Google Analytics (cp. para 2) for Firebase;
Tracking of app crashes and their reasons through Firebase Crashlytics (cp. para 3);
Push notifications through Firebase Cloud Messaging (cp. in para 4);
The Mobile App uses the web analysis service Google Analytics that tracks your use of the Mobile App through cookies or comparable technology. The information generated through your cookie or the comparable technology is usually transmitted to a Google server in the USA and stored there. As we anonymize IP addresses in the Mobile App, your IP address is shortened by Google within the European Union or in a member state of the Treaty on the European Economic Area, by way of exception (e.g. in case of technical failure of servers within the EU) it is transmitted in full to Google servers in the USA and shortened there. We use the information prepared by Google to interpret your use of the Mobile App for its optimization and further development.
We use Firebase Crashlytics to track app crashes as they occur and to prevent future ones. In case of an app crash, a report is created that contains the type and OS of the device, your last activities in the app, and your geolocation in pseudonymous form, and that is sent to Google. Information on the functionality of Crashlytics is available under https://firebase.google.com/products/crashlytics/
The legal basis for the use of Firebase is our legitimate interest in maintaining the Mobile App stable and evaluating its performance according to Art. 6 para. 1 lit. f GDPR.
If you do not want the data categories mentioned in this section processed, you may not use the Mobile App.
Our website uses the analysis service Snowplow of Snowplow Analytics Ltd., London EC2A 4RQ, UK). Snowplow collects information about the use of our website by using a tracking pixel and cookies. Data collection and processing is carried out at any time without reference to persons. In particular, no full IP addresses are stored. If you do not wish to share such data, you need to (i) deactivate the storage of cookies in the appropriate web usage settings for your browser and (ii) not use the Mobile App (for app usage).
Intermediary Partners (affiliates, publisher)
When accessing our website through certain intermediary partners with whom we cooperate, cookies are set by these intermediary partners. The cookies remain stored beyond your current visit to our website. However, no personal data are collected, but only anonymous identification numbers for the purpose of assigning the reference to the respective intermediating partner.
How to prevent cookies
If you do not wish to collect data from cookies, please disable the storage of cookies in the appropriate setting of your browser. You can also delete existing cookies there. However, we would point out that in this case, you may not be able to use all the functions of this website to its full extent.
Our Security Technology
The pages on which we collect personal data are encrypted with 128 bits and are certified by institutions that are approved for internationally accredited encryption certification.
For the Online Banking System of Raisin Bank, further security measures have been put in place (e.g., the use of PIN/transaction password). Unauthorized access is prevented by a firewall system.
For more information, please refer to “Security”