Trust is important, especially when it comes to your personal data. That is why we see it as our obligation to exercise the utmost
care in the handling of your personal data and to do everything we can to protect your information from misuse.
Immobilien Rating GmbH adheres strictly to data protection laws in the collection and processing of your data. The following
information explains in detail which data is collected when you visit our website and how we use this data.
This data protection declaration applies to the website of Immobilien Rating GmbH at http://www.irg.at. Individual pages in
this site may include links to other parties who are members of the UniCredit Group, or who are not associated with the UniCredit
Group, and to whom this data protection declaration does not apply, which means we assume no liability whatsoever for such content.
- Which data is processed and what are the sources of this data?
We process the personal data that we receive from you within the scope of our business relationship. We also process data that
we have legitimately received from publicly available sources (such as commercial
register, register of associations, land register, media).
This personal data includes:
In addition, this data may also include the following:
- Your personal details (name, address, contact details, date of birth, place of birth, nationality, etc.)
For what purposes and an what legal basis is the data processed?
- Data relating to the fulfilment of our contractual obligations
- Advertising and sales data
- Documentation data (such as consulting records)
- Register data
- Information from your electronic communication with the bank (such as apps, cookies, etc.)
- Processing results generated by Immobilien Rating itself
- Data for compliance with legal and regulatory requirements
We process your personal data in accordance with data protection regulations:
For the fulfilment of contractual obligations (Section 6 Para. 1b DSGVO [Datenschutz Grundverordnung (General Data Protection Regulation (GDPR)]):
The processing of your data (personal data, Section 4 (2) GDPR is necessary to handle banking transactions, provide financial services and to process insurance,
leasing and property transactions with you.
The purposes of data processing are based primarily on the specific product (such as account, credit, building society services, securities, deposits, procurements)
and include, among other things:
- Needs analyses
- Advisory services
The specific details for the purpose of data processing can be found in the respective contract documents and terms and conditions.
Who has access to your data?
Within Immobilien Rating GmbH, your data is received by those offices or employees that require your data to fulfil contractual,
statutory and regulatory obligations and to safeguard legitimate interests. Furthermore, data processing companies acting on our
behalf (especially IT and back-office service providers, and service line providers) receive your data if they require it to provide
their respective services. Accordingly, all the data processing companies are contractually obligated to keep your data confidential
and to process it only in the context of service provision.
How long will your data be stored and processed?
Public authorities and institutions, (such as the European Banking Supervisory Authority, European Central Bank, Austrian
Financial Market Authority, fiscal authorities, etc.) and UniCredit S.p.A. as our parent company, may be granted access to
your personal data if there is a statutory or regulatory obligation to do so.
For the entire period of the business relationship (from the initiation, to the implementation, until the end of the contract) and beyond,
in accordance with the legal safekeeping and documentation obligations. These are set out, among others, in:
- the Austrian Company Code (UGB)
- the Federal Fiscal Code (BAO)
- the Austrian Banking Act (BWG)
- the Financial Markets Money Laundering Act (FM-GwG)
- the Austrian Securities Supervision Act (WAG)
Moreover, the statutory limitation periods must be taken into consideration for the retention period, and in accordance with the provisions
of the General Civil Code (ABGB), for example, these can extend to as long as 30 years in certain cases (the general limitation period is 3 years).
Which data protection rights are you entitled to?
At any time, you have:
- the right of access, the right to rectification, right to erasure or the right to restriction of processing regarding your stored data
- the right to object to the processing of your data
- the right to data portability as set forth in the provisions of the Data Protection Law
Any complaints should be directed to the Austrian Data Protection Authority:
Are you obliged to provide data?
You must provide such personal data which is necessary to establish and maintain our business relationship, as well as the information which we
are legally required to collect.
Is there automatic decision making including profiling?
If you are not willing to provide this data to us, in most cases we are obliged to refuse to enter into a contract with you or to process your
order. In such cases, we are no longer able to execute an existing contract and must therefore terminate it.
However, you are not obliged to grant permission to process your data in the case of data that is not relevant for the fulfilment of the contract,
or is not required for this purpose by legal and/or regulatory authorities.
We do not use automated decision-making procedures as defined under Section 22 GDPR to reach decisions with regard to the creation or
implementation of the business relationship.
To make the user experience of our website as convenient as possible, we use so-called cookies. Cookies are small text files which enable the system
to recognise a returning user. You can block the installation of cookies by activating a corresponding setting in your browser software.
The security of your data is our highest concern. Our stated aim is to take all technical and organisational measures required to ensure that our
data processing is carried out in a secure manner and to process your personal data in such a way that it is protected from access by unauthorised
We make sure our IT infrastructure complies with the highest international security standards by using the most up-to-date security software, codes and encryption procedures.