The data controller as defined by the General Data Protection Regulation (GDPR) is:
Zeppelinring 27 - 29
Biberach an der Riß
(hereinafter also referred to as "Sparkasse", "we", "our" or "us")
Data protection officer
Zeppelinring 27 - 29
Biberach an der Riß
When we process personal data, it means that we collect, store, transmit, delete or otherwise use the information. Personal data refers to information about natural persons who use this website to obtain information on Sparkasse's products and offers.
Below you will find an overview of which data we collect when you visit this website and for what purposes the data is processed.
When you use our website for purely informational purposes, we collect the following data, which we require for technical purposes:
In accordance with Art. 6 para. 1 lit. f) GDPR, the processing of the above-mentioned data is necessary for the purposes of pursuing our legitimate interests. In the event of the unlawful use of this website, the data may also be used to identify potential violations.
In addition, this information will be analysed for statistical purposes as well as to improve our website. This will be done without creating personal user profiles.
If you don't want cookies to be stored on your end device, you can prevent this by changing your browser settings accordingly. This is also where you can delete cookies that are already stored on your end device. However, it will no longer be possible to use all of the features provided on this website if you deactivate technical and functional cookies.
Strictly necessary cookies:
We do not use the data collected through necessary cookies to create user profiles. Necessary cookies store and transmit the following data:
Since websites don’t have a memory, cookies are needed to notify the server of the pages that need to be displayed to a user. This means that users do not have to try to remember everything or have to navigate through the entire website again. Cookies can, for example, store order information, which is necessary for shopping baskets to work and frees users from having to remember all of the items they placed in their basket when they are ready to pay.
Nearly all of the technical and functional cookies used are session cookies. All of the data stored in session cookies is automatically deleted when you leave the website. This includes the cookies required, for example, to use online banking:
The cookies used to retain information about items placed in shopping baskets expire after 10 days. The SPK_COOKIE cookie, which transfers Sparkassen customers from the main sparkasse.de website to their local Sparkassen website and “remembers” the sort code in order to do so, expires after 6 months.
The data processed through necessary technical and functional cookies is processed on the basis of Art. 25(2) of the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG).
The Sparkassen Finanzgruppe uses analytics and measurement platforms to deliver, analyse and measure the success of national and regional digital advertising campaigns.
After obtaining your consent on a landing page (sparkasse.de), these analyses are performed with the help of the following platforms
Your information will only be shared with third parties insofar as you have consented to this or where we have a legal obligation to do so. In particular such recipients may include:
Our service providers may also receive such data if they meet Sparkasse's special confidentiality requirements. In particular, these may include IT service providers, consulting services and companies in sales and marketing. The appropriate data protection agreements will be arranged with these service providers.
Should the data mentioned in this policy no longer be required for its original purpose, it will be deleted. In the event that the further processing of the data is – temporarily – required for other purposes, this will not apply.
Insofar as the storage period defined for individual services differs from the above, this information will be available in the description for each service.
As a rule, the data we collect when you visit this website is not transmitted to international organisations or third countries (states outside the European Economic Area -EEA). For more information on the possible transmission of pseudonymised data by analysis services, please see the section "Analytical cookies".
You have the following rights concerning your personal information held by Sparkasse:
You have the right to object at any time, on grounds relating to your own particular situation, to the processing of your personal data based on Art. 6 para. 1 lit. e) GDPR (processing carried out in the public interest) or Art. 6 para. 1 lit. f) GDPR (data processing necessary for pursuing the legitimate interests of the controller); including profiling based on these provisions as defined by Art. 4 para. 4 GDPR.
Should you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which outweigh your personal interests, rights and freedoms; or where such processing serves in the establishment, exercise or defence of legal claims.
In individual cases, we process your personal information for the purposes of direct marketing. You have the right to object at any time to the processing of your personal data for such marketing; this includes profiling insofar as it is related to such direct marketing.
Should you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for such purposes.
The objection need not follow a particular form and should be addressed to:
Zeppelinring 27 - 29
88400 Biberach an der Riß
You also have the right to lodge a complaint with the following supervisory authority regarding the processing of your data:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Königstrasse 10 a
Telefon: 0711 615541-0
Fax: 0711 615541-15
The data collected from visits to this website is not used for automated decision making as defined by Art. 22 GDPR.
Updated: December 2021