I. Name and address of controller
The controller under the General Data Protection Regulation is:
Institution established under public law
Brienner Straße 18
80333 Munich, Germany
II. Contact details for the data protection officer
The data protection officer can be contacted at:
The Data Protection Officer
Dr Georg Schröder
c/o Bayerische Landesbank
Brienner Straße 18
80333 Munich, Germany
III. General information on data processing
Protecting your personal data is very important to us. We mainly process it in order to keep our website running and easy to use. We would like to ensure that you are able to use our content and offerings through this website.
We also only process your data to the extent permitted by law. For further details please see below.
IV. Provision of website and creation of log files
Each time our website is accessed, our system automatically records data and information about your computer system. We collect the following data:
- Information about the type of browser and the version used
- Your IP address
- Date and time of access
This data is stored in the log files in our system. The data listed is not stored with other personal data.
Our system has to temporarily store your IP address, so the website can be delivered to your computer. To do this, your IP address has to be stored for the duration of each visit to the website. The log files are therefore saved so the website can function. We also use this data to optimise our website and protect our IT systems. Data in this context is not used for marketing purposes. The legal basis for temporarily storing data and log files is Article 6 (1) f) of the General Data Protection Regulation (hereinafter referred to as “GDPR”).
This data is stored as long as it is required to meet the purpose for which it was collected. If data is needed to provide the website, it ceases to be so once the session is ended. Your data is then automatically erased. In the case of data saved in log files, this occurs within 14 days. If this data remains stored your IP address is erased or redacted so it cannot be associated with the incoming internet connection.
Except where other periods for deletion are specified below, the following provides a summary of the storage periods which apply regardless of the nature and purpose of the cookies:
If cookies for our website are generally deactivated, it may not be possible to use all functions on the site.
You can stop cookies being saved on your computer by using the corresponding setting on your browser software; please note that in this case you may not be able to use all the functions on our website.
This website uses the web analysis service Matomo from Matomo.org so we can evaluate use of our website and constantly improve it. The statistics acquired allow us to improve our offering and make it more attractive for you as a user. The legal basis for using Matomo is Article 6 (1) sentence 1 letter f) GDPR.
Cookies are saved on your computer for this evaluation. The information gathered in this way is saved solely on our servers in Germany. You can stop the evaluation by deleting any cookies present and blocking the saving of cookies. If you block cookies from being saved, please note that you may not be able to use this website in full. You can block cookies from being saved using your browser settings. You can block the use of Matomo by removing the tick, which activates the opt-out plug-in.
This website uses Matomo with the AnonymizeIP extension. This means IP addresses are processed in a shortened form, so they cannot be directly related to individuals. IP addresses sent to us by your browser over Matomo are not merged with other data we gather.
Matomo is an open source project. For information from the third-party provider on data protection, please go to ›https://matomo.org/privacy-policy/ .
Log data on our servers which is not anonymised is automatically deleted after 14 days.
VI. Log-in/registration – client.next
It is possible to use large sections of our website without registering or providing your personal details.
We offer you the option to register voluntarily for the client.next log-in area, to gain access to exclusive content, functions and information. client.next gives you single-sign-on access so you can immediately go to your current account overdrafts or interest rate and commodities derivatives, or get the latest research data. You can also receive your account documents digitally via the dedicated inbox.
To be given access to the log-in area,
- Please click on the following link:
- Then click on “Apply for access”.
When registering, please supply:
- Your full name and
- The name of your company.
What further data we process depends on the services you would like to use. This can be found in the further correspondence as part of registration.
The legal basis for the processing is therefore the user agreement entered into for client.next, i.e. Article 6 (1) b) GDPR.
Your data is deleted once it is no longer needed to achieve the purpose for which it was collected. For data collected as part of registration this is generally the case when you cancel your registration or delete your username.
If this data is required to perform an agreement or carry out pre-contractual measures, early deletion is only possible if permitted by contractual or statutory obligations. We may be under a contractual or statutory obligation to save data even after the agreement has ended (e.g. for tax purposes). The storage period applicable has to be determined separately for each agreement and contracting party.
VII. Contact form and e-mail contact
You can contact us using a contact form on our website or by e-mail. If you enter data in the template provided for the contact form, it will be sent to us and processed by us. This applies to the following mandatory information:
(1) Subject (reason for making contact)
(3) E-mail address
(4) Form of address
(5) Your name
(6) Post code
(7) Town, street and country
We also process data you give us voluntarily.
If you make contact via the e-mail address that has been provided, the personal data transmitted with your email will be saved. The legal basis for processing your data is therefore Article 6 (1) f) GDPR, as we have a legitimate interest in this. If you make contact using the form or by e-mail in connection with entering into or carrying out an agreement, Article 6 (1) b) GDPR is always the legal basis for the processing.
We process personal data from the entry template or e-mail solely to deal with processing the correspondence. The data is not transmitted to third parties.
We delete your data as soon as it is no longer needed to achieve the purpose for which it was collected. For personal data from the entry template in the contact form or submitted by e-mail, this is the case when the correspondence with you is completed. The correspondence is completed when the circumstances indicate that the matter in question has been fully dealt with.
If you make contact by e-mail you can object to your personal data being stored at any time. To do this please send a message to this effect, which does not need to be in any particular form, to the contact details provided under item I.
In some circumstances, however, it may not be possible to process your message.
If the data is required to perform an agreement or carry out pre-contractual measures, early deletion is only possible if permitted by contractual or statutory obligations. The storage period applicable has to be determined separately for each agreement and contracting party.
Once you have sent your message via the contact form, the following data will also be saved:
(1) Your IP address
(2) Date and time sent
This data is processed during dispatch to prevent misuse of the contact form and ensure our IT systems are secure. The legal basis is therefore Article 6 (1) f) GDPR. Additional personal data collected during dispatch is deleted within seven days, unless storage beyond that is permitted for statutory or contractual purposes.
You can sign up for our free newsletter.
To do this, please enter your data in the template provided and it will be forwarded to us. The following data is required:
(1) Full name
(2) E-mail address
(3) Telephone number (voluntary)
(4) Company name (voluntary)
Once your message has been sent, the following other data is also saved:
(1) Your IP address
(2) Date and time sent
Before sending your data, please grant your consent for it to be processed; please note this data protection notice. Your data will then be processed with your consent. The legal basis is therefore Article 6 (1) a) GDPR.
After subscribing you will receive an e-mail asking you to confirm your subscription. This confirmation is required to stop people subscribing with other people’s e-mail addresses. Subscription to the newsletter is recorded so we can prove that the subscription process met the legal requirements. This includes saving the time of subscription and confirmation and the IP address you used.
As this data also has to be processed in order to deliver the newsletter requested, Article 6 (1) b) and Article 6 (1) f) also serve as the legal basis.
No data is passed to third parties in connection with the processing of data for sending newsletters. The data is used solely for sending the newsletter.
You can cancel your subscription to the newsletter at any time or object to further newsletters being sent. Each newsletter contains a link to the unsubscribe form. This also allows you to withdraw your consent to your data being saved. You can also send your withdrawal, which need not be in any particular form, to the contact details provided provided under item I. or to firstname.lastname@example.org.
We use the Microsoft Dynamics 365 customer relationship management ("CRM") system. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Among other things, Microsoft Dynamics 365 CRM enables us to manage existing and potential customers as well as customer contacts. With the help of Microsoft Dynamics 365 CRM, we are able to capture, sort, and analyse customer interactions via e-mail, social media, or phone across multiple channels. The personal data collected in this way can be evaluated and used for communication with the potential customer or for marketing activities, such as newsletter mailings. With Microsoft Dynamics 365 CRM, we are also able to record and analyse the user behaviour of our contacts on our website.
The use of Microsoft Dynamics 365 CRM is based on Art. 6 (1) f) GDPR.
For more details, see Microsoft's privacy statement:
We delete your data as soon as it is no longer needed to achieve the purpose for which it was collected. Your e-mail address will be saved as long as you are subscribed to the newsletter. Other personal data collected as part of the subscription process is generally deleted seven days after collection.
If the data is required to perform an agreement or carry out pre-contractual measures, early deletion is only possible if permitted by contractual or statutory obligations. We may be under a contractual or statutory obligation to save data even after the agreement has ended (e.g. for tax purposes). The storage period applicable has to be determined separately for each agreement and contracting party.
IX. Your rights
Please find below a summary of your rights under the General Data Protection Regulation.
1. Right to withdraw consent (Article 7 (3) GDPR)
You have the right to withdraw your consents at any time. Withdrawing consent does not affect the legality of processing carried out with this consent before it was withdrawn. You will be informed of this before giving consent.
2. Right of access (Article 15 GDPR, section 34 BDSG)
Under Article 15 GDPR you have the right to request confirmation from us as to whether or not we are processing personal data concerning you. Where that is the case, you have the right to access this personal data and the following information:
Where personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate safeguards being used to ensure that the provisions of the GDPR will be observed by these recipients.
3. Right to rectification (Article 16 GDPR, section 35 BDSG)
You have the right to have inaccurate personal data concerning you rectified by us without undue delay. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4. Right to erasure or “right to be forgotten” (Article 17 GDPR, section 35 BDSG)
You have the right to obtain the erasure of personal data by us without undue delay where one of the following grounds applies:
Where we have made your data public and are obliged to erase it, we take into account available technology and the cost of implementation while taking reasonable steps to inform the controllers that you have demanded erasure.
5. Right to restriction of processing (Article 18 GDPR)
Under Article 18 GDPR, we may only process data to a limited extent in the following cases. This applies where:
Where processing has been restricted, we may only store the data. Further processing is only permitted with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.
You may withdraw consent given in this regard at any time.
You will be informed by us before the restriction is lifted.
6. Notification obligation (Article 19 GDPR)
We are obliged to communicate any rectification or erasure of your data or restriction of processing to all recipients to whom the data has been disclosed, unless this proves impossible or involves disproportionate effort.
We will inform you of these recipients at your request.
7. Right to data portability (Article 20 GDPR)
You have the right to receive the personal data concerning you which you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transmit this data to a third party, provided
You can ask us to transmit your data directly to the third party, where technically feasible. This right must not adversely affect the rights and freedoms of others.
8. Automated individual decision-making, including profiling (Article 22 GDPR)
On our website your data is not used for decisions based solely on automated processing (e.g. profiling).
9. Right to object (Article 21 GDPR)
If we process your data on the basis of a legitimate interest (Article 6 (1) f) GDPR) you have the right to object if the reasons for doing so are based on your personal situation. The same applies to profiling based on these provisions. In such cases we will no longer process your data unless we can demonstrate compelling legitimate grounds for doing so. These must override your interests, rights and freedoms or the processing must serve to establish, exercise or defend legal claims.
Where your data is processed for direct marketing purposes, you may object at any time to the processing of the data. The same applies to profiling, to the extent that it is related to such direct marketing.
Once you have objected, your data will no longer be processed for these purposes.
To lodge an objection please send a message to this effect, which need not be in any particular form, to the contact details provided under item I.
10. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of data relating to you violates the General Data Protection Regulation. This does not affect any other administrative or judicial remedy which may be open to you.
X. Social Media Platforms
BayernLB has an account on various social media platforms (“social media presences”). As a user you can visit our social media presences and learn about us and our products, as well as use the different functions at your disposal (such as “liking” our social media presence or communicating with us directly via messaging). BayernLB currently operates the following social media presences:
|Name of social media platform
|Data protection policy
|Facebook Ireland Ltd.,
4 Grand Canal Square, Dublin, Irland
| Data protection policy of Facebook
|Facebook Ireland Ltd.,
4 Grand Canal Square, Dublin, Irland
| Data protection policy of Instagram
|Google Ireland Limited,
Gordon House, Barrow Street
| Data protection policy of Youtube
|New Work SE,
20354 Hamburg, Deutschland
|Data protection policy of XING
|New Work SE
20354 Hamburg, Deutschland
|Data protection policy of Kununu
|LinkedIn Ireland Unlimited Company,
|Data protection policy of LinkedIn
555 West 18th Street,
New York, New York 10011,
|Data protection policy of Vimeo
|SoundCloud Global Limited & Co. KG,
Rheinsberger Str. 76/77,
|Data protection policy of SoundCloud
Whenever you visit one of BayernLB's social media presences you are actually on one of these social media platforms (see list for details). The provider is the controller, as defined in Art. 4 (7) GDPR, by virtue of running the particular social media platform. The list above shows the names of the companies that provide the social media platforms.
Sometimes a social media platform collects personal data about you which we then use for statistical analyses on the use of our social media presences. For the purposes of this data collection, we and the operator of the social media platform together act in certain cases as the “joint data controller” in terms of data protection law. This applies even when we receive only statistical data and are not able to trace such information back to you as a natural person. The legal basis for processing this data is usually a weighing of interests pursuant to Art. 6 (1) point (f) GDPR (our legitimate interest being the customisation of our social media presence) or your consent pursuant to Art. 6 (1) point (a) GDPR, should you have given us this. For more information on how your data is processed for statistical analyses on the use of our social media presences, see the data protection declarations (links above) issued by the social media platforms.
Whenever you visit our social media presence on Facebook (our Facebook fan page), Facebook collects certain data about you as a Facebook user. It then provides us with statistical analyses – website “insights” – of the use of our social media presence on Facebook. For more information on how your data is processed when this happens, see under Link
To view the content of our agreement with Facebook on the provision of website insights, go to Link