BaFin

Topic Compliance Data protection

The Federal Financial Supervisory Authority (Bundesanstalt für FinanzdienstleistungsaufsichtBaFin) processes personal data only in accordance with the general data processing principles of the EU General Data Protection Regulation (Regulation (EU) 679/2016 – GDPR) and complies with the legal provisions set forth in the GDPR and in the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG).

1. Information on personal data processing arising from use of the online offer

Insofar as personal data are collected through the online offer of BaFin, BaFin will process such data for the intended purpose only and in accordance with legal provisions.

All access to BaFin’s online offer is saved in a log file. The log file stores the following data:

  • IP address of the accessing computer;
  • name of the file that is retrieved;
  • date and time of retrieval;
  • data volume transferred;
  • message stating whether the retrieval was successful.

BaFin evaluates the data saved in the log file in anonymised form and for statistical purposes only and to improve BaFin’s online portal. The data are not shared with third parties. Therefore, the data are no longer available for further processing.

When accessing the BaFin website, temporary cookies (so-called session cookies) are used to navigate the site. These cookies do not contain personal data and expire once the session has ended.

On its website, BaFin offers users the option to order publications, to subscribe to newsletters, to submit complaints, and to make general contact. If you wish to use these offers, you will be asked to enter personal data which are required to process your request. You are free to decide whether you wish to use these offers and enter your data. By transmitting your personal data, you consent to the processing of these data; if not, it is not possible to use these offers.

The data collected from you are saved and processed only for the purpose of processing your request. Where necessary, when processing complaints about companies, this may include your data being transmitted to the company concerned; when ordering publications, your data may be transmitted to service providers commissioned with the delivery of said publications.

The user has the option to subscribe to the BaFin newsletter. For this purpose, users may provide their e-mail address which BaFin will use to send a newsletter to until either the user opts to unsubscribe from the newsletter (which is feasible at any time) or until BaFin ceases to provide this offer. Each newsletter contains information on how the user can unsubscribe from the newsletter service. The e-mail address will be erased as soon as the user unsubscribes from the newsletter, or BaFin ceases to provide the newsletter service.

Persons under the age of 18 should not transmit any personal data to BaFin without the prior consent from their parents or their guardians. BaFin does not request any personal data from persons under the age of 18. BaFin neither knowingly collects those data, nor does BaFin transmit these to third parties.

BaFin reserves the right to update its data protection information. We will inform you about any such updates on this web page.

In principle, you have the right of access to and rectification or erasure of personal data, the right to restriction of processing, data portability and the right to object against BaFin. You also have the right to lodge a complaint with the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte(r) für Datenschutz und Informationsfreiheit – BfDI).

The controller within the meaning of the GDPR is the Federal Financial Supervisory Authority (Bundesanstalt für FinanzdienstleistungsaufsichtBaFin), represented by its President, Felix Hufeld.

The contact details for BaFin and BaFin’s Data Protection Officer are as follows:

Bundesanstalt für Finanzdienstleistungsaufsicht
Graurheindorfer Str. 108
53117 Bonn
Postfach 1253
53002 Bonn
Phone: 0228 / 4108 – 0
Fax: 0228 / 4108 – 1550
E-mail: poststelle@bafin.de or De-Mail: poststelle@bafin.de-mail.de
BaFin’s Data Protection Officer can be reached at: Datenschutz@bafin.de

2. Information for data subjects (Article 13 and Article 14 of the GDPR)

To comply with its legal and (pre-)contractual obligations, BaFin uses personal data which also include data provided to us by data subjects, or which we collected from third parties on data subjects. To promote awareness regarding data processing and your rights and to comply with our duty to provide information (Article 13 and Article 14 of the GDPR), we will be informing you below of the individual circumstances:

Information regarding the processing of your personal data.

3. General information on data processing for administrative offences under section 55 of the BDSG

To fulfil its legal obligations, BaFin uses personal data. These legal obligations include in particular the prevention, investigation, detection or punishment of criminal or administrative offences.

The purpose of data processing is the prevention of money laundering and terrorist financing. BaFin also ensures that banking, financial services and insurance businesses are not being conducted without official authorisation. It is also responsible for enforcement relating to unauthorised business.

In principle, as a data subject you have the right of access to personal data (section 57 of the BDSG) and the rights to rectification, erasure and restriction of processing (section 58 of the BDSG).

Moreover, you have the right to appeal to the Federal Commissioner for Data Protection and Freedom of Information (BfDI). You can reach the BfDI as follows:

Die Bundesbeauftragte / der Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
Husarenstr. 30
53117 Bonn
Phone: +49 (0)228-997799-0
E-mail: poststelle@bfdi.bund.de

You can contact BaFin and BaFin’s Data Protection Officer, Dr Martin Esser, as follows:

Bundesanstalt für Finanzdienstleistungsaufsicht
Graurheindorfer Str. 108
53117 Bonn
Postfach 1253
53002 Bonn
Phone: 0228 / 4108 – 0
Fax: 0228 / 4108 – 1550
E-mail: poststelle@bafin.de oder De-Mail: poststelle@bafin.de-mail.de
BaFin’s Data Protection Officer can be reached at: Datenschutz@bafin.de

Did you find this article helpful?

We appreciate your feedback

* Mandatory field

Publications on this topic

In­for­ma­tion on da­ta pro­cess­ing re­gard­ing the su­per­vi­sion of vi­o­la­tions of statu­to­ry pro­vi­sions, no­tices of hear­ing, re­quests for in­for­ma­tion and doc­u­men­ta­tion

The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) processes personal data to meet its legal and (pre-)contractual obligations. This also includes data which BaFin collected from you. To promote awareness regarding data processing and your rights as well as to comply with our duty to provide information in accordance with Article 13 and Article 14 …

In­for­ma­tion on da­ta pro­cess­ing re­gard­ing the su­per­vi­sion of vi­o­la­tions of statu­to­ry pro­vi­sions (sub­mis­sion of ad hoc dis­clo­sures and self-ex­emp­tions via the MVP Por­tal/fax)

The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) processes personal data to meet its legal and (pre-)contractual obligations. This also includes data which BaFin collected from you. To promote awareness regarding data processing and your rights and to comply with its duty to provide information in accordance with Article 13 and Article 14 of the EU

In­for­ma­tion on da­ta pro­cess­ing re­gard­ing sus­pi­cious trans­ac­tion and or­der re­ports by for­eign au­thor­i­ties re­lat­ing to mar­ket abuse

The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) processes personal data to meet its legal and (pre-)contractual obligations. This also includes data which BaFin collected from you. To promote awareness regarding data processing and your rights and to comply with our duty to provide information in accordance with Article 13 of the EU General …

In­for­ma­tion on da­ta pro­cess­ing re­gard­ing the pro­cess­ing of ap­pli­ca­tions for au­tho­ri­sa­tion un­der sec­tion 102 of the Ger­man Se­cu­ri­ties Trad­ing Act (Wert­pa­pier­han­dels­ge­setz – WpHG)

The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) processes personal data to meet its legal and (pre-)contractual obligations. This also includes data which BaFin collected from you. To promote awareness regarding data processing and your rights and to comply with our duty to provide information in accordance with Article 13 and Article 14 of the EU

In­for­ma­tion on da­ta pro­cess­ing re­gard­ing ad­min­is­tra­tive pro­ce­dures un­der the Bench­mark Reg­u­la­tion

The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) processes personal data to meet its legal and (pre-)contractual obligations. This also includes data which BaFin collected from you. To promote awareness regarding data processing and your rights and to comply with our duty to provide information in accordance with Article 13 and Article 14 of the EU

All documents