Erscheinung:10.09.2018, Stand:updated on 29.07.2019 | Topic Compliance Information on data processing regarding the supervision of violations of statutory provisions (submission of ad hoc disclosures and self-exemptions via the MVP Portal/fax)
The Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin) processes personal data to meet its legal and (pre-)contractual obligations. This also includes data which BaFin collected from you. To promote awareness regarding data processing and your rights and to comply with its duty to provide information in accordance with Article 13 and Article 14 of the EU General Data Protection Regulation (GDPR), BaFin informs you as follows:
1. Contact details for BaFin and BaFin’s Data Protection Officer
Bundesanstalt für Finanzdienstleistungsaufsicht
Graurheindorfer Str. 108
53117 Bonn
Postfach 1253
53002 Bonn
Phone: +49 (0)228 / 4108 – 0
Fax: +49 (0)228 / 4108 – 1550
E-Mail: poststelle@bafin.de oder De-Mail: poststelle@bafin.de-mail.de
BaFin’s Data Protection Officer can be reached at: Datenschutz@bafin.de
2. Purpose of processing
BaFin uses the submitted ad hoc disclosures and self-exemptions for the purpose of performing its supervisory duties under the Market Abuse Regulation (MAR).
3. Legal basis for the collection of data
Section 3 of the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG); Article 6(1)(e) of the GDPR, section 6 (5) of the German Securities Trading Act (Wertpapierhandelsgesetz – WpHG) in conjunction with Articles 22, 25 and 17 of Regulation (EU) No 596/2014 (Market Abuse Regulation – MAR), Articles 4 and 5 of Implementing Regulation (EU) 2016/1055, sections 6, 26 (1) and (4) of the WpHG in conjunction with sections 4 et seq. of the German Securities Trading Reporting Regulation (Wertpapierhandelsanzeigeverordnung – WpAV) and section 120 of the WpHG
4. Categories of processed personal data
The personal data held about you or third parties include in particular:
Names, date of birth, address details, contact details, account numbers, securities account numbers and customer identification numbers.
5. Intention to transfer the personal data to recipients in a third country or to an international organisation
BaFin does not intend to transfer your data to a recipient in a third country (non-EU member states and countries outside the European Economic Area) or to an international organisation. However, your data may be transmitted to another supervisory authority in a third country in the context of requests for assistance.
6. Recipient of data
The data are processed within BaFin in line with its duties.
7. Time period for storing your data
5 years
8. Your rights as a data subject
In principle, as a data subject, you have the right of access to personal data (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), the right to erasure (Article 17 of the GDPR) and the right to restriction of processing (Article 18 of the GDPR), the right to data portability (Article 20 of the GDPR) and the right to object to the processing (Article 21 of the GDPR). Moreover, you have a right to lodge a complaint with the data protection authority competent for BaFin, i.e. the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte(r) für den Datenschutz und die Informationsfreiheit).
9. Automated individual decision-making, including profiling
There is no automated individual decision-making.
10. Source of personal data
Investment services enterprises, other credit institutions, asset management companies and operators of off-exchange markets on which financial instruments are traded. The data source is not generally accessible.
11. Basis for the provision of your data and consequences in the event of failure to provide your personal data
See above under point 3. If you do not provide your personal data, BaFin will not be able to fully assess the procedures to be supervised or any facts that may need to be checked as part of the supervision of violations of statutory provisions.
