Data Protection Data Protection


Principles and sustainability

Your trust in a long-term business relationship is important to us. Commerzbank AG takes the protection of your personal data very seriously and adheres to the rules of data protection, in particular the provisions of the EU General Data Protection Regulation (GDPR) and our Group Data Protection Policy. The purpose of this policy is to ensure a consistently high level of data protection within the Group and to respect the rights and freedoms of the data subjects in the long term.

Personal data will only be processed if the data subject has consented, if this is required for the fulfillment of a contract or if the GDPR or another law permits or prescribes the processing.

The economical, proportionate, necessary and legally permissible handling of personal data and its purposeful processing as well as the guarantee of transparency and information to the data subject are rights under the Charter of Fundamental Rights of the European Union, to which Commerzbank expressly undertakes. In addition, Commerzbank only transmits personal data to third parties if this is lawful and it is not apparent that there is a risk to the rights and freedoms of the data subject. Commerzbank deletes personal data as soon as they are no longer required for business purposes and there are no other legitimate reasons to keep them, such as statutory retention periods. Where required by law, we can demonstrate that we comply with the principles governing the processing of personal data. Commerzbank has implemented technical and organizational measures to guarantee these goals in the long term.

Commerzbank immediately investigates inquiries, complaints, requests for information and violations of the protection of personal data and guarantees immediate information and close communication with the data subject, especially if there are possible risks to their rights and freedoms. In addition, the data subject can contact Commerzbank's data protection officer at any time:

With regular data protection impact assessments when processing and transmitting personal data, the risks are evaluated and countermeasures are taken to avert negative consequences for the data subjects. Commerzbank employees are regularly trained in data protection and supported in achieving data protection goals.

Personal data will only be disclosed to authorities if Commerzbank is legally obliged to do so. Insofar as it is obliged to do so, it reports on this and other data protection-related topics via its website.

Commerzbank's positions