Legal notices

Data Protection

Principles

Your trust is important to us. The Commerzbank AG takes the protection of your personal data very seriously and complies with the data protection regulations, in particular to the provisions of the EU General Data Protection Regulation (GDPR). Personal data is processed only when the data subject has given their consent, when the data is necessary for the conclusion of a contract or when the GDPR or another law permits or prescribes the processing of the data.

Data processing on the websites

Personal data is generally collected to the extent that is technically necessary. Under no circumstances is the data forwarded to third parties without a legal basis. The following statements give you an overview of how the Commerzbank AG guarantees this protection and also an overview of the type of data that is collected, processed or used on the websites and to which purpose.

Recording

The Commerzbank AG automatically collects and stores some of the information usually transferred by the browser in their server log files, so far as your browser makes this data available. This data can usually not be connected with specific data subjects by Commerzbank AG. This data is not combined with other data sources.

Cookies

Our websites occasionally use cookies when you visit them. Cookies are text files which are filed on your computer and saved by your browser. The purpose of these is to make our service and offer user-friendly, effective and safe. Passwords are not deposited in cookies. Most of the cookies we use are so-called session cookies. They are automatically reset as soon as you log out. After you have ended the session by closing your browser, the cookie is saved for a certain amount of time and is subsequently overwritten or deleted by the client (e.g. your PC, your Tablet, Smartphone). Our cookies do not cause damage to your computer and contain no viruses.

We use cookies to collect technical data to ensure uninterrupted operation. This helps to identify and resolve functional problems, and continuously improve performance.

We also set cookies after your explicit consent to measure success and optimize our advertising measures.

Processing of personal data

To send you publications or newsletters presented on the website that you ordered, we request your name, your address and your email address by an order form. This data is stored and used solely for the purpose of sending you the desired information based on Art. 6 (1b) GDPR. It is not forwarded or passed on to third parties. By entering your data (name, address, email address) in the form, you give us your consent to store and to use the data to send you the information. The personal data you enter to receive the newsletter is stored until you cancel the subscription.

Right of access by the data subject

You have the right to receive information on the data stored about your person, the categories of recipients thereof and the purpose of the processing. Furthermore, we are available to answer your questions about the collection, processing and use of your personal data.

Pseudonym-ID

Commerzbank generates a pseudonym ID from your subscriber number by replacing it with a code consisting of a combination of letters and numbers. We use this pseudonym ID as a technically necessary basis for the future administration of possible consents. The pseudonym ID is therefore only used after such consent has been given and is only then processed for specific purposes (e.g. marketing). You can find detailed information on the use of the pseudonym ID in the respective description of the relevant consent settings (e.g. for Google Analytics).

Affiliate Cookie

Based on Art. 6 (1f) GDPR, Commerzbank stores information that is necessary for billing with advertising partners in a Cookie (“afid“).

Commerzbank is part of a partner program of financeAds GmbH & Co. KG, Karlstraße 9, 90403 Nürnberg, hereinafter referred to as "financeAds". If you have accessed the Commerzbank website via the website of a sales partner (hereinafter referred to as “Affiliate Partner“) of financeAds, a Cookie with a so-called “click ID“ of the affiliate partner is stored on your computer. This “click ID“ is not used for your personal identification but exclusively for the purpose of success-based billing with the affiliate partner. In the event that a Commerzbank product is ordered, Commerzbank can recognize that you as a user have previously clicked on an affiliate partner link and pass on the information about a successful deal to financeAds. You can obtain the relevant data protection declaration from financeAds under the following link: https://www.financeads.net/aboutus/datenschutz/.

You have the right, for reasons that arise from your particular situation, to object at any time to the processing of personal data, which is based on Art. 6 (1f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision. You can revoke the storage of the "afid" cookie at any time by opening the "Consent-Options" in the footer of the Commerzbank website. You can deactivate the affiliate cookie by clicking on “hier” in the last sentence of the information text under the information text on the “Affiliate Cookie” in the “Technische, funktionale sowie zu Provisions- und Abrechnungszwecken dienende Technologien” section.

Tag Management

After your voluntary consent, which can be revoked at any time, Commerzbank uses the Google Tag Manager for the management of various technologies that require consent on the Commerzbank website based on your consent settings. The provider of the Google Tag Manager component is Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland. This service enables the management of website tags based on the consent settings previously made. The Google Tag Manager only implements website tags. Website tags are small pieces of code on the website that are used, among other things, to measure traffic and visitor behavior, understand the impact of online advertising and social channels, use remarketing and targeting, or test and optimize the website. The Google Tag Manager itself does not use any cookies. The Google Tag Manager only triggers website tags that were previously activated by the website visitor using the slider in the consent settings. Through these website tags, the data of each enabled slider can be processed. However, the Google Tag Manager does not access the data that may be processed by the activated slider and does not save any personal data itself when the website tags are triggered. Only when the Google Tag Manager script is downloaded from Google is personal data transmitted to Google and stored for 14 days with the processing of a standard http request protocol - which includes the IP address, among other things. This processing is necessary to ensure the operation of the service. It has been contractually agreed with Google that this data is used exclusively for the purpose of providing the Google Tag Manager.

Facebook

After your voluntary consent, which can be revoked at any time, Commerzbank is entitled to use the so-called "Facebook Pixel" from Facebook, Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (hereinafter referred to as "Facebook") on its website. With the help of the Facebook pixel, visitors to the Commerzbank website can be determined as a target group for the display of advertisements (so-called "Facebook ads"). Accordingly, Facebook ads are played out to users who have shown potential interest (e.g. by visiting a specific topic page on the Commerzbank website). This is also referred to below as the Facebook remarketing function. The Facebook pixel also helps to track the behavior of website visitors who were redirected to the Commerzbank website after clicking on a Facebook ad. This includes, for example, the tracking of behavior such as the progress in the product application process, the completion of the application process and the actual product completion. This allows Commerzbank to evaluate and track the effectiveness of Facebook ads for statistical and market research purposes, and ads can be optimized accordingly.

As the operator of this website, the data collected is anonymous for Commerzbank. However, this data is stored and processed by Facebook and matched with the respective user profile. In accordance with Facebook's data usage guidelines, this data can be used by Facebook for its own advertising purposes ( https://www.facebook.com/about/privacy/).

The use of the Facebook pixel and thus the analysis of your user behavior takes place on the basis of your previously given consent, which Commerzbank obtains via the "Consent-Options" in the footer of the Commerzbank website. You can revoke this consent at any time with effect for the future. By opening the "Consent-Options" in the footer of the Commerzbank website and deactivating the desired slider, you can then confirm your selection by clicking on "Einstellungen speichern ". The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the point of revocation.

You can use the following page to determine which type of advertisements are displayed to you within the Facebook network: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

There you can also deactivate the Facebook remarketing function "Custom Audiences". To do this, you must be logged in to Facebook. You can also object to the use of cookies for range measurement and advertising purposes via the deactivation page on the website of the European Interactive Digital Advertising Alliance: : http://www.youronlinechoices.com/de/praferenzmanagement/

Google Ads

After your voluntary and revocable consent, Commerzbank uses Google Ads (formerly Google AdWords), a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as Google). The integration of Google Ads on the Commerzbank website is used for marketing and optimization purposes, in particular to place relevant and interesting ads for you, to improve campaign performance and to achieve a fair calculation of advertising costs.

These Ads are displayed by Google via so-called AdServer ld delivered. Google uses so-called AdServer Cookies, which can be used to measure certain parameters for measuring success, such as the display of clicks or clicks by users. If you access the Commerzbank website via a Google ad, Google Ads will store a Cookie on your PC, provided you have given your consent. These Cookies usually lose their validity after 30 days. They should not be used to personally identify you.

The following information is saved as analysis values for this Cookie: unique Cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wants to be addressed). These Cookies enable Google to recognize your web browser. If a user visits certain pages of an Ads customer's website and the Cookie stored on their computer has not yet expired, Google and Commerzbank can recognize that the user clicked on the ad and was redirected to this page. A different Cookie is assigned to each Ads customer. Cookies cannot therefore be tracked via the websites of Ads customers. Commerzbank itself does not collect and process any personal data in the advertising measures mentioned. Commerzbank only receives anonymized statistical evaluations from Google. On the basis of these evaluations, Commerzbank can recognize which of the advertising measures used are particularly effective. Commerzbank does not receive any further data from the use of the advertising material, in particular Commerzbank cannot identify users based on this information.

Due to the marketing tool used, your browser automatically establishes a direct connection to the server of Google on. The Art and scope of the processing of data by Google Ads is based on Google's privacy policy, which can be found here: https://policies.google.com/privacy?hl=en. Google receives the information that you have accessed the corresponding part of the Commerzbank website or clicked on an advertisement from Commerzbank. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out and save your IP address. With your prior consent, you consent to the processing of the relevant data by Commerzbank and Google.

Further information on data use by Google, setting options and data protection can be found on the following Google websites:

Privacy Policy: https://policies.google.com/privacy?hl=de&gl=en

Google website statistics: https://services.google.com/sitestats/en.html

DoubleClick Floodlight

After your voluntary and revocable consent, Commerzbank uses DoubleClick Floodlight on its website, a service of Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as Google). Google processes information about your user behavior on the Commerzbank website. For this purpose, Google uses Cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device and that allow you to analyze the use of the Commerzbank website. With your consent, you consent to this storage and retrieval for the aforementioned purpose against Commerzbank and Google. Commerzbank uses DoubleClick Floodlight for marketing and optimization purposes, in particular to analyze the use of the Commerzbank website and to be able to continuously improve individual functions and offers as well as the user experience. By statistically evaluating your user behavior, Commerzbank can improve its offer and make it more interesting for you as a user.

Further information on data use by Google, setting options and data protection can be found on the following Google websites:

Privacy Policy: https://policies.google.com/privacy?hl=de&gl=en

Google website statistics: https://services.google.com/sitestats/en.html

Google Analytics

After you have given your voluntary consent, which can be revoked at any time, Commerzbank uses "Google Analytics" on its website, including the advertising functions of Google Analytics, a web analysis service provided by Google Inc. ("Google"), 1600 Amphitheater Parkway, Mountain View , CA 94043, United States. Google Analytics uses Cookies, i.e. small text data that are stored on your computer and that enable website traffic to be analyzed.

The following is an overview of the purposes for which Google Analytics is used collected data and the related functionalities:

  • Reach measurement of the Commerzbank website
  • Creation of conditions for the optimization of marketing campaigns by linking Google Analytics data with your Google Account profile using the Google Analytics Cookie ID
  • Creation of conditions for the optimization of marketing campaigns by linking Google Analytics data with your Commerzbank customer profile using the pseudonym ID
  • Optimization of the Commerzbank website

The Google Analytics data is processed based on the consent according to Art. 6 (1a) GDPR processed.

In advance, Commerzbank would like to point out that Google Analytics has been extended to include the code “anonymizeIp“ which ensures an anonymous collection of IP addresses (IP masking). Google Analytics is therefore only used in connection with an activated anonymous IP. This means: The IP address of a user is shortened by Google for users within the member states of the European Union and other contracting states of the Agreement on the European Economic Area. Only in exceptional cases (e.g. in the event of a technical defect in the European Union) is the IP address shortened outside the European Economic Area. The data is then split up and stored in Google data centers around the world. More detailed information on the locations can be found under the following link:

https://www.google.com/about/datacenters/locations/index.html

The method for anonymizing IP addresses used by Google does not write any IP addresses to the devicehard disk, as the anonymization takes place immediately after receiving the request takes place in memory. The IP address transmitted in the browser is also not merged with other Google data.

1. Reach measurement on the Commerzbank website

Commerzbank uses Google Analytics data to measure reach. This includes campaign URL parameters to assign a website visit and the associated interactions to a specific source (e.g. marketing campaigns). In this way, Commerzbank can find out how the Commerzbank online offer is being accepted and whether improvements are necessary. On behalf of Commerzbank, Google will use this information to evaluate the use of the website. Based on your consent according to Art. 6 (1a) GDPR , Google creates website activity reports and provides other services related to website and internet usage. These services include, in particular, functions for displaying Google Analytics reports that contain information on performance with regard to demographic aspects and the interests of the website operator. Google may transfer this information to third parties if this is required by law or if third parties process data on behalf of Google. However, this is in no case personal data.

2. Creation of prerequisites for the optimization of marketing campaigns by linking Google Analytics data with your Google Account profile using the Google Analytics Cookie ID such as determining the progress of the product application process, the completion of the application route and the actual product closure.

Furthermore, Commerzbank AG uses Google Analytics to carry out cross-device analyzes (app + web data) and to display personal offers outside the websites hosted by Commerzbank AG using the advertising function of Google Analytics. The data collected via Google Analytics (pseudonym profile) may be linked by Google with the personal Google account, which can contain the bearer data of this pseudonym. As a result, it can be possible for Google to infer the natural person behind the pseudonym profile. Commerzbank cannot draw any conclusions about the personal carrier data on Google either in the case of cross-device analyzes or in the display of personal offers. The data collected by Google Analytics (e.g. URL) enable Commerzbank AG to draw conclusions about the customer status (e.g. visit to the logout page) or an interest in a Commerzbank product for advertising purposes. It is not possible to draw any conclusions about the natural person himself. The additional linkage of pseudonymous usage data collected with Google's DoubleClick Advertising Network also enables the demographic composition of Commerzbank website visitors and the effects on the interests of the user to be analyzed. Based on this, Google Analytics reports on the performance with regard to demographic aspects and interests through the use of data obtained through interest-related advertising and visitor data from third parties (such as age groups and interest groups). This helps Commerzbank to present better and, above all, more relevant advertising.

3. Creation of prerequisites for the optimization of marketing campaigns by linking Google Analytics data with your Commerzbank customer profile using the pseudonym ID

By processing the pseudonym ID ( Pseudonym of your participant number) through Google Analytics, visits by existing customers to Commerzbank portals or Commerzbank banking apps can be linked, regardless of the device or browser used. The link is limited to those Commerzbank portals or apps in which you have given us your consent to use Google Analytics. So it is possible for Commerzbank, with your help, to get a deeper understanding of customer behavior on the Commerzbank portals and apps in order to be able to address you in a more targeted manner. For Commerzbank this is valuable information for planning its future direction. In addition, the seamless analysis of overarching processes (e.g. between app and website) to identify problems or obstacles is made possible. This is a small but important step for Commerzbank in order to be able to offer you an optimal customer experience on the Commerzbank portals.

In addition, the pseudonym ID is processed by Google Analytics in order to expand the data generated there with segment analysis results for existing customers. In segment analyzes, existing customers are divided into segment groups according to certain characteristics. Segment analysis results contain information about the use of current Commerzbank products or a potential interest in new Commerzbank products. For example, Commerzbank is able to display relevant advertisements for existing customers outside the Commerzbank portals. Unnecessary advertising for Commerzbank products that have already been concluded can be avoided as much as possible.

4. Optimizing the website

In addition, Commerzbank uses Google Optimize, a sub-service of Google Analytics. In order to increase the attractiveness, the content and the functionality of the Commerzbank website, Google Optimize enables new functions and content to be played out to a percentage of Commerzbank users and to statistically evaluate the changes in use. Google Optimize uses Cookies, which enable optimization and analysis of the use of the Commerzbank website. Google will use this information to evaluate your use of the Commerzbank website in order to generate reports. About the optimization tests and the associated website activities and to provide Commerzbank with other services related to website and internet use.

The collection of data generated by the cookie about the use of this website (including anonymized IP address) and data processing by Google can also be prevented with the help of a browser plug-in in addition to the consent settings on the Commerzbank website. Download and install the browser plugin at: https://tools.google.com/dlpage/gaoptout?hl=en

Further information on the use of data by Google, setting options and data protection can be found on the following Google websites:

Terms of use for Google Analytics: https://www.google.de/analytics/terms/de.html

Data protection declaration: https://policies.google.com/privacy?hl=de&gl=en

Google website statistics: lhttps://services.google.com/sitestats/en.html

Criteo

Based on your voluntary consent, which can be revoked at any time, Commerzbank uses the "Criteo pixel" on its website, a solution for so-called "retargeting" by Criteo S.A. ("Criteo"), New York 387 Park Avenue South, New York, NY 10016. With retargeting, the visitors of a website who imply a certain product interest are shown advertising material on other websites or apps in order to remind them of the product offer and to persuade them to complete the transaction. At the same time, redundant advertising should be avoided by excluding users who have already purchased a product. To make this possible, cookies, i.e. small text files stored on your computer, are used and a user profile is created.

Criteo will use the Criteo pixel to determine visitors on the Commerzbank website as the target group for the display of advertisements (so-called "ads"). Accordingly, Criteo ads will be displayed to those users who have shown a potential interest (for example, by visiting a certain product page on the Commerzbank website). Furthermore, the Criteo pixel helps to track the behaviour of website visitors who have been redirected to the Commerzbank website based on a click on a Criteo ad. This enables Commerzbank to evaluate and track the effectiveness of the Criteo ads for statistical and market research purposes and to optimise ads accordingly. The collected data is stored and processed pseudonymously by Criteo and compared with the respective user profile. According to Criteo's data usage policy, this data can be used by Criteo for its own advertising purposes (http://www.criteo.com/privacy/). The use of the Criteo pixel and thus the analysis of your user behaviour is based on your prior consent, which Commerzbank obtains via the "Consent-Options" on the footer on the Commerzbank website. You can revoke this consent at any time with effect for the future. By opening the "Consent-Options" in the footer of the Commerzbank website and deactivating the desired slider, you can then confirm your selection by clicking on "Einstellungen speichern". The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Processing of personal data on the basis of the EU data protection regulation

Commerzbank AG processes personal data on the basis of the EU General Data Protection Regulation (GDPR). With the following information we provide an overview of the processing of this personal data by us and the rights resulting from data protection law:

www.commerzbank.de/dataprotection

Further information

If you require information that this data protection declaration cannot provide you with or if you require further information on a specific point, please contact the data protection officer at Commerzbank AG: datenschutzbeauftragter@commerzbank.com

Data protection notices for chat use

You can use the chat in the closed area as a registered online banking customer or as a non-registered interested party in the open area.

In order to ensure that your request is processed optimally, the language of the website visited and your last click path to the chat are transmitted to our employees in the Commerzbank customer center.

In the closed area, we also send your participant number and name to the Commerzbank customer center in the background. This automatically authenticates you to our employee.

The data transmitted for this purpose will be automatically deleted after 2 hours.

For the purpose of proof of consent, the participant number, surname, first name, date, time, type of contact and your consent to the terms and conditions of text chat use (by clicking on the start button) will be stored for 3 years and then deleted. We are legally obliged to store this proof according to Art. 5 (2) GDPR.

Please understand that the chat history with our employees is recorded and stored for 3 months for your safety and for optimal customer service. We assure you that the recording is for internal purposes only (e.g. logging as evidence, e.g. in the event of a complaint, coaching for conversations and analyzes for training measures). If you do not want this, please close the chat window.

Data Protection Notices for use of DocuSign

This information gives you, as the contractual partner, an overview of the processing of your personal data that arises when using the DocuSign software. We inform you about what data we collect from you and how we use it. We will also inform you about your rights under applicable data protection law and tell you who you can contact if you have any questions.

1. Controller

Commerzbank AG, with which you use DocuSign for your request, is responsible for data collection and processing.

2. Data Protection Officer

You can reach our data protection officer at

Commerzbank AG

Data Protection Officer

Kaiserplatz, 60261 Frankfurt am Main

datenschutzbeauftragter@commerzbank.com

3. Scope and Purpose of Processing

We process the following personal data:

Your email address,

Your (qualified) digital signature via DocuSign.

4. Legal Basis for Processing

The DocuSign software is used to formally simplify the processes within the controller. It is used where and in the form where the corresponding written form requirements allow this. Likewise, the traceability of the receipt of the necessary feedback can be facilitated.

The legal basis for the processing of personal data is Art. 6 Para. 1 f GDPR (optimization of formal processes). Your e-mail address is used to send the form and to facilitate the process of obtaining these necessary documents. The legal basis for the processing of personal data is therefore Art. 6 Para. 1 f GDPR with the aforementioned legitimate interests.

5. Recipients of the personal data; Data transfer to third countries

Your personal data will be processed internally by the departments of Commerzbank AG with which you are in contact.

In addition, this data is transmitted externally to the responsible supporting service provider for a specific purpose. We use so-called contract processors to process the signatures. Service providers used by us must meet special confidentiality requirements. You will only have access to your data to the extent and for the period required to perform the tasks.

We also use service providers located in third countries outside the European Union to process your data. Countries outside the European Union handle the protection of personal data differently than countries inside the European Union. There is currently no decision by the EU Commission that these third countries must generally offer an adequate level of protection. We have therefore taken special measures to ensure that your data is processed just as securely in the third countries as it is within the European Union. With service providers in third countries, we conclude the data protection contract (standard data protection clauses) provided by the EU Commission for the processing of personal data in third countries. This provides suitable guarantees for the protection of your data from service providers in third countries.

If there is a suspicion of a criminal offence, we can pass on your data to law enforcement authorities (e.g. police, public prosecutor's office).

6. Duration of storage

Your personal data will be stored as long as this is necessary to fulfill the stated purposes and as long as legal and/or contractual storage obligations are relevant.

After the end of the service relationship, the data will also be deleted after the relevant retention periods.

Tax-relevant data, for example, is stored for a period of 6 or 10 years (§§ 257 HGB, 147 AO).

The data processed via DocuSign is automatically deleted by the system after 120 days after the document has been completed.

7. Automated Decision Making; profiling

We do not process your data for so-called automated decision-making, including profiling.

8. What data protection rights do I have?

Every data subject has the right to information under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to erasure. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG).

If data is collected on the basis of Art. 6 Para. 1 f GDPR (data processing to protect legitimate interests), you have the right to object to the processing of your data for reasons that arise from your particular situation. In the event of an objection.

Notes on the VideoIdent app

The VideoIdent app from Commerzbank AG is used to carry out legitimation checks exclusively in connection with an existing or requested customer relationship with Commerzbank AG.

The legitimation check with the VideoIdent app can currently be carried out between 8:00 a.m. and 12:00 p.m. CET.

The legitimation is carried out in accordance with the requirements of the Federal Financial Supervisory Authority (BaFin) and the Federal Ministry of Finance for the implementation of video legitimations in the electronic identification process.

During the implementation of the VideoIdent, image recordings of the person to be identified, of the identification paper presented (ID card or passport) as well as video and sound recordings of the conversation between the call center agent and the person are made. The aforementioned records are collected and processed for the purpose of identifying and verifying the identity documents.

In addition, as part of the video legitimation, a signature sample is taken, which Commerzbank AG stores and can be used for signature checks, e.g. is used in correspondence.

Before carrying out the VideoIdent, the user must agree to the creation of the image, sound and video recordings.

The VideoIdent app is currently available for the iOS (Apple) and Android operating systems. The app may not be able to be used with older versions of the operating systems.

Notice on data protection for contactless payments with the Commerzbank Girocard

Commerzbank Girocard1 with contactless function - data protection and security

The following information on saving and printing can be found here.

Contactless payment with the Commerzbank Girocard is just as secure as previous girocard payments. Regardless of whether contact-based or contactless, the Commerzbank Girocard uses the same international EMV standard. With contactless use, the internationally recognized NFC standard is used for data transmission, thus ensuring that the data can only be transmitted if there is a very small distance between the card and the terminal. The required small distance of a few centimeters between the card and the terminal serves to prevent unintentional payments. In addition, contactless terminals can only carry out one transaction at a time. To be on the safe side, each payment must be completed before a second one can be made.

No money can be withdrawn from the contactless card simply by walking past a reader.

In principle, the principle of data minimization is applied to girocard payments. This means that only the data that is absolutely necessary for a girocard transaction is transferred. This includes the so-called PAN of the card and the payment amount. The PAN (Primary Account Number) is the individual and unique card number that is required to allocate the payment to the correct account. Only a few selected data can also be freely read contactlessly from the Commerzbank Girocard. These are comparable to the data that can also be freely read from magnetic strips or chips using contacts, e.g. account number, short bank code, validity. Furthermore, no personal data such as name and address are stored on the chip. No payment is possible in the girocard system with the freely readable card data. In the event of improper contactless payment without a PIN query, e.g. after loss or theft, the card-issuing bank is usually immediately liable.

In addition, a payment transaction in the girocard system can only be initiated with merchant terminals approved by the German banking industry. There is always a clear and comprehensible assignment to a merchant account known to the bank. Of course, the applicable data protection regulations apply to both contactless and contact-based transactions with a retailer. A retailer is not permitted to use information from the payment transaction further than necessary. With contactless payment, however, the retailer does not receive any more information than was previously the case with contact-based payment processes. As a further protective measure, the maximum amount for multiple, contactless payments without a PIN is limited (usually 250 Euro). Once this maximum amount has been reached, the cardholder must enter the PIN at the terminal for the next contactless payment, regardless of whether it is less than or more than 50 Euro. With every contact-based transaction (payment in stores or cash withdrawals at machines) with a PIN query, the cumulative payment amount since the last PIN entry is reset to zero.

The German Banking Industry Committee involved the data protection authorities in Germany early on in the development of the contactless card and took their recommendations into account. In order to protect yourself from unauthorized reading, it is necessary to prevent communication between the RFID/NFC chip and the reader. A suitable protective cover (e.g. aluminum card cover) prevents any contactless communication via the NFC interface with the Commerzbank Girocard and thus also the reading of data. Even small change in your wallet can prevent data from being read from the card. By using an RFID wallet or an RFID protective cover, cards or ID cards and passports with contactless function are not changed in any way or even destroyed.

If you discover that you have lost your Commerzbank Girocard, misused it or used your card or PIN in any other unauthorized way, Commerzbank must be notified immediately (blocking notification). You can block your card yourself at any time via your online banking access or by calling your branch. Alternatively, you can also submit the blocking notification at any time to the central blocking acceptance service (telephone: 01805 021 021 from Germany and +49 1805 021 021 from abroad, possibly different country code) stating the IBAN or the bank code and account number. Any theft or misuse of the card must be reported to the police immediately.

The credit card balance stored in the chip cannot be blocked. The blocking of a company-generated additional application can only be considered in relation to the company that has saved the additional application in the chip of the card and is only possible if the company provides the possibility of blocking its additional application.

1 Corresponds to standardized payment account terminology “issuance of a debit card”. The term "Commerzbank Girocard" or "Card" is used below.

Notices on data protection for using Microsoft Teams

Information on data protection regarding the use of Microsoft Teams can be found here.

Disclaimer/Information on courses and market data

Disclaimer

On its web pages, Commerzbank places an abundance of contents at your disposal, such as, for instance, product information, financial analyses, price information and company news.

The accessible content is made available to you only as information and may not be reproduced, distributed or published in whole or in part. They are exclusively aimed at customers who are resident in the Federal Republic of Germany. In particular, customers residing in the United States of America, Canada or the United Kingdom are not entitled to access.

The contents, in particular also product information as well as processing/publications or assessments of securities, are for information purposes only. The contents do not constitute an individual investment recommendation, an invitation to subscribe or an offer to buy or sell securities or other financial instruments. They are merely intended to facilitate an independent investment decision of the client and do not replace investor and investment-oriented advice. If you wish to do so, please contact your investment advisor.

The only legally binding document for new issues as well as mutual funds is the respective sales prospectus. Despite careful procurement and provision, Commerzbank only provides its information without guarantee for the correctness/completeness, up-to-dateness or accuracy as well as the availability of the stock exchange and economic information, prices, indices, general market data, Assessments, assessments and other accessible content. This also applies to content provided by third parties. Assessments and assessments reflect the opinion of the respective author at the time of preparation. These may be overtaken by current developments or otherwise have changed without the provided assessments, evaluations, processing and information being or have been changed. If the content has been provided by third parties or reflects the opinions of third parties, these do not have to comply with Commerzbank's views, but may even contradict them. The facts presented in particular in connection with product information are for illustration purposes only and do not allow any statements about future profits or losses. Any conditions mentioned are to be understood as non-binding indications and are dependent on the market situation on the closing date.

Information to possible conflicts of interests:

Commerzbank AG, subsidiaries and affiliated companies (Commerzbank Group) may, under certain circumstances, hold a stake in the company or the companies whose securities are the subject of the content provided, in particular of views, assessments or assessments, or trade in securities. Organs, executives, and employees may also hold shares or positions in securities or financial products that are subject to valuation. Commerzbank may also have belonged to a consortium that has taken over the issue of the company's securities that are the subject of a financial analysis. Commerzbank may also provide banking services or advisory services to the issuer of such securities and may provide services to the securities analyzed on the stock exchange or on the market on the basis of a contract concluded with the respective issuer. In addition, Commerzbank's governing bodies and employees may exercise supervisory board functions in issuers whose securities are the subject of the investment strategy and investment recommendations made available to you. Commerzbank Group and/or its clients may have already made transactions for their own account or for other accounts in financial instruments that are the subject of investment strategy and investment recommendations before they are available to you. This also applies to employees of the Commerzbank Group who are involved in the preparation of these investment strategy and investment recommendations or who are aware of them before their publication. Employees of the Commerzbank Group, including those involved in the preparation of the work, can also conduct business contrary to existing recommendations. To this extent, the investment strategy and investment recommendations provided do not meet all legal requirements to ensure the impartiality of financial analyzes and are declared by Commerzbank as a marketing communication. Commerzbank has taken internal organizational measures in accordance with legal and supervisory regulations in order to avoid conflicts of interest when drawing up and passing on investment strategy and investment recommendations as far as possible. This includes, in particular, internal information barriers (information barriers). These deny the authors access to information that may give rise to conflicts of interest of Commerzbank AG with regard to the issuer analyzed or its financial instruments. These information barriers also apply to information that is not publicly known from a possible business relationship between Commerzbank and the issuers.

FactSet is Commerzbank AG's partner, manufacturer of the software and hardware systems and operator of IS.eFinance Solutions. Commerzbank Infobroker is operated on behalf of Commerzbank AG.

The price and market information is made available by FactSet. The sources for securities prices, master data and news are:

  • Aktiencheck
  • Deutsche Börse AG
  • dpa-AFX Wirtschaftsnachrichten GmbH
  • FactSet Research Systems Inc.
  • Fundsdata via Mountain-View Data Gmbh
  • Financial Webworks
  • IDC Comstock Inc.
  • Capital investment companies and investment companies
  • Stockselection GmbH
  • WM Datenservice. (WM Datenservice does not accept any liability for the completeness and correctness of the data)

and others

The information is supplied for private use only without any guarantee of completeness, correctness and accuracy. According to the stock exchange selected and the type of security, all price information is presented differently, as a rule with a delay of 15-20 minutes or on a real-time basis.

Despite exercising care in the procurement and provision of the data, Commerzbank AG and FactSet take no responsibility for the correctness, completeness or accuracy of the stock-exchange and economic information, prices, indices, news, general market data and any other accessible contents held ready for recall and displayed in the scope of the market information system.

The information, in particular product information and elaborations/publications or assessments concerning securities, is for information purposes for users of Commerzbank AG Infobroker only. It does not represent either an individual investment recommendation.

Commerzbank AG and FactSet own the copyright and other industrial property rights to all web pages including the layout, source text, software and the contents thereof.

The recalling, copying, storing, processing and adapting of the web pages, their contents or results generated or displayed with the presentation tools, in whole or in part, may be carried out for private, non-commercial use only. Copyright references and trademarks may be neither changed nor removed.

All actions extending beyond the scope of this require prior written consent from Commerzbank AG.

The recalling of the information held ready may take place only in a manner which does not adversely affect the use of the Commerzbank AG offer by other visitors.

The setting-up of a hyperlink from other web pages to one of the web pages belonging to this online offer, without the prior written consent of Commerzbank AG, is expressly forbidden. It is, in particular, inadmissible to include or present the web pages belonging to this online offer, or the contents of such pages, in a subwindow of other online offers by means of a hyperlink.

Editor: Commerzbank Aktiengesellschaft, Kaiserplatz, 60261 Frankfurt am Main.

© Commerzbank AG

Arbitration & Ombudsman

Arbitration/Ombudsman

The Bank participates in the dispute resolution scheme run by the consumer arbitration body “The German Private Banks’ Ombudsman” (www.bankenombudsmann.de). Consumers may have any disputes with the Bank resolved by the Ombudsman. Where disputes concerning a payment services contract (Section 675f of the German Civil Code) are involved, customers who are not consumers also may request their resolution by the Ombudsman. Further details are contained in the “Rules of Procedure for the Settlement of Customer Complaints in the German Private Commercial Banking Sector”, which are available on request or can be downloaded from the Internet at www.bankenverband.de. Complaints should be addressed in text form (e.g. by letter, telefax or email) to the Customer Complaints Office at the Bundesverband deutscher Banken (Association of German Banks), Postfach (P.O. Box) 040307, 10062 Berlin; fax: +49 (0)30 16633169; email: ombudsmann@bdb.de. Please understand that we do not participate in arbitration proceedings of other arbitration boards.

European Online Dispute Settlement Platform (OS Platform

At http://ec.europa.eu/consumers/odr/, the European Commission has set up a European Online Dispute Settlement Platform (OS Platform). Consumers can use the OS Platform for the out-of-court settlement of a dispute resulting from online contracts entered into with an enterprise registered in the EU.

Contracts

Contracts

In the framework of commerzbank.de you can conclude contracts either online or offline depending the type of contract and area of application.

Forms and Blanks

You can print contracts and forms via our form centre. You can then send us these documents by post or hand them in at one of our branches. Additionally, you have the possibility to legitimize the forms online via PIN and TAN and send encrypted versions to us.

Online Banking

In the area of online banking, contracts are concluded online. Within the range offered you can, for example, carry out payment transactions or execute transactions in securities. Before sending an order you will be asked again whether the data you entered is correct. Your declarations will only be sent after confirmation. After they have been sent, the contracts cannot be retrieved individually or stored in reproducible form within the scope of commerzbank.de. You can find a detailed list both in the framework of your account and depot statements and also your security transaction statements. Please check these documents on receipt and inform the account holding branch immediately if the statements of account are incorrect or incomplete. The same applies for all other objections. You can inform yourself about the status of your security orders under security transactions within the framework of the order history.

Contracts with third-party service providers

Within the framework of Commerzbank.de you will be given access third-party service providers. The content made available by these third-party service providers is not reviewed by Commerzbank. The respective third party service providers determine the way in which they conclude contracts.

Foreign language contract texts

The contract texts provided by the Commerzbank within the framework of commerzbank.de are currently only available in the German language.

© Commerzbank AG

The services of commerzbank.de

The services of commerzbank.de

The private customer portal Commerzbank.de is a free teleservice of the COMMERZBANK Aktiengesellschaft that is available to the user until further notice and is designated for personal use only. It is intended solely for users who have their place of residence and/or their place of business in the Federal Republic of Germany. We reserve the right to make changes or additions to the website. Although the greatest care is taken when creating the content of the individual websites and although this is carried out to the best of our knowledge, it must be noted that, whilst we endeavor to be as up-to-date as possible, some data is not up-to-date. Therefore, we cannot accept any liability for the accuracy, completeness and up-to-dateness of the content. We would be happy to read your improvement suggestions under contact.

In the public area which is accessible to every user, some of our own websites and also websites by other providers are available. Here some information on products and services is provided for the users. The info tour gives the user an impression of the services which are offered in the “restricted area”.

In the area for authorized users (after the activation for Commerzbank.de) the teleservice users can expect a comprehensive range of products and services. Online banking provides numerous functions for the convenient execution of banking transactions via the internet. In the product area, the user finds detailed information ranging from the topic “accounts & cards” to the topic “insurance”. Financial calculators which are offered to different products can be used for example calculations. Valuations and investment recommendations from Commerzbank specialists can be found by the user in the info centre of the Commerzbank info brokers. They are made available, but no guarantee is provided.

Selected forms, applications and information can be downloaded from the form centre.

Copyright

Content and layout of the websites are protected by copyright. The duplication of information or data, in particular the use of text, parts of text or image or sound recording material requires the prior consent of the COMMERZBANK Aktiengesellschaft. It is permitted to download or print individual pages and/or parts of this website for private use. However, it is forbidden to completely or partially reproduce, spread, transmit (electronically or otherwise), modify or use this website for public or commercial purposes without the prior written consent.

Disclaimer

The statements included in our websites do not constitute a recommendation or an offer to purchase or sell certain investments. Reading this information cannot be a substitute for an individual, investment oriented consultation.

Contents of our partners

There is comprehensive information and research material available for the authorized users in the area exchange rates and market data. The Commerzbank Infobroker provides independent security and finance market information, in which access to various other providers is made available. The sources and data providers can be found in the disclaimer.

Our brochures are dispatched by the “frankfurter werkgemeinschaft e.V."

Links

In the framework of commerzbank.de, the internet websites of our partners and other providers may be made available. This occurs only in order to enable the users easier access to the information provided on the internet. The content of these websites should not portray the Commerzbank’s own opinion. Our internet presence also does not include our checking the content of these sites. If, contrary to expectations, you find illegalities and/or mistakes on these websites, please inform us under contact.

Contact via email

Communication via email, for example in the framework of contact is not suitable for the encrypted transmission of confidential information. Should we receive an email, we conclude that are entitled to answer by means of unencrypted email, unless you expressly suggest another form of communication.

© Commerzbank AG

PSD2 - Third Party Provider

The second EU Payment Service Directive (PSD2) introduces some changes to payment services within the European Union. The objective of PSD2 is to create a more uniform, transparent and open EU payment market and bring innovation, competition and security to the fore.

If you are a third-party service provider seeking access to the test environment, you will need a test certificate. Such test certificates can be obtained, for example, from Qualified Trusted Service Providers (QTSP, https://webgate.ec.europa.eu/tl-browser/#/ ).

To gain additional access to the production environment, you must be licensed by a national regulatory authority. In Germany, this is the Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) in Bonn.

Current state

With our last deployment on 14.6.2019, all regulatory required functionalities of the interface are available for the connection of third-party service providers.

To access the functions of the PSD2 interface (productive environment), you need a Qualified Website Authentication Certificate (QWAC).

API Hub

Contact us

24 h advice & appointment arrangement

+49 69 5 8000 9000