Contact areaContact area Contact area
Service-Telephone
08041/8007-0
Our Sort code and BIC
Sort code70054306
BICBYLADEM1WOR

I. Who is responsible for this website?

The data controller as defined by the General Data Protection Regulation (GDPR) is:

Sparkasse Bad Tölz-Wolfratshausen
Bahnhofplatz 1
83646
Bad Tölz
Germany
E-Mail: mail@spktw.de
Telephone: 08041/8007-0
Fax: 08041/8007-18

(hereinafter also referred to as "Sparkasse", "we", "our" or "us")

If you have any questions regarding this privacy policy or about how we protect your personal data, please contact Sparkasse's data protection officer.


Beauftragter für den Datenschutz
Bahnhofplatz 1
83646
Bad Tölz
Germany
datenschutz@spktw.de

II. What is data processing?

When we process personal data, it means that we collect, store, transmit, delete or otherwise use the information. Personal data refers to information about natural persons who use this website to obtain information on Sparkasse's products and offers.

If you are already a Sparkasse customer, your data will be processed in the context of your business relationship with Sparkasse. You can find more information about this in our privacy policy. The privacy policy also provides information regarding other products and services that can be accessed via this website (for example, about data processing in the context of online banking).

Below you will find an overview of which data we collect when you visit this website and for what purposes the data is processed.

III. How is your data processed when visiting this website?

1. Data needed to display the website and ensure its stability and security
 

When you use our website for purely informational purposes, we collect the following data, which we require for technical purposes:

  • IP address of the device you are using
  • Name of the accessed file (specific page)
  • Date and time of access
  • Volume of data transferred
  • Access status (successful/unsuccessful)
  • Browser type and version as well as which operating system you use
  • URL of the previously visited page (so-called "referrer URL")

In accordance with Art. 6 para. 1 lit. f) GDPR, the processing of the above-mentioned data is necessary for the purposes of pursuing our legitimate interests. In the event of the unlawful use of this website, the data may also be used to identify potential violations.

In addition, this information will be analysed for statistical purposes as well as to improve our website. This will be done without creating personal user profiles.

2. Use of cookies

This website uses cookies. Cookies are text files with small pieces of data that are stored on your end device. They are intended to make it easier to navigate through a website and make it possible to use certain features, and in particular features that depend on information being retained. In addition to these technical and functional cookies, cookies can also be used for other purposes, such as targeted advertising. Please refer to the sections below for more detailed information.

If you don't want cookies to be stored on your end device, you can prevent this by changing your browser settings accordingly. This is also where you can delete cookies that are already stored on your end device. However, it will no longer be possible to use all of the features provided on this website if you deactivate technical and functional cookies.

Strictly necessary cookies:

Your Sparkasse uses cookies that are necessary for running this website and for performing functions designed to make it secure and user-friendly. These cookies are essential for users to be able to navigate the website and use all its modules and features. Without them, it may no longer be possible to use this website or only possible to use some of this features. Some of the website’s features only work if it can still identify your browser after you have opened a new page.

We do not use the data collected through necessary cookies to create user profiles. Necessary cookies store and transmit the following data:

  • Current session ID
  • Items inside the basket or product applications
  • Use of specific website content, such as frequency or scope of use
  • Data on accessing specific website content, such as product information
  • Settings pertaining to your local Sparkasse
  • Settings pertaining to the website’s search function

Since websites don’t have a memory, cookies are needed to notify the server of the pages that need to be displayed to a user. This means that users do not have to try to remember everything or have to navigate through the entire website again. Cookies can, for example, store order information, which is necessary for shopping baskets to work and frees users from having to remember all of the items they placed in their basket when they are ready to pay.

Nearly all of the technical and functional cookies used are session cookies. All of the data stored in session cookies is automatically deleted when you leave the website. This includes the cookies required, for example, to use online banking:

  • JSESSIONID
  • IF6CONTEXT
  • IFCLONE

Cookie names that are prefixed with “TS” and then contain a variable number of random characters and digits are strictly necessary cookies. These cookies are used for load balancing which ensures that the load of the requests is evenly distributed over several web servers. With some processes, such as taking out a contract, making a transfer etc. it is important that, once an end customer has started inputting information, the process is continued on the same web server.

The cookies used to retain information about items placed in shopping baskets expire after 10 days.

The device ID cookie needed to identify a device expires after 180 days.

The SPK_COOKIE cookie, which transfers Sparkassen customers from the main sparkasse.de website to their local Sparkassen website and “remembers” the sort code in order to do so, expires after 6 months.

Data protection notice for the use of Dynatrace in the Internet branch.

In addition, cookies are set through the use of the software "Dynatrace".

Dynatrace is a performance management software for programs. This software manages the availability and performance of software applications. Through Dynatrace, your savings bank can ensure the stable and smooth operation of online banking.

For this purpose, the following cookies are set on the end device:

  • dtCookie
  • dtLatC
  • dtPC
  • dtSa
  • DtValidationCookie
  • rxVisitor
  • rxvt

Dynatrace is only used by your savings bank with activated IP masking. This means that immediately after the cookies are set, the IP address of the user is shortened and the data collected via the cookies is thus anonymized.

The cookies are automatically deleted at the latest at the end of your visit. This is anonymized data to ensure the availability and performance of the application.

The use of Dynatrace is necessary to ensure a fast, stable and secure operation of the websites. The cookies set in this process are absolutely necessary.

The data processed through necessary technical and functional cookies is processed on the basis of Art. 25(2) of the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG).

  • Google Analytics
    Google Analytics is a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), who acts as our data processor in this respect (Art. 28 GDPR).

    Google Analytics uses cookies that allow us to analyse your use of our website. This includes your use of those parts of the website (online banking) for which you are required to log in. Google Analytics cookies track visitor behaviour and conversions (pages visited, links clicked, applications, browser settings). These cookies do not collect any information on the data you provide on forms or other specific contents (e.g. those of a transfer). Google Analytics uses this information on behalf of your Sparkasse to compile reports about the use of this website for the purpose of reach measurement and to create personalised ads.

    If you have a Google account and activated “Personalised advertising”, Google Analytics will enrich these aggregated reports with your demographic data (e.g. age group and gender) and interests (e.g. technology enthusiasts, sport fans, foodies, product affinities) that Google has collected independently (e.g. on other websites).  Google processes information from e.g. your Google account, your searches and ad clicks for its “Personalised advertising”.

    If you have a Google account and have activated “Personalised advertising”, we will also analyse your use of this website with Google Analytics across all of your devices (cross-device tracking). This will allow us to identify you even if the device from which you are making e.g. a purchase on our website is different from the one you might have initially used to click on the advert that initiated the purchase. The reports created for Sparkasse (including cross-device) only contain aggregated data and do not contain data on individual users.

    You can deactivate “Personalised advertising” any time in your Google account.

    If you have a Google account and activated “Web and app activities” on it, you can also view aggregated data on your use of this website and hence manage your data yourself.

    The data generated from your use of this website may also be transferred to and saved on a Google server in the USA. However, part of your IP address will be masked before transmission to Google through the IP Anonymization feature enabled for this website. This means that the transferred data cannot be used to identify you as an individual based on your IP address.

    The Subprocessor Google LLC of our service provider Google Ireland Ltd. is certified under the EU-US Data Privacy Framework (https://ec.europa.eu/commission/presscorner/detail/de/ip_23_3721), which ensures that data processed in the USA is subject to EU-equivalent safeguards.

    The data that is processed through Google Analytics and is linked to cookies is automatically deleted after a maximum of 26 months.

    The legal basis for the processing of the data is your consent in accordance with Art. 6(1) and Art. 1(A) GDPR or Art. 25(1) of the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG).

  • Google Ads
    Google Analytics is a web analytics service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). The responsible data processing body is Google.

    We use Google Ads to enable us to provide you with online ads that are relevant to your interests. Google uses DoubleClick cookies to measure the success of our ad campaigns by collecting data on parameters such as ad display frequency or user clicks. Google provides us with information on e.g. statistical analyses of the frequency at which different adverts with different prices are clicked. However, Google does not provide us with information on the use of ads that would allow us to identify individual users.

    The analyses created with Google Analytics allow us to identify target groups (e.g. for end devices that users have used to visit a specific product page) and provide information on them to Google through Google Ads. These target groups comprise a list of ad IDs (that are also e.g. stored in DoubleClick cookies) that are filtered by specific criteria within Google Analytics. Google uses target groups to make sure that the majority of the product ads shown to you are of relevance to you (because e.g. you already accessed information on those products on our website). Please refer to Google’s privacy policy and Google Ads’ help section for more information on how Google processes your data for adverts.

    The legal basis for the processing of the data is your consent in accordance with Art. 6(1) and Art. 1(A) GDPR or Art. 25(1) of the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG).
  • Adtelligence Platform
    Adtelligence Platform is a software provided by ADTELLIGENCE GmbH, Philosophenplatz 1, 68165 Mannheim, Germany. This software is a solution for personalising website content.

    The system analyses user behaviour and its context during the website’s use. When doing so, data on how a visitor uses the website is collected on the basis of defined categories and, amongst others, assigned to specific target groups by means of cookies. The data and characteristics analysed for this purpose are transmitted to Adtelligence’s system in anonymised form and stored on servers in Germany. The information about this website's use generated during this process is not passed on to any third parties.

    Adtelligence uses the open-source web analytics platform Matomo (formerly “Piwik”) as a self-hosted system to process this data. Matomo also uses cookies that allows us to analyse the use of our website.

    The software is configured in such a way that it will anonymise IP addresses before saving them. This is achieved by masking 2 bytes of the IP address (example:  192.168.xxx.xxx). This means that it will not be possible to identify the end device or individual that is accessing the website.

    The data that is processed through Adtelligence and linked to cookies is automatically deleted after a maximum of 12 months.

    The legal basis for processing this data is Art. 25(1) TTDSG.
  • A/B Testing – abtest
    A/B tests are designed to enhance user-friendliness and the performance of online offers. The tests involve presenting users with e.g. different versions of the same website or website elements such as input forms on which the contents are in different positions or shown with different button labels. Users’ behaviour can then be analysed to assess e.g. which website version they spent more time on or which elements were more frequently used, and consequently to determine which of these websites or elements better meet users needs. These tests only involve collecting, aggregating and storing anonymised user data and information about tested versions. This data can be used to analyse the data for evaluating the test versions in various ways.

    The cookie used to collect this data is deleted after 6 months.

    The legal basis for this application is Art. 25(1) TTDSG. You can withdraw your consent for this cookie at any time under “Update cookie settings”.

3. Sparkassen marketing campaign analyses and measurements

The Sparkassen Finanzgruppe uses analytics and measurement platforms to deliver, analyse and measure the success of national and regional digital advertising campaigns.

After obtaining your consent on a landing page  (sparkasse.de), these analyses are performed with the help of the following platforms

  • intelliAd
    If you click on a Sparkasse advertisement on a third-party website, you will be taken to a landing page with more information on the advertised product. The landing page for all Sparkassen adverts is sparkasse.de, from which users are then forwarded to their local Sparkassen website. sparkasse.de uses the web analytics service from intelliAd Media GmbH, Sendlinger Str. 7, 80331 Munich, Germany, to measure advertising campaigns’ success. You will be asked to consent to the use of the campaign measurement system before you will be able to access the contents pertaining to the advertised product on sparkasse.de. Once you have given your consent, the cookies set by intelliAd can be read out and assigned to specific interactions on sparkasse.de. This data then helps us to manage and optimise our marketing measures. This data cannot be used to identify any persons, because it is only collected on the basis of a cookie ID. The cookie ID, in turn, cannot be linked to an IP address because the IP address will have been anonymised immediately before the intelliAd cookie is set.

    The cookie is deleted after 100 days.

    The legal basis for this application is Art. 25 (1) TTDSG. You can withdraw your consent at any time at http://login.intelliad.de/optout.php. In this case, the cookie “intelliadNoTrack” will be set, which will block user interactions up until the cookie expires. This cookie is deleted after one year.
  • Adform
    If you click on a Sparkasse advertisement on a third-party website, you will be taken to a landing page with more information on the advertised product. The landing page for all Sparkassen adverts is sparkasse.de, from which users are then forwarded to their local Sparkassen website. sparkasse.de uses the web analytics service from Adform A/S Wildersgade 10B, sal. 1 DK-1408 Copenhagen, Denmark, for both advertising delivery as well as campaign measurement. You will be asked to consent to the use of the campaign measurement system before you will be able to access the contents pertaining to the advertised product on sparkasse.de. Once you have given your consent, the cookies set by Adform can be read out and assigned to specific interactions on sparkasse.de. This data then helps us to manage and optimise our marketing measures. This data cannot be used to identify any persons, because it is only collected on the basis of a cookie ID. The cookie ID, in turn, cannot be linked to an IP address because the IP address will have been anonymised immediately before the Adform cookie is set.

    The cookie is deleted after 60 days.

    The legal basis for this application is Art. 25 (1) TTDSG. You can withdraw your consent at any time at  https://site.adform.com/de/privacy-center/platform/widerrufsrecht/. In this case, the opt-out cookie “C” will be set with a value of “3”, which will block user interactions up until the cookie expires. The cookie is deleted after 3650 days.
  • Count server
    In order to establish whether an advertisement on a third-party website has led to a purchase from Sparkasse, sparkasse.de uses a so-called “count server”.

    If you click on a Sparkasse advertisement on a third-party website, you will be taken to a landing page with more information on the advertised product. The landing page for all Sparkassen adverts is sparkasse.de, from which users are then forwarded to their local Sparkassen website. You will be asked to consent to the use of the campaign measurement system before you will be able to access the contents pertaining to the advertised product on sparkasse.de. Once you have given your consent, a “zs_aff” cookie with a random ID will be set that allows us to manage and optimise our marketing measures. This data cannot be used to identify any persons, because it is only collected on the basis of a random ID.

    The cookie is deleted after 30 days.

    The legal basis for this application is Art. 25 (1) TTDSG. You can withdraw your consent for this cookie at any time under “Update cookie settings” on sparkasse.de.

4. Third-party applications

  • YellowMap
    This website uses SmartMaps, a service provided by YellowMap AG, CAS-Weg 1-5, 76131 Karlsruhe, Germany, for displaying maps. This service makes it possible to display interactive maps directly on the website and for users to use these maps. In order to be able to provide the maps, YellowMap will be processing your IP address as well as range of other technical data. The data YellowMap collects will only be used for creating the map and deleted after 10 minutes. YellowMap does not use any cookies.

    For more information on the purpose and scope of the data collected and its processing by YellowMap can be found at https://www.smartmaps.net/datenschutz/.

    This page also contains more information on your rights concerning the above.

    The legal basis for processing your data is Art. 6(1)(1)(b) GDPR.


  • WhatsApp
    Any communications with your Sparkasse conducted through WhatsApp are processed by the technical service provider S-Markt & Mehrwert GmbH & Co. KG, Grenzstraße 21, 06112 Halle, Germany.

    In order to communicate through WhatsApp, users are required to have an existing WhatsApp account.

    As soon as the first message is sent through WhatsApp, your personal data (e.g. first name and surname, phone number, messenger ID, profile picture, messages) will be processed by S-Markt & Mehrwert on the basis of Art. 6(1)(1)(b)(f) GDPR (within the context of customer relations and other enquiries). WhatsApp (WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA) is a US-American service provider owned by Meta (FB), formerly Facebook. Hence, the data you transmit via WhatsApp may first be transmitted to the USA before being forwarded to your Sparkasse.

    Please refer to WhatsApp’s privacy policy at https://www.whatsapp.com/legal/#privacy-policy for more information on how to contact and how your data is processed by WhatsApp itself. Neither your Sparkasse or S-Markt & Mehrwert have any precise information or any influence on the data processed by WhatsApp. If you do not want WhatsApp or Meta (formerly Facebook) to process your data, please refrain from using the services provided by WhatsApp.

    S-Markt & Mehrwert will keep the data processed for this service for a maximum of 90 days. Please refer to https://portal.s-messenger.de/frontend/public/Datenschutzinformation.pdf for information on data protection.
  • Live Chat
    The "Live Chat" feature provided on this website can be used to contact your Sparkasse. The live chat feature is a service provided by talkevent Software GmbH, Carlswerkstr. 13b, 51063 Cologne, Germany, on behalf of your Sparkasse. In order to prevent misuse, the following data is stored when using the chat assistant in addition to the information you enter:

        - IP address
        - Date and time

    The above data and the information exchanged through the chat function are not used for any other purposes.

    The legal basis for processing this data is Arti. 6(1)(1)(b)(f) GDPR. The chat data will be deleted after a maximum of 90 days.
  • Chatbot “Linda”
    You can also use the chat function to ask our chatbot Linda any questions you may have. Linda is operated by Sparkassen-Finanzportal GmbH, Friedrichstraße 50, 10117 Berlin on behalf of your Sparkasse.

     The use of Linda does not require the provision of any personal data and we would like to ask you to refrain from entering any such data. The legal basis for processing this data is Art. 6(1)(1)(b)(f) GDPR. The logs of any chats held with Linda will be deleted after a maximum of 90 days.
  • Newsletter
    On this website, you can also subscribe to your Sparkasse's newsletter, through which it will provide you with information on the latest promotions and news. Your Sparkasse will only send you the newsletter with your consent or where legally permitted. The technical service provider appointed by your Sparkasse to provide this service is Sparkassen-Finanzportal GmbH, Friedrichstraße 50, 10117 Berlin, Germany.

    Subscribing to the newsletter involves a double-opt-in procedure. The first opt-in comprises your confirmation of an activation email sent to the email address you provided after registering. If you fail to confirm your activation email within the period of time set out in the email, your information will be automatically deleted. Your email address will only be saved for the purpose of sending you the newsletter if you confirm the activation email within the specified period of time.

    Your Sparkasse will furthermore store your IP address and the time of registration and confirmation respectively. The reason for this is to retain evidence of your registration and to be able to clarify any potential misuse of your personal data.

    You can opt-out of your email address being used for the distribution of the newsletter, i.e. unsubscribe at any time. The link for unsubscribing can be found at the end of every newsletter.

    The legal basis for processing this data is Art. 6(1)(1)(a)(b) GDPR.

    Sparkasse is constantly working on improving its newsletter service. As part of this, Sparkasse measures and analyses newsletter open and click rates. Open rates provide information on the percentage of newsletter recipients who have actually opened and hence read the newsletter. Click tracking makes it possible to track which and how often the links included in the newsletter are clicked. These analyses can be used to create targeted newsletters with contents that are of actual interest to their recipients.

    The legal basis for processing this data is your consent in accordance with Art. 25(1) TTDSG.

    You can withdraw your consent at any time under the “Manage” tab in the newsletter login section on the website, or the “Edit details” link in the newsletter.

IV. Who receives your data?

Your information will only be shared with third parties insofar as you have consented to this or where we have a legal obligation to do so. In particular such recipients may include:

  • Law enforcement
  • Other Sparkassen Finance Group companies

Our service providers may also receive such data if they meet Sparkasse's special confidentiality requirements. In particular, these may include IT service providers, consulting services and companies in sales and marketing. The appropriate data protection agreements will be arranged with these service providers.

V. When will your data be deleted?

Should the data mentioned in this policy no longer be required for its original purpose, it will be deleted. In the event that the further processing of the data is – temporarily – required for other purposes, this will not apply.

Insofar as the storage period defined for individual services differs from the above, this information will be available in the description for each service.

VI. Will your data be transmitted to third countries or international organisations?

As a rule, the data we collect when you visit this website is not transmitted to international organisations or third countries (states outside the European Economic Area -EEA). For more information on the possible transmission of pseudonymised data by analysis services, please see the section "Analytical cookies".

VII. What are your rights with regard to the processing of your data?

You have the following rights concerning your personal information held by Sparkasse:

  • The right to information
  • The right to rectification or deletion
  • The right to restriction of processing
  • The right to data portability
  • The right to object or to withdraw consent

 

Information about your right to object in accordance with Art. 21 GDPR

 

1. Case-specific right to object

You have the right to object at any time, on grounds relating to your own particular situation, to the processing of your personal data based on Art. 6 para. 1 lit. e) GDPR (processing carried out in the public interest) or Art. 6 para. 1 lit. f) GDPR (data processing necessary for pursuing the legitimate interests of the controller); including profiling based on these provisions as defined by Art. 4 para. 4 GDPR.

Should you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which outweigh your personal interests, rights and freedoms; or where such processing serves in the establishment, exercise or defence of legal claims.

2. Objection to the processing of your data for the purposes of direct marketing by Sparkasse

In individual cases, we process your personal information for the purposes of direct marketing. You have the right to object at any time to the processing of your personal data for such marketing; this includes profiling insofar as it is related to such direct marketing.

Should you object to the processing of your data for direct marketing purposes, we will no longer process your personal data for such purposes.

The objection need not follow a particular form and should be addressed to:

Sparkasse Bad Tölz-Wolfratshausen
Bahnhofplatz 1
83646 Bad Tölz
Deutschland
mail@spktw.de

You also have the right to lodge a complaint with the following supervisory authority regarding the processing of your data:

[Please enter the contact details of the responsible supervisory authority here.]

VIII. Is your data used for automated decision-making or profiling?

The data collected from visits to this website is not used for automated decision making as defined by Art. 22 GDPR.

Updated: December 2021

 Cookie Branding
i