Information on data processing.

We hereby provide you with information on the processing of your personal data and the claims and rights you have under data protection legislation. Content and scope of data processing are determined largely by the products and services requested by and/or agreed with you.

Data protection at Gutmann

You have questions?

  • Bank Gutmann Aktiengesellschaft
    1010 Wien, Schwarzenbergplatz 16
    Tel.:+43-1-502 20-0,
    Our Data Protection Officer is available at:

  • We process personal data that we receive from you in the course of our business relations with you. In addition, we process data that we have legally acquired from public sources (e.g. companies register, the associations register, land register).

    Personal data include your personal details (e.g. name, address, contact details, date and place of birth, nationality), legitimation data (e.g. ID data) and authentication data (e.g. specimen signature). Also included may be order data (e.g. payment orders), data resulting from the performance of our contractual obligations (e.g. data on payment transactions), documentation data (e.g. records of advisory sessions), images and audio data (e.g. video and telephone recordings), data on client relationship management (e.g. special interests), information resulting from your electronic communication with the Bank (e.g. cookies), processing results generated by the Bank itself as well as data needed for compliance with legal and regulatory requirements.

  • We process your personal data in conformity with the rules of the EU’s General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (Datenschutzgesetz 2018)

    for the performance of a contract:
    - Personal data are processed for the purpose of executing banking transactions and providing financial services, including in particular the performance of agreements we have entered into with you and the execution of your orders as well as all activities required in the operation and administration of a credit and financial institution.
    - The purposes of data processing are determined primarily by the product concerned (e.g. account, loan, securities, deposits) and may include analyses of needs, advice, asset management services as well as the execution of transactions
    - For concrete details concerning the purposes of data processing please refer to applicable contractual documents and the General Terms and Conditions.

    to comply with legal obligations
    - Personal data may need to be processed to comply with a variety of legal obligations (e.g. under the Banking Act (Bankwesengesetz), the Financial Markets Anti-Money-Laundering Act (Finanzmarkt-Geldwäsche-Gesetz), the Securities Supervision Act (Wertpapieraufsichtsgesetz 2018), the Stock Exchange Act (Börsegesetz 2018), etc.) as well as supervisory requirements (e.g. European Banking Authority, Austrian Financial Market Authority (Finanzmarktaufsicht), etc.) which the Bank as an Austrian credit institution is subject to.

    Examples of such cases:
    - Recordings of telephone conversations and electronic communication concerning securities transactions pursuant to the Securities Supervision Act 2018;
    - Establishment of identity, monitoring of transactions, reports to the Financial Intelligence Unit in cases of suspected irregularities in accordance with the provisions of the Financial Markets Anti-Money-Laundering Act;
    - Monitoring of transactions to verify compliance with rules on market abuse, provision of information to FMA (the Austrian Financial Markets Authority), under the Securities Supervision Act 2018 and Stock Exchange Act 2018;
    - Provision of information to federal fiscal authorities under the Accounts Register and Account Inspection Act (Kontenregister- und Konteneinschaugesetz).

    to pursue legitimate interests:
    - Data may be processed to the extent required, beyond the scope needed for the performance of an agreement, to pursue our legitimate interests or those of third parties after careful assessment of such interests. In the following cases, data are processed to pursue legitimate interests: Review and optimisation of procedures for needs analysis and direct approach to clients; Business management activities and the continuing development of services and products; Telephone recordings (e.g. in cases of complaints); Measures to protect the Bank’s employees, clients and assets (e.g. video surveillance) and in the course of legal action.

    with your consent:
    - In addition, if you have consented to the processing of your personal data, such processing will be limited to the purposes named in the declaration of consent and the scope agreed therein. Any 
    consent given may be withdrawn at any time with effect for the future (e.g. you may object to the processing of your personal data for marketing and promotional purposes if you no longer wish such processing to take place in the future

  • Within the Gutmann Group, your data will go to those undertakings, entities and employees that require your data for performing contractual, legal and supervisory duties and protecting legitimate 
    interests. In addition, contractors (especially IT and back-office service providers) will receive your data if they need the data to perform their respective services. All processors are contractually bound to treat your data confidentially and to process them only within the scope of the services rendered by them.

    In the case of legal or supervisory obligations, public bodies and institutions (e.g. European Banking Authority, Austrian Financial Market Authority, fiscal authorities, etc.) may be recipients of your personal data.

    To meet contractual obligations or conform to legal regulations, personal data may be passed on to third parties (e.g. the payee of a credit transfer and their payment service provider).

  • We process your personal data, as far as required, for the whole duration of the entire business relationship (from initiation to the performance and the termination of an agreement) and, beyond that, in accordance with statutory retention and documentation obligations set out, for example, in the Companies Code (Unternehmensgesetzbuch), the Federal Fiscal Code (Bundesabgabenordnung), the Banking Act, the Financial Markets Anti-Money-Laundering Act and the Securities Supervision Act 2018. Data storage is moreover subject to statutory limitation periods, e.g. under the Austrian General Civil Code (Allgemeines Bürgerliches Gesetzbuch), and may in certain cases last up to 30 years (the most common limitation period is 3 years).

  • As a matter of principle, you have a right to access, rectification, erasure or restriction of processing of your stored data, the right to object to data processing and a right to data portability in accordance 
    with the provisions of data protection law. Complaints can be addressed to the Austrian Data Protection Authority at

  • Within the scope of the business relationship you have to provide those personal data that are required for starting and maintaining the business relationship and that we are required by law to collect. If you do not make these data available to us, we will, as a rule, have to decline entering into the agreement or executing the agreement or will no longer be able to execute an existing agreement and will consequently have to terminate it. You are not obliged, however, to give your consent to data 
    processing in respect of data that are not relevant to the performance of the agreement or are not required by law and/or regulations

  • Our website uses several cookies. Cookies are small text files that are created by a website on a visitor’s device and may contain both personal and non-personal data.

    You may configure your web browser in such a way that it refuses to accept specific or all cookies.
    Please note, however, that in such a case you may not be able to use all the features of our website to the full.

    The website uses Piwik, i.e. open-source software for the statistical analysis of user access. For this purpose, a cookie is placed. The information it generates on the use of is stored at our server in Vienna, Austria. The IP address is anonymised 
    immediately after processing and prior to storage.

    The website includes YouTube videos that require a cookie. The responsibility for data collection and processing in this regard rests with YouTube. The website uses a so-called session cookie to keep your session going after
    successful log-in.

    Online Reporting uses a cookie to store your preferred language and the securities account last called up by you.

  • Every access to contents of our website is logging. We store these access data for operational purposes, for IT security purposes, for error analyses and usage statistics. We also record each visitor’s IP address and port, your browser’s user agent string, date and time of access, name of the file requested, the data volume transmitted, a referrer URL, if available, and (after successful log-in), your log-in name.

    In addition, Online Reporting records all successful and failed log-in attempts along with all parameters of your visit, such as account numbers and securities account numbers accessed