BaFin - Navigation & Service

Go to:

Erscheinung:25.05.2018, Stand:updated on 31.03.2024 | Topic Compliance Information on data processing at the Contact Point for Whistleblowers

The Federal Financial Supervisory Authority (Bundesanstalt für FinanzdienstleistungsaufsichtBaFin) processes personal data to meet its legal and (pre-)contractual obligations. This also includes data which BaFin collected from you. To promote your awareness regarding data processing and your rights as well as to comply with our duty to provide information in accordance with Article 13 and Article 14 of the EU General Data Protection Regulation (GDPR), BaFin informs you as follows:

1. Contact details for BaFin and BaFin’s Data Protection Officer

Bundesanstalt für Finanzdienstleistungsaufsicht
Graurheindorfer Str. 108
53117 Bonn
Postfach 1253
53002 Bonn
Phone: +49 (0)228 / 4108 – 0
Fax: +49 (0)228 / 4108 – 1550
E-Mail: [email protected] oder De-Mail: [email protected]

BaFin’s Data Protection Officer can be reached at: [email protected]

2. Purpose of processing

Processing information on actual or potential violations of supervisory provisions with the goal of disclosing misconduct on behalf of individuals or enterprises within the financial sector and mitigating or correcting the negative consequences of such misconduct.

3. Legal basis for the collection of data

Section 4d (2) of the German Act Establishing the Federal Financial Supervisory Authority (Finanzdienstleistungsaufsichtsgesetz – FinDAG) in conjunction with section 3 of the German Federal Data Protection Act (BundesdatenschutzgesetzBDSG)

4. Categories of processed personal data

The personal data held about you consist of the name and contact details of the whistleblower or a person incriminated by the whistleblower.

5. Intention to transfer the personal data to recipients in a third country or to an international organisation

BaFin does not intend to transfer your data to a recipient in a third country (non-EU member states and countries outside the European Economic Area) or to an international organisation.

6. Recipient of data

For the purpose of verification, documentation and for additional investigations, information may be transmitted to the competent divisions at BaFin or to the ECB within the framework of the Single Supervisory Mechanism (SSM). To protect the whistleblowers, such transmission, insofar as is possible, will be made in anonymised form.

7. Time period for storing your data

3 years

8. Your rights as a data subject

In principle, as a data subject, you have the rights of access to personal data (Article 15 of the GDPR), the right to rectification (Article 16 of the GDPR), erasure (Article 17 of the GDPR) and restriction of processing (Article 18 of the GDPR), the right to data portability (Article 20 of the GDPR) and the right to object to the processing (Article 21 of the GDPR). Moreover, you have a right to lodge a complaint with the data protection authority competent for BaFin, i.e. the Federal Commissioner for Data Protection and Freedom of Information (Bundesbeauftragte(r) für den Datenschutz und die Informationsfreiheit).

9. Automated individual decision-making, including profiling

There is no automated individual decision-making.

10. Source of personal data

Whistleblower. In principle, this data source is not generally accessible.

Did you find this article helpful?

We appreciate your feedback

Your feedback helps us to continuously improve the website and to keep it up to date. If you have any questions and would like us to contact you, please use our contact form. Please send any disclosures about actual or suspected violations of supervisory provisions to our contact point for whistleblowers.

We appreciate your feedback

* Mandatory field