We at TARGOBANK summarise how we process your personal data as well as your rights as a TARGOBANK customer under data protection law in our customer privacy policy available at www.targobank.de/datenschutz.

Our privacy policy will give you the information you need on how our apps handle your data when you use the app.

The data controller according to the General Data Protection Regulation (GDPR) and German Telemedia Act is TARGOBANK AG, PO Box 210453, 47026 Duisburg; hereinafter referred to as “we,” “us” or “TARGOBANK”. You may contact this address at any time if you wish to query, change, or delete your stored data. Contact details of the data privacy officer:

TARGOBANK AG
Datenschutz
Postfach 21 04 53
47026 Duisburg

You may also contact our data protection officer using our general contact details at TARGOBANK.

We will collect and process several types of personal data when you use one of our apps. The personal data that we collect and process depends on the range of features of the respective app towards fulfilling the following purposes:

Identification data

We will collect and process your first and family name, username, password, personal T-PIN, home address and contact information the first time you store access data for our apps, each time you log in to the apps in regular use, and in managing your personal data and login information using the apps. Our apps will also store your username for the respective app if you wish. You may delete the username you have saved at any time.

Biometric data

Our apps support the biometric unlock feature provided by your device, such as fingerprint or face recognition, to log you in if you have activated the biometric login option in the app. In this case, your login password will be stored in encrypted form on your device. The app will not transfer the biometric feature that you have selected, such as your fingerprint, to TARGOBANK. Biometric login requires iOS 9 or Android 6.0 or later.

Geolocation data

Our apps will process geolocation data to display branches, cash machines and other cash services near your current location on an interactive map and help you navigate there. Your geolocation data will only be collected on your consent and depending on the geolocation system you use. We will not store or retain your geolocation data.

Application data

The app stores app data to optimise usability. The data will include the application version used, your preferred settings, easyTAN registration as applicable, and your selected login method (password or biometric).

Technical specifications

• ... for the easyTAN mobile authentication tool confirmation by phone (referred to as “easyTAN”)
  Our apps require easyTAN authentication tool registration as an additional security feature. You will not be able to use the apps without registering for easyTAN or after deregistering from it. We will save the following information in particular when you register for our easyTAN authentication tool: Your mobile device’s IMEI and device ID.
• ... for transferring bug reports
  Our apps transmit data for troubleshooting and debugging. This means that we will be sent error reports if the app crashes or encounters a technical error. Our development department analyses the bug reports for the next app update with bug fixes as soon as possible to ensure the app’s stability and quality.The app will transmit the following information on crashing or encountering a technical error: operating system version used, app version number and name, and type as well as technical specifications of the mobile device used. Whether you were logged in when the app crashed or encountered an error will also be transmitted to us.Technical errors include changes to the operating system (known as rooting or jailbreaking, see above), network errors, errors related to the use of biometric unlock or login on the mobile device such as fingerprint or face recognition hardware, and issues activating and using easyTAN.
• ... for checking and implementing security measures
  Operating system name and version, mobile device model, CPU, language setting, mobile device reliability – that is, verifying whether the device has been rooted or jailbroken.

Data from using certain features

• ... Using the app to arrange an appointment
  We will collect the following information for organising and preparing your appointment at one of our branches or for home consultation: The information you have given us for the consultation, place, date and time of consultation, your personal data (customer number, first and family name, street address, postcode, city), your contact details (e-mail address, phone number), and any other information you have entered in the “Comment” field.
• ... Messages to TARGOBANK
  The app will send any messages to TARGOBANK you send using the message mailbox with your customer number, alongside the reason for your message and your individual message text for us to respond to your message.
• ... Digital budget planner
  If you have registered for our digital budget planner, we will process your account turnover data, information you have entered into your budget planner and your settings for categorisation into discrete income and expenditure categories as well as data analysis to present appropriate individual products and services from TARGOBANK; we will also refer back to this data in selected consultation processes. You may unsubscribe from the digital budget planner at any time.

Our apps use analytics tools to gather statistical data on how our apps are being used towards optimising the user experience and recording usage behaviour (referred to in the following as “user tracking”).

Given your consent, we use Firebase and Google Analytics services from Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland (Google). Firebase only serves as an intermediate step in accessing data collected by Google Analytics. User tracking involves collecting online identifiers (including cookie identifiers), IP addresses, device IDs, customer-assigned identifiers, app events such as clicks and page views, and user properties. User properties include device IDs and version numbers.

User tracking also involves IP address masking (anonymizeIp). The anonymizeIp function deletes the last octet in your IP address, thus rendering it anonymous, before its transmission to locations outside the EU or EEA. This prevents your IP address from being allocated to any individual Internet connection. We maintain a third-party data processing agreement with Google to evaluate app use and create reports on app activity in user tracking. We are the only recipients of these analyses and reports, which only we will ever use. The truncated and transmitted IP address will not be merged with any other data stored by Google.

Our websites may use user tracking, given your consent. We create usage behaviour statistics across different devices and browsers by merging app and web data.

You may alter your consent to user tracking at any time within our apps. If you wish to do so, simply activate or deactivate the “App user tracking” option in the app settings. Our apps will no longer send the corresponding data to us after you deactivate user tracking.

Legal basis for processing: GDPR Art. 6 (1) (a).

Depending on scope, our apps use Google reCAPTCHA for data security to protect personalised customer content access, such as online banking, against automated access from bots and similar.

Google reCAPTCHA is a service provided by Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

This service allows Google to determine the referring website a request has been sent from along with the IP address containing the reCAPTCHA input field. Apart from the IP address, Google may also collect other information as necessary to provide this service, which may include:

• The browser’s language setting
• Display and window resolution
• Time zone
• Installed browser plug-ins

Legal basis for data processing: GDPR Art. 6 (1) (a). This legally justifies data processing if you have given your consent to your personal data being processed for one or more specific purposes. You may give your consent before using the Google reCAPTCHA service. You may also revoke your consent at any time in the respective app’s settings.

Our vested interest in using Google reCAPTCHA lies in securing our website and customers against automated access attempts from unauthorised parties. Google checks whether it has already stored a cookie in the user's browser when using reCAPTCHA. If not, Google stores the cookie. Google creates a user “fingerprint” for reCAPTCHA that other sites will also use. This allows Google to determine whether the user is a real person or a bot.

Note that you will not be able to use the Google reCAPTCHA service if you deactivate JavaScript.

Google provides additional details on how it uses your user data at https://policies.google.com/privacy.

See also https://policies.google.com/privacy/frameworks for more information on the legal framework applicable to data transfers.

Our apps use “webviews” to display web pages in apps. Pages displaying legal disclosures and phone number summaries are integrated into webviews. Only TARGOBANK's own web pages are displayed as webviews. User tracking only logs page accesses in webviews. Disabling user tracking in the app settings will also deactivate user tracking in webviews.

Apart from that, we link our apps to websites that will open in a browser on your device. In this case, see our privacy policy for website visitors and separate cookie information from TARGOBANK. With one exception – our user survey – we only link to our own TARGOBANK websites such as our form centre and newsletter.

Location data

We need access to your device’s location. We will determine your current location using a geolocation service such as GPS in a request to show you branches or cash machines in your immediate vicinity. Your location information will only be used to process this request. Your location data will be transmitted using an encrypted connection. The app will not store your location data after completing your request, nor will it transmit the data to us at any time.

Device ID, caller ID

Your device’s information will be transmitted to our server and stored as required for using the easyTAN process when you register.

Push messages

You will need to allow this to use easyTAN. You will receive a push message from the respective app on your mobile device to confirm transactions, such as bank transfer, using a personal release code.

Camera

You will need to allow access to the camera for the respective feature in one of our apps to scan bank transfer slips, invoices, or documents.

Photos, media, and files

You will need to allow access to photos, media, and files fo temporary storage of data generated using Google Maps in branch and ATM locators on an Android device. The app will not store any data permanently or send personal files to us.

Network permissions

You will need an Internet or network connection to use our apps.