Privacy Policy of Sopra Financial Technology GmbH

Privacy policy

Sopra Financial Technology GmbH, is pleased that you have visited our Internet presence (hereinafter also referred to as “Internet offer”). We are pleased that you are interested and we want to make your stay on our website as pleasant as possible. For us, this includes responsible handling of your data in accordance with the legal requirements in Germany.

Insofar as we referred to the German Data Protection Regulation (GDPR) below, you can find more information about this on the following page.

For the processing of your personal data on this website, we are the “responsible party” within the meaning of Art. 4 No. 7 GDPR:

You can reach us as follows:

Sopra Financial Technology GmbH
Frankenstraße 146
90461 Nürnberg
Tel: 0911-9291-0
Fax: 0911-9291-2177
E-Mail Adress: [email protected]

You can reach our company data protection officer at:

Sopra Financial Technology GmbH
Data Protection Officer
Frankenstraße 146
90461 Nürnberg
Tel: 0911-9291-0
Fax: 0911-9291-2177
E-Mail Adress: [email protected]

Privacy notice and revocation

The data protection notice applies to the Internet presence offered by Sopra Financial Technology GmbH. If offers from other providers (“third-party offers”) are accessible from our Internet presence, our data protection notice does not apply to these third-party offers. In this case, we are also not responsible for the processing of your personal data within the scope of such third-party offers within the meaning of Art. 4 No. 7 GDPR.

Data protection information for applicants

Please note that separate data protection information applies to our online application process. You can find these in the following document:

Data protection information for applicants


In order to ensure the confidentiality of communication with you, we use a so-called SSL encryption. According to the current state of knowledge, the 256-bit encryption possible with this can be considered secure. This security level is achieved by all browsers of the younger generation. If necessary, you should update the browser on your PC.

The employees of the cooperative financial group of “Sparda” banks and those of Sopra Financial Technology GmbH are obliged to maintain the confidentiality of personal data in accordance with Article 5 (1) (f) and Article 32 (4) of the General Data Protection Regulation (GDPR).

The data processing and our technical security precautions are continuously adapted to the current circumstances and requirements and according to the state of the art. Both are subject to review by our internal audit department and the data protection officer.

Contact and communication

On some pages, you can enter the personal data specified there in input fields for the purpose of correspondence with us.

This data will only be processed for this correspondence with you and for the purpose for which you have given us the data in each case in the context of this communication, such as to process your requests or to contact you at your request. In this case, the processing of personal data is carried out with your consent and is then permissible pursuant to Art. 6 para. lit 1 a) GDPR. We delete your data in this regard when the purpose for which you provided us with your data has been fulfilled or completed and we are not entitled or obliged to continue storing it for legal reasons.

However, initial contact via e-mail (as shown above) on your part may result in you sending your message to us unencrypted. If you want to encrypt the mail, you can use the registration form on this page.

1. Processing of data with and without personal reference

1.1 Surfing on our website

In principle, you can visit our website without telling us who you are. We will then only learn your IP address, the name of the website accessed or file retrieved and the time of access or retrieval, the amount of data transferred and whether the access or retrieval was successful.

The data is used exclusively for the administration and optimization of the Internet offer.

The IP address can be a personal data, because under certain conditions it is possible to find out the identity of the owner of the used internet access by information of the respective internet provider.

We only evaluate the IP address in the event of attacks on our Internet infrastructure. In this case, we have a legitimate interest within the meaning of Art. 6 (1) f) GDPR in processing the IP address. This legitimate interest arises from the need to ward off the attack on the Internet infrastructure, to determine the origin of the attack in order to be able to take criminal and civil action against the person responsible and to effectively prevent further attacks.

The IP address will be deleted if we can exclude that no attack on our Internet infrastructure has occurred from it.

1.2 Use of cookies

Cookies are also used within our Internet offer. Cookies are small data packages that are stored on your computer’s hard drive via the browser. They are used to control the Internet connection during your visit or during a later visit to our web pages and thus make the visit more comfortable.

Some browsers already allow cookies in the default setting. If you do not want them, you can change the setting of your browser. Please refer to the browser manufacturer’s instructions on how to do this. If you decide not to accept cookies, it may be that parts of our website cannot be used.

An evaluation does not take place and is deleted after the end of the session.

1.3 Consent Management

We use a consent banner/consent management service on our website, which is provided by Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich.

 The following personal data is stored as part of this:

– Date and time of the visit
– Browser information
– Information on consents
– Information about the terminal
– IP address of the requesting terminal

The processing of the above data is based on Article 6 (1) (c) GDPR in conjunction with Section 25 (1) TTDSG. The data processing serves the purpose of offering visitors to our website to consent to the use of cookies. The documentation of such consent is necessary and required in accordance with the accountability obligation from Article 5 (2) GDPR in order to ensure the revocation of consent and to control the setting of cookies.

We delete your personal data when they are no longer necessary to achieve the purpose for which they were processed. This is usually the case after three years, starting at the end of the year in which the data was collected.

1.4 Use of Matomo

We use the web analytics service “Matomo”, from the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, on our website. Matomo uses cookies to analyse our website.

When calling up individual pages of our website, the following data is stored:

– Two bytes of the IP address of the calling system of the user
– the web page accessed
– Website from which you accessed our website (referrer URL)
– Subordinate pages that you access on the website
– Duration of your stay on the website
– Time and frequency of access to the website

Matomo provides us with information on how many users have visited the website, which articles are clicked on most frequently and at which point the user leaves particularly often.

The information generated by the cookies is transmitted to a Matomo server and stored there. Your IP address is partially masked during this process so that you remain anonymous to us as a user. The data is not passed on to third parties.

The legal basis for the use of Matomo is your consent according to Art. 6 (1) (a) GDPR in conjunction with. Section 25 (1) TTDSG. The processing of your personal data enables us to analyse your website usage. This enables us to constantly optimise our website offer for you.

The aforementioned personal data will be deleted as soon as they are no longer necessary to achieve the purpose of the processing. In our case, the deletion takes place after you have revoked the consent given or automated 744 days after their collection.

You can revoke your consent to the processing of your data at any time in accordance with Art. 7 GDPR. You can notify us of your revocation at any time in text form to [email protected]. This does not affect the lawfulness of the processing carried out until then on the basis of the consent.

1.5 Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

We use Google Analytics for website analysis, whereby information about your use of our website is collected. By activating IP anonymisation on this website, the IP address is shortened before transmission within the Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The anonymised IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

When using Google Analytics, the following categories of personal data are collected:

– Online identifiers, including cookie identifiers
– IP addresses and device identifiers
– Client identifiers

This data is only collected and stored in pseudonymous form. Google will process the information obtained through cookies in order to evaluate your use of the website, compile reports on website activity for website operators and provide other services relating to website activity and internet usage. In the course of this, personal data will be transferred to the U.S.A.. To ensure an appropriate level of data protection, we have concluded an order processing agreement with Google, which contains standard contractual clauses.

For more information, please see Google’s privacy policy:

The legal basis for the data processing is your consent according to Art. 6 (1) (a) GDPR in conjunction with. Section 25 (1) TTDSG.

We use Google Analytics with cross-device tracking enabled by a unique user ID. This allows us to link interaction data from different devices and sessions to a unique ID and provide more accurate visitor analysis.

The user and event data relevant for the evaluation of website usage have a preset storage period of 14 months and are deleted by us immediately when they are no longer required. In addition, you can independently uninstall the cookies installed by Google Analytics and thus delete the stored data. We explain how this deletion can be carried out via the browser settings in the following point.

You can revoke your consent to data processing at any time in accordance with Art. 7 GDPR. To do so, please contact: [email protected]. The lawfulness of the processing carried out until then on the basis of the consent is not affected by the revocation. In the event of revocation, your personal data will no longer be processed and will be deleted.

You are free to prevent the installation of cookies by setting your browser software accordingly. For this purpose, Google offers a deactivation add-on for the most common browsers, which gives you more control over what data is collected by Google about the websites you visit. The add-on tells the JavaScript (ga.js) of Google Analytics that no information about the website visit should be transmitted to Google Analytics. However, the Google Analytics browser deactivation add-on does not prevent information from being transmitted to us or to other web analytics services we may use. For more information on how to install the respective browser add-on, please click on the following link:

1.6 Retention

Your data will be retained for as long as is necessary for the provision of our services or for as long as retention is required by law or legal obligations.

1.7 Consent

Any further processing of your personal data will only take place if you have given us your consent to do so and we are thus entitled to process your personal data in accordance with Art. 6 Para. lit 1 a) GDPR. In some areas of our website, you have the option of giving such explicit consent. In each case, we will inform you of the purpose for which the data will be processed in the event of your consent and how long we will store this personal data.

1.8 Other processing based on a legitimate interest

Where necessary, we process your data beyond the actual performance of a contract concluded with you or consent given by you in order to protect legitimate interests of us or third parties, unless a weighing of individual cases shows that your legitimate fundamental rights and freedoms, which require the protection of personal data, prevail (cf. Art. 6 (1) lit f GDPR). This may include:

– Assertion of legal claims and defense in legal disputes;
– Ensuring IT security and IT operations of the Bank; Prevention and investigation of criminal offences.

2 Your rights as a user of our website

2.1 Every data subject has the right to information according to Art. 15 GDPR, the right to correction according to Art. 16 GDPR, the right to deletion according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability from Art. 20 GDPR. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

2.1.1 Revocation of consent given

You may revoke any express or implied consent given to us at any time with effect for the future.

2.1.2 Information about your right of objection according to Art. 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) of the GDPR (data processing in the public interest) and Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 of the GDPR which we use for credit assessment or advertising purposes.

1. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
2. In individual cases, we process your personal data to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is related to such direct advertising.
3. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made form-free and should preferably be addressed to:

Sopra Financial Technology GmbH
Frankenstraße 146
90461 Nürnberg
Telefon: 0911-9291-0
Fax: 0911-9291-2177
E-Mail Adresse: [email protected]

2.2 The assertion of all rights mentioned in section 2.1 is generally free of charge for you. However, in the case of manifestly unfounded or – especially in the case of frequent repetition – excessive requests, we may, in accordance with Article 12 (5) of the GDPR, either

1. charge an appropriate fee, taking into account the administrative costs of informing or notifying you or implementing the requested measure, or
2. refuse to act on the request.

2.3 To exercise your rights, please contact our data protection officer mentioned above. You will also be happy to receive further information on data protection there.

Status: May 2023