Privacy Policy of Sopra Financial Technology GmbH

Privacy policy

Sopra Financial Technology GmbH, is pleased that you have visited our Internet presence (hereinafter also referred to as “Internet offer”). We are pleased that you are interested and we want to make your stay on our website as pleasant as possible. For us, this includes responsible handling of your data in accordance with the legal requirements in Germany.

Insofar as we referred to the German Data Protection Regulation (DS-GVO) below, you can find more information about this on the following page.

For the processing of your personal data on this website, we are the “responsible party” within the meaning of Art. 4 No. 7 DS-GVO:

You can reach us as follows:

Sopra Financial Technology GmbH
Frankenstraße 146
90461 Nürnberg
Tel: 0911-9291-0
Fax: 0911-9291-2177
E-Mail Adress: [email protected]

You can reach our company data protection officer at:

Sopra Financial Technology GmbH
Data Protection Officer
Frankenstraße 146
90461 Nürnberg
Tel: 0911-9291-2416
Fax: 0911-9291-2177
E-Mail Adress: [email protected]

Privacy notice and revocation

The data protection notice applies to the Internet presence offered by Sopra Financial Technology GmbH. If offers from other providers (“third-party offers”) are accessible from our Internet presence, our data protection notice does not apply to these third-party offers. In this case, we are also not responsible for the processing of your personal data within the scope of such third-party offers within the meaning of Art. 4 No. 7 DS-GVO.

Data protection information for applicants

Please note that separate data protection information applies to our online application process. You can find these in the following document:

Data protection information for applicants


In order to ensure the confidentiality of communication with you, we use a so-called SSL encryption. According to the current state of knowledge, the 256-bit encryption possible with this can be considered secure. This security level is achieved by all browsers of the younger generation. If necessary, you should update the browser on your PC.

The employees of the cooperative financial group of “Sparda” banks and those of Sopra Financial Technology GmbH are obliged to maintain the confidentiality of personal data in accordance with Article 5 (1) (f) and Article 32 (4) of the General Data Protection Regulation (DS-GVO).

The data processing and our technical security precautions are continuously adapted to the current circumstances and requirements and according to the state of the art. Both are subject to review by our internal audit department and the data protection officer.

Contact and communication

On some pages, you can enter the personal data specified there in input fields for the purpose of correspondence with us.

This data will only be processed for this correspondence with you and for the purpose for which you have given us the data in each case in the context of this communication, such as to process your requests or to contact you at your request. In this case, the processing of personal data is carried out with your consent and is then permissible pursuant to Art. 6 para. lit 1 a) DS-GVO. We delete your data in this regard when the purpose for which you provided us with your data has been fulfilled or completed and we are not entitled or obliged to continue storing it for legal reasons.

However, initial contact via e-mail (as shown above) on your part may result in you sending your message to us unencrypted. If you want to encrypt the mail, you can use the registration form on this page.

  1. processing of data with and without personal reference

1.1 Surfing on our website

In principle, you can visit our website without telling us who you are. We will then only learn your IP address, the name of the website accessed or file retrieved and the time of access or retrieval, the amount of data transferred and whether the access or retrieval was successful.

The data is used exclusively for the administration and optimization of the Internet offer.

The IP address can be a personal data, because under certain conditions it is possible to find out the identity of the owner of the used internet access by information of the respective internet provider.

We only evaluate the IP address in the event of attacks on our Internet infrastructure. In this case, we have a legitimate interest within the meaning of Art. 6 (1) f) DS-GVO in processing the IP address. This legitimate interest arises from the need to ward off the attack on the Internet infrastructure, to determine the origin of the attack in order to be able to take criminal and civil action against the person responsible and to effectively prevent further attacks.

The IP address will be deleted if we can exclude that no attack on our Internet infrastructure has occurred from it.

1.2 Use of cookies

Cookies are also used within our Internet offer. Cookies are small data packages that are stored on your computer’s hard drive via the browser. They are used to control the Internet connection during your visit or during a later visit to our web pages and thus make the visit more comfortable.

1.3 Google Maps

Some browsers already allow cookies in the default setting. If you do not want them, you can change the setting of your browser. Please refer to the browser manufacturer’s instructions on how to do this. If you decide not to accept cookies, it may be that parts of our website cannot be used.

An evaluation does not take place and is deleted after the end of the session.

This website uses Google Maps to display maps and to create directions. Google Maps is operated by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

If you use the advanced functions of Google, for example by clicking on the map displayed, you are using a Google service outside our sphere of influence. In this case, the specifications and notes made by Google in this context apply.

On the website accessible at you will find further information on the terms of use (“general terms”), additional terms of use for Google Maps/Google Earth (“additional terms of use for Google Maps/Google Earth”) and the associated privacy statements. In these you will find information about what data is collected for what purpose and what these companies do with this data.

1.4 Retention

Your data will be retained for as long as is necessary for the provision of our services or for as long as retention is required by law or legal obligations.

1.5 Consent

Any further processing of your personal data will only take place if you have given us your consent to do so and we are thus entitled to process your personal data in accordance with Art. 6 Para. lit 1 a) DS-GVO. In some areas of our website, you have the option of giving such explicit consent. In each case, we will inform you of the purpose for which the data will be processed in the event of your consent and how long we will store this personal data.

Other processing based on a legitimate interest

Where necessary, we process your data beyond the actual performance of a contract concluded with you or consent given by you in order to protect legitimate interests of us or third parties, unless a weighing of individual cases shows that your legitimate fundamental rights and freedoms, which require the protection of personal data, prevail (cf. Art. 6 (1) lit f DS-GVO). This may include:

  • Assertion of legal claims and defense in legal disputes;
  • Ensuring IT security and IT operations of the Bank; Prevention and investigation of criminal offences.

2 Your rights as a user of our website

2.1 Every data subject has the right to information according to Art. 15 DS-GVO, the right to correction according to Art. 16 DS-GVO, the right to deletion according to Art. 17 DS-GVO, the right to restriction of processing according to Art. 18 DS-GVO and the right to data portability from Art. 20 DS-GVO. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 DS-GVO in conjunction with § 19 BDSG).

2.1.1 Revocation of consent given

You may revoke any express or implied consent given to us at any time with effect for the future.

2.1.2 Information about your right of objection according to Art. 21 DS-GVO

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) of the DS-GVO (data processing in the public interest) and Article 6(1)(f) of the GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 of the DS-GVO which we use for credit assessment or advertising purposes.

  1. if you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
  2. in individual cases, we process your personal data to conduct direct marketing. You have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling, insofar as it is related to such direct advertising.
  3. if you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made form-free and should preferably be addressed to:

Sopra Financial Technology GmbH
Frankenstraße 146
90461 Nürnberg
Telefon: 0911-9291-2416
Fax: 0911-9291-2177
E-Mail Adresse: [email protected]

2.2 The assertion of all rights mentioned in section 2.1 is generally free of charge for you. However, in the case of manifestly unfounded or – especially in the case of frequent repetition – excessive requests, we may, in accordance with Article 12 (5) of the GDPR, either.

  1. charge an appropriate fee, taking into account the administrative costs of informing or notifying you or implementing the requested measure, or
  2. refuse to act on the request.

2.3 To exercise your rights, please contact our data protection officer mentioned above. You will also be happy to receive further information on data protection there.

Status: August 2019