Privacy policy for the BBVA website www.bbva.de/en/

This privacy policy describes how Banco Bilbao Vizcaya Argentaria, SA, Germany branch ("BBVA", "we", "us", "our") processes personal data collected from users and visitors (collectively, "the User" or "Users") of the website www.bbva.de/en/ (the "Website") in accordance with the General Data Protection Regulation, Regulation (EU) 2016/679 ("GDPR"). They complement the data protection information for customers and the Cookie Policy of BBVA.

The purpose of this privacy notice is to inform you about how we process the personal data that you provide to us or that we collect through our website – ie collect, manage and use – and which cookies we use (for more information about cookies, see the Cookie Policy the BBVA.

If you purchase products or services from BBVA through the website, you will find further information about the processing of your personal data in the context of providing our products and services in the Customer Privacy Notice.

Please check this privacy policy regularly as it may be subject to change.

Banco Bilbao Vizcaya Argentaria, S.A., German branch (“BBVA”), with registered office at Neue Mainzer Strasse 28, 60311 Frankfurt am Main (Germany). Email: kundenservice@bbva.de.

 

You can contact the BBVA Data Protection Officer (DPO) at the following email address: datenschutz@bbva.de.

This data comes from information you have provided to us directly, as well as from data we have collected or generated about you.

Certain technical data and device information are required for the website to be displayed and technically operated. The provision of this data is mandatory. Without this data, the website cannot be displayed and function properly.

In connection with your use of the website, BBVA may process the following personal data. Some of the following personal data is necessary for the performance or execution of the contract with you or to comply with legal obligations. In this case, we may not be able to offer you our products and services, or only to a limited extent, without the provision of your personal data.

• Access to the private area of the website: In order to manage access to the private area of the website through identification and authentication measures, the processing of personal data is necessary for the performance of the contract with you (Article 6 paragraph 1 lit. b GDPR).
• Management of products and services: In order to manage the products and services that you have requested or commissioned from BBVA, processing is necessary for the performance of the contract with you (Article 6 paragraph 1 lit. b GDPR).
• Fraud prevention: Fraud prevention, including processing to detect malicious code (malware) to prevent banking fraud. The legal basis is the legitimate interests of BBVA (Article 6 paragraph 1 lit. f) GDPR).
• To ensure operation and implement additional security layers to prevent fraud and protect users, information may also be collected to analyze the risk profile of a session when providing services and features of the website. This analysis is based on various parameters such as device ID, device-specific risk data, geographic location information and speed checks. This data is compared in real time with other sources, including recent malware infections and phishing incidents. This allows fraudulent access attempts to be detected and cases of device impersonation attacks or the use of compromised credentials to be identified. Information from interactions with mobile applications can also be collected to create a trust/risk assessment for the session. This is based on several parameters such as device identification, device data, previously compromised credentials, location data, and speed checks for web and mobile interactions.
• All of this is used to detect potential anomalies in the user's interaction with the bank. Based on this information, alerts and recommendations can be generated that allow measures to be taken to minimize the risk of fraud in a particular transaction. The measures therefore serve BBVA’s legitimate interest in preventing fraud and ensuring data and IT security.
• Functionalities of the website: To administer the features of the Website that may be available on the Website from time to time, as described in the Terms of Use. The legal basis is the legitimate interests of BBVA (Article 6 paragraph 1 lit. f) GDPR) or the provision of the website service (only if absolutely necessary, e.g. for the proper display of the website) (Article 6 paragraph 1 lit. b) GDPR).
• Cookies on our website The processing of data to manage your navigation on the website in accordance with the Cookie Policy. However, with regard to technically unnecessary cookies, only if consent has been given (Article 6, paragraph 1 lit. a) GDPR).

 

BBVA processes technical data and device data via the website, such as the date and time of access, the IP address of the accessing computer, pages visited on our website, information about the browser type and version used, and the so-called User agents.

In addition, BBVA processes identification details such as access codes or passwords that are necessary for the use and management of remote access channels within the framework of your business relationship with BBVA.

Through the data collection forms, BBVA may request the user's consent to contact them by post, email, SMS or other equivalent electronic communication means in order to send commercial communications about its own and/or third-party products indicated in the form itself.

If at any time the user no longer wishes to receive such communications, he may withdraw his consent by sending a message to the following email address kundenservice@bbva.de or send to BBVA Germany customer service: Neue Mainzer Strasse 28, 60311 Frankfurt am Main (Germany). In any case, the user may also withdraw their consent through the specific link included in the commercial communications that they receive.

Darüber hinaus unterliegt die BBVA verschiedenen Aufbewahrungs- und Dokumentationspflichten, die sich unter anderem aus dem Handelsgesetzbuch (HGB), der Abgabenordnung (AO), dem Kreditwesengesetz (KWG), dem Geldwäschegesetz (GwG) und dem Wertpapierhandelsgesetz (WpHG) ergeben. The periods for storage and/or Documentation is two to ten years.

Finally, the storage period also depends on the statutory limitation periods, which, for example, are set out in Sections 195 et seq. of the German Civil Code (BGB) is usually three years, but in certain cases can be up to thirty years.

Technical data collected through the website for security and operational purposes will be retained for a maximum period of 48 hours, unless a longer period is required to investigate a specific security incident. This retention period is in line with BBVA's data minimization and cybersecurity protocols. After these periods, we will delete your personal data.

Users can Cookie Policy BBVA to find out which third parties receive your personal data through the website's cookies.

We will also share your personal data with companies outside the European Union that provide services to BBVA. Such transfers are based on one of the following data transfer guarantees: (i) to countries with a level of data protection equivalent to that of the European Union (adequacy decisions adopted by the European Commission); (ii) by entering into standard contractual clauses adopted by the European Commission; or (iii) through other certification mechanisms. For further information, you can contact the BBVA Data Protection Officer by writing to the following email address: datenschutz@bbva.de.

The website may contain links to other websites. Please note that BBVA is not responsible for the confidentiality and processing of personal data by other websites. This privacy policy applies exclusively to information collected on the BBVA website.

We encourage users to read the privacy policies of other websites that you access via links on this website or that you visit in any other way. For more information on linking policies, please see our legal notice here.

Users have the following data protection rights:

Users also have the right to withdraw their consent at any time with future effect, without affecting the legality of the processing up to the point of withdrawal of consent. The user can also send his revocation to the email address datenschutz@bbva.de or write to BBVA Germany’s customer service: Neue Mainzer Strasse 28, 60311 Frankfurt am Main (Germany).

Last updated: May 2025

Note:
The current version of the Privacy Policy can be found here.