Bank Melli Iran, Hamburg, Holzbrücke 2, 20459 Hamburg is the controller in terms of GDPR (General Data Protection Regulation) for the processing of your personal data. The Bank is aware of the significance of the personal data entrusted to it.
In order to create and maintain a sound basis for a trustful business relationship with our customers and business partners, we implement the standards of the EU General Data Protection Regulations (GDPR) and other legal requirements.
In the context of meeting the needs of our clients, personal data is collected, processed and used solely for this purpose.
Personal data includes information referring to identified or identifiable natural persons (hereinafter referred to as "data").
We process data pertaining to your person in the lawfully admissible extent, particularly in consideration of the principle of data minimisation. This particularly concerns the following information:
Personal data you provide to us:
Your name, your contact data including your address, email address and telephone numbers, your nationality, your account information. In addition, we process audio-visual data, such as information from the video legitimation process or recordings of your phone calls at monetary and foreign exchange trades.
Personal data we collect at third parties:
In the course of the initiation of an agreement and application verification, we shall also revert to data provided to us by third parties. For example, these may include the records from certain credit agencies, authorised dealers of Bank Melli Iran, Hamburg as well as other third parties.
In this context, we process particularly the following categories of personal data:
Information regarding your creditworthiness, at credit agencies for example impairments of performance in other agreements;
Information entered by other banks about you at credit agencies, for example regarding other banking relationships;
We receive certain information from credit agencies with respect to known peculiarities to prevent criminal acts in terms of the Credit System Act. These shall be considered in the course of the credit decision process;
Information regarding your address in the context of address matching with the Deutsche Post to update postal addresses (for example, this concerns addresses you have provided to Deutsche Post in the context of a redirection order and to the transfer of which you have agreed).
Information from publically accessible sources, if these are necessary for the provision of our services. This takes into account, e.g., Land Registers, debtor records or commercial and association registers.
In the process, we restrict the data collection, processing and usage to a minimum and principally avoid the collection and processing of special categories of personal data.
Special categories of personal data include data which reveal your race and ethnic origin, political views, religious or philosophical convictions or your union association, etc. If, notwithstanding, we collect or otherwise process special categories of personal data in individual cases for the fulfilment of the purposes specified below, for example your religious confession for tax reasons, we shall always process them in accordance with the statutory requirements and the specifications of this data protection information.
Lawfulness of data processing
We shall only process your data if permitted by an applicable statutory provision. We shall particularly process your data based on Articles 6 and 9 GDPR as well as based on consents according to Article 7 GDPR. In the process, we shall also base the processing of your data on the following legal bases (not a complete or conclusive list of legal bases, but merely examples to render the legal bases more transparent)
Consent (Article 6 (1) S. 1 lit. a), Article 7 GDPR, and/or Article 9 (2) lit. a), Article 7 GDPR): We shall process certain data only based on your previously granted explicit and voluntary consent. You are entitled to revoke your consent effective for the future at any time.
Fulfilment of an agreement / pre-contractual measures (Article 6 (1) S. 1 lit. b) GDPR): we require access to certain data to prepare / execute your agreement with the Bank Melli Iran, Hamburg.
To comply with legal obligations (Article 6 (1) S. 1 lit. c) GDPR): Bank Melli Iran, Hamburg is subject to a number of statutory obligations. We have to process certain data to comply with these obligations.
Preserving legitimate interests (Article 6 (1) S. 1 lit. f) GDPR): The bank shall process certain data to preserve your interests or those of third parties. However, this only applies if your interests do not prevail in individual cases.
How the personal data is protected:
In order to protect the confidentiality of the data, we avail ourselves of applications with a high security standard. Bank secrecy as well as the confidentiality of the data remains preserved in the process.
We shall process your personal data in accordance with the requirements for the security of processing based on Article 32 GDPR. Therefore, we trust in the comprehensive technical and organisational security measures which comply with the internationally recognised IT standards and which are constantly monitored. Thus, we ensure that your data is appropriately protected against unlawful use or any other form of unauthorised data processing at any time.
Data transmission to third parties
The data is not transmitted to external third parties unless the collection occurs e.g. to fulfil a customer order and/or for the execution of payments, if the recipient of the payment conducts his account in a third country (outside of the EU).
When transmitting your data, we shall always take suitable steps to ensure that your data is processed, protected and transmitted in accordance with the applicable statutory specifications.
The data exchange with our Head Office (Bank Melli Iran - Teheran) in Iran occurs upon request, if it is used for own purposes.
With respect to enquiries from Iranian courts via our head office, only those data are transmitted which are available in public registers/credit agencies or in the context of bank information for corporate clients. Data such as statements of account, credit agreements etc. are only transmitted in terms of bank secrecy § 9 KWG (Credit System Act) if they are required to assert legal claims of our head office or its dependent branch offices.
Retention periods
The legislator has issued a variety of retention obligations and deadlines. Upon expiration of these deadlines, the respective data is routinely erased if they are no longer required e.g. for the fulfilment of the agreement (e.g. current or credit agreement).
In line with Article 17 GDPR, the collected personal data is only stored until the purpose for which they were entrusted to us has been fulfilled. If your personal data is no longer correct, we shall rectify it accordingly upon respective instructions from you. Upon your request, your data shall be erased or deactivated immediately, unless this request is opposed by statutory or contractual retention periods.
If desired, you receive information regarding all your personal data stored by us.
Data transmission to SCHUFA
In the context of this contractual relationship, Bank Melli Iran transmits data regarding non-contractual or fraudulent conduct to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden. The data exchange with SCHUFA also serves the fulfilment of statutory obligations for the execution of credit-worthiness checks of customers (§ 505a of the German Civil Code (BGB), § 18a of the KWG (Credit System Act)).
SCHUFA processes the received data and uses it also for the purpose of scoring to provide its contractual partners in the European economic area and in Switzerland as well as other third countries, if applicable (if a decision regarding appropriateness has been passed by the European Commission in terms of these countries) with information, among other to assess the creditworthiness of natural persons. Further information regarding the tasks of SCHUFA is available in the SCHUFA-information leaflet according to Article 14 GDPR or online at: www.schufa.de/datenschutz.
Rights of data subjects
According to GDPR, as a data subject, you are entitled to the following rights with respect to Bank Melli Iran, Hamburg:
Right to access of information (Article 15 GDPR): You can demand from us information on all your personal data stored by us at any time. Among other, this information concerns the data categories processed by us, the purposes for which they are processed, the origin of the data if it was not collected directly from you and, if applicable, the recipients to whom we have transmitted the data. You may receive a free-of-charge copy of your data which is subject to the agreement. If you are interested in further copies, we reserve the right to invoice you for the further copies.
Right to rectification (Article 16 GDPR): You can demand that we rectify your data. We shall take appropriate measures to keep your data, which we retain and regularly process, correct, complete, up to date and relevant, based on the most current information provided to us.
Right to erasure (Article 17 GDPR): You can demand that we erase your data if the statutory prerequisites exist. According to Article 17 GDPR, this can be the case if the data is no longer required for the purposes for which they were collected or otherwise processed; if you have revoked your consent, which is the basis of data processing and if there is no other legal basis for processing; if you object to the processing of your data and if there are no prevailing justified reasons for the processing or if you object to the data processing for the purpose of direct advertising; if the data was processed unlawfully; if the processing is not necessary to ensure compliance with a statutory obligation which requires us to process your data, particularly in view of statutory retention periods; to assert, exercise or defend your legal claims.
Right to restriction of processing (Article 18 GDPR): You can demand from us the restriction of the processing of your data if you contest the correctness of the data, namely for the period we require to verify the correctness of the data; if the processing is unlawful and if you reject the erasure of your data and instead demand restricted usage; if we no longer require your data, but you need them to assert, exercise or defend legal claims; if you have raised objection to the processing as long as it has not been determined whether our justified reasons prevail.
Right to data portability (Article 20 GDPR): Upon your application, we shall provide your data in portable shape so that you can transmit it to another controller (i.e. another bank). However, you are only entitled to this right if the data processing is based on your consent or is required to execute an agreement.
Right to object (Article 21 GDPR):
You have the right to object to the processing of your data at any time for reasons arising from your special situation if the processing of data is based on your consent or our justified interests or those of a third party. In this case, we shall no longer process your data. The latter does not apply if we can demonstrate compelling legitimate reasons for the processing which outweigh your interests or if we require your data to assert, exercise or defend legal claims.
Deadlines to comply with the rights of the data subject
We principally endeavour to comply with your enquiries within 30 days. However, this deadline may be extended for reasons pertaining to the specific rights of the data subject or the complexity of your request.
If we are not able to provide you with information regarding all of your data in certain situations due to statutory requirements and if we reject your request for information, you shall be informed of the reasons of the rejection at the same time.
Cookies and web analytics
We do not use cookies or Google Analytics or similar tracking and web analytics tools.
Changes
We shall inform you in due time in the event of significant changes to the type and manner of the processing of your data.
Please do not hesitate to contact us if you are not satisfied with the data protection measures specified here or if you have further questions regarding the collection, processing and/or usage of your personal data.
You are also welcome to contact our controller directly at the following email address: dsb@bankmelli.de
Bank Melli Iran, Hamburg
Version: May 2018
TEL.: 040 36 000 270
dsb@bankmelli.de
The Common Reporting Standard (CRS) is u uniform reporting standard initialized by the OECD which focuses on financial accounts of persons with foreign tax residence. Its aim is to encourage tax compliance in cross-border cases by means of the autmatic intergovernmental exchange of tax-relevant (personal and) account data.
More than 50 nations, among them Germany, have started the implementation on January 1, 2016.
CRS was implemented in Germany by the Law on the Autmatic Exchange of Financial Account Information in Tax Matters (Finanzkonten-Informationsaustauschgesetz – FKAustG) which results in far-reaching identification and reporting requirements for German financial institutions.
Bank Melli Iran, Hamburg, therefore, is legally obligated to request tax self-certifications from its clients and to ascertain their tax residences as well as tax identification numbers.
This applies also to the beneficial owners of corporations as well as private companies respectively other private companies (controlling persons of a legal entity).
Subject to the determined foreign tax residences, financial institutions are required to report the personal, account and investment income data of these account holders to the Federal Central Tax Office on an anual basis.
The required data are reported electronically to the responsible foreign authorities under compliance with data protection and data security provisions. There are no tax withholding.
Decisive for tax residence in terms of CRS is the unlimited tax liability in a certain state according to the laws of this country. Concerning natural persons the crucial point usually is the place of residence or the main residence; in particular cases e.g. USA it might even be the citizenship. Concerning corporations the crucial point usually is the place of foundation, the head office or the registered office of the management.
In March 2010, the US adopted the Foreign Account Tax Compliance Act (FATCA), with the aim of promoting tax compliance among US taxpayers holding accounts outside the United States.
An intergovernmental agreement was reached between Germany and the United States and transposed into national law, thereby implementing the FATCA provisions. Since 1 July 2014, banks have been obliged to forward certain account information relating to US taxpayers annually to the US tax authorities by means of an automated process. To this end, all financial accounts held with Bank Melli Iran, Hamburg (e.g. deposit accounts, etc.) are first categorised (see Step 1 below) and then checked for certain indicators that impose a requirement of disclosure to the US tax authorities (IRS) under the FATCA agreement (see Step 2 below).
With new customers, it is determined at the time of opening the account whether or not there is liability for US tax. All disclosure requirements apply in the same way in this instance too.
Step 1 Categorisation
Reportable accounts include those that:
Definition of “passive NFFE”:
A “passive NFFE” is an NFFE (non-financial foreign entity) that is not an active NFFE or a withholding foreign partnership or a withholding foreign trust in accordance with the
relevant US Treasury rules.
An entity is assumed to be a passive NFFE, for instance, if:
If, during the categorisation process, it is determined that the entity is a German financial institution or a financial institution of a partner country, no further categorisation is required. This also applies if the account holder provides certification showing that it is:
For further information and explicit definitions, we will be happy to provide you with our separate explanatory notes upon request.
Step 2 Checking US indicators
If a customer falls into a reportable category, we will check whether the account holder is a “US person”, i.e. a “specified US person”. This is the case if the account holder is a partnership or corporation with its headquarters in the United States, or is a company that is not a financial institution and that was established under US law, regardless of the location of its headquarters. The indicators are:
For companies:
For beneficial owners/authorised persons:
If one of these indicators applies, we are required to ask for appropriate evidence of the tax residency of the customer. If it there is in fact US tax liability, the customer must provide us with his US taxpayer identification number (TIN) on form W-9 as required by the US tax authorities. Any such financial account is then deemed a US reportable account and the bank must report the account balance and, in subsequent years, the customer’s capital income to the US tax authorities. If your accounts have already qualified as US accounts elsewhere for the purposes of US taxation, no further checks will be carried out on these. However, as the account holder, you still have the option of proving, within one year, that the account is not a US account.
With new customers, we are obliged to obtain a self-assessment, on the basis of which the bank can determine whether the account holder has tax residency in the United States. In the event of US tax liability, the US taxpayer identification number (TIN) must be reported to the US tax authorities. The account will then be deemed a US reportable account.
If you have any further questions, please contact the staff in the department responsible for your account, who will be happy to advise.
You can find further information on the websites of the German Federal Ministry of Finance (www.bundesfinanzministerium.de/Web/EN) and the Internal Revenue Service (www.irs.gov).
In March 2010, the US adopted the Foreign Account Tax Compliance Act (FATCA), with the aim of promoting tax compliance among US taxpayers holding accounts outside the United States.
An intergovernmental agreement was reached between Germany and the United States and transposed into national law, thereby implementing the FATCA provisions. Since 1 July 2014, banks have been obliged to forward certain account information relating to US taxpayers annually to the US tax authorities by means of an automated process.
To this end, all financial accounts held with Bank Melli Iran, Hamburg (e.g. deposit accounts, etc.) are checked to verify whether the account holder is a US person. If there is an indicator for this, the bank has a legal obligation of disclosure to the US tax authorities (IRS). We check all accounts held at our bank to see if they meet the following criteria:
If one of these indicators applies, we are required to ask for appropriate evidence of the tax residency of the customer. If it there is in fact US tax liability, the customer must provide us with his US taxpayer identification number (TIN) on form W-9 as required by the US tax authorities. Any such financial account is then deemed a US reportable account and the bank must report the account balance and, in subsequent years, the customer’s capital income to the US tax authorities.
With new customers, we are obliged to obtain a self-assessment, on the basis of which the bank can determine whether the account holder has tax residency in the United States. In the event of US tax liability, the US taxpayer identification number (TIN) must be reported to the US tax authorities. The account will then be deemed a US reportable account.
If you have any further questions, please contact the staff in the department responsible for your account, who will be happy to advise.
You can find further information on the websites of the German Federal Ministry of Finance (www.bundesfinanzministerium.de/Web/EN) and the Internal Revenue Service (www.irs.gov).
Site Content
We make every effort to ensure that the information on this website is correct and complete. We can, however provide no guarantee that the information on this website is up to date, correct or complete and can accept no liability in this regard. Bank Melli Iran, Hamburg, reserves the right to make changes or additions at any time to the information provided. All information provided on this website is for general information purposes only.
Legal Notice
All text, images, and design features on this website are copyright protected. The reproduction of any content or information herein, in particular the use of text, images, logos, brands or trademarks, requires the prior written consent of Bank Melli Iran, Hamburg.
Bank Melli Iran, Hamburg, has taken the greatest possible care in creating and checking this website. It reserves the right to change, add to or delete the pages and content provided on this website at any time, in full or in part, or to discontinue this service.
Liability
Please note that Bank Melli Iran, Hamburg, provides no guarantee of the accuracy or completeness of the content on this website nor any guarantee that the content of the website is up to date or of the availability or accessibility of the website. The content of this website has been carefully compiled to the best of our knowledge and belief. Under no circumstances will we accept any liability for the completeness or accuracy of the content or for the content being up to date.
The website of Bank Melli Iran, Hamburg, may contain references to the websites of third parties, for example in the form of hyperlinks. The content of other websites that these hyperlinks may link to is beyond the sphere of control and responsibility of the Hamburg branch office of Bank Melli Iran. The bank hereby expressly states that it has no association with or responsibility for the content on linked sites. If you use these links, you do so at your own risk.
Prohibition of Promotional Emails
We hereby expressly prohibit the use of the contact information provided on the website of Bank Melli Iran, Hamburg, within the Site Notice or otherwise, for the sending of promotional material that has not been expressly solicited. Bank Melli Iran, Hamburg, reserves the right to take legal action if it is sent unsolicited promotional material, e.g. via spam emails.
The Federal Republic of Germany is a member state of the Financial Action Task Force (FATF) and the European Union (EU), which create the laws and rules to combat and prevent money laundering and terrorist financing.
Bank Melli Iran, Hamburg, has an anti-money laundering (AML) programme to meet these requirements. The AML programme includes written guidelines and procedures, the appointment of an anti-money laundering officer, regular training of the relevant staff and an independent audit for verification of these measures.
As another component of the programme, the bank takes appropriate measures to ensure compliance with the applicable embargo regulations.
Help us to improve our services for you. Do you have any suggestions or ideas how we can improve our services? Perhaps there is also an incident with which you were dissatisfied? We are looking forward to your suggestions. We will take care of your request and inform you about the result.
1. How can you inform us about your request?
Please send us an E-Mail to complaint-management@bankmelli.de and mention
your full name and address, as well as general contact details for further inquiries
your account number, if available
please describe the facts of the case and enclose documents, if necessary.
Of course you can also send us your request by post. Please address your letter to:
Bank Melli Iran
complaint management
Holzbrücke 2
20459 Hamburg
Germany
We are also looking forward to a personal message of your opinion. Please do not
hesitate to contact our employees, because many things can already be solved on the spot.
2. What is the procedure?
You will receive a confirmation of receipt from us within 2 bank working days. Your request will be checked and processed by us in detail. We will inform you within 14 bank working days of the result of the procedure. If we have any questions to you regarding the facts of the case or other reasons for a delay in the proceedings, this period is automatically extended.
3. Is there an alternative dispute resolution option?
If you do not agree with the result of the proceedings notfied to you, you can maintain the appeal proceedings and contact the Ombudsman of the private banks in Germany. https://bankenombudsmann.de
Here you have the possibility of an alternative dispute resolution procedure.