Skip to main content
Contact
Platform Logins

Your Privacy is Our Priority

Trust is the foundation of every financial relationship. Every day, our customers share personal and financial information with us to pursue their goals. Protecting this trust is one of our core responsibilities.

Your Privacy is Our Priority

We view the right to privacy as a fundamental principle. We apply robust data protection measures and ensure that our customers retain control over their personal information. Our privacy framework is anchored in the principles of the EU General Data Protection Regulation (GDPR), which defines the standards we follow across the entire Raiffeisen Bank International Group.

While complying with all local legal requirements, we maintain a consistently high level of data protection — even in markets with differing regulatory environments. Our commitment is clear: to uphold the right to privacy and informational self-determination, and to safeguard personal data with the highest level of security and confidentiality.

Our Key Commitments

Strong Privacy Governance

Data Protection at Raiffeisen Bank International is anchored at the highest level. Our Group Data Protection Officer (GDPO) leads our privacy program and collaborates with a network of local Data Protection Officers to maintain a harmonized and compliant data protection framework across the RBI Group.

Strong Privacy Governance

The GDPO reports directly to the Management Board, ensuring oversight and isintegrated into strategic decision-making. Each RBI entity is accountable for localcompliance and is supported by local Data Protection Officers who oversee theimplementation of the local privacy framework. To foster collaboration and continuousimprovement, RBI hosts an annual Privacy Forum where Data Protection Officers acrossthe Group exchange best practices, address shared challenges, and strengthen riskmanagement alignment.

Privacy by Design

We integrate data protection into the development of our services, technologies and processes from the earliest stages. To support this systematically, we use our proprietary GDPR Compliance Check Tool “Max”. This digital solution guides the relevant teams through the necessary data protection steps and ensures that evaluations are documented and assessed compliantly with privacy by design and default principles.

Responsible Vendor Management

We expect our third-party vendors to meet the same high data protection standards that apply within RBI. Vendors that process personal data undergo a structured due diligence process before onboarding and are subject to risk-based monitoring.

Responsible Vendor Management

Our approach includes:

  • Thorough Vetting: Conducting data protection reviews before a vendor is granted access to data.
  • Minimized Data Sharing: Sharing personal data only when necessary and limiting it to what is required.
  • Legal Binding: Contractually obligating partners to meet our data protection and privacy standards.
  • Continuous Monitoring: Monitoring our vendors' compliance after contracts are signed to help maintain protection.

Secure Data Transfers

Were feasible and appropriate, we process and store personal data within the European Economic Area (EEA). If data transfers outside the EEA are necessary, we apply a combination of legal, organizational and technical safeguards, such as:

  • Standard Contractual Clauses
  • State of the art encryption measures, such as „Bring Your Own Key" (BYOK), which significantly strengthen data protection in cloud environments

These measures help reduce the risk of unauthorized access and support compliance with European data protection standards.

Employee Awareness and Training

Our employees play a central role in your data. We foster a culture of responsibility through targeted and continuous training.

Our approach includes:

  • Mandatory data protection training for all new employees and contractors
  • Regular refresher courses
  • Specialized training for functions handling sensitive information
  • Access to ongoing internal awareness initiatives and practical guidance

Training completion rates at RBI consistently exceed industry benchmarks and form part of our broader operational risk management.

Clear Policies and Standards

Our data protection activities are guided by a comprehensive policy framework that applies across RBI Group. The key components include:

  • Group Data Protection Policy: Sets the core principles and rules for processing personal data across all our entities.
  • Employee Data Protection Policy: Outlines the specific responsibilities and expected behaviors for our staff in protecting data.

Your Control and Rights

Transparency and user control are central elements of our privacy approach.

  • We obtain clear consent when required, such as for B2B marketing initiatives.
  • You may withdraw your consent at any time
  • All our marketing communication includes simple and accessible opt out mechanisms.
  • For a detailed explanation of your rights and how we process your data, please read our Data Protection and Cookies Notice.

Part of a Broader Commitment

Data protection is integrated into our wider governance, cybersecurity and sustainability commitments. Privacy risk indicators from part of our enterprise wide risk managements framework, ensuring regular reporting, continuous improvement, and transparent accountability.

Contact our privacy protection team

For any questions about your data privacy or to exercise your rights, please contact our Data Protection Team: datenschutz@rbinternational.com.