Open Search

DZ HYP. Because we can.

Privacy information for our website

Welcome to the DZ HYP AG website. When you visit our website, we process personal data about yourself. We are happy to provide detailed information below. This Privacy Statement is valid for the website A separate privacy statement is applicable to pages concerning job vacancies and job applications; you can find that statement on the relevant pages.

I. Name and address of the controller

The controller, within the meaning of the General Data Protection Regulation as well as in accordance with other data protection laws, is:


Hamburg office
Rosenstrasse 2, 20095 Hamburg
PO Box 10 14 46, 20009 Hamburg
Telephone: +49 40 3334-0
Facsimile: +49 40 3334-1111

Munster Office
Sentmaringer Weg 1, 48151 Munster
Telephone: +49 251 4905-0


II. Contacting the Data Protection Officer

You can also reach our Data Protection Officer at this postal address, or via

Telephone: +49 40 3334-2311

Our Deputy Data Protection Officer has - with the same postal & email address - the following telephone number:
Telephone: +49 40 3334-3626

III. Type, purpose and lawfulness of data processing

1. Log files

Each time you access our website, our system automatically records data and information from your computer system. Specifically, the system collects the following data as part of this process:

  • information about the browser type and version used;
  • the user's operating system;
  • the user's IP address;
  • date and time of access.

We collect this data in order to safeguard the functional capability of our website, and – in the event of attacks on our internet presence – in order to be able to gather indications for countermeasures, or to secure evidence for any criminal prosecution. Data in the log files will be deleted after 31 days following collection, unless it must be retained for a period of two years under a legal obligation in exceptional cases (upon occurrence of a security incident). The legal basis for processing this data is our overriding legitimate interest pursuant to Article 6 (1) f GDPR, as well as the legal obligation (if applicable) under Article 6 (1) c GDPR in conjunction with section 25a of the German Banking Act (KWG).

2. Contact form

You can use the contact form on our website to send a message to us. When using the contact form, we will process the contents of your message (in addition to the personal data set out under 1. above):

  • first name, surname, subject, e-mail, message (mandatory fields);
  • company and telephone number if applicable (optional fields).

Your message to us will be transmitted using end-to-end encryption, without any possibility for third parties to access the message. We will accept and acknowledge the contents of your message with your consent in accordance with Article 6 (1) a GDPR. We will retain your message for a period of six months following processing, and will delete the message thereafter – unless a longer retention period is required, for statutory or contractual reasons, given the contents of the message or its context.

3. Google Maps, Youtube videos, social media links

We have placed links to services such as Google Maps, Youtube, etc. in various places on our website for ease of use, to offer additional services, and to facilitate the use of social media services. The following statements and policies apply to such links:

  1. Technically, we have placed links or embedded the relevant media on our website in such a way that the respective providers cannot collect or use any personal data when our website is called up.
  2. If you decide to actively launch or use such services, you will be notified that personal data will be transferred to the service provider as a consequence of using the respective service, and you will be requested to approve transfer of the corresponding data.
  3. Collection and processing of personal data by such providers will take place outside our website; we do not have any detailed knowledge concerning the type, scope and methodology of such processing.
  4. An overview of services or providers which are accessible via our website is provided below, together with a link to their respective privacy policies:
    1. Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (privacy policy:
    2. Youtube and Google Maps are services provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (privacy policy:
    3. XING and Kununu are services provided by New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany (privacy policy:

(Updated as at 1 Dec 2023; we accept no responsibility regarding correctness and up-to-dateness)

4. Use of cookies, online audience measurement

We avoid using cookies on our websites as a matter of principle. To the extent that cookies are used, such cookies are exclusively and strictly necessary for technical operation of the website; no personal data is processed in this connection.

Like other providers, we collect data in order to analyse use of our websites, with a view to improving our offer through the insights gained. The software we use for this purpose is Matomo (, a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo does not compile the necessary data from log files or cookies. Data collected using Matomo technology (including parts of your IP address) is processed on our servers in anonymised form.

IV. Your rights as a data subject

You have the following rights vis-à-vis the controller:

you have the right of access to your personal data (Article [15] GDPR);

you have the right to rectification (Article 16 GDPR) or erasure (Article 17 GDPR) of personal data, and to demand restriction of processing of your personal data until a decision on rectification or erasure has been taken (Article 18 GDPR);

you have the right to object to processing of your data on the grounds of our overriding legitimate interests (Article 21 GDPR); and

you may lodge a complaint about our processing of data, to ourselves or to a supervisory authority, if you believe that processing of your personal data constitutes a breach of the GDPR or data protection laws of the Federal Republic of Germany or the German Federal states (Article 57 (1) f GDPR).

To assert your rights, please contact the persons identified under I. [and II.] above (controller and Data Protection Officer, respectively). We will be pleased to respond. Please note that we will only be able to provide information if we can identify you as the owner of the data concerned, with sufficient certainty; kindly provide suitable details in advance.

Updated: 1 June 2020