Data Protection

Information on the Processing of Personal Data

We hereby inform you about the processing of your personal data and the data protection claims and rights to which you are entitled. The content and scope of the data processing depends largely on the products and services you have requested or which are agreed with you.

1. Who is responsible for data processing and whom can you contact?

Responsible for data processing:

Raiffeisen-Leasing GmbH

Mooslackengasse 12
1190 Wien

Contact data of the Data Protection Officer of the Company:

Am Stadtpark 9,
1030 Wien
Phone: +43-1-71707-8603

2. Which data are processed and from which sources do they come?

We process the personal data that we receive from you and data that we have legitimately received from credit bureaus (CRIF GmbH), debtor directories (Kreditschutzverband von 1870) and from publicly available sources (eg business register, association register, land register or media) or that are provided legitimately by other companies affiliated with the Company.

We process your personal details and contact information (e.g. name, address, date and place of birth), household and family data (e.g. number of children and other dependents), identity and travel document information (such as ID information), credit data (e.g. type and amount of income), financial identification data (e.g. bank account and client number), insurance data, image and / or sound recordings (e.g. video and telephone recordings in the course of an online identification), data of our business relationship, tax data (e.g. VAT number), electronic log and identification data (e.g. electronic signature, logging data, cookies,), or AML (anti-money laundering) and compliance data and other data comparable to the above categories

3. For which purposes and on which legal basis are data being processed?

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the Austrian Data Protection Act 2018.

a) to fulfill contractual obligations (Article 6 (1) (b) GDPR)

The processing of personal data (Art 4 No. 2 GDPR) is carried out

  • for the provision of leasing transactions including hire purchase transactions and fleet management services and may comprise the drafting of offers, conclusion and management of contracts and the management and marketing of financing objects and fleet of cars.

  • for the conclusion and brokering of insurances

  • for the processing of public grants

in particular for the performance of our contracts with you and the execution of your orders as well as for carrying out pre-contractual measures.

Specific details of the purpose of the data processing mentioned herein are based on the specific product and can be found in the respective contractual documents and terms and conditions.

b) to fulfill legal obligations (Article 6 (1) (c) GDPR)

The processing of personal data shall only be carried out for the purpose of fulfilling various legal obligations (such as the Banking Act, Financial Market Money Laundering Act, Consumer Protection Act, etc.) as well as due to regulatory requirements (e.g. the Austrian Financial Market Authority, etc.), which the Company is subject to as an Austrian financing institution. Examples of such cases are:

  • the mandatory measures against money laundering, financing of terrorism, fraud and for the compliance with public financial sanctions and for this purpose as the case may be the obtaining of required information and reporting (e.g. the report to the Austrian Money Laundering Reporting Office in certain suspicious cases)

  • the mandatory measures for checking the creditworthiness of consumers including the obtaining of information from the customers or data bases

  • mandatory bookkeeping and keeping of business records as required by law

  • internal and external inspections of our Company, such as inspections by the Financial Market Authority or our external and internal auditors

c) to safeguard legitimate interests (Article 6 (1) (f) GDPR) in general

If necessary, data processing may be carried out to protect legitimate interests of our Company or third parties. In the following cases, data processing takes place to safeguard legitimate interests. Examples of such cases are:

  •  consultation and exchange of data with credit bureaus (CRIF GmbH) and debtor directories (Kreditschutzverband von 1870)

  • credit and risk assessment as well as calculation of rating classifications and default probabilities and other tasks of risk management

  • marketing and market research, if you did not object against the use of your data in accordance with Art 21 GDPR; in this respect we use assessment tools to develop services and products, which are aligned to your interests and needs, and to be able to inform you target oriented about products

  • certain phone records (for quality assurance or complaint cases)

  • measures for business management and further development of services and products

  • measures to protect customers and employees as well as to secure the property of our Company

  • measures in fraud prevention

  • data processing for law enforcement purposes

  • asserting legal claims and defense in legal disputes

  • ensuring the IT security and IT operations of our Company

  • prevention and investigation of criminal offenses

  • joint group governance

d) as part of your consent (Article 6 (1) (a) GDPR

If you have given us your consent to the processing of your personal data for specific purposes processing will only take place in accordance with the scope and for the purpose as set out in and agreed in the consent form. A given consent may be withdrawn at any time with effect for the future.

4. Who receives my data?

We transfer your data, if required, to:


  • insurance companies, for the insurance of risks in relation to your leasing or hire-purchase agreement or your financing object or the managed fleet of cars;
  • current and potential risk partners and partners in liability (such as guarantors or pledgors) for risk assessment and compliance with reporting obligations;
  • parties providing financing for the assessment of the collateral furnished to them and for the fulfillment of reporting obligations;
  • debtor directories (Kreditschutzverband von 1870) and credit bureaus (CRIF GmbH) for the exchange of data in connection with risk assessment and in case of default with payments for the registration in loan registers;
  • as the case may be securisation companies, for the securisation of receivables under your business relationship with us, whereby in this connection also a transfer to rating agencies, security or data trustees, service providers and purchasers of bonds takes place;
  • as the case may be to the European Investment Bank as well as to the European Investment Fund for the assessment, granting and management of funds as well as to inform competent public authorities;
  • as the case may be marketing cooperation partners and their dealers for assessments in the course of marketing cooperations;
  • Raiffeisen Bank International AG (FN 122119m), the Austrian Raiffeisenlandesbanken and Raiffeisenbanken for risk assessment and for measures against money laundering and financing of terrorism and fraud;
  • as the case may be group companies for the assessment of risks and group governance
  • service providers, which provide services for us in relation to the conclusion and the management of the business relationship (such as First Leasing Service Center GmbH, Raiffeisen-Leasing Gesellschaft m.b.H.) and processors, which process your data for us according to our orders,
  • dealers, suppliers and service providers for the provision of goods and/or services in relation to the financing object;
  • as the case may be debt collection agencies for debt collection and ancillary services;
  • authorized public authorities upon request or in case of reporting obligations.

5. How long will my data be stored?

We process your personal data, as far as necessary, for the whole duration of the entire business relationship (beginning with the initiation, its execution and ending with its termination) as well as thereafter in accordance with the mandatory storage and documentation obligation as required by law in particular pursuant to the Austrian Companies Code (Unternehmensgesetzbuch, UGB) and the Federal Fiscal Code (Bundesabgabenordnung, BAO).

Moreover, the data storage is also subject to the statutory limitation periods, e.g. under the Austrian General Civil Code (Allgemeines Bürgerliches Gesetzbuch, ABGB) and may in certain cases last up to 30 years (the most relevant limitation period in practice is 3 years).

6. Am I obliged to providing data?

As part of the business relationship, you must provide us with all personal information that is necessary to enter into and to maintain the business relationship with you, and also those data that we are required by law to collect. If you do not provide us with these data, we will generally decline either to conclude or to complete the contract, or we will be unable to execute an existing contract or we would be forced to terminate such contract. However, you are not obliged to give your consent to the processing of data if such data is not necessary for the performance of a contract or is not required by law or regulation.

7. Which data protection rights do I have?

You have the right to access, rectification, erasure or restriction of the processing of your stored data, a right to object to processing and a right to data portability in accordance with the requirements of data protection law.

Complaints can be addressed to the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, If your residence or place of work is in another country of the European Union, you can also address your complaint to the data protection authority competent for your residence or place of work.

8. Is there automated decision-making?

We do not use fully automated decision-making. For the decision about the entering into a business relationship we use rating classifications, with which we assess default probabilities of business partners by using statistical comparison groups.

9. Data when visiting or Websites or use our electronic services

We collect, store and process your data regarding the use of our website or electronic services. This includes information about the used operations, the visited websites and the retrieved contents, the selected links including external websites, information on reaction time or download-errors and your duration of use. This information is being collected by using automated technologies such as cookies or web-beacons (pixel with which the selection of emails or websites is registered). or by using web tracking (recording and analysis of your internet habits) on the website also with the support of external service provider or software (like google analytics). The processing of data takes place to facilitate or enhance the functionality or usability of our website or electronic services or to provide to you information, offers or products aligned with your individual needs. We collect and process these data only, if you do not object thereto.

10. Adjustment of this information

We reserve to adjust this information if required. The current version of this information can be found at under Date Protection.

Wir nehmen den Schutz Ihrer persönlichen Daten sehr ernst. Wir behandeln Ihre personenbezogenen Daten vertraulich und entsprechend der gesetzlichen Vorschriften. In dieser Datenschutzerklärung informieren wir Sie über die Datenverarbeitung im Rahmen unserer Website.
Die Nutzung unserer Webseite ist in der Regel ohne eigenständige Angabe Ihrer personenbezogenen  Daten möglich. Soweit auf unseren Seiten personenbezogene Daten (beispielsweise Name, Anschrift oder E-Mail-Adressen) erhoben werden, erfolgt dies stets, um die Nutzung der Website ermöglichen zu können oder auf freiwilliger Basis. Beispielsweise ist die Verarbeitung der IP-Adresse technisch bedingt und kann nicht unterbunden werden.

Datenschutzrechtlicher Verantwortlicher

Diese Website wird von der Austria Leasing GmbH, Mergenthalerallee 77, 65760 Eschborn-Taunus, Deutschland

Alternativ können Sie sich auch gerne an unseren Datenschutzbeauftragten wenden:
Am Stadtpark 9, 1030 Wien
Telefon: +43-1-71707-8603


Raiffeisen Web Analytics

Auf dieser Website wird die Software „Raiffeisen Web Analytics“ zur anonymisierten Analyse der Website Nutzung eingesetzt. Ihre IP-Adresse wird für Analysezwecke durch die Löschung der letzten 8 Bit umgehend bei Aufruf einer Website anonymisiert. Dazu werden Cookies verwendet, die eine Analyse der Benutzung der Website durch Anwender ermöglicht. Durch die Auswertung dieser Daten können wertvolle Erkenntnisse über die Bedürfnisse dieser Nutzer gewonnen werden. Diese Erkenntnisse tragen dazu bei, die Qualität unseres Angebotes noch weiter zu verbessern. Sie können dies verhindern, indem Sie Ihren Browser so einrichten, dass keine Cookies gespeichert werden.

Wir erfassen u.a. folgende Daten: besuchte Seiten, Datum und Uhrzeit des Besuchs, Verweildauer, Browserversion, Bildschirmauflösung, Betriebssystem, das Land sowie die vorige Website, über die eine Seite aufgerufen wurde.
Als IT-Dienstleister wird für uns die GRZ IT Center GmbH tätig, welche Ihre Daten nur im Rahmen der Leistungserbringung verarbeitet.


Protokollierung am Webserver

Bei jedem Zugriff eines Nutzers auf unsere Webseite sowie bei jedem Abruf oder Versuch eines Abrufes einer Datei auf dem Server werden Daten über diesen Vorgang in einer Protokolldatei gespeichert (Logfile). Für uns ist nicht unmittelbar nachvollziehbar, welcher Nutzer welche Daten abgerufen hat. Wir versuchen auch nicht, diese Informationen zu erheben. Das wäre nur in gesetzlich geregelten Fällen und mit Hilfe Dritter (z.B. Internet Service Provider) möglich. Im Einzelnen wird über jeden Abruf folgender Datensatz gespeichert: Die IP-Adresse, der Name der abgerufenen Datei, das Datum und die Uhrzeit des Abrufs, die übertragene Datenmenge, die Meldung, ob der Abruf erfolgreich war, sowie die Meldung, warum ein Abruf gegebenenfalls fehlgeschlagen ist, der Name Ihres Internet Service Providers, gegebenenfalls das Betriebssystem, die Browsersoftware Ihres Computers sowie die Webseite, von der aus Sie uns besuchen.

Die rechtliche Grundlage für die Verarbeitung dieser personenbezogenen Daten ist unser berechtigtes Interesse (gemäß Art 6 Abs 1 lit f DSGVO). Dieses besteht darin, Angriffe auf unsere Website erkennen, verhindern und untersuchen zu können.
Darüber hinaus verarbeiten wir Ihre personenbezogenen Daten in Sonderfällen aufgrund der berechtigten Interessen von uns oder legitimierter Dritter an der Rechtsverfolgung oder nach Auftrag von gesetzlich dazu ermächtigten Behörden oder Gerichten.

Wir speichern Daten zur Gewährleistung der Sicherheit unserer Homepage grundsätzlich für eine Dauer von drei Monaten. Eine längere Speicherung erfolgt nur, soweit dies erforderlich ist, um festgestellte Angriffe auf unsere Website zu untersuchen oder rechtliche Ansprüche zu verfolgen.

Zu den oben genannten Zwecken lassen wir Ihre personenbezogenen Daten durch folgende Dienstleister verarbeiten: die Raiffeisen Informatik GmbH, die GRZ IT Center GmbH, die Raiffeisen Informatik Center Steiermark GmbH.



Technically required cookies

These cookies are necessary for the basic functions of the website and are used to store your user settings and preferences (e.g. saving your input in form fields to protect against unwanted loss) as well as to enable and secure authentication. These cookies assign a randomly generated ID to your browser. The data processing is based on our legitimate interest in the secure design and convenient use of our contents and generally in the provision of our services on the specific website visited. No information about you is collected which is used for marketing and statistical purposes. Furthermore, we may use information for fraud prevention and to ward off service overloading requests (denial of service attacks). This category of cookies cannot be deactivated.

Anonymous statistics

This information is anonymized immediately after the cookie is set respectively the website is visited and enables us to gain knowledge about the use, functionality and user-friendliness of websites and apps, to advertise our content, to place it in a targeted manner and to improve it continuously. We carry out range and performance measurement: We obtain information about the number of website visitors, page views and the usage habits of visitors to a website or app. 

You can object to this processing at any time with effect for the future by using this selection option, your browser settings or plug-ins (e.g. Processing will be carried out until you object to it.

Personalization cookies

We use personal cookies, pixels and scripts as a way to evaluate the effectiveness and success of our marketing tools and to better align them. These tools are used to draw conclusions on your interests and needs based on the analysis of your behavior, as well as to segment users with the same or similar interests and needs so that we can offer you advertising or content that is target-oriented and tailored to your needs and interests. The processing is carried out for a maximum period of three years or until withdrawal. Withdrawal of consent does not affect the lawfulness of the processing that took place until withdrawal.

This declaration of consent applies to the controller named in the imprint and companies associated with this controller, which are linked in the introduction above.


Record on the web server

Every time a user accesses our website and every time a file is retrieved or attempted to be retrieved from the server, data about this process is stored in a log file. For us it is not directly recognizable, which user called upon which data. We also do not try to collect this information. This would only be possible in legally regulated cases and with the help of third parties (e.g. Internet service providers). In detail, the following data record is stored for each retrieval: The IP address, the name of the downloaded file, the date and time of the download, the amount of data transferred, the message as to whether the download was successful and the message as to why a download may have failed, the name of your Internet service provider, if applicable the operating system, the browser software of your computer and the website from which you are visiting us.

The legal basis for the processing of personal data is our legitimate interest (in accordance with Art 6 (1) (f) GDPR). This is to detect, prevent and investigate attacks on our website.

In addition, we process your personal data in special cases on the basis of the legitimate interests of us or legitimated third parties for legal proceedings or on behalf of legally authorized authorities or courts.

We generally store data for a period of three months to guarantee the security of our homepage. A longer storage only takes place as far as this is necessary to investigate determined attacks on our website or to pursue legal claims.

For the above-mentioned purposes, we have your personal data processed by the following service providers: Raiffeisen Informatik GmbH, GRZ IT Center GmbH, Raiffeisen Informatik Center Steiermark GmbH.


Raiffeisen Web Analytics

This website uses the "Raiffeisen Web Analytics" software for anonymous analysis of website usage. Your IP address will be made anonymous for analysis purposes by deleting the last 8 bits immediately when a website is accessed. For this purpose Cookies are used which enable an analysis of the website usage by users. Through the evaluation of this data valuable knowledge about the needs of these users can be gained. This knowledge contributes to further improving the quality of our offer. You can prevent this by setting up your browser in a manner that no Cookies are saved.

Upon others we collect the following data: visited websites, date and time of the visit, length of stay, browser version, screen resolution, operating system, the country and the referrer, this is the previously visited page from which a page was accessed.

GRZ IT Center GmbH acts as IT service provider for us, processing your data only within the scope of the provision of services.


Google Analytics

Diese Website benutzt Google Analytics, einen Webanalysedienst von Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics verwendet Cookies, die auf Ihrem Computer gespeichert werden. Wir verarbeiten Ihre Daten auf Grundlage unseres berechtigten Interesses, eine leicht zu verwendende Website-Zugriffsstatistik erstellen zu können (Art 6 Abs 1 lit f DSGVO). Die durch das Cookie erzeugten Informationen über Ihre Nutzung dieser Website (einschließlich Ihrer anonymisierten IP-Adresse und pseudonymisierten ID sowie der URLs der aufgerufen Webseiten) werden an Server von Google in den USA übertragen und dort gespeichert.  Diese Website verwendet die von Google Analytics gebotene Möglichkeit der IP-Anonymisierung. Ihre IP-Adresse wird von Google innerhalb der Mitgliedsstaaten der Europäischen Union oder in anderen Vertragsstaaten des Abkommens über den Europäischen Wirtschaftsraum gekürzt.

In unserem Auftrag wird Google diese Informationen verwenden, um Ihre Nutzung der Website auszuwerten, um Reports über die Websiteaktivitäten zusammenzustellen und um weitere mit der Website- und der Internetnutzung verbundene Dienstleistungen an uns zu erbringen.

Sie können die generelle Speicherung von Cookies durch eine entsprechende Einstellung Ihrer Browser-Software verhindern. Wir weisen Sie jedoch darauf hin, dass Sie in diesem Fall unter Umständen nicht sämtliche Funktionen dieser Website vollumfänglich nutzen können.

Sie können darüber hinaus verhindern, dass Google Ihre Daten in Zusammenhang mit Google Analytics erhebt, indem Sie das unter dem folgenden Link verfügbare Browser-Plugin herunterladen und installieren:

Nähere Informationen zu den Nutzungsbedingungen von Google sowie Googles Datenschutzerklärung finden Sie unter bzw. unter


Empfänger Ihrer Daten
Sämtliche in dieser Datenschutzerklärung angeführten Auftragsverarbeiter sind vertraglich dazu verpflichtet, Ihre Daten vertraulich zu behandeln und nur im Rahmen der Leistungserbringung zu verarbeiten.

Einige der oben genannten Empfänger befinden sich außerhalb Ihres Landes oder verarbeiten dort Ihre personenbezogenen Daten. Das Datenschutzniveau in anderen Ländern entspricht unter Umständen nicht dem Ihres Landes. Wir übermitteln Ihre personenbezogenen Daten jedoch nur in Länder, für welche die EU-Kommission entschieden hat, dass sie über ein angemessenes Datenschutzniveau verfügen oder setzen Maßnahmen, um zu gewährleisten, dass alle Empfänger ein angemessenes Datenschutzniveau haben. Hierbei bedienen wir uns auch Empfängern, welche nach den Vorgaben des „privacy shield“ dem Datenschutzniveau der Europäischen Union entsprechen (Beschluss der Kommission am 12. Juli 2016). Darüber hinaus  verpflichten wir auch Empfänger in Drittstaaten vertraglich dazu, Ihre Daten vertraulich zu behandeln und nur im Rahmen der Leistungserbringung zu verarbeiten.


Ihre Rechte nach der DSGVO

Sie sind im Rahmen des anwendbaren Rechts berechtigt, jederzeit das Recht auf Auskunft zu verlangen und damit Information über Ihre gespeicherten personenbezogenen Daten, deren Herkunft sowie Empfänger als auch den Zweck der Datenverarbeitung zu erhalten. Darüber hinaus sind sie berechtigt, Ihr Recht auf Berichtigung, Datenübertragung, Einschränkung oder Löschung dieser Daten auszuüben. Weiters haben Sie unter bestimmten Umständen das Recht, der Verarbeitung Ihrer personenbezogenen Daten zu widersprechen oder die für die Verarbeitung zuvor erteilte Einwilligung zu widerrufen. Eine Verarbeitung aufgrund einer Einwilligung erfolgt nur gemäß den in der Einwilligungserklärung festgelegten Zwecken und im darin vereinbarten Umfang. Durch den Widerruf der Einwilligung wird die Rechtsmäßigkeit von Datenverarbeitungen bis zum Zeitpunkt des Widerrufs nicht berührt.

Sollten Sie der Meinung sein, dass bei der Verarbeitung Ihrer Daten gegen datenschutzrechtliche Bestimmungen verstoßen wird, bitten wir Sie darum, über die im Impressum angegebenen Kontaktdaten Verbindung mit uns aufzunehmen, damit wir Ihre Fragen klären können.

Davon unberührt bleibt Ihr Recht, sich bei der für Sie zuständigen Datenschutzbehörde zu beschweren.

Zuletzt wurde diese Datenschutzerklärung am 25.05.2018 aktualisiert.

Austria Leasing GmbH takes the protection of e-mail exchange seriously

From 15 October 2020, e-mails to external recipients will therefore be transmitted exclusively via channels encrypted using Transport Layer Security (TLS) Version 1.2. TLS 1.2 was released in 2008.

Version Release
TLS 1.0 1999
TLS 1.1 2006
TLS 1.2 2008
TLS 1.3 2018

In order to continue to ensure smooth electronic communication between Austria Leasing and recipients in your domain, your IT administrators may need to configure TLS 1.2 on your e-mail servers.

Therefore, please forward this information to your IT administrators. If your e-mail servers already meet TLS 1.2 requirements, no further action is necessary.

If you have any further questions about the procedure, please contact

* * * *

Technical information

From 15 October 2020, Austria Leasing will exclusively install "TLS 1.2 enforce" on its e-mail servers. Hence, e-mails from Austria Leasing will only be delivered to your servers if a TLS 1.2 connection is used.

The requirements for TLS 1.2 are

  • Valid certificates on the e-mail server
  • TLS ciphers are configured
  • TLS 1.2 (and higher) necessary

Please configure these settings by the beginning of October 2020 in order to ensure no interruptions and secure communication between the e-mail servers of Austria Leasing and your company.