Tip: Activate javascript to be able to use all functions of our website

Data Protection

KfW Privacy Notice

You can rely on the protection and security of your personal data: we consider it our responsibility to protect your privacy when processing your personal data. The following privacy notices provide an overview of the processing of your data and the rights you have under data protection regulations when using the products and services of KfW Group.

1. Who is responsible for data processing and whom can I contact?

The following party is responsible:

  • KfW Group (hereinafter referred to as ‘we’ or ‘us’)
    Palmengartenstrasse 5-9
    60325 Frankfurt, Germany
    Tel: +49 (0)69 74 31-0
    Fax: +49 (0)69 74 31-29 44

You can reach our company data protection officer at:

  • KfW Group
    Data protection officer
    Palmengartenstrasse 5-9
    60325 Frankfurt, Germany

2. Which sources and data does KfW use?

We process personal data that we receive from our customers, business partners and website visitors in connection with the use of our website, the use of our portals, subscription to newsletters and in connection with our business relationships with these groups.

Personal data processed by us refers in particular to personal details (such as name, address, telecommunications data, date and place of birth, marital status), identification data (such as ID, residence registration data), contractual data, advertising and sales data, documentation data, registration data and similar information.

3. For what purpose does KfW process your data and on what legal basis?

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz; BDSG) and other applicable legal regulations.

For technical reasons, it is necessary to collect and store certain personal data when you visit our website, such as the IP address, the date and duration of your visit, the websites used, the identification data of the used browser and operating system type and, if applicable, the website from which you arrived at our site. The legal basis for processing your personal data in this context is Article 6(1)(1)(f) GDPR.

However, the products and services cited as examples below, which you can find on our website, require you to provide personal data in order to use them.

3.1 General communication, use of portals and newsletters – for the purpose of performing contractual obligations and on the basis of your consent:

  • General communications, particularly via the contact form
  • Processing other enquiries
  • Use of our portals, for example, our grant portal or online credit portal
  • Newsletters

The processing of your personal data in this context is generally a prerequisite for concluding and performing a contract with you or entering into a preliminary agreement with you. You are not legally obligated to make your personal data available to us. Without these data, however, we will not be able to perform the relevant contract with you. The legal basis for this processing is Article 6(1)(1)(b) GDPR. This provision permits the processing of personal data if the processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps prior to entering into a contract.

If you have given us your consent to process personal data for specific purposes (e.g to send our newsletter), this consent serves as the legal basis for processing the data (Article 6(1)(1)(a) GDPR). Consent which has been granted may be revoked at any time. This also applies to revoking declarations of consent that were issued to us before the GDPR took effect, i.e. before 25 May 2018. If consent is revoked, the legality of data processing carried out before consent was revoked is not affected.

3.2 Analysis of user behaviour and direct marketing – for the purpose of safeguarding legitimate interests:

  • Testing and optimising demand analysis procedures for the purpose of directly approaching customers
  • Advertising or market research and polling, insofar as you have not objected to the use of your data
  • Measures in relation to business management and the further development of services and products

The legal basis for processing your personal data in this context is Article 6(1)(1)(f) GDPR unless we have, in individual cases, obtained your consent. Pursuant to this provision, processing personal data is permissible if this is necessary for the purposes of legitimate interests except where such interests are overridden by the interests or fundamental rights of the data subject which require that the personal data are not processed. We have a justified interest in aligning our offers with customer behaviour and optimising them. We believe that these interests prevail since, as an international financial institution, we must control and optimise our offers in order to fulfil our promotional mandate. The alignment with our customers allows us to offer and optimise services according to the needs and interests of our customers. We protect the relevant data in such a way that we do not see any overriding disadvantages for you.

3.3 Risk management and compliance – for the purpose of safeguarding justified interests:

  • Assertion of legal claims and defence in legal disputes
  • Prevention and investigation of criminal activities
  • Guarantee of IT security and IT operations at the bank
  • Risk management at the KfW Group

The legal basis for processing your personal data in this context is Article 6(1)(1)(f) GDPR. Our justified interest consists of complying with applicable legal provisions, maintaining the security of our IT systems and, in case of non-compliance with legal requirements or violations of security regulations, responding adequately to such circumstances, for instance by asserting legal claims. We believe that these interests prevail since, as a bank, we are subject to a significant number of regulatory requirements and have a responsibility towards our customers to ensure that the corresponding requirements and security regulations are complied with. We protect the relevant data in such a way that we do not see any overriding disadvantages for you.

3.4 Social media

You can access various social media from our website.

Caution: When choosing one of the following links, you will leave our website and be directed to the website of a social media platform. Any information available there was created without any involvement from us and we are therefore not responsible for this content. We do not accept any liability for the information being up-to-date, accurate or complete. Any reference to social media does not imply any approval on our part.

Particularly for reasons of data protection compliance, the relevant social media cannot be accessed directly. Corresponding notes are therefore displayed. In addition, you may first have to click on integrated buttons, thus giving your express consent to communication with the social media platform. Only after that will the browser connect you by establishing a direct connection with the social media platform’s servers.

Please keep in mind that we are not aware of nor do we influence how and what data find their way to the social media platform.

By activating the button, you will provide the social media platform with the information that you have opened one of the web pages of the platform on the Internet. If you are already registered with the social media platform, it will be able to link your visit with your account on the social media platform. However, even if you have not yet registered with the social media platform, it is not possible to preclude the possibility that it will collect and/or store your IP address after you click on the platform.

3.5 Cookies for website analysis

Data are collected and further processed on this website in order to continually improve and analyse our web content. For this purpose, we use the web analysis tool Mapp Intelligence (Webtrekk Analytics), a product from Mapp c/o Webtrekk GmbH, Robert-Koch-Platz 4, 10115 Berlin, Germany.

As a TÜV-certified service provider, Mapp c/o Webtrekk GmbH uses only servers in Germany.

Mapp Intelligence is a statistical program that produces a pseudonymised recording of usage. In this way, we can conduct analyses of user behaviour by collecting and analysing the information communicated by your browser. However, none of these analyses are linked to individual persons. For this purpose, any personal identification characteristics, namely in this case the IP address, are deleted at the moment of processing and replaced by an indicator, which makes it impossible or at least extremely difficult to identify the data subject. This methodology ensures that KfW is routinely unable to establish a concrete link to the particular person.

The following cookies are set on this website:

Technical cookie:

  • wt_r Duration: 5 minutes
  • wt_rla Duration: 2 months
  • wt_nbg_Q3 Duration: session
  • wt3_sid Duration: session
  • kfw Duration: session
  • Barrierefree Duration: 1 month

Tracking cookie / Persistent cookie for detecting new customers / regular customers:

  • wt3_eid Duration: 6 months

Opt-out cookie for guaranteeing your decision against tracking:

  • cookieconsent_status Duration: 60 months

Cookies are small text files that are linked with the browser you are using and are stored on your hard drive, sending certain information to the person who set them.


In order to protect our Internet forms, we use the reCAPTCHA service from Google Inc. (‘Google’). ReCAPTCHA collects personal data from users, in order to determine whether the actions on our website are genuinely being performed by persons. The IP address and other data required by Google for the reCAPTCHA service are sent to Google. Here, the IP address is shortened beforehand.

Google’s differing data protection terms apply to these data. You can find out more about Google reCAPTCHA’s data protection guidelines atwww.google.com/policies/privacy/.

3.7 Chatbot

You can use the function of the KfW chatbot on this website. Your IP address is collected during use and retained for three days for technical reasons. We have a legitimate interest in the collection and storage of the IP address (Article 6(1)(f) GDPR). This is necessary for the need-based design of our KfW chatbot and for guaranteeing a problem-free service. The technical operation of the KfW chatbot is carried out by a carefully selected service provider. No personal data are transmitted to any country outside the European Union or the European Economic Area.

If you use the KfW chatbot, please do not enter any personal or confidential data such as your name, address or account number