DEG Impulse Data Protection Policy

Please be assured that we will keep your personal data secure and protected: We consider it our responsibility to safeguard your privacy when we process your personal data. The following Data Protection Policy provides you with an overview of the processing of your data and your rights under data protection legislation when using the online services of DEG Impulse gGmbH.

1. Who is the “controller” responsible for data processing and whom can I contact?

The controller is:

DEG Impulse gGmbH (hereinafter, “we” or “us”)
Kämmergasse 22
D-50676 Cologne
Germany
Tel: + 49 221 4986-0

You can reach our company data protection officer at:

Boris Reibach

Scheja & Partners GmbH & Co. KG
Adenauerallee 136
D-53113 Bonn
Germany
Tel: +49 228-227 226 0

https://www.scheja-partner.de/kontakt/kontakt.html

2. What sources and data does DEG Impulse use?

We process personal data that we receive when you visit our website.

We use the data to identify you and determine how you interact with the site (e.g. IP address, browser type).

3. For what purposes does DEG Impulse process your data, and what is the legal basis for doing so?

We process personal data in conformity with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and other applicable legislation.

The below-listed functions, offers and services that you find on our site require the collection and use of personal data.

3.1 Risk management and compliance – for the purpose of safeguarding legitimate interests

  • Ensuring IT security and IT operation of the website

The legal basis for the processing of your personal data in this connection is Article 6(1)(f) GDPR. Our legitimate interest consists of complying with applicable legal provisions, maintaining the security of our IT systems and, in the event of infringements of legal requirements or breaches of security provisions, responding appropriately to such circumstances, for instance, by asserting legal claims. We believe that these interests are overriding, because we are subject to numerous legal requirements and we are responsible to our customers for ensuring that the corresponding requirements and security provisions are complied with. Based on the way we protect the data concerned, we do not feel that there are any detriments to you that are overriding.

3.2 Social media

Our website contains links to various social media platforms.

Please note: If you click on one of the following links, you will leave our website and be directed to the website of the relevant social media platform. Any information made available there has been created without any involvement by us. We thus bear no responsibility for it. We assume no liability for whether such information is current, accurate and complete. A link to a social media platform does not constitute any type of endorsement by us.

For reasons of conformity with data protection law in particular, it is not possible to reach these social media platforms directly. As a result, corresponding notices will be displayed. You may also first need to click on an embedded button and in that way provide your express consent to communication with the social media platform. Only then will your browser establish a direct connection with the servers of the social media platform.

Please note that we do not have any knowledge of or influence over the type of data that reach the social media platform or how this takes place.

When you click on the button, the social media platform receives information that you accessed its site. If you are registered with the social media platform, it can attribute your visit to your account with it. But even if you are not registered with the social media platform, it cannot be ruled out that the platform will collect and store your IP address after you click on the button.

3.4 Cookies and other website analysis technologies

Impulse uses such technologies on its website only to the extent that they are essential in order to provide the service expressly desired by the user. More extensive use, particularly for the purpose of tracking or profiling user behaviour, does not take place.

4. Who has access to my data?

Within the company, access to your data is given to those departments that require them in order to comply with our contractual and statutory obligations. Service providers that we engage, as well as persons we use to perform an obligation (Erfüllungsgehilfen), may also be given access to data for these purposes if they observe data protection requirements.

We will disclose information about you to third parties only if statutory provisions require the disclosure, if you have consented to the disclosure, or if we are authorised to make the disclosure for other reasons. Based on the conditions set out above, recipients of personal data may include:

  • service providers that process data on our behalf (e.g. IT service providers).

Other data recipients may be those entities for which you have granted us your consent to data transfer.

Should you require further information about specific recipients, please feel free to contact us.

5. Will data be transferred to a third country or an international organisation?

Data are not transferred to entities in countries outside of the European Union (known as “third countries”).

6. How long will you store my data?

The period for which personal data are stored depends on the respective processing purposes. It is not possible to list the various storage periods in a reasonable format here. The criteria for determining the storage period in a given case are:

  • Where we process data in connection with an expected legal dispute, we will store the data until definitive conclusion of the court proceeding or until the relevant claims are prescribed in accordance with the applicable provisions of civil law. The usual prescription period is three years.
  • Otherwise, we will delete the data collected in connection with the processing purposes described in clause 3.1 when those purposes no longer apply (currently, at most 60 days).

7. What data protection rights do I have?

Under Articles 15 to 22 GDPR, you have the following rights if the statutory requirements are met:

  • Right of access under Article 15 GDPR, i.e. the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to those data and further information;
  • Right to rectification under Article 16 GDPR, where the personal data concerning you are inaccurate;
  • Right to erasure under Article 17 GDPR, such as when the personal data are no longer necessary in relation to the purposes for which they were processed;
  • Right to restriction of processing under Article 18 GDPR;
  • Right to object under Article 21 GDPR to processing activities based on Article 6(1)(f) GDPR (overriding legitimate interest of DEG Impulse).
  • The right of access and the right to erasure are subject to the limitations set out in sections 34 and 35 BDSG.

In addition, there is a right to lodge a complaint with a supervisory authority (Article 77 GDPR).

Right to withdraw your consent

You may freely withdraw the consent to data processing that you have granted at any time. However, this does not affect the lawfulness of processing carried out on the basis of your consent up until the time you withdraw it. If you withdraw your consent or effectively object to continued processing on the basis of your consent, we will no longer process your data for these purposes.

8. Information about your rights to object

Right to object under Article 21 of the General Data Protection Regulation (GDPR)

You have the right to object at any time to the processing of your personal data carried out on the basis of a balancing of interests (Article 6(1)(f) GDPR), insofar as reasons arise from your particular situation that preclude such data processing. This also applies if automated individual decision-making is used (Article 22 GDPR).

If you object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or that processing is necessary for the establishment, exercise or defence of legal claims.

Objections under Article 21 GDPR can be sent in writing or by email to the DEG Impulse data protection officer; see above, clause 1.

More extensive information about specific processing activities

In addition to data that are processed when our website is visited, DEG Impulse also processes personal data in other areas of operations. You can find more extensive information about these data processing activities, broken down by the data subjects affected by the processing, at the following links:

Processing of customer data (PDF, 181 KB, nicht barrierefrei)

Processing of supplier data (PDF, 147 KB, nicht barrierefrei)

Last updated: 15 November 2023