Data Protection

DEG Privacy Notice

You can rely on us to ensure the protection and security of your personal data: we consider it our responsibility to protect your privacy when processing personal data. The following privacy notice will give you an overview of the processing of your data and the rights you have pursuant to data protection provisions when using the online services of DEG - Deutsche Investitions- und Entwicklungsgesellschaft mbH.

1. Who is responsible for data processing and who can I contact?

The controller is:

DEG - Deutsche Investitions- und Entwicklungsgesellschaft mbH (hereinafter: “we” or “us”)
Kämmergasse 22
D-50676 Köln
Tel: + 49 221 4986-0
Fax: + 49 221 4986-1290

You can contact our data protection officer at:

DEG - Deutsche Investitions- und Entwicklungsgesellschaft mbH
c/o The Data Protection Officer
Kämmergasse 22
D-50676 Köln

2. What sources and data does DEG use?

We process personal data which we receive from our website visitors in connection with the use of our website, and the subscription to newsletters.

The personal data that we process include, in particular, contact data (e.g. name, address, telecommunication data and data that might identify you and your usage behaviour as far as such data is created during the use of our online service.

3. For what purpose does DEG process your data and on what legal basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and other applicable legal provisions.

You can use almost our entire internet offerings without being required to submit personal data. You are, however, required to submit personal data in order to be able to use below offerings and services, which you will find on our web pages.

3.1 General communication, use of newsletters and uptake of the Independent Complaints Mechanism (ICM), user behaviour tracking of website visitors – for the purpose of safeguarding legitimate interests or on the basis of your consent:

  • general communication, particularly via the contact form,
  • processing other enquiries,
  • filing complaints according to the ICM,
  • behavior tracking of website visitors
  • newsletters

The legal basis for processing your personal data in this context is Article 6(1)(1)(f) of the GDPR unless we have, in individual cases, obtained your consent. Pursuant to this provision, processing personal data is permissible if this is necessary for the purposes of legitimate interests except where such interests are overridden by the interests or fundamental rights of the data subject which require that the personal data are not processed. As a customer centric organisation we have a legitimate interest in reacting appropriately to inquiries and complaints. We believe that these interests prevail since the processing for the purpose of contacting is executed on your very request.

We protect the data concerned in such a way that we do not see any overriding disadvantages for you.

Concerning user behaviour tracking we have a legitimate interest in improving our webpresence based on its usage by its visitors. We believe that these interests prevail since we apply the principle of pseudonymisation while observing the user’s journey on our webpresence. During pseudonymisation, the name or any other identification feature is completely replaced, thus preventing the data subject from being identified.

We have compiled further information on this point under section 3.4. In addition, you have the right to object to user behaviour tracking at any time (details may be found in section “Information on your rights to object” at the end of this text).

If you have given us your consent to the processing of personal data for specific purposes (e.g. sending newsletters), such consent is the legal basis for the data processing (Article 6(1)(1)(a) of the GDPR). Any consent given may be withdrawn at any time. This also applies to the withdrawal of consent given to us prior to the applicability of the GDPR, i.e. before 25 May 2018. The withdrawal of the consent will not affect the lawfulness of the data processing carried out until the consent was withdrawn.

3.2 Risk management and compliance – for the purpose of safeguarding legitimate interests:

  • ensuring IT security and the IT operations of the bank,

The legal basis for processing your personal data in this context is Article 6(1)(1)(f) of the GDPR. Our legitimate interest consists in complying with applicable legal provisions, maintaining the security of our IT systems and, in case of non-compliance with legal requirements or violations of security regulations, responding adequately to such circumstances, for instance by establishing legal claims. We believe that these interests prevail since, as a credit instituion, we are subject to a significant number of regulatory requirements and have a responsibility towards our customers to ensure that the corresponding requirements and security regulations are complied with. We protect the data concerned in such a way that we do not see any overriding disadvantages for you.

3.3 Social media

You can access our social media channels (Facebook, YouTube, LinkedIn, Xing, Google+ and Twitter) from our website.

Caution: When choosing one of the following links, you will leave our website and be forwarded to the website of a social medium. Any information possibly available there has been created without any involvement on our part and we are not responsible for such information. We do not assume any liability for such information being up to date, accurate and/or complete. References to social media do not imply any approval on our part.

Particularly for reasons of data protection compliance, the relevant social media cannot be directly accessed. Corresponding notices will therefore be displayed. In addition, you may have to click on one of the integrated buttons first, thus giving your express consent to the communication with the social medium. Only after that user generated action, the browser will connect you by establishing a direct connection with the servers of the social medium.

Please note that we have no definite information and no influence on how and what data are transferred to the social medium.

By activating the button, you will provide the social medium with the information that you have opened one of the web pages of the medium on the internet. In case you are already registered with the social medium, it will be able to link your visit to your account. But even if you have not yet registered with the social medium, it cannot be excluded that it will collect and/or store your IP address after activating the respective button.

3.4 Cookies

Data are collected and further processed in anonymised form on this website in order to continually improve and analyse our web content. For this purpose, we use the web analytics tool Webtrekk of Webtrekk GmbH. Webtrekk, which is a service provider certified by the German Technical Control Board (Technischer Überwachungsverein – TÜV), only uses servers located in Germany for this purpose. When creating anonymised usage profiles, pseudonyms are generated. During pseudonymisation, the name or any other identification feature is completely replaced, thus preventing the data subject from being identified. This includes the use of cookies that collect and store data in pseudonymised form. Cookies are small text files linked to the browser you are using and that are stored on your hard disc and in order to provide certain information to its originator.

Under no circumstances will data be used for the personal identification of a visitor (if this were technically possible at all) or linked with the data about the bearer of a pseudonym.

4. Who will have access to my data?

Within the bank, those persons that need your data in order to perform our contractual and statutory obligations will be granted access to your data. Service providers employed by us and persons employed by us in the performance of our obligations (Erfüllungsgehilfen) may also receive data for these purposes, provided that they comply with data protection obligations.

We will only disclose information about you to third parties if this is required by statutory provisions, if you have given your consent or if we are entitled to disclose such information for other reasons. If these prerequisites are met, personal data may be disclosed to the following recipients:

  • service providers which process data on our behalf (e.g. data centres).

Further recipients of data can be the bodies in respect of which you gave us your consent to the transfer of data.

If you need further information on individual recipients, please do not hesitate to contact us.

5. Will any data be transmitted to a third country or to an international organisation?

There will be no transmission of data to bodies in countries outside the European Union (so-called third countries).

6. For how long will my data be stored?

The period during which the personal data are stored depends on the relevant purposes of the processing. It is not possible to specify all of the different storage periods in a reasonable format at this point. The following criteria are used to determine the relevant storage periods in the concrete individual case:

  • Where we process data in connection with anticipated legal disputes, we will store the data until the court proceedings have definitively been completed or until the claims at issue have become time-barred in accordance with the applicable civil-law provisions. The general limitation period is three years.
  • We delete the data collected under the regime of clause 3.1 and 3.2 as soon as the original purposes that reasoned its collection expires.

7. What data protection rights do I have?

If the statutory prerequisites are met, you have the following rights pursuant to Articles 15 to 22 of the GDPR:

  • the right of access pursuant to Article 15 of the GDPR, i.e. the right to obtain from us confirmation as to whether or not personal data about you are processed and, where that is the case, to obtain access to these data and further information;
  • the right to rectification pursuant to Article 16 of the GDPR if personal data concerning you are inaccurate;
  • the right to erasure pursuant to Article 17 of the GDPR, e.g. if the personal data are no longer required for the purposes for which they were processed; and
  • the right to restriction of processing pursuant to Article 18 of the GDPR.
  • The right to object processing activities that rest upon Article 6(1)(1)(f) of the GDPR (prevailing legitimate interests of DEG).

With respect to the right of access and the right to erasure, the restrictions pursuant to sections 34 and 35 of the German Federal Data Protection Act apply.

In addition, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 of the GDPR).

Right to withdraw your consent

You may freely withdraw your consent to data processing at any time. However, this will not affect the lawfulness of the processing carried out on the basis of your consent until it was withdrawn. If you withdraw your consent or validly object to the further processing on the basis of your consent, we will no longer process the data for these purposes.

Information on your rights to object

Individual right to object pursuant to Article 21 of the General Data Protection Regulation (GDPR)

You have the right to raise, at any time, an objection to the processing of your personal data which is carried out on the basis of a weighing of interests (Article 6(1)(1)(f) of the GDPR), provided that your particular situation provides reasons against such data processing. This also applies to any automated individual decision-making (Article 22 of the GDPR). If you raise an objection, we will no longer process your personal data for these purposes unless we are able to provide evidence of cogent reasons for the processing which are worthy of protection and which override your interests, rights and freedoms or unless the processing serves the purpose of establishing, exercising or defending legal claims.

Right to object pursuant to section 15 of the German Telemedia Act (Telemediengesetz – TMG)

Pursuant to section 15 of the German Telemedia Act, website visitors may object to the storage of their visitor data collected in anonymised form, so that such data will no longer be collected in the future.

In order to exclude Webtrekk web controlling, a cookie named “webtrekkOptOut” will be set by the domain. This objection will be valid for as long as you do not delete the cookie. In order to complete the objection, please click on the following link.

Further information on specific data processing activities

Apart from processing personal data in the course of using our website or newsletter function DEG collects, stores and processes personal data in other segments of its business operations.

We have complied the legally required information on these particular processing activities, differentiated regarding the affected category of data subjects, for your convenient access down below:

Processing of customer data

Processing of supplier data

Processing of data in the DEG Customer Portal

Data protection safeguards of DEG representative offices


DEG's Data Protection Officer