DEG Privacy Notice
You can rely on us to ensure the protection and security of your personal data: we consider it our responsibility to protect your privacy when processing personal data. The following privacy notice will give you an overview of the processing of your data and the rights you have pursuant to data protection provisions when using the online services of DEG - Deutsche Investitions- und Entwicklungsgesellschaft mbH.
1. Who is responsible for data processing and who can I contact?
The controller is:
DEG - Deutsche Investitions- und Entwicklungsgesellschaft mbH (hereinafter: “we” or “us”)
Tel: + 49 221 4986-0
Fax: + 49 221 4986-1290
You can contact our data protection officer at:
DEG - Deutsche Investitions- und Entwicklungsgesellschaft mbH
c/o The Data Protection Officer
2. What sources and data does DEG use?
We process personal data which we receive from our website visitors in connection with the use of our website, and the subscription to newsletters.
The personal data that we process include, in particular, contact data (e.g. name, address, telecommunication data and data that might identify you and your usage behaviour as far as such data is created during the use of our online service.
3. For what purpose does DEG process your data and on what legal basis?
We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG) and other applicable legal provisions.
You can use almost our entire internet offerings without being required to submit personal data. You are, however, required to submit personal data in order to be able to use below offerings and services, which you will find on our web pages.
3.1 General communication, use of newsletters and uptake of the Independent Complaints Mechanism (ICM) – for the purpose of safeguarding legitimate interests or on the basis of your consent:
- general communication, particularly via the contact form,
- processing other enquiries,
- filing complaints according to the ICM,
The legal basis for processing your personal data in this context is Article 6(1)(1)(f) of the GDPR unless we have, in individual cases, obtained your consent. Pursuant to this provision, processing personal data is permissible if this is necessary for the purposes of legitimate interests except where such interests are overridden by the interests or fundamental rights of the data subject which require that the personal data are not processed. As a customer centric organisation we have a legitimate interest in reacting appropriately to inquiries and complaints. We believe that these interests prevail since the processing for the purpose of contacting is executed on your very request.
We protect the data concerned in such a way that we do not see any overriding disadvantages for you.
If you have given us your consent to the processing of personal data for specific purposes (e.g. sending newsletters), such consent is the legal basis for the data processing (Article 6(1)(1)(a) of the GDPR). Any consent given may be withdrawn at any time. This also applies to the withdrawal of consent given to us prior to the applicability of the GDPR, i.e. before 25 May 2018. The withdrawal of the consent will not affect the lawfulness of the data processing carried out until the consent was withdrawn.
3.2 Risk management and compliance – for the purpose of safeguarding legitimate interests:
- ensuring IT security and the IT operations of the bank,
The legal basis for processing your personal data in this context is Article 6(1)(1)(f) of the GDPR. Our legitimate interest consists in complying with applicable legal provisions, maintaining the security of our IT systems and, in case of non-compliance with legal requirements or violations of security regulations, responding adequately to such circumstances, for instance by establishing legal claims. We believe that these interests prevail since, as a credit instituion, we are subject to a significant number of regulatory requirements and have a responsibility towards our customers to ensure that the corresponding requirements and security regulations are complied with. We protect the data concerned in such a way that we do not see any overriding disadvantages for you.
3.3 Social media
You can access our social media channels (Facebook, YouTube, LinkedIn, Xing, Google+ and Twitter) from our website.
Caution: When choosing one of the following links, you will leave our website and be directed to the website of a social medium. Any information possibly available there has been created without any involvement on our part and we are therefore not responsible for such information. We do not assume any liability for such information being up to date, accurate and/or complete. References to social media do not imply any approval on our part.
- Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, U.S.A
- Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, U.S.A
- Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S.A
- LinkedIn Ireland, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland
- XING AG, Dammtorstraße 30, 20354 Hamburg, Germany
Particularly for reasons of data protection compliance, the relevant social media cannot be directly accessed. Corresponding notices will therefore be displayed. In addition, you may first have to click on integrated buttons, thus giving your express consent to the communication with the social medium. Only after that, the browser will connect you by establishing a direct connection with the servers of the social medium.
Please note that we ourselves have no definite information and no influence on how and what data are transferred to the social medium.
By activating the button, you will provide the social medium with the information that you have opened one of the web pages of the medium on the internet. In case you are already registered with the social medium, it will be able to link your visit with your account with the social medium. But even if you have not yet registered with the social medium, it cannot be excluded that, after clicking on the medium, it will collect and/or store your IP address.
4. Who will have access to my data?
Within the bank, those persons that need your data in order to perform our contractual and statutory obligations will be given access to your data. Service providers employed by us and persons employed by us in the performance of our obligations (Erfüllungsgehilfen) may also receive data for these purposes, provided that they comply with data protection obligations.
We will only disclose information about you to third parties if this is required by statutory provisions, if you have given your consent or if we are entitled to disclose such information for other reasons. If these prerequisites are met, personal data may be disclosed to the following recipients:
- service providers which process data on our behalf (e.g. data centres).
Further recipients of data can be the bodies in respect of which you gave us your consent to the transfer of data.
If you need further information on individual recipients, please do not hesitate to contact us.
5. Will any data be transferred to a third country or to an international organisation?
There will be no transfer of data to bodies in countries outside the European Union (so-called third countries).
6. For how long will my data be stored?
The period during which the personal data are stored depends on the relevant purposes of the processing. It is not possible to specify all of the different storage periods in a reasonable format at this point. The following criteria are used to determine the relevant storage periods in the concrete individual case:
- Where we process data in connection with anticipated legal disputes, we will store the data until the court proceedings have definitively been completed or until the claims at issue have become time-barred in accordance with the applicable civil-law provisions. The general limitation period is three years.
- We delete the data collected under the regime of clause 3.1 and 3.2 as soon as the original purposes that reasoned its collection expires.
7. What data protection rights do I have?
If the statutory prerequisites are met, you have the following rights pursuant to Articles 15 to 22 of the GDPR:
- the right of access pursuant to Article 15 of the GDPR, i.e. the right to obtain from us confirmation as to whether or not personal data about you are processed and, where that is the case, to obtain access to these data and further information;
- the right to rectification pursuant to Article 16 of the GDPR if personal data concerning you are inaccurate;
- the right to erasure pursuant to Article 17 of the GDPR, e.g. if the personal data are no longer required for the purposes for which they were processed; and
- the right to restriction of processing pursuant to Article 18 of the GDPR.
- The right to object processing activities that rest upon Article 6(1)(1)(f) of the GDPR (prevailing legitimate interests of DEG).
With respect to the right of access and the right to erasure, the restrictions pursuant to sections 34 and 35 of the German Federal Data Protection Act apply.
In addition, you have the right to lodge a complaint with a data protection supervisory authority (Article 77 of the GDPR).
Right to withdraw your consent
You may freely withdraw your consent to data processing at any time. However, this will not affect the lawfulness of the processing carried out on the basis of your consent until it was withdrawn. If you withdraw your consent or validly object to the further processing on the basis of your consent, we will no longer process the data for these purposes.
Information on your rights to object
Individual right to object pursuant to Article 21 of the General Data Protection Regulation (GDPR)
You have the right to raise, at any time, an objection to the processing of your personal data which is carried out on the basis of a weighing of interests (Article 6(1)(1)(f) of the GDPR), provided that your particular situation provides reasons against such data processing. This also applies to any automated individual decision-making (Article 22 of the GDPR). If you raise an objection, we will no longer process your personal data for these purposes unless we are able to provide evidence of cogent reasons for the processing which are worthy of protection and which override your interests, rights and freedoms or unless the processing serves the purpose of establishing, exercising or defending legal claims.
Further information on specific data processing activities
Apart from processing personal data in the course of using our website or newsletter function DEG collects, stores and processes personal data in other segments of its business operations.
We have complied the legally required information on these particular processing activities, differentiated regarding the affected category of data subjects, for your convenient access down below: