PRIVACY POLICY
We are very pleased about your interest in our company. The protection of personal data is of particular importance to the management of Impect GmbH. The use of the websites of Impect GmbH is generally possible without providing any personal data. However, if a data subject wishes to use special services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
The processing of personal data (for example name, address, email address or telephone number of a data subject) is always carried out in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection provisions applicable to Impect GmbH. By means of this Privacy Policy, our company would like to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of the rights to which they are entitled.
Impect GmbH, as the controller, has implemented numerous technical and organisational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, Internet-based data transmissions may generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
1. Definitions
This Privacy Policy of Impect GmbH is based on the terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our Privacy Policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.
In this Privacy Policy we use, inter alia, the following terms:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller responsible for the processing.
c) Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures.
g) Controller
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
h) Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2. Name and Address of the Controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member States of the European Union and other provisions related to data protection is:
Impect GmbH
Siegburger Straße 149–151
50679 Cologne
Germany
Phone: +49 (0)221 35554-170
Email: info@impect.com
Website: www.impect.com
3. Contact Details of the Data Protection Officer
To contact the Data Protection Officer of the controller, please use the following contact details:
Hans-Georg Sienz
Email: datenschutz@emes-consulting.com
Phone: +49 2206 / 9104 31 0
Any data subject may contact our Data Protection Officer directly at any time with questions or suggestions concerning data protection.
4. Cookies
The websites of Impect GmbH use cookies. Cookies are text files that are stored on a computer system via an Internet browser. By using cookies, Impect GmbH can provide users of this website with more user-friendly services that would not be possible without the cookie setting.
Data subjects can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
5. Collection of General Data and Information
The website of Impect GmbH collects a series of general data and information when a data subject or automated system calls up the website. This general data and information is stored in the server log files. The following can be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (referrer), (4) the sub-pages which are accessed on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our IT systems.
When using these general data and information, Impect GmbH does not draw any conclusions about the data subject. Rather, this information is needed to deliver the content of our website correctly, to optimise the content of our website and its advertising, to ensure the long-term viability of our IT systems and website technology, and to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
6. Contact via the Website
The website of Impect GmbH contains information that enables a quick electronic contact to our company as well as direct communication with us, which also includes a general address of electronic mail (email address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
7. Routine Erasure and Restriction of Processing
The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage or as far as this is granted by the European legislator or another legislator in laws or regulations to which the controller is subject. If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
8. Rights of the Data Subject
Every data subject has the following rights under the GDPR: right of confirmation, right of access, right to rectification, right to erasure (“right to be forgotten”), right to restriction of processing, right to data portability, right to object, rights in relation to automated decision-making, and the right to withdraw consent. To exercise any of these rights, you may contact us or our Data Protection Officer at any time using the contact details above.
9. Data Protection for Applications and the Application Process
The controller collects and processes the personal data of applicants for the purpose of handling the application procedure. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship. If no employment contract is concluded, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller oppose such deletion (for example a burden of proof in proceedings under the German General Equal Treatment Act – AGG).
10. Legal Basis for Processing
Art. 6(1)(a) GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing is necessary for the performance of a contract to which the data subject is party, the processing is based on Art. 6(1)(b) GDPR. If our company is subject to a legal obligation, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person (Art. 6(1)(d) GDPR). Processing operations may also be based on Art. 6(1)(f) GDPR, where the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party.
11. Legitimate Interests Pursued by the Controller or by a Third Party
Where the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is the conduct of our business activities for the benefit of all our employees and our shareholders.
12. Period for Which the Personal Data Will Be Stored
The criterion used to determine the period of storage of personal data is the respective statutory retention period. After expiry of that period, the corresponding data will be routinely deleted, provided they are no longer necessary for the performance of the contract or the initiation of a contract.
13. Obligation to Provide Personal Data
In some cases, the provision of personal data is required by law or contract, or may be necessary for the conclusion of a contract. If personal data are not provided, a contract may not be concluded. Before providing personal data, the data subject may contact one of our employees, who will clarify in each individual case whether the provision of personal data is required and what the consequences of not providing personal data would be.
14. Existence of Automated Decision-Making
As a responsible company, we do not use automatic decision-making or profiling.
