Privacy Policy

1. GENERAL INFORMATION

This privacy policy informs you about the processing of personal data in connection with our websites and online presences.

2.  DATA CONTROLLER
Impossible Cloud GmbH
Friesenweg 12
22763 Hamburg
Germany

Board of Directors
Dr. Kai Wawrzinek
Dr. Christian Kaul

Legal Information
Trade Register: HRB 170423
District Court: Hamburg
VAT ID: DE346013637

Our Data Protection Officer
You can reach the data protection officer of Impossible Cloud GmbH under the following contact details:
Herting Oberbeck Datenschutz GmbH
Hallerstr. 76, 20146 Hamburg

https://www.datenschutzkanzlei.de

UK General Data Protection Regulation (GDPR) - UK Representative

Pursuant to Article 27 of the UK GDPR, Impossible Cloud GmbH has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

- by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/

- by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom

‍

3. CATEGORIES OF PERSONAL DATA COLLECTED

‍

The personal information that we may collect from you includes your first name, last name, job title, company name, email address, postal address, telephone number, country, device-specific information, and usage data (such as log information), as well as any other personal information that you may provide to us or that we otherwise collect from you as described in Section 7 below.

‍

4. LEGAL BASIS FOR DATA PROCESSING

‍

We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of legal authorisation. We process personal data with your consent (Art. 6 para. 1 letter a GDPR), for the fulfilment of a contract to which you are a party or at your request for the implementation of pre-contractual measures (Art. 6 para. 1 letter b GDPR), for the fulfilment of a legal obligation (Art. 6 para. 1 letter c GDPR) or if the processing is necessary to protect our legitimate interests or the legitimate interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail (Art. 6 para. 1 letter f GDPR).

‍

5. RECIPIENT OF DATA

In order to provide our services and operate efficiently, we use various external service providers who may process personal data on our behalf. Where other specific recipients are involved in certain processing activities, we will inform you accordingly within this privacy notice. The main categories of recipients are listed below:

‍

• IT service providers and SaaS providers: We use the services of various service providers who support us as processors and simplify and optimise our processes. This includes systems used for customer management, partner management and other tools necessary for the provision of our services.
• Partner Ecosystem: We may share limited personal data with authorised distributors or resellers to ensure the establishment of a contractual relationship with the appropriate partner. These partners act as independent data controllers.
• Advertising and marketing providers: With the help of various advertising and marketing providers, we aim to increase our brand awareness, promote demand for our products and increase customer loyalty. To this end, campaigns are planned, played out and their success measured and analysed. The providers are usually also processors.
• Administration and authorities: In order to comply with legal regulations or to respond to court orders or other similar official requests, further transfers may take place. This also includes transfers to the tax authorities and tax consultancy/auditing firms.

‍

5. STORAGE PERIOD

‍

Unless otherwise stated in the following information, we only store the data for as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax law regulations. In addition, we will retain data in connection with consents requiring proof and with complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to processing for this purpose.

‍

6. YOUR RIGHTS AS A DATA SUBJECT 

‍

As a data subject, you have the right to assert your data subject rights against us. In particular, you are therefore entitled to know at any time whether your personal data has been stored and can contact us to assert a right of access to stored data (right of access), to verify its accuracy (right to rectification), to request its completion and updating, to request its erasure (right to be forgotten), to request the restriction of processing (right to restriction) and to have the data ported/ported in a commonly used, machine-readable format (data portability).

‍

These rights apply insofar as there are no compelling and/or legitimate reasons on the part of the controller to the contrary. To assert these rights, please contact privacy@impossiblecloud.com or send a letter to the address given above.

‍

If you have given us separate consent to data processing, you can exercise your right of cancellation at any time without giving reasons and amend or completely revoke the declaration of consent given with effect for the future. You can send your cancellation to us either by post or e-mail.  Such a revocation does not affect the legality of the processing that was carried out on the basis of the consent until the revocation.

‍

If you believe that the processing of your personal data violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. However, we encourage you to first contact our data protection officer. We always strive to resolve any possible disagreements as quickly and smoothly as possible so that we can avoid conflicts.

‍

In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR without giving reasons. 

‍

If you exercise your rights in accordance with Art. 15 to 22 GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and to be able to provide proof of this. We will only process data stored for the purpose of providing and preparing information for this purpose and for the purposes of data protection monitoring and will otherwise restrict processing in accordance with Art. 18 GDPR. This processing is based on the legal basis of Art. 6 para. 1 lit. c GDPR in conjunction with. Art. 15 to 22 GDPR and § 34 para. 2 BDSG.

‍

7. DATA PROCESSING ACTIVITIES

‍

Information that you provide to us
We collect Personal Data that you provide directly to us. For example, we collect information when you send us a request or inquiry via our website, register as a customer, apply for a job, subscribe to our e-newsletter, fill out a form or survey, submit an online meeting request, register for our partner management program, download information or documents that we publish, request Company support, use our services or otherwise interact or communicate with us in any other way. If you would like to receive our high-quality publications, white papers or marketing communications, or if you participate in our partner ecosystem, we may require your marketing consent. We will process the personal data you provide in connection with this consent and verify your email address using a double opt-in procedure.

Information that we process on behalf of our clients 

Our clients may also provide us with certain Personal Data. We will in such a case act as a data processor or sub-processor and only process such Personal Data on our clients’ behalf and in accordance with their instructions (as defined in the Data Processing Agreement that we entered into with our clients). We will use such Personal Data to handle data subject requests or for any other purpose provided for in the Data Processing Agreement or in accordance with or as may be required by law. In such cases, it is the client (or, as the case may be, other third parties) who remain responsible for the handling of the Personal Data and with compliance with any applicable data privacy laws.

Information that we collect from other sources
We may also obtain information from other sources and combine it with the information that we collect as described above. For example, we may collect information about you from third parties such as social media platforms, data enrichment providers, lead generation service providers and publicly available sources, but only where we have verified that these third parties either have your consent or are otherwise legally permitted or required to disclose your Personal Data to us. We may also receive deal information from our partners where this is necessary for managing contractual relationships and collaboration within our partner ecosystem.

Information that we automatically collect

We may automatically collect information about you, including:

• Website usage: we log information, including the type of browser you use, access times, pages viewed, your IP address, your general location and the page you visited before navigating to our website.
• Device information: we collect information about the computer or mobile device you use to access our website, including the hardware model, operating system and unique device identifiers.
  
  • Information collected by cookies and other tracking technologies: Impossible Cloud and our service providers use various technologies to collect information, including cookies. Cookies are small data files stored on your hard drive or in device memory that help us improve our services and your experience, see which areas and features of our services are popular, and count visits.
•  See the list of cookies here: https://drive.google.com/file/d/1MlbXT4Cj05pg1wx668RCxkS7Y2-bTspH/view?usp=sharing

‍

Automated Decision-Making / Profiling

The processing of personal data concerning you by us does not involve automated decision-making or profiling within the meaning of Article 22(1) and (4) GDPR. In particular, we do not make decisions that produce legal effects concerning you or similarly significantly affect you solely based on automated processing of your data.

‍

8. TRANSFER OF THE PERSONAL DATA

‍

We always process your data on European servers with the highest security standards. However, some data processing may involve the transfer of certain personal data to third countries, i.e. countries where the GDPR is not applicable. 

‍

Such transfers are permitted if the European Commission has determined that an adequate level of data protection is provided in such a third country. This applies to all transfers to countries on this list:

‍

https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

‍

If no such adequacy decision has been made by the European Commission, personal data will only be transferred to a third country if appropriate safeguards are in place in accordance with Art. 46 GDPR or if one of the conditions of Art. 49 GDPR is met.

‍

If no adequacy decision has been made and unless otherwise specified below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data from the scope of the GDPR to third countries. You have the option of receiving a copy of these EU standard data protection clauses or viewing them. To do so, please contact us at the address provided under Contact.

‍

If you consent to the transfer of personal data to third countries, the transfer will be carried out on the legal basis of Art. 49 (1) (a) GDPR.