data protection policy

May 2018

Protecting your personal data is a top priority for us. Accordingly, we at act renewable GmbH solely process your personal data (hereinafter referred to as “data”) on the basis of statutory provisions. In this data protection declaration, we aim to give you full details of how your data is processed in our company and the data protection claims and rights to which you are entitled in accordance with the European General Data Protection Regulation (EU GDPR).

1. Who is responsible for data processing and whom can you contact?

The responsible party is act renewable GmbH, c/o Nutrion, Friedenheimer Brücke 20, 80639 Munich, email:, tel.: +49 160 8019316.

Any issues regarding data protection can be addressed directly to the Managing Director, Rasmus Nedergaard, at

2. Which data is processed and from which sources does it come from?

We process the data that we receive from you when commencing and maintaining business relations. We also process data that we have received legitimately from credit agencies, creditor protection associations, publicly accessible sources (e.g. business registers, registers of associations, land registers, media) and other companies with which we have long-term business relationships.

The scope of such personal data includes:

Your master/contact data such as:

  • For private customers: First and last names, address, contact data (e.g. email address, telephone number, fax), date of birth, data from identity material submitted (copy of ID card), bank details
  • As a corporate customer or supplier: Name of your legal representative, company, commercial register number, VAT ID number, company number, address, contact person contact data (email address, telephone number, fax), bank details

In addition, we also process the following additional personal data:

  • Information concerning the type and content of our business relationship such as contract data, order data, sales and receipt data, customer and supplier history, consulting documents, vehicle data,
  • Information about your financial status (for example, creditworthiness data),
  • Advertising and sales data,
  • Documentation data (e.g. consulting protocols), image data,
  • Information from your electronic transactions with act renewable GmbH. (e.g. IP address, login data),
  • Other data that we have received from you in the course of our business relationship (e.g. in customer meetings),
  • Data that we generate ourselves from master/contact data and other data, e.g. through analyses of customer requirements and customer potential.
  • The documentation of your declaration of consent for the receipt of e.g. newsletters.
  • Image data from video monitoring systems
  • Photos taken at public events

3. For what purposes and on what legal basis will the data be processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the currently valid version of the Federal Data Protection Act (BDSG) 2018:

  • to comply with (pre-)contractual obligations (Art 6 para. 1 letter b GDPR):

Your data is processed for the sale and distribution of our services and procurement and logistics purposes as well as for supplier and customer management and analysis. In particular, data is processed when commencing and maintaining business relations with you and executing contracts with you, for example in the following cases:

  • Creating and managing a customer account or a supplier account
  • Delivering orders
  • Managing customer cards
  • Participation in sweepstakes
  • Sending information, e.g. requesting a catalogue
  • to meet legal obligations (Art 6 Para. 1 letter c GDPR):

Your data has to be processed for the purpose of meeting various legal obligations, e.g. as imposed by the German Commercial Code or the Tax Code, money laundering regulations and product-specific regulations.

  • to protect legitimate interests (Art 6 Para. 1 letter f GDPR):

With the aim of balancing interests in mind, data may be processed beyond the actual scope required to execute the contract in order to protect either our own legitimate interests or those of third parties. Data processing to protect legitimate interests may include the following cases, for example:

  • Consultation of and data exchange with credit agencies and creditor protection associations to determine creditworthiness data and to maintain a group-wide creditworthiness database to identify financial default risks for joint customers;
  • Advertising or marketing
  • Measures for business management and the further development of services and products;
  • Measures to protect act renewable GmbH sites from contractually non-compliant or illegal conduct, e.g. access controls, video surveillance;
  • In the context of legal proceedings.
  • With your consent (Art 6 Para 1 letter a GDPR):

If you have given us consent to process your data, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Consent that has been granted, e.g. to receive our newsletter, can be revoked at any time with future effect. If you wish to do so, please contact the party named under no. 1.

4. Processing of personal data for advertising purposes

We also use your data to communicate with you about your orders, certain products or marketing campaigns and to recommend products or services that might be of interest to you.

Product recommendations by email

Pursuant to the legal requirements of Section 7 para. 3 Act Against Unfair Competition, act renewable GmbH is entitled to use the email address you provided to us when ordering a product or service for the purpose of directly advertising its own similar goods or services.

If you no longer wish to receive product recommendations from us by e-mail, you can object to the use of your address for this purpose at any time without incurring any costs, other than the data transmission costs at your standard rate. If you wish to do so, please contact the party named under no. 1.

​5Processing of creditworthiness information

Transmission of data to SCHUFA

Within the scope of contractual relationships entered into with you, act renewable GmbH transmits to SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, personal data collected concerning applications for, the implementation and termination of such business relationships as well as data concerning non-contractually compliant or fraudulent behaviour. The legal basis for these transfers is established by Articles 6(1)(b) and 6(1)(f) of the General Data Protection Regulation (GDPR). Transmissions based on Article 6 paragraph 1 letter f GDPR may only proceed when required to safeguard the legitimate interests of act renewable GmbH. or third parties and when doing so does not outweigh the interests or fundamental rights and freedoms of the data subject which require protection of personal data to be upheld. The exchange of data with SCHUFA also takes place for the purpose of meeting legal obligations to carry out creditworthiness checks of customers (Section 505a and 506 of the German Civil Code). SCHUFA processes the data received, which is also used for the purpose of profile building (scoring) to provide its contractual partners in the European Economic Area, Switzerland and other third countries as required (provided an adequacy decision of the European Commission exists for the same) with information used, inter alia, to assess the creditworthiness of individuals. Further information on the activities of the SCHUFA can be found in the SCHUFA information sheet pursuant to Art. 14 GDPR or viewed online at

Data transmission to other credit agencies

Act renewable GmbH also uses the following credit agencies to obtain credit information when a legitimate interest exists: Bisnode Deutschland GmbH, Robert-Bosch-Straße 11, 64293 Darmstadt, Coface Central Europe Holding AG, Stubenring 24, A-1010 Vienna, CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich, Creditreform, Machtlfinger Straße 13, 81302 München, EOS Deutschland GmbH, Gottlieb-Daimler-Ring 7-9, 74906 Bad Rappenau.

6Who receives my data?

Even if we use a service provider in the context of order processing, we remain the party responsible for protecting your data. All contractors are contractually obliged to handle your data confidentially and process it only within the scope required for the provision of services. The contractors we commission will receive your data if required to perform their respective services. These include, for example, IT service providers that we need to operate and safeguard our IT system as well as advertising and address publishers for our own advertising campaigns.

Your data will be processed in customer databases of act renewable GmbH. These customer databases support efforts to improve the level of existing customer data, and enable enrichment with data from public sources. This data can be used for personalised direct marketing campaigns (e.g. newsletters), targeted online marketing.

If there is a legal obligation and in the context of legal proceedings, authorities and courts as well as external auditors may also receive your data.

In addition, insurance companies, banks, credit agencies and service providers may also receive your data for the purpose of entering into and fulfilling contracts.

7How long is my data stored?

We process your data until the business relationship ends or the applicable guarantee, warranty, statute of limitations and statutory retention periods expire (for example from the German Commercial Code or the Tax Code) or until any legal disputes in which the data is required as evidence have ended.

8Processing of applicant data

Your application data will only be made available to persons involved and authorised in the act renewable GmbH application process, e.g. in order to offer you alternative jobs if necessary. Upon the completion of the application process (i.e. after you have received an acceptance or rejection from us), we store your data for a maximum of 12 months.

9Communication by email

Please note that transmission of unencrypted emails should be regarded as unsafe, since unauthorised persons may note the content of the email and manipulate it under certain circumstances. Accordingly, we request that you refrain from sending sensitive data by email when communicating with us. As an applicant, please use our applicant portal, since your application documents are transmitted there securely. Should it ever be necessary to send sensitive data by email, please use a content encryption service.

10What information is collected when you visit this website?

Use of cookies

Our website uses what are known as cookies. These are small text files that are stored on your mobile device by the browser. They are harmless. We use cookies to make our website user-friendly. Some cookies remain stored on your device until you delete them and make it easier for us to recognise your browser when you next visit us. If this is against your preference, you can set your browser so that it informs you when cookies are set and only allows this in individual cases. However, deactivating cookies may limit the functionality of our website.

Web analysis

The website uses analytical tools to collect general information about the usage behaviour of visitors. This includes, for example, pages accessed, length of stay, referring pages as well as general information about your computer system such as operating system, screen resolution, browser used, etc. All data collected is stored anonymously and cannot be traced back to you personally. If you do not agree to have your usage behaviour recorded anonymously, you can prevent this by deactivating cookies in your browser.

Use of Google Analytics

This website also uses Google Analytics, an internet analysis service from Google. Google Analytics uses cookies (small text files) which are stored on your computer and which enable your use of the website to be analysed.

The information generated by the cookies about your use of this website (including your IP address) is transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties if required by law or if third parties process this data on behalf of Google. Under no circumstances will Google associate your IP address with any other data held by Google. You may reject the use of cookies by configuring the appropriate settings on your browser, but please note that doing so may preclude your access to the full functionality of this website. By using this website, you consent to have data concerning you processed by Google in the manner and for the purposes set out above.

We inform you that this website uses Google Analytics exclusively using a deactivation add-on “_anonymizeIp()”. Your IP address is not completely stored. Visitors to the website also cannot be identified.

By installing the following browser add-on to disable Google Analytics ( you can reject such usage. By doing so, you inform Google Analytics that no information about the website visit should be transmitted to Google Analytics. Without your express consent, we will not use tracking tools surreptitiously for any of the following:

  • to collect personal data about you,
  • transfer such data to third parties and marketing platforms, or
  • link such data with your personal data (name, address, etc.).

11Is any personal data transferred to other countries?

Transfer of data to external countries takes place in individual cases and only on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees or your express consent.

12What data protection rights do I have?

You have a right to information about or the correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as transfer the relevant data and to file a complaint in accordance with the requirements of data protection law.

Right to information

You can request information from us concerning whether and to what extent we process your data.

Right to correction

If we process your data in a way that is incomplete or incorrect, you can request that we correct or complete it at any time.

Right to deletion

You can request that we delete your data if we process it unlawfully or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. where legally required storage obligations are imposed.

Irrespective of whether or not you exercise your right to deletion, we will delete your data immediately and completely, provided this is unhindered by any legal transaction or legal retention period to the contrary.

Right to limitation of processing

You may request that we restrict the processing of your data if:

  • You dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data.
  • The processing of the data is unlawful, but you reject the option of deletion and instead request a restriction on its use,
  • We no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
  • You have lodged an objection to the processing of the data.

Right to data portability

You may require that we provide you with the data you have given to us in a structured, current and machine-readable format and to allow you to pass this data to another person in charge without our interference, provided that

  • We process this data on the basis of irrevocable consent granted on your part and or to fulfil a contract between us, and
  • This processing is carried out using automated methods.

If technically feasible, you can ask that we transfer your data directly to another person responsible.

Right to objection

If we process your data for legitimate reasons, you can object to this data processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. We will then refrain from any further processing of your data unless we can prove compelling reasons worth protecting for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You can object to the processing of your data for the purpose of direct advertising at any time without giving reasons.

Right of appeal

If you believe that we are violating German or European data protection law when processing your data, please contact us to clarify any questions. Of course, you are also entitled, to contact the supervisory authority responsible for act renewable GmbH, the Bavarian State Office for Data Protection Supervision.

If you wish to assert any of the above rights against us, please contact the contact named under no. 1. In case of any doubt, we may request additional information to confirm your identity.

13Am I obliged to provide data?

The processing of your data is necessary to conclude or fulfil your contract with us. If you do not provide us with this information, we will usually have to decline the conclusion of the contract or execution of the order or will no longer be able to execute an existing contract, which will then have to be terminated. However, you are not obliged to give your consent to the processing of data that is not relevant or legally required for the fulfilment of the contract.

Published May 2018, by:
act renewable GmbH
c/o Nutrion, Friedenheimer Brücke 20
D-80639 Munich

Tel: +49 160 8019316

Registered Office:
Munich, Germany
Munich Registry Court, HRB 241980

Management Board:
Rasmus Nedergaard (Managing Director and CEO)

Title here
Thank you for signing up
to our Insights.
Click here to download