Greenmark IT

Privacy Policy

This Privacy Policy is a translation of the German Privacy Policy. In case of discrepancies, the German Privacy Policy shall prevail. We place the highest value on protecting your data and maintaining your privacy. Below, we provide information on the collection and use of personal data when using our website.

Controller:
Greenmark IT GmbH
Leinstraße 3
31061 Alfeld (Leine)
Deutschland

Telephone: +49 (0) 5181 8 55 37 - 0
Telefax: +49 (0) 5181 8 55 37 - 29
E-Mail: hostmaster@greenmark-it.de

1. Anonymous Data Collection
You may visit our websites without providing any personal information. In this context, no personal data is stored without your consent. To improve our offerings, we only analyze statistical data that does not allow us to draw conclusions about your identity. The following data is collected when accessing our websites: date, time and duration of visit, web browser and browser settings used, internet service provider, approximate location, country, and IP address.

2. General Information on Data Processing and Legal Bases

This privacy policy informs you about the type, scope, and purpose of the processing of personal data within our online services and related websites, functions, and content (hereinafter collectively referred to as "Online Offer" or "Website"). This privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) used to execute the Online Offer.

The terms used, such as "personal data" or "processing," refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

The personal data of users processed within the scope of this Online Offer includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of personnel, payment information), usage data (e.g., the websites visited within our Online Offer, interest in our products), and content data (e.g., entries in the contact form).

The term "user" encompasses all categories of data subjects affected by the data processing. These include our business partners, customers, prospects, and other visitors to our Online Offer. The terms used, such as "user," are intended to be gender-neutral.

We process users' personal data only in compliance with the applicable data protection provisions. This means that user data is processed only when a legal permission exists, i.e., particularly if data processing is required for the provision of our contractual services (e.g., order processing) and online services, or when legally required, when the user has given consent, or based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation and security of our Online Offer pursuant to Art. 6(1)(f) GDPR, in particular in measuring reach and collecting access data).

We point out that the legal basis for consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the fulfillment of our services and implementation of contractual measures is Art. 6(1)(b) GDPR, the legal basis for processing for compliance with our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR.

3. Security Measures
We implement organizational, contractual, and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are observed and to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in your browser's address bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Collection and Processing
4.1. Collection and Processing of Data in Response to Inquiries via Email, Telephone, or Fax** When you contact us via email, telephone, or fax, your inquiry, including all personal data resulting therefrom (name, inquiry), will be stored and processed for the purpose of addressing your concerns. We will not disclose this data without your consent.

The processing of this data is based on Article 6(1)(b) of the General Data Protection Regulation (GDPR), provided that your inquiry is related to the fulfillment of a contract or is necessary for the execution of pre-contractual measures. In all other cases, the processing is based on your consent (Article 6(1)(a) GDPR) and/or on our legitimate interests (Article 6(1)(f) GDPR), as we have a legitimate interest in the effective handling of inquiries directed to us.

The data you send us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after the completion of processing your inquiry). Mandatory statutory provisions – in particular, statutory retention periods – remain unaffected.

4.2. Collection, Processing, and Use of Personal Data
We collect personal data only to the extent provided by you. The processing and use of your personal data occur for the fulfillment and execution of your order as well as for the processing of your inquiries. After the complete fulfillment of the contract, all personal data will initially be stored, taking into account tax and commercial law retention periods, and will then be deleted after the retention period has expired, provided that you have not consented to further processing and use.

4.3. Transfer of data to third parties
Transfer of data to third parties occurs only within the framework of statutory provisions. We disclose users' data to third parties only if this is necessary for contractual purposes based on Article 6(1)(b) GDPR or based on legitimate interests according to Article 6(1)(f) GDPR for the economic and efficient operation of our business.

If we employ subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data in accordance with the applicable legal provisions.

For all other data processing activities over which we do not have control, particularly for domain registration services, the data controller is the registry operator of the respective top-level domain (TLD) as well as ICANN or agents as joint controllers with the registry operator.

If, within the framework of this privacy policy, contents, tools, or other means from other providers (hereinafter collectively referred to as "third-party providers") are used and their specified seat is located in a third country, it is assumed that a data transfer to the countries of residence of the third-party providers takes place. "Third countries" are understood to mean countries in which the GDPR is not directly applicable, i.e., generally countries outside the EU or the European Economic Area. The transfer of data to third countries occurs either when there is an adequate level of data protection, user consent, or otherwise a legal permission is in place.

Our website incorporates tools from companies based in the USA. If these tools are activated, your personal data may be transferred to the respective companies' US servers. We would like to point out that the USA is not considered a safe third country under EU data protection law. US companies are required to disclose personal data to security authorities without you being able to take legal action against this as the data subject. Therefore, it cannot be ruled out that US authorities (e.g., intelligence services) may process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities. Under the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection as adequate for certain companies from the USA under the adequacy decision of July 10, 2023. You can find the list of certified companies and additional information about the DPF on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you in the privacy notices which service providers we use are certified under the Data Privacy Framework.

4.4. Collection of Access Data and Logfiles
Based on our legitimate interests in accordance with Article 6(1)(f) GDPR, we collect data about each access to the server on which this service is located (so-called server logfiles). Access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transmitted, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.

Logfile information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 4 weeks and then deleted. Data whose further retention is necessary for evidential purposes are exempt from deletion until the final clarification of the respective incident.

5. Rights of data subject

Users have the right to obtain, upon request and free of charge, information about the personal data that we have stored about them.

Additionally, users have the right to rectify inaccurate data, restrict processing, and delete their personal data, where applicable, to assert their rights to data portability, and in the case of unlawful data processing, to lodge a complaint with the competent supervisory authority. Supervisory authorities: https://www.datenschutz-bayern.de/infoquel/ds-inst/deutschland-privat.html

Users may also revoke their consent, generally with future effect. Please send your request to datenschutz(at)greenmark-it.de.

6. Information for Applicants
We have established a separate mailbox for applications, which can be reached at bewerbung(at)greenmark-it.de. This mailbox is exempt from email archiving. If you send your application to a different address, we cannot prevent its storage.

If you wish for us to consider you for other open positions in our company and retain your application beyond the maximum retention period of 6 months, please let us know.

We assume that we may respond to unencrypted application emails unencrypted as well. If you do not wish this, please indicate so in your application email.

Application documents will be retained for a maximum of 6 months after receipt, unless you wish for us to consider your application for future job postings.

7. Data Deletion
The data stored with us will be deleted as soon as it is no longer necessary for the purpose for which it was collected and there are no statutory retention obligations opposing deletion. If the users' data cannot be deleted because it is required for other legally permissible purposes, its processing will be restricted, meaning that the data will be blocked and not processed for other purposes. This applies, for example, to users' data that must be retained for commercial or tax reasons.

According to legal regulations, retention is for 6 years in accordance with § 257 (1) HGB (Commercial Code) (commercial books, inventories, opening balances, annual financial statements, commercial correspondence, booking documents, etc.) and for 10 years in accordance with § 147 (1) AO (Fiscal Code) (books, records, management reports, booking documents, commercial and business letters, tax-relevant documents, etc.).

8. Newsletter
With the following information, we clarify the content of our newsletter as well as the registration, dispatch, and statistical evaluation procedures, as well as your rights of objection. By subscribing to our newsletter, you consent to receive it and the described procedures.

Content of the Newsletter: We send newsletters, emails, and other electronic notifications with promotional information (hereinafter "Newsletter") only with the consent of the recipients or on the basis of a statutory permission. If the contents of the newsletter are specifically described as part of the subscription process, they are decisive for the users' consent. Otherwise, our newsletters contain information about our products, offers, promotions, and our company.

Double-Opt-In and Logging: Subscriptions to our newsletter are conducted through a so-called double opt-in procedure, unless this occurs through the customer account creation process. This means that after subscribing, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent unauthorized registration with foreign email addresses. Subscriptions to the newsletter are logged to demonstrate compliance with legal requirements. This includes the storage of the registration and confirmation timestamps as well as the IP address. Changes to your data stored with the mailing service provider are also logged.

Mailing Service Provider:This website uses Sendinblue for sending newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany. Sendinblue is a service that organizes and analyzes, among other things, the dispatch of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on Sendinblue's servers in Germany

Registration Data: To subscribe to the newsletter, it is sufficient to provide your email address. Optionally, we ask you to provide a name for personal address in the newsletters.

Data Analysis by Sendinblue: With the help of Sendinblue, we can analyze our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links were clicked. This allows us to determine which links are particularly frequently clicked. Sendinblue also enables us to categorize ("cluster") newsletter recipients based on various criteria. This way, newsletter recipients can be segmented according to their selection of desired newsletters, allowing us to better tailor the newsletters to the respective target groups.

Legal Basis: The processing of the data entered in the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6 (1) lit. a GDPR). You can revoke the consent given for the storage of data, the email address, and their use for sending the newsletter at any time, for example, via the "unsubscribe" link in the newsletter. The legality of the data processing activities already carried out remains unaffected by the revocation.

Retention Period: The data you provided for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or the newsletter service provider and will be deleted from the newsletter distribution list after unsubscribing. Data that has been stored for other purposes remains unaffected. After unsubscribing from the newsletter distribution list, your email address may be stored in a blacklist with us or the newsletter service provider to prevent future mailings. The data in the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest under Art. 6 (1) lit. f GDPR). The storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest. For further details, please refer to the privacy policy of Sendinblue at: https://de.sendinblue.com/datenschutzuebersicht/?rtype=n2go

Conclusion of a Contract for Data Processing: We have concluded a contract with Sendinblue in which we obligate Sendinblue to protect our customers' data and not to disclose it to third parties.

Termination/Revoke: You can cancel the receipt of our newsletter at any time, meaning you revoke your consents. A link to unsubscribe from the newsletter can be found at the end of each newsletter. If users have only subscribed to the newsletter and have terminated this subscription, their personal data will be deleted.

9. Right of Objection
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS DUE TO OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

F YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE DATA CONCERNED. FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA CONCERNING SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE PERSONAL DATA CONCERNING DIRECT MARKETING PURPOSES.

10. Data Protection Officer
If you have any questions regarding this statement or our handling of your data, please feel free to contact our Data Protection Officer:

PSW GROUP GmbH & Co. KG
Ms. Ludwig
datenschutz(at)greenmark-it.de

If we do not respond to your inquiry to your satisfaction or within a reasonable time frame, you have the option to contact the data protection supervisory authorities.

11. Changes to the Privacy Policy
We regularly make changes to our privacy policy to ensure compliance with legal regulations in the future. Your rights to information, rectification, deletion, and objection remain unaffected by such changes. Please always pay attention to the latest version of the update.

Users are encouraged to regularly inform themselves about the content of the privacy policy.

Status: 09/2024