Privacy Policy
1. Introduction
With the following information, we aim to provide you with an overview of how we process your personal data and your rights under data protection laws. Using our website is generally possible without entering personal data. However, if you want to use a special service provided by our company via our website, the processing of personal data might become necessary. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.
The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to GIGA.GREEN GmbH. Through this privacy policy, we aim to inform you about the scope and purpose of the personal data we collect, use, and process.
As the controller responsible for the processing, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, internet-based data transmissions may in principle have security gaps, so absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or mail.
2. Data Controller
The controller within the meaning of the GDPR is:
GIGA.GREEN GmbH
Max-Will-Str. 33
36041 Fulda
Germany
Managing Directors:
Wolfgang Röbig, Sebastian Schmidt
3. Data Protection Officer
Please note that a data protection officer does not need to be appointed.
Contact person for data protection: see above.
4. Definitions
This privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for both the public and our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
We use the following terms in this privacy policy, among others:
4.1 Personal Data
Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
4.2 Data Subject
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
4.3 Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
4.4 Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
4.5 Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
4.6 Pseudonymization
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
4.7 Contract Processor
Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
4.8 Recipient
Recipient is a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
4.9 Third Party
Third party is a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
4.10 Consent
Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
5. Legal Basis for Processing
Article 6(1)(a) GDPR (in conjunction with § 15(3) TMG) serves as the legal basis for our company for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations required for the supply of goods or the provision of any other service or consideration, the processing is based on Article 6(1)(b) GDPR. The same applies to such processing operations that are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.
If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Article 6(1)(c) GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our business and his or her name, age, health insurance data, or other vital information would need to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Article 6(1)(d) GDPR.
Finally, processing operations could be based on Article 6(1)(f) GDPR. This legal basis is used for processing operations that are not covered by any of the above-mentioned legal bases, if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permitted because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if you are a client of our company (Recital 47, Sentence 2 GDPR).
6. Technology
6.1 SSL/TLS Encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data, or contact requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
We use this technology to protect your transmitted data.
6.2 Data Collection When Visiting the Website
When you access our website in an informational manner, i.e., without registering or otherwise providing us with information, we only collect data that your browser transmits to our server (so-called "server log files"). Our website collects a series of general data and information with each access to the website by you or an automated system. This general data and information are stored in the server log files. The following can be collected:
- Browser types and versions used,
- The operating system used by the accessing system,
- The website from which an accessing system reaches our website (so-called referrer),
- The sub-websites that are accessed via an accessing system on our website,
- The date and time of access to the website,
- An Internet Protocol (IP) address,
- The Internet service provider of the accessing system.
When using this general data and information, we do not draw any conclusions about you. Rather, this information is needed to:
- Deliver the content of our website correctly,
- Optimize the content of our website as well as the advertising for it,
- Ensure the permanent functionality of our IT systems and the technology of our website, and
- Provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
This collected data and information is therefore evaluated by us statistically and further with the aim of increasing data protection and data security in our company, to ultimately ensure an optimal level of protection for the personal data we process. The data of the server log files are stored separately from all personal data provided by a data subject.
The legal basis for the data processing is Article 6(1)(f) GDPR. Our legitimate interest follows from the purposes listed above for data collection.
7. Cookies
7.1 General Information About Cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site.
In the cookie, information is stored that arises in connection with the specific device used. This does not mean, however, that we thereby obtain direct knowledge of your identity.
The use of cookies serves on the one hand to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we alsoIn addition, we also use cookies to optimize user-friendliness by storing temporary cookies on your device for a specified period. When you revisit our site to use our services, it will automatically recognize that you have been to our site before and remember your settings and inputs so you don't have to enter them again.
The data processed by cookies, which are necessary for the proper functioning of the website, are thus required to safeguard our legitimate interests and those of third parties in accordance with Art. 6(1)(f) GDPR.
For all other cookies, you have given your consent through our opt-in cookie banner in accordance with Art. 6(1)(a) GDPR.
8. Content on Our Website
8.1 Contacting Us / Contact Form
When contacting us (e.g., via contact form or email), personal data is collected. The data collected in the case of a contact form is evident from the respective contact form. This data is stored and used solely for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, then the additional legal basis for processing is Art. 6(1)(b) GDPR. Your data will be deleted after the final processing of your inquiry, provided there are no statutory retention requirements.
9. Newsletter Dispatch
If you have provided us with your email address when purchasing services, we reserve the right to regularly send you offers for similar goods or services from our range via email. For this purpose, we do not need to obtain separate consent from you in accordance with § 7(3) UWG. The data processing in this respect is solely based on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you have initially objected to the use of your email address for this purpose, no email will be sent by us. You are entitled to object to the use of your email address for the aforementioned advertising purpose at any time with effect for the future by notifying the responsible party mentioned at the beginning. For this, you only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will cease immediately.
10. Our Activities on Social Networks
To communicate with you and inform you about our services, we are active on various social networks. When you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform for the data processing operations triggered by your visit in accordance with Art. 26 GDPR.
We are not the original provider of these pages; we only use them within the scope of the options offered by the respective providers.
Therefore, we point out that your data may be processed outside the European Union or the European Economic Area. This may result in privacy risks for you because it may be more difficult to enforce your rights, e.g., to access, erasure, objection, etc. Furthermore, your data is often processed on social networks for market research and advertising purposes. Thus, user profiles may be created from your usage behavior and the resulting interests. This allows advertisements inside and outside the social networks to be activated that presumably correspond to your interests. For these purposes, cookies are usually stored on your device. Irrespective of this, data may also be stored in the user profiles, especially if you are a member of the respective platforms and are logged in.
The described processing operations of personal data are carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest and the legitimate interest of the respective provider to communicate with you in a contemporary manner or to inform you about our services. If you are asked by the respective providers for consent to data processing, the legal basis for processing is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.
Since we do not have access to the data inventories of the providers, we recommend that you assert your rights (e.g., to access, rectification, erasure, etc.) directly with the respective provider. Further information on data processing and the possibility of exercising your rights and opting out can be found in the providers' privacy policies linked below.
Facebook
Joint controller for data processing in Europe:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy:
https://www.facebook.com/about/privacy
Opt-Out and Ad Settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
https://de-de.facebook.com/about/privacy/
Instagram
Joint controller for data processing in Germany:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy:
http://instagram.com/legal/privacy/
Opt-Out and Ad Settings:
https://www.instagram.com/accounts/privacy_and_security/
LinkedIn
Joint controller for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland
Privacy Policy:
https://www.linkedin.com/legal/privacy-policy
Opt-Out and Ad Settings:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Twitter
Joint controller for data processing in Europe:
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Privacy Policy:
https://twitter.com/de/privacy
Information about your data:
https://twitter.com/settings/your_twitter_data
Opt-Out and Ad Settings:
https://twitter.com/personalization
YouTube
Joint controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy:
https://policies.google.com/privacy
Opt-Out and Ad Settings:
https://adssettings.google.com/authenticated
XING
Joint controller for data processing in Germany:
XING AG, Dammtorstr. 29-32, 20354 Hamburg, Germany
Privacy Policy:
https://privacy.xing.com/en/privacy-policy
Information requests for XING members:
https://www.xing.com/settings/privacy/data/disclosure
11. Advertising
Our website uses the functions of Google Ads, with which we advertise for this website in the Google search results, as well as on third-party websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). For this purpose, Google sets a cookie in the browser of your end device, which automatically enables interest-based advertising using a pseudonymous cookie ID and based on the pages you visit.
These processing operations only take place if you have given your express consent in accordance with Art. 6 para. 1 lit. a GDPR.
Further data processing will only take place if you have consented to Google linking your internet and app browsing history to your Google account and using information from your Google account to personalize ads you view on the web. If you are logged into Google during your visit to our website, Google will use your data together with Google Analytics data to create and define audience lists for cross-device remarketing. To do this, Google temporarily links your personal data with Google Analytics data to form target groups.
You can permanently deactivate the setting of cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/
Alternatively, you can inform yourself about the setting of cookies and adjust settings on the website of the Digital Advertising Alliance at www.aboutads.info. Finally, you can set your browser to inform you about the setting of cookies and to decide individually whether to accept them or exclude the acceptance of cookies for certain cases or in general. If cookies are not accepted, the functionality of our website may be limited.
Further information and the privacy policy regarding advertising and Google can be viewed here: https://www.google.com/policies/technologies/ads/
12. Your Rights as a Data Subject
12.1 Right to Confirmation
You have the right to obtain confirmation from us as to whether personal data concerning you are being processed.
12.2 Right to Access Art. 15 GDPR
You have the right to obtain from us at any time and free of charge information about the personal data stored about you and a copy of this information in accordance with the statutory provisions.
12.3 Right to Rectification Art. 16 GDPR
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, considering the purposes of the processing.
12.4 Right to Erasure Art. 17 GDPR
You have the right to request that we delete personal data concerning you without undue delay, provided that one of the grounds provided by law applies and insofar as the processing or retention is not necessary.
12.5 Right to Restriction of Processing Art. 18 GDPR
You have the right to request the restriction of processing if one of the legal conditions is met.
12.6 Right to Data Portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, in exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.
12.7 Objection Art. 21 GDPR
For reasons arising from your particular situation, you have the right to object at any time to the processing of personal data concerning you on the basis of Article 6 (1) (e) (data processing in the public interest) or f (data processing based on a balance of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you file an objection, we will no longer process your personal data unless we can prove compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
In individual cases, we process personal data for direct marketing purposes. You can object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, for reasons arising from your particular situation, to object to processing of personal data concerning you by us for scientific or historical research purposes or for statistical purposes in accordance with Article 89 (1) of the GDPR, unless such processing is necessary to perform a task in the public interest.
Notwithstanding Directive 2002/58/EC, you are free to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications.
12.8 Withdrawal of Consent under Data Protection Law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
12.9 Complaint to a Supervisory Authority
You have the right to complain to a supervisory authority responsible for data protection about our processing of personal data.
13. Routine Erasure and Blocking of Personal Data
We process and store your personal data only for the period necessary to achieve the purpose of storage or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
14. Duration of Storage of Personal Data
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data are routinely deleted, provided they are no longer necessary for the fulfillment or initiation of a contract.
15. Updating and Amendments to This Privacy Policy
This privacy policy is currently valid as of February 2021.
Due to the further development of our website and offers or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed out by you at any time on the website at www.giga.green/privacy.
Thank you!