Privacy Policy | Green Hills Energy

Privace Policy

Responsible Party

Ivana Cavlina
Green Hills Energy
Wrangelstr. 5
12165 Berlin
Germany

Overview of Processing Activities

The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects involved.

Types of processed data

Contact information.
Content data.
Usage data.
Meta, communication, and procedural data.

Categories of data subjects

Communication partners.
Users.

Purposes of processing

Contact inquiries and communication.
Security measures.
Direct marketing.
Reach measurement.
Tracking.
Administration and response to inquiries.
Feedback.
Profiles with user-related information.
Providing our online services and user-friendliness.
Information technology infrastructure.

Applicable Legal Bases

Below you will find an overview of the legal bases of the General Data Protection Regulation (GDPR) on which we rely when processing personal data. Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your country of residence or our country of residence. If more specific legal bases are applicable in individual cases, we will inform you of these in the Privacy Policy.

Consent (Art. 6(1)(a) GDPR) - The data subject has given consent to the processing of their personal data for one or more specific purposes.
Contractual Performance and Pre-contractual Inquiries (Art. 6(1)(b) GDPR) - The processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the data subject's request.
Legitimate Interests (Art. 6(1)(f) GDPR) - The processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject that require protection of personal data.

In addition to the data protection provisions of the GDPR, national data protection regulations in Germany apply. This includes in particular the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG), which contains specific provisions on the right to information, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, and data transmission, as well as automated individual decision-making, including profiling. Furthermore, data protection laws of the individual German states may apply.

Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the implementation costs, the nature, scope, context, and purposes of processing, as well as the probability and severity of potential risks to the rights and freedoms of individuals.

These measures include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as controlling access, input, disclosure, availability, and separation of the data. We have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. Furthermore, we consider data protection principles in the development or selection of hardware, software, and procedures, in accordance with the principle of data protection by design and by default.

Transmission of Personal Data

As part of our processing of personal data, there may be occasions where the data is transmitted or disclosed to other entities, companies, legally independent organizational units, or individuals. These recipients of the data may include, for example, IT service providers responsible for specific tasks or providers of services and content integrated into a website. In such cases, we comply with legal requirements and, in particular, enter into appropriate contracts or agreements with the recipients of your data to ensure the protection of your data.

Transmission of data within the organization: We may transmit personal data to other units within our organization or grant them access to this data. If such transmission is carried out for administrative purposes, it is based on our legitimate business and operational interests, or it is necessary for the fulfillment of our contractual obligations, or it is based on the consent of the data subjects or a legal permission.

Deletion of Data

The data processed by us will be deleted in accordance with legal requirements as soon as the consent for processing, which is allowed, is revoked or other permissions cease to apply (e.g., when the purpose of processing this data no longer applies or it is not necessary for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to those purposes. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons, or whose storage is necessary for asserting, exercising, or defending legal claims or protecting the rights of another natural or legal person.

Our privacy policy may also provide further information on the storage and deletion of data that applies primarily to the respective processing activities.

Use of Cookies

Cookies are small text files or other storage markers that store information on end devices and retrieve information from end devices. For example, they can be used to store the login status in a user account, the contents of a shopping cart in an online shop, the accessed content, or the used functions of an online offering. Cookies can also be used for various purposes, such as ensuring the functionality, security, and convenience of online offerings, as well as for analyzing visitor traffic.

Information on Consent: We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from users unless it is not required by law. Consent is not necessary, in particular, when the storage and retrieval of information, including cookies, are strictly necessary to provide users with a telemedia service (i.e., our online offering) explicitly requested by them. Essential cookies usually include cookies with functions related to the display and functionality of the online offering, load balancing, security, storing user preferences and choices, or similar purposes related to providing the main and ancillary functions of the requested online offering. The revocable consent is clearly communicated to users and includes information about the respective use of cookies.

Information on data protection legal basis: The legal basis for processing user's personal data using cookies depends on whether we ask users for consent. If users provide their consent, the legal basis for processing their data is their declared consent. Otherwise, the data processed using cookies is based on our legitimate interests (e.g., in the efficient operation and improvement of our online offering) or, if it is necessary to fulfill our contractual obligations, to fulfill our contractual obligations. We will clarify the purposes for which cookies are processed in this privacy policy or as part of our consent and processing processes.

Storage duration: With regard to the storage duration, the following types of cookies are distinguished:

Temporary cookies (also known as session cookies): Temporary cookies are deleted at the latest after a user has left an online offering and closed their device (e.g., browser or mobile application).
Permanent cookies: Permanent cookies remain stored even after closing the device. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, the data collected from users using cookies can be used for reach measurement. If we do not provide users with explicit information about the type and storage duration of cookies (e.g., as part of obtaining consent), users should assume that cookies are permanent and can have a storage duration of up to two years.

General information on revocation and objection (so-called "opt-out"): Users can revoke their given consent at any time and object to the processing in accordance with legal requirements. For this purpose, users can restrict the use of cookies in their browser settings (which may also limit the functionality of our online offering). Objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Legal bases: Legitimate interests (Art. 6(1)(f) GDPR); Consent (Art. 6(1)(a) GDPR).

Additional information on processing procedures, methods, and services:

Processing of cookie data based on consent: We use a cookie consent management procedure through which users' consent to the use of cookies or the processing activities and providers mentioned within the cookie consent management procedure can be obtained, managed, and revoked by users. The consent declaration is stored to avoid having to repeat the request for consent and to be able to provide proof of consent in compliance with legal obligations. The storage can be done server-side and/or in a cookie (known as an opt-in cookie or comparable technologies) in order to assign the consent to a user or their device. Subject to individual information provided by the cookie management service providers, the following information applies: The storage duration of the consent can be up to two years. In this context, a pseudonymous user identifier is generated and stored along with the time of consent, information on the scope of consent (e.g., which categories of cookies and/or service providers), as well as the browser, system, and device used. Legal basis: Consent (Art. 6(1)(a) GDPR).

Provision of the Online Service and Web Hosting:

We process user data in order to provide them with our online services. This includes transmitting content and functions of our online services to the user's browser or device. For this purpose, we process, among other things, the user's IP address.

Types of data processed: Usage data (e.g., visited web pages, interest in content, access times), meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status), content data (e.g., entries in online forms).
Affected individuals: Users (e.g., website visitors, users of online services).
Purposes of processing: Provision of our online services and user-friendliness, information technology infrastructure (operation and provision of information systems and technical devices such as computers and servers), security measures.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR).

Further information on processing procedures, procedures, and services:

Collection of access data and log files: When accessing our online service, server log files are created. These contain information such as the address and name of the accessed web pages and files, date and time of access, transferred data volume, message about successful access, browser type and version, the user's operating system, the referrer URL (the previously visited page), and usually IP addresses and the requesting provider. The server log files serve to protect server security, particularly to prevent overload (especially in the case of abusive attacks, such as DDoS attacks), and to ensure server utilization and stability. Legal basis: Legitimate interests (Art. 6(1)(f) GDPR). Deletion of data: Log file information is stored for a maximum of 30 days and then deleted or anonymized. Data that needs to be retained for evidentiary purposes is excluded from deletion until the respective incident is finally clarified.
Wix: Hosting and software for the creation, provision, and operation of websites, blogs, and other online offerings; Service provider: Wix.com Ltd., Nemal St. 40, 6350671 Tel Aviv, Israel; Legal basis: Legitimate interests (Art. 6(1)(f) GDPR); Website: https://de.wix.com/; Privacy Policy: https://de.wix.com/about/privacy; Data Processing Addendum: https://www.wix.com/about/privacy-dpa-users; Additional Information: As part of the aforementioned services provided by Wix, data may also be transferred to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, based on standard contractual clauses or an equivalent data protection guarantee for the purpose of further processing on behalf of Wix.

Contact and Inquiry Management

When contacting us (e.g., by mail, contact form, email, telephone, or via social media) or within the scope of existing user and business relationships, the information provided by the inquiring individuals is processed to the extent necessary to respond to the contact inquiries and any requested actions.

Types of data processed: Contact details (e.g., email, telephone numbers), content data (e.g., entries in online forms), usage data (e.g., visited web pages, interest in content, access times), meta, communication, and process data (e.g., IP addresses, time information, identification numbers, consent status).
Affected individuals: Communication partners.
Purposes of processing: Contact inquiries and communication, management and response to inquiries, feedback (e.g., collecting feedback via online form), provision of our online services, and user-friendliness.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR), performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR)

Further information on processing procedures, procedures, and services:

Contact form: When users contact us through our contact form, email, or other communication channels, we process the data provided to us in this context to handle the reported request.
Legal basis: Performance of a contract and pre-contractual inquiries (Art. 6(1)(b) GDPR), legitimate interests (Art. 6(1)(f) GDPR).

Communication via Messenger

For the purpose of communication, we use messenger services and therefore ask you to take note of the following information regarding the functionality of the messengers, encryption, the use of communication metadata, and your options for objection.

You can also contact us through alternative channels, such as telephone or email. Please use the contact information provided to you or the contact options indicated within our online services.

In the case of end-to-end encryption of content (i.e., the content of your messages and attachments), we would like to inform you that communication content (i.e., the message content and attached images) is encrypted from end to end. This means that the content of the messages is not visible, not even to the messenger providers themselves. You should always use an up-to-date version of the messenger with encryption enabled to ensure the encryption of message content.

However, we would like to inform our communication partners that while the messenger providers cannot view the content, they can learn that and when communication partners are communicating with us, as well as technical information about the communication partners' devices and, depending on the settings of their devices, location information (known as metadata) may be processed.

Notes on legal bases: If we ask communication partners for permission before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not request consent and communication partners contact us, for example, on their own initiative, we use messengers with our contractual partners and within the context of contract initiation as a contractual measure, and in the case of other interested parties and communication partners, based on our legitimate interests in efficient and effective communication and meeting the needs of our communication partners regarding communication via messengers. Furthermore, we would like to inform you that we will not transmit the contact information provided to us to messengers without your consent for the first time.

Revocation, Objection and Deletion: You can revoke your consent at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we will delete the messages in accordance with our general deletion policy (i.e., for example, as described above, after the termination of contractual relationships, within the context of archiving requirements, etc.), and otherwise as soon as we can assume that any inquiries from communication partners have been answered, if no reference to a previous conversation is expected, and the deletion does not conflict with any legal retention obligations.

Processed data types: Contact details (e.g., email, phone numbers), usage data (e.g., visited web pages, interest in content, access times), meta/communication data (e.g., device information, IP addresses, timestamps, identification numbers).
Affected individuals: Communication partners.
Purposes of processing: Handling of contact inquiries and communication; Direct marketing (e.g., by email or postal mail).
Legal basis: Consent (Art. 6(1)(a) GDPR); Legitimate interests (Art. 6(1)(f) GDPR).

Reservation of referring to other communication channels: Finally, we would like to point out that, for reasons of your security, we reserve the right not to respond to requests via messenger. This applies, for example, when contract-related information requires special confidentiality or when a response via messenger does not meet formal requirements. In such cases, we will refer you to more appropriate communication channels.

Web Analytics, Monitoring and Optimization

Web analytics (also known as "audience measurement") is used to evaluate the visitor traffic on our online offering and may include pseudonymous values such as behavior, interests, or demographic information about visitors, such as age or gender. Through the use of reach analysis, we can, for example, determine the times at which our online offering or its features or content are most frequently accessed or invite reuse. Similarly, we can identify areas that require optimization.

In addition to web analytics, we may also use testing procedures to test and optimize different versions of our online offering or its components.

Unless otherwise stated below, profiles may be created for these purposes, which involve combining data related to a usage process, and information may be stored and read from a browser or device. The information collected includes, in particular, visited web pages and the elements used there, as well as technical information such as the browser used, the operating system, and information on usage times. If users have consented to the collection of their location data, either to us or to the providers of the services we use, location data may also be processed.

The IP addresses of the users are also stored. However, we use IP masking (i.e., pseudonymization by shortening the IP address) to protect the users. In general, within the scope of web analytics, A/B testing, and optimization, no clear data of the users (such as email addresses or names) is stored, but pseudonyms are used. This means that neither we nor the providers of the software used know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective procedures.

Processed data types: Usage data (e.g., visited web pages, interest in content, access times); Meta, communication, and process data (e.g., IP addresses, timestamps, identification numbers, consent status).
Affected individuals: Users (e.g., website visitors, users of online services).
Purposes of processing: Reach measurement (e.g., access statistics, identification of returning visitors); Profiling with user-related information (creating user profiles); Tracking (e.g., interest/behavior-based profiling, use of cookies); Provision of our online offering and user-friendliness.
Security measures: IP masking (pseudonymization of the IP address).
Legal basis: Consent (Art. 6(1)(a) GDPR).

Further information on processing operations, procedures, and services:

Google Analytics: Web analytics, reach measurement, and user flow measurement; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Legal basis: Consent (Art. 6(1)(a) GDPR); Website: https://marketingplatform.google.com/intl/de/about/analytics/; Privace Policy: https://policies.google.com/privacy; Data Processing Agreement: https://business.safety.google/adsprocessorterms; Standard Contractual Clauses (Ensuring the Level of Data Protection When Processing in Third Countries): https://business.safety.google/adsprocessorterms; Opt-out option (opt-out): Opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de, settings for displaying advertising: https://adssettings.google.com/authenticated; Further information: https://privacy.google.com/businesses/adsservices (Types of processing and processed data).

Modification and Updating of the Privacy Policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will adjust the privacy policy as soon as changes to the data processing activities carried out by us require it. We will inform you when your cooperation (e.g., consent) or any other individual notification is required due to the changes.

If we provide addresses and contact information of companies and organizations in this privacy policy, please note that these addresses may change over time, and we request you to verify the information before contacting them.

Rights of Data Subjects

Under the GDPR, you have various rights as a data subject, particularly outlined in Articles 15 to 21 of the GDPR:

Right to object: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions. If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling related to such direct marketing.
Right to withdraw consent: You have the right to withdraw your consent at any time.
Right of access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, if so, to access the personal data and obtain certain information as specified by law.
Right to rectification: You have the right to request the rectification of inaccurate or incomplete personal data concerning you, in accordance with the legal requirements.
Right to erasure and restriction of processing: Subject to legal requirements, you have the right to request the erasure of personal data concerning you without undue delay or alternatively, to request the restriction of processing of your personal data.
Right to data portability: You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another controller, in accordance with the legal requirements.
Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement if you believe that the processing of personal data concerning you violates the provisions of the GDPR.