Private policy

Privacy policy
This Privacy Policy clarifies the nature, scope and purpose of the processing of personal data (hereinafter referred to as ‘data’) by our website and related websites, features and content, as well as our external web presence, such as our social media profiles (collectively referred to as ‘website’). Regarding terminology such as ‘personal data’ or its ‘processing’, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

 

Data Privacy Statement
The protection of your private data is important for us. You can visit our website without giving any personal information.
Personal data is only collected if you provide it to us within the scope of certain services, such as voluntary submitted downloads, contact forms, newsletter and event registrations.
It is important for us to make the storage, processing and use of your personal data transparent. We would like to inform you in this privacy policy about our handling of your data and your rights in this context.

 

Contact information
GREENPASS GmbH
Westbahnstraße 7 Top 6a
A – 1070 Vienna
greenpass@livablecities.io

 

Types of data held:
  • Personal data
  • Contact details
  • Content data
  • Usage data (such as websites visited, interest in content, access times)
  • Meta / communication data (e.g. device information, IP addresses)
Only data that has been expressly given by users is stored, such as data entered in an online form.

 

Categories of data subjects:
  • Customers / interested parties / suppliers
  • Website visitors and online users
Hereinafter, we refer to any persons concerned as ‘users’.

 

Purpose of holding data:
  • Fulfilling legal obligations
  • Fulfilling our contract
  • Contact form or email information (e.g. inquiries for downloads, request for proposals, …) to process your inquiry and to be able to answer any additional questions.
  • Newsletter registration to receive information on the most up-to-date topics about our company, our services, events and other information material.
  • Direct marketing prior to entering into a contract
  • Event management prior to fulfill our contract / enter into a contract

 

  1. Relevant legal framework
In accordance with Article 13 of the GDPR, we are informing you of the legal basis of our data processing. Unless referring to another legal basis in the data protection declaration, the following applies: the legal basis for obtaining consent is Article 6 (1) (a) and Article 7 of the GDPR; the legal basis for processing data to carry out our services and contractual obligations and answering inquiries about our services is Article 6 (1) (b) of the GDPR; the legal basis for processing data to fulfil our legal obligations is Article 6 (1) (c) of the GDPR; and the legal basis for processing data to protect our legitimate interests is Article 6 (1) (f) of the GDPR. If, in the interests of the data subject or another individual personal, data requires processing, Article 6 (1) (d) of the GDPR is our legal basis.
  1. Changes and updates to our Privacy Policy
We ask you to inform yourself regularly about the content of our Privacy Policy. We adjust the privacy statement whenever changes to our data processes require. We will inform you whenever action on your part (such as consent) or any other individual notification is required by the amendments.
  1. Security measures
3.1. We take appropriate technical measures in accordance with Article 32 of the GDPR, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the likelihood and severity of risk to the rights and freedoms of natural persons and organisational measures to ensure a level of protection appropriate to the risk. In particular, measures include ensuring the confidentiality, integrity and accessibility of data by controlling physical access to the data, as well as online access, input, disclosure, availability and separation. In addition, we have established procedures that ensure data subject rights, data erasure and response to data vulnerability. Furthermore, we also consider the protection of personal data when developing or selecting hardware, software and procedures, in accordance with the principle of data protection by technology design and by privacy-friendly default settings (Article 25 of the GDPR).
3.2. One of the security measures is the encrypted transfer of data between your browser and our server.
  1. Cooperation with subcontractors and third parties
4.1. If in the course of processing, we disclose data to other persons and companies (subcontractors or third parties), share data with them or otherwise grant access to data, this is done only where legally permitted (e.g. sharing data with third parties as required by payment service providers, pursuant to Article 6 (1) (b) of the GDPR in order to fulfil the contract), with your consent or in pursuit of our legitimate interests (such as the use of agents, website hosts, etc.).
4.2. If we commission third parties to process data on the basis of a ‘processing contract’, this is done on the basis of Article 28 of the GDPR.
  1. International transfer of personal data
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or when using third party services or disclosure or transmission of data to third parties, this will only be done if it is to fulfil our (pre) contractual obligations, with your consent, to fulfil a legal obligation or in pursuit of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only under special conditions of Article 44 et seq. of the GDPR, that processing is subject to specific guarantees, such as officially recognized level of data protection (e.g. in the USA, through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called ‘standard contractual clauses’).
  1. Rights of the persons concerned
6.1. You have the right to ask for confirmation about whether your personal data is being processed, for information about your data and for any other information, and a copy of your data in accordance with Article 15 of the GDPR.
6.2. In accordance with Article 16 of the GDPR you have the right to demand the completion of your data or the correction of any incorrect data concerning you.
6.3. You have the right to demand the relevant data be deleted immediately in accordance with Article 17 of the GDPR, or alternatively to require a restriction of the processing of your data in accordance with Article 18 of the GDPR.
6.4. You have the right to demand that the personal data you have provided us with be obtained by and request its transmission to other responsible persons, in accordance with Article 20 of the GDPR.
6.5. In accordance with Article 77 of the GDPR you have the right to file a complaint with the relevant supervisory authority.
  1. Right to withdraw consent
You have the right under Article 7 (3) of the GDPR to withdraw your consent with effect in perpetuity.
  1. Right to refuse
You can refuse any future processing of your data at any time, in accordance with Article 21 of the GDPR. Refusal in particular can be made to processing your data for direct marketing purposes.
  1. Cookies and your right to refuse direct marketing
We set temporary and permanent cookies, small files that are stored on users’ devices (for an explanation of the term and function, see the last section of this Privacy Policy). Cookies are partly used for security or to carry out our website (for example, the presentation of the website) or to save a user’s decision when confirming the cookie banner. In addition, we or our technology partners use cookies for audience analysis and for marketing purposes, as users are informed about in this Privacy Policy.
A guide to refusing the use of cookies for online marketing purposes can be found on a variety of services, especially in the case of tracking, via the USA website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, cookies storage can be controlled by switching them off in your browser settings. Please note it may not be possible to use all features of this website.
  1. Deletion of personal data
10.1. The data processed by us are deleted or their processing limited in accordance with Articles 17 and 18 of the GDPR. Unless explicitly stated in this Privacy Policy, data stored by us are deleted as soon as they are no longer required and if the deletion does not conflict with any statutory storage requirements. If the data is not deleted because it is required for other legitimate purposes, its processing will be restricted, the data blocked and not processed for any other purpose. This applies, for example to data that must be retained for commercial or tax reasons.
10.2. Under legal requirements, data must be retained for 7 years in accordance with § 132 (1) (accounting documents, receipts / invoices, accounts, commercial documents, statements of income and expenses, etc.), 22 years for data relating to land, and 10 years for data relating to electronic services, telecommunications, broadcasting and television services provided to private persons in EU Member States and for which the Mini One Stop Shop (MOSS) is used.
  1. Contact
11.1. When contacting us (via contact form or email), the information provided by the user will be used to process and respond to the contact request in accordance with Article 6 (1) (b) of the GDPR.
11.2. User information may be stored in our Customer Relationship Management System (‘CRM System’) or a similar request management system.
11.3. We delete requests if they are no longer required. We check the necessity every two years; we store inquiries from customers with a customer account permanently and record any deletion in the customer account details.
  1. Comments and posts
12.1. If users leave comments or other contributions, their IP addresses are stored for 7 days based on our legitimate interests within the meaning of Article 6 (1) (f) of the GDPR.
12.2. For our own security, if a person posts any illegal content in comments and contributions (insults, prohibited political propaganda, etc.) we ourselves can be prosecuted for the comment or post, thus we therefore need to be able to identify the author.
  1. Collection of access data and logfiles
13.1. Based on our legitimate interests under Article 6 (1) (f) of the GDPR, we collect data every time the server on which our service is located is accessed (known as server log files). The access data includes the name of the retrieved web page, file, date and time of retrieval, quantity of data transferred, message about successful retrieval, browser type and version, the user’s operating system, referrer URL (the page previously visited), IP address and the request provider.
13.2. Logfile information is stored for security purposes (for example to investigate abusive or fraudulent activities) for a maximum of seven days and then deleted. Data whose further retention is required for any purpose of evidence is exempt from the cancellation until final clarification of the incident.
  1. Online presence on social media
14.1. We maintain an online presence on social networks and platforms to communicate with customers, prospective customers and users active there, and to tell them about our services. For activity on these networks and platforms, terms and conditions and data processing guidelines apply to their respective operators.
14.2. Unless otherwise stated in our Privacy Policy, users’ data will be processed whenever they communicate with us on social networks and platforms, for example by writing posts on our online presence or sending us messages.
  1. Cookies and audience analysis
15.1. Cookies are information transmitted from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
15.2. This Privacy Policy informs users about the use of cookies in relation to pseudonymised audience analysis.
15.3. If users do not want cookies stored on their computer, they will be asked to disable the option in their browser’s system settings. Saved cookies can be deleted in the system settings of the browser. Disabling cookies can lead to restricted online functionality.
15.4. You can opt out of the use of cookies for audience analysis and promotional purposes through the Network Advertising Initiative’s opt-out page http://optout.networkadvertising.org/, the US website http://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/uk/your-ad-choices/.
  1. Google Analytics
16.1. We use Google Analytics, a web analytics service provided by Google LLC (‘Google’), based on our legitimate interests (the analysis, optimisation and economic operation of our website under Article 6 (1) (f) of the GDPR). Google uses cookies. The information generated by the cookie about the use of the website by users is usually transmitted to a Google server in the USA and stored there.
16.2. Google is certified under the Privacy Shield Agreement, which gives a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
16.3. Google uses this information on our behalf to analyse the use of our website by users, to compile reports on online activities and to provide us with further services related to the use of our website and internet presence. In this case, anonymised user activity profiles may be created from the processed data.
16.4. We only use Google Analytics with activated IP pseudonymisation. This means that the IP address of users will be shortened by Google within Member States of the European Union or in other states in the European Economic Area who have signed up to the agreement. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
16.5. The IP address submitted by the user’s browser will not be merged with other data provided by Google. Users can prevent the storage of cookies by setting their browser software accordingly; users may also prevent the collection by Google of data generated by cookies and related to their use of the website as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
16.6. For more information about Google’s data usage, and opting in or out, please visit Google’s websites: https://www.google.com/intl/en/policies/privacy/partners  (‘How Google uses information from sites or apps that use our services’), https://policies.google.com/technologies/ads (‘Advertising’), and https://adssettings.google.com/authenticated (‘Control the information Google uses to show you ads’).
  1. Facebook social plugins
17.1. In pursuit of our legitimate interests (the analysis, optimisation and economic operation of our website under Article 6 (1) (f) of the GDPR) we use the social plugins (‘plugins’) of the social network Facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (‘Facebook’). The plugins can represent interaction elements or content (such as videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white ‘f’ on a blue tile, the term ‘Like’ or a ‘thumbs up’ sign) or are marked with the addition ‘Facebook Social Plugin’. The list and appearance of Facebook Social Plugins can be viewed here: https://developers.facebook.com/docs/plugins/.
17.2. Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
17.3. When a user invokes a feature of this website that includes such a plugin, their device establishes a direct connection to Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by them into the website. In the process, user profiles can be created from the processed data. We therefore cannot control the amount of data Facebook collects with the help of plugins and therefore we inform users that this is our understanding.
17.4. By integrating the plugins, Facebook receives information that the user has accessed the corresponding page of the website. If the user is logged in to Facebook, Facebook can assign the visit to their Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will learn of and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany.
17.5. The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as related rights and settings options for protecting the privacy of users, can be found in Facebook’s Privacy Policy: https://www.facebook.com/about/privacy/
17.6. If a user is a Facebook member and does not want Facebook to collect data about them via this website and link it to their member data stored on Facebook, they must log out of Facebook and delete their cookies before using our website. Other settings and controls in the use of data for advertising purposes are available within Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US American site http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are independent of the platform, and can be applied to any device, such as desktop computers or mobile devices.
  1. Integration of third party services and content
18.1. Within our website based on our legitimate interests (interest in the analysis, optimisation and economic operation of our website within the meaning of Article 6 (1) (f) of the GDPR), we make use of third party content or service offers to provide content and services, such as embedding videos or fonts (collectively referred to as ‘content’). This always assumes the third party sees the user’s IP address, since they could not send content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We endeavour to use only content whose respective providers use the IP address solely for the delivery of the content. Third parties may also use so-called pixel tags (invisible graphics, also referred to as ‘web beacons’) for statistical or marketing purposes. The ‘pixel tags’ can be used to analyse information such as visitor traffic to the pages of our website. The pseudonymised information may also be stored in cookies on the user’s device and may include, but is not limited to, technical information about the browser and operating system, referral web sites, visit time, and other information regarding the use of our website.
18.2. The following presentation provides an overview of a third-party provider and its content, as well as links to its Privacy Policy, with further notes on the processing of data and, as already mentioned, refusal options such as opt-out:
– External fonts from Google LLC, https://www.google.com/fonts (‘Google Fonts’). The integration of Google fonts is done by a server’s call to Google (usually in the USA). Privacy Policy: https://policies.google.com/privacy and opt-out: https://adssettings.google.com/authenticated.
– Maps provided by Google Maps of third party Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://www.google.com/policies/privacy/ and opt-out: https://www.google.com/settings/ads/.
– Videos on the platform YouTube of third-party Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy Policy: https://policies.google.com/privacy and opt-out: https://adssettings.google.com/authenticated.