Green Valley Consulting

With the following information, we want to give you as a "data subject" an overview of the processing of your personal data by us and your rights under data protection laws. Your personal data is always processed in accordance with the Basic Data Protection Regulation (hereinafter "GDPR") and all applicable country-specific data protection regulations. We have implemented numerous technical and organizational measures to ensure the highest possible level of protection when processing your personal data.
General information on data processing
Scope of the processing of personal data
As a matter of principle, your personal data will only be processed insofar as this is necessary to provide a functional website and our content and services. Processing is regularly carried out only after you have given your consent, unless obtaining your consent in advance is not possible for actual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of personal data
We may use the facts standardized in Art. 6 para. 1 GDPR as the legal basis for processing personal data as follows:
a) Art. 6 para. 1 lit. a GDPR, insofar as we obtain the consent of the data subject for processing operations involving personal data.
b) Art. 6 para. 1 lit. b GDPR, insofar as the processing of personal data is necessary for the fulfillment of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the realization of pre-contractual measures.
c) Art. 6 para. 1 lit. c GDPR, insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject.
d) Art. 6 para. 1 lit. d GDPR, insofar as vital interests of the data subject or another natural person make processing of personal data necessary.
e) Art. 6 para. 1 lit. f GDPR, insofar as the processing is necessary to protect a legitimate interest of our company or a third party and this outweighs the interests, fundamental rights and freedoms of the data subject.
I. Scope
The following privacy policy applies to the following websites: www.greenvalleyconsulting.de as well as associated online presences (e.g. our social media channels)
II. Controller
Controller within the meaning of the GDPR ist:
Green Valley Consulting
Flinger Str. 50
40213 Düsseldorf
Germany
E-Mail: info@greenvalleyconsulting.de
Webesite: www.greenvalleyconsulting.de
III. Technology
1. SSL / TLS encryption
To ensure the security of data processing and to protect the transmission of confidential content, we use SSL or TLS encryption. You can recognize the presence of an encrypted connection by the fact that in the address line of the browser instead of a "http://" a "https://" is displayed as well as by the lock symbol in your browser line.
2. Data collection when visiting the website / storage of log files
During the purely informational use of our website, we only collect personal data that your browser transmits to our server (server log files). With each call to our website, a number of general data and information. are collected, which we store in the log files of the server.
a) Purpose of processing
Correct delivery of the contents of our website
Optimization of the contents of our website
Ensuring the permanent operability of our IT systems and the technology of our website
Static evaluation to improve the level of data protection and data security
Provision of information to law enforcement authorities in the event of a cyber attack
b) Processed data
Usage and metadata (e.g. browser types and versions used, the operating system used by the accessing system, the website from which an accessing system accesses our website (so-called referrer), the sub-websites that are accessed via an accessing system on our website, the date and time of access to the website, an abbreviated Internet protocol address (anonymized IP address), the Internet service provider of the accessing system).
c) Legal basis
Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR). The legitimate interest corresponds to the purposes mentioned above.
d) Storage period
We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. If we collect personal data for the provision of our website, it is deleted when the respective session has ended. We delete personal data that we store in log files after seven days at the latest.
e) Security measures
Server log files are stored separately from any other personal data you have provided.
IV. Data transmission to external recipients
In the course of our activities, we transfer personal data to external parties (e.g. persons, companies or legally independent organizational units). Details on this can be found below under the respective third-party providers.
V. Data processing in countries outside the European Union and the European Economic Area
We process personal data in a third country. These are countries outside the European Union (hereinafter "EU") and the European Economic Area (hereinafter "EEA"). We only process data in third countries where there is an adequate level of data protection as defined in Art. 44-49 GDPR. Details on the specific level of data protection in the respective third country can be found below under the relevant third-party providers.
VI. Contact
1. General information
When you contact us (e.g. via e-mail or by telephone), we process personal data from you.
a) Processed data
Inventory data (e.g. first and last name, address)
Contact data (e.g. e-mail address, telephone number)
Metadata (e.g. IP address)
Content data (e.g. text content entered)
b) Purpose of processing
Answering contact requests
Communication
c) Legal basis
Contract performance and implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b. GDPR), if your request is based in connection with pre-contractual measures or with an existing contract with us.
Legitimate interests (Art. 6 para. 1 p. 1 lit. f. GDPR). If your request is independent of contractual or pre-contractual measures, our legitimate interests constitute the legal basis. The legitimate interest corresponds to the purposes mentioned above.
d) Storage period
We delete your personal data as soon as they are no longer required to achieve the purpose for which they were collected. In the context of contact inquiries, this is generally the case when the circumstances indicate that the specific matter has been conclusively processed.
VII. Audio-visual conferences and messenger services
1. General information
We use messaging services and conduct video and audio conferences, webinars, and other audiovisual communications using third-party platforms. In doing so, we and the third-party providers process your personal data. In the process, data may be stored on the servers of the respective third-party providers.
Processed data
• Inventory data (e.g. first and last name, address),
• Contact data (e.g. e-mail address, telephone number),
• Content data (e.g. photographs, videos, screen contents, text contents).
• Usage data (e.g. websites visited, interest in content, time of access),
• Meta and communication data (e.g. IP address).
Purpose of processing
• Communication
• Answering contact requests
• Offering services and contracts
• Direct advertising
Legal basis
• Consent (Art. 6 para. 1 Cl. 1 lit. a GDPR). If we obtain your consent, this constitutes our legal basis for data processing.
• Performance of a contract or implementation of pre-contractual measures (Art. 6 para. 1 Cl. 1 lit b. GDPR).
VIII. Social networks
1. General information
We maintain presences in social networks in order to be able to communicate with you and inform you about our services.
Please note that your data may be processed outside the European Union or the European Economic Area. This may result in risks such as more difficult enforcement of user rights.
User data is often processed in social networks for advertising purposes or to analyze user behavior by the providers, without us being able to influence this. In addition, the providers often create usage profiles, on the basis of which user-based advertising can subsequently be placed inside and outside the social network. Cookies are often used for this purpose or the usage behavior is directly assigned to your own member profile of the social networks (provided you are logged in here).
Since we do not have access to the databases of the respective providers, we would like to point out that it is best to assert your rights directly with the respective provider. However, if you require assistance, please feel free to contact us. Further information on the processing of your data in social networks and the possibility to make use of your right of objection or revocation (opt-out) are listed below.
e) Processed data
Inventory data (e.g. first and last name, address, age, gender);
Content data (e.g., texts, photographs, videos); and
Usage data (e.g. visit to websites, interests);
Metadata (e.g. device information, IP address).
f) Purpose of processing
Modern way of user communication
Provision of information about own services
Tracking, marketing, affiliate tracking
g) Legal basis
Legitimate interests (Art. 6 para. 1 p. 1 lit. f GDPR). The legitimate interest corresponds to the purposes mentioned above.
Consent (Art. 6 para. 1 p. 1 lit. a GDPR). If you as a user of the respective social media must consent to the data processing, the legal basis is your consent.
2. Facebook
a) Provider
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA (Facebook).
b) Joint controllership
As a fan page operator, Facebook provides us with so-called "Facebook Insights". These are various statistics that provide us with information about how our Facebook fan page is used. To create these statistics, data provided by you (including personal data) is processed by Facebook and us as joint controllers within the meaning of Art. 26 (1) GDPR. We have jointly entered into an agreement with Facebook pursuant to Art. 26 GDPR, the content of which you can read here.
c) Legal basis and purpose of processing of Facebook
Information on the legal basis and the purposes of the processing of Facebook can be found here.
d) Data protection outside the EU and EEA
Standard data protection clauses: We have agreed standard data protection clauses with Facebook.
Further Security measures: Facebook has implemented further security measures. You can find them here.
e) Privacy policy
Further information on data processing can be found in the privacy policy of Facebook.
f) Opt-out and advertising settings
You can find an opt-out and Facebook's web settings here.
IX. Fonts
1. General Information
Our website uses so-called web fonts for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
Processed data
- IP address
Purpose of processing
- Uniform and appealing presentation of our website.
Legal basis
- Legitimate interest (Art. 6 para. 1 p. 1 lit. f DS-GVO). The legitimate interest corresponds to the purposes mentioned above.
2. Font Awesome
Provider
Fonticons, Inc. ,6 Porter Road Apartment 3R, Cambridge, MA 02140, USA (Font Awesome).
Description
Fonts Awesome is a service for providing various fonts and icons for our online services.
Privacy policy
For more information on data processing and an opt-out option, please see the Fonts Awesome privacy policy. https://fontawesome.com/privacy
3. Google Fonts
Provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Google). Description
Google Fonts is a service for providing various fonts for our online offer.
Privacy policy
Further information on data processing can be found in Google's privacy policy:
https://policies.google.com/privacy
Further information about Google Fonts:
Further information about Google Fonts can be found here: https://developers.google.com/fonts/faq
X. Rights of the data subject
1. Right to confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
2. Right of access (Art. 15 GDPR)
You have the right to receive from us at any time free of charge information about the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.
3. Right to retification (Art. 16 GDPR)
You have the right to request the correction of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
4. Right to erasure (Art. 17 GDPR)
You have the right to demand that personal data concerning you be deleted immediately if one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.
5. Right to restriction of processing (Art. 18 GDPR)
You have the right to demand that we restrict processing if one of the legal requirements is met.
6. Right to data portability (Art. 20 GDPR)
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. Furthermore, you have the right to transfer this data to another controller without hindrance from us, to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
In addition, when exercising your right to data portability pursuant to Article 20 (1) GDPR, you have the right to obtain that the personal data be transferred directly from one controller to another controller, to the extent that this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.
7. Right to object (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (e) (data processing in the public interest) or (f) (data processing on the basis of a balance of interests) GDPR.
This also applies to profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.
In individual cases, we process personal data to conduct direct marketing. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling, insofar as it is related to such direct advertising. If you object to us processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In addition, you have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you which is carried out by us for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
8. Revocation of consent under data protection law
You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
9. Complaint to a supervisory authority
You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.
XI. Storage period
We process and store your personal data only for as long as required by the purpose of storage or as stipulated by legal regulations.
If the storage purpose ceases to apply or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions. The criterion for the duration of storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment or initiation of the contract.
XII. Actuality and changes of the privacy policy
This privacy policy is currently valid and has the following status: November 2021.
If we continue to develop our website and our offers or if legal or regulatory requirements change, it may be necessary to amend this privacy policy. You can access the current privacy policy at any time here http://www.greenvalleyconsulting.de/impressum_datenschutz.html