We are delighted that you are interested in our company. Data protection is a particularly high priority for the management of Green IT Solution GmbH. It is generally possible to use the Green IT Solution GmbH website without providing any personal data. However, if a data subject wishes to use specific services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in compliance with the country-specific data protection regulations applicable to Green IT Solution Ltd. Through this privacy policy, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, this privacy policy informs data subjects about their rights.

As the controller, Green IT Solution GmbH has implemented numerous technical and organisational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

A. BASIC INFORMATION PURSUANT TO ARTICLES 13/14 OF THE GDPR

1. RESPONSIBLE AUTHORITY

The following entity is responsible for the collection and processing of your personal data and for compliance with data protection regulations:

Green IT Solution GmbH
Billerberg 5
82266 Inning am Ammersee
Germany

Phone: +49 89 215 37 01-0
Email: info@greenit-solution.de

2. DATA PROTECTION CONTACT

Our officially appointed data protection officer can be contacted at the following address:

Green IT Solution GmbH – Data Protection
Billerberg 5
82266 Inning am Ammersee

Email: datenschutz@greenit-solution.de

3. SUPERVISORY AUTHORITY

If you believe that Green IT Solution GmbH is processing your personal data unlawfully, you can lodge a complaint with the data protection supervisory authority. The competent supervisory authority pursuant to Art. 55 GDPR is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de

B. DEFINITIONS

The privacy policy of Green IT Solution GmbH is based on the terminology used by the European legislators and regulators when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this privacy policy, we use the following terms, among others:

a)  Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). A natural person is considered identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

b)  Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c)  Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or other forms of provision, alignment or combination, restriction, erasure or destruction.

d)  Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

e)    Profiling

Profiling is any form of automated processing of personal data consisting of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f)    Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g)  Data controller or person responsible for processing

The controller or data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h)  Data processor

A data processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

i)    Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j)      Third party

A third party is a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k)     Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

C. PURPOSES AND SCOPE OF DATA PROCESSING

1. Processing of communication data

Each time a user accesses a page of Green IT Solution GmbH, access data about this process is stored in a log file on our server.

Each data record consists of:

• IP address
• Date and time
• Page accessed/name of the file accessed
• Amount of data transferred
• Message indicating whether the access/retrieval was successful
• Browser, including version and operating system
• In the event of an error, the error message is stored.

We store IP addresses in server log files for a period of 12 weeks. This storage is carried out for reasons of data security in order to ensure the stability and operational security of our website. The legal basis for this is Art. 6 (1) lit. c GDPR.

2. Recipients of the data

We do not pass on your data to third parties unless you have given your consent. However, we rely on service providers for the hosting and maintenance of our website, whom we oblige to comply with the legal requirements by means of a data processing agreement in accordance with Art. 28 GDPR.

3. Cookies & Tracking

The websites of Green IT Solution GmbH use cookies. Cookies are text files that are stored on a computer system via an internet browser.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific web browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the person concerned from other web browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID.

By using cookies, Green IT Solution GmbH can provide users of this website with more user-friendly services that would not be possible without the use of cookies.

Cookies enable us to optimise the information and offers on our website for the benefit of the user. As already mentioned, cookies enable us to recognise users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, users of a website that uses cookies do not have to re-enter their access data each time they visit the website, as this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie used for a shopping basket in an online shop. The online shop uses a cookie to remember the items that a customer has placed in their virtual shopping basket.

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programmes. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

4. Collection of general data and information

The Green IT Solution GmbH website collects a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (known as the referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serves to avert danger in the event of attacks on our information technology systems.

When using this general data and information, Green IT Solution Ltd. does not draw any conclusions about the data subject. Rather, this information is required in order to (1) deliver the content of our website correctly, (2) optimise the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by Green IT Solution GmbH on the one hand statistically and on the other hand with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

5. Who receives your data?

Within Green IT Solution GmbH, only those persons who need your personal data to make a decision about your employment and to fulfil our legal and contractual obligations will have access to it.

Sharing within the group of companies:
Green IT Solution GmbH is part of a group of companies (PromoData GmbH, Green IT Solution GmbH, Green IT Services GmbH and HCD Consulting GmbH).
Within the framework of the shared management systems (certified according to ISO 9001, 27001, 45001 and EMAS) and the shared internal guidelines, personal data may be passed on to other companies in the group if this is necessary for the performance or support of the respective processing activity.
Such transfer shall only take place if the processing or task in question is actually carried out by another affiliated company (e.g. IT, human resources or accounting services).
All affiliated companies are contractually and organisationally obliged to comply with data protection regulations.

Where necessary, personal data may also be transferred to HCD Consulting AG (a wholly owned subsidiary of HCD Consulting GmbH) in Switzerland, insofar as this is necessary for internal administrative purposes, for the provision of services or for the performance of contracts (Art. 6(1)(b) and (f) GDPR).
The European Commission has issued an adequacy decision for Switzerland.
This means that the level of data protection there is equivalent to that in the EU; additional safeguards (e.g. standard contractual clauses) are not required.

Notwithstanding this, we will only transfer your personal data if we are legally obliged to do so (e.g. to investigative authorities).

6. Rights of the data subject

a)  Right to confirmation

Every data subject has the right granted by European directives and regulations to request confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they may contact an employee of the controller at any time.

b)  Right to information

Every person affected by the processing of personal data has the right, granted by European directives and regulations, to obtain from the controller, at any time and free of charge, information about the personal data stored about them and a copy of this information. Furthermore, European directives and regulations grant the data subject the right to obtain the following information:

• the purposes of the processing
• the categories of personal data that are being processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• where the personal data are not collected from the data subject: all available information on the origin of the data
• the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to obtain information about whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.

If a data subject wishes to exercise this right to information, they may contact an employee of the controller at any time.

c)  Right to rectification

Every person affected by the processing of personal data has the right granted by European directives and regulations to request the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing, including by means of a supplementary statement.

If a data subject wishes to exercise this right of rectification, they may contact an employee of the controller at any time.

d)  Right to erasure (right to be forgotten)

Any person affected by the processing of personal data has the right granted by European directives and regulations to request that the controller delete personal data concerning them without delay, provided that one of the following reasons applies and insofar as the processing is not necessary:

• The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
• The data subject withdraws their consent on which the processing was based in accordance with Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
• The personal data has been processed unlawfully.
• The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

If one of the above reasons applies and a data subject wishes to request the deletion of personal data stored by Green IT Solution GmbH, they may contact an employee of the controller at any time. The Green IT Solution GmbH employee will ensure that the deletion request is complied with immediately.

If the personal data has been made public by Green IT Solution GmbH and our company is obliged to delete the personal data as the controller in accordance with Art. 17 (1) GDPR, Green IT Solution GmbH shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to this personal data or copies or replications of this personal data, unless processing is necessary. The employee of Green IT Solution GmbH will take the necessary steps in each individual case.

e)  Right to restriction of processing

Any person affected by the processing of personal data has the right granted by European directives and regulations to request that the controller restrict processing if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of use instead.
• The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise or defence of legal claims.
• The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by Green IT Solution GmbH, they may contact an employee of the controller at any time. The Green IT Solution GmbH employee will arrange for the processing to be restricted.

f)    Right to data portability

Every person affected by the processing of personal data has the right granted by the European legislator to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out using automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, when exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To exercise their right to data portability, the data subject may contact a Green IT Solution GmbH employee at any time.

g)  Right to object

Every person affected by the processing of personal data has the right granted by the European legislator to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

In the event of an objection, Green IT Solution GmbH will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If Green IT Solution GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing purposes. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to Green IT Solution GmbH processing their data for direct marketing purposes, Green IT Solution GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them carried out by Green IT Solution GmbH for scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may contact any employee of Green IT Solution GmbH or another employee directly. The data subject is also free to exercise their right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

h)  Automated individual decision-making, including profiling

Any person affected by the processing of personal data has the right granted by European directives and regulations not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is not necessary for entering into, or performance of, a contract between the data subject and the controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.

If the decision (1) is necessary for entering into or performing a contract between the data subject and the controller, or (2) is made with the explicit consent of the data subject, Green IT Solution GmbH shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

If the data subject wishes to assert rights in relation to automated decisions, they may contact an employee of the controller responsible for processing at any time.

i)    Right to withdraw consent under data protection law

Every person affected by the processing of personal data has the right, granted by European directives and regulations, to withdraw their consent to the processing of personal data at any time.

If the person concerned wishes to exercise their right to withdraw consent, they can contact an employee of the controller at any time.

7. Data protection provisions regarding the use of Google Analytics (with anonymisation function)

The controller has integrated the Google Analytics component (with anonymisation function) into this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering and evaluation of data about the behaviour of visitors to websites. A web analysis service collects, among other things, data about which website a data subject came to a website from (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to optimise a website and for cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The controller uses the addition ‘_gat._anonymizeIp’ for web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the data subject’s internet connection if access to our website is made from a Member State of the European Union or from another State party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor traffic on our website. Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.

Google Analytics places a cookie on the information technology system of the data subject. What cookies are has already been explained above. By placing the cookie, Google enables an analysis of the use of our website. Each time one of the individual pages of this website operated by the controller and on which a Google Analytics component has been integrated is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission settlements.

The cookie stores personal information, such as the time of access, the location from which access originated and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

As described above, the data subject can prevent the setting of cookies by our website at any time by adjusting the settings of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programmes.

Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information relating to visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google to be an objection. If the data subject’s information technology system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.

Further information and Google’s applicable data protection provisions can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link: https://www.google.com/intl/de_de/analytics/.

8. Privacy policy regarding the use of Google Tag Manager

The controller has integrated Google Tag Manager into this website. Google Tag Manager is a free service that allows us to manage tags and configure mobile applications ourselves via a user-friendly web interface. Further information about Google Tag Manager can be found here: https://www.google.com/intl/de/tagmanager/features.html.

Operating company of the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.

The purpose of processing is to manage tags and configure mobile applications via a user-friendly web interface.

Each time you visit our website, personal data, including the IP address of the Internet connection used by the data subject, may be transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties or use it for interest-based advertising.

It is possible to object to interest-based advertising by Google. To do so, the data subject must access the link www.google.de/settings/ads from each of the internet browsers they use and make the desired settings there.

Further information and Google’s applicable data protection provisions can be found at https://policies.google.com/privacy.

9. Legal basis for processing

Art. 6 I lit. a GDPR serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party.

In this case, processing would be based on Article 6(1)(d) of the GDPR. Finally, processing operations could be based on Article 6(1)(f) of the GDPR. Processing operations that are not covered by any of the above legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this regard, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, sentence 2 of the GDPR).

10. Legitimate interests in processing pursued by the controller or a third party

If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is the performance of our business activities for the benefit of all our employees and shareholders.

11. Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or if this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

12. Legal or contractual regulations for the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We inform you that the provision of personal data is partially legally required (e.g., tax regulations) or may arise from contractual arrangements (e.g., information about the contractual partner). In some cases, for the conclusion of a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. The data subject is, for example, obligated to provide us with personal data when our company enters into a contract with them. The failure to provide the personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will clarify on a case-by-case basis whether the provision of personal data is legally or contractually required or necessary for the conclusion of a contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

13. Existence of automated decision-making

As a responsible company, we refrain from using automated decision-making or profiling.

14. Cookies including third-party cookies on websites that can be accessed through links from our website.

1. Cookie Name: PHPSESSID
Provider: greenit-solution.de/en
Type: HTTP
Expiration: Session
Purpose: Maintains the user’s states across all page requests.

2. Cookie Name: __utm.gif
Provider: google-analytics.com
Type: HTTP
Expiration: Session
Purpose: This cookie is used to determine the type of device or browser software the visitor is using – this allows the website to be formatted accordingly.

3. Cookie Name: __utma
Provider: greenit-solution.de/en
Type: HTTP
Expiration: 2 years
Purpose: Collects data on how often a user visits a website, as well as data for the first and last visit. Used by Google Analytics.

4. Cookie Name: __utmb
Provider: greenit-solution.de/en
Type: HTTP
Expiration: 1 day
Purpose: Registers a timestamp with the exact time when the user accesses the website. Used by Google Analytics to calculate the duration of a website visit.

5. Cookie Name: __utmc
Provider: greenit-solution.de/en
Type: HTTP
Expiration: Session
Purpose: Registers a timestamp with the exact time when the user accesses the website. Used by Google Analytics to calculate the duration of a website visit.

6. Cookie Name: __utmt
Provider: greenit-solution.de/en
Type: HTTP
Expiration: 1 day
Purpose: Used to throttle the speed of requests to the server.

7. Cookie Name: __utmz
Provider: greenit-solution.de/en
Type: HTTP
Expiration: 6 months
Purpose: Collects data on where the user came from, which search engine was used, what link was clicked, and what search terms were used. Used by Google Analytics.

Date of the Privacy Statement: 28.10.2025

This privacy policy aims to inform about the nature, scope, and purpose of the collection and use of personal data by Green IT Solution GmbH concerning electronic visitor registration through the SaaS service “Einfach Gast”.

Green IT Solution GmbH takes the protection of personal data very seriously and treats it confidentially and in accordance with the statutory regulations.

Definitions of the terms used (e.g., “personal data” or “processing”) can be found in Art. 4 GDPR.

1. Responsible body

The following entity is responsible for the collection and processing of your personal data and for compliance with data protection regulations:

Green IT Solution GmbH
Billerberg 5
82266 Inning am Ammersee
Germany

Phone: +49 89 215 37 01-0
Email: info@greenit-solution.de

2. DATA PROTECTION CONTACT

Our officially appointed data protection officer can be contacted at the following address:

Green IT Solution GmbH – Data Protection
Billerberg 5
82266 Inning am Ammersee, Germany

Email: datenschutz@greenit-solution.de

3. PURPOSE OF DATA COLLECTION

The personal data collected during your visit is collected electronically via the “Einfach Gast” service in order to document who was on our premises or on our company grounds (in particular at the Ellwangen site) and when.

This serves the following purposes:

• ensuring the protection of persons and property,
• tracking visitors in the event of security-related or organizational incidents,
• and compliance with legal and internal security requirements.

In addition, the electronic recording serves as proof that you have taken note of the safety and behavioral instructions displayed there.

4. LEGAL BASIS

The lawfulness of the collection of your personal data is based on Art. 6 (1) (f) GDPR
(“legitimate interest of the controller in ensuring the security of the company and its employees”).

5. FURTHER DETAILS ON DATA USE

Our legitimate interest lies in ensuring the safety of our employees, visitors, facilities, and data.
Digital visitor registration replaces the previous paper-based visitor log and enables data protection-compliant, traceable, and up-to-date documentation of visits.

6. RECIPIENTS AND TRANSFER OF YOUR PERSONAL DATA

Your visitor data is collected and managed via the SaaS service “Einfach Gast,” operated by:

Einfach Gast GmbH
Landsberger Straße 155
80687 Munich
Germany
Email: info@einfachgast.de
Web: www.einfachgast.de

Data processing is carried out on behalf of Green IT Solution GmbH on the basis of a data processing agreement in accordance with Art. 28 GDPR. (https://einfachgast.de/datensicherheit/)

Sharing within the group of companies:

Green IT Solution GmbH is part of a group of companies (PromoData GmbH, Green IT Solution GmbH, Green IT Services GmbH, and HCD Consulting GmbH).
Within the framework of the shared management systems (certified according to ISO 9001, 27001, 45001, and EMAS) and the shared internal guidelines, personal data may be passed on to other companies in the group if this is necessary for the performance or support of the respective processing activity.
Such transfer shall only take place if the processing or task in question is actually carried out by another affiliated company (e.g., IT, human resources, or accounting services).
All affiliated companies are contractually and organizationally obliged to comply with data protection regulations.

Where necessary, personal data may also be transferred to HCD Consulting AG (a wholly owned subsidiary of HCD Consulting GmbH) in Switzerland, insofar as this is necessary for internal administrative purposes, for the provision of services, or for the performance of contracts (Art. 6 (1) (b) and (f) GDPR).
The European Commission has issued an adequacy decision for Switzerland.
This means that the level of data protection there is equivalent to that in the EU; additional safeguards (e.g., standard contractual clauses) are not required.

Your personal data will not be passed on to other third parties.
In the event of security-related incidents, the management or, if required by law, the authorities may inspect the data.

7. TRANSFER OF YOUR PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS (OUTSIDE THE SCOPE OF THE GDPR)

Your personal data will not be transferred to a third country or to an international organization outside the EU/EEA.

8. STORAGE PERIOD AND DELETION

Your personal visitor data will be automatically deleted by “Einfach Gast” in accordance with the storage periods agreed with us, at the latest after 3 months.
Longer storage will only take place if this is necessary to investigate a security-related incident. In this case, the data will be deleted immediately after the process has been completed.

9. RIGHT TO INFORMATION, DELETION, CORRECTION, OBJECTION, AND RESTRICTION OF USE OF YOUR PERSONAL DATA

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access this personal data and to the following information:

• the purposes of the processing
• the categories of personal data that are being processed
• the recipients or categories of recipients to whom your personal data has been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data is not collected from the data subject, all available information on the origin of the data
• in the case of automated decision-making, including profiling (meaningful information about the logic involved, as well as the significance and intended effects of such processing for you).

If your personal data is transferred to a third country or to an international organisation, you have the right to be informed about the appropriate ‘safeguards’ in place to ensure an adequate level of data protection in connection with the transfer. We will provide you with a free copy of the personal data that is being processed. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request electronically, you will receive the information in a commonly used electronic format, unless you specify otherwise. The right to receive a copy may be restricted if it would adversely affect the rights and freedoms of others. You have the right to request that we correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement. To exercise this right, please contact our data protection officer. You have the right to request the erasure of your personal data stored by us if one of the following criteria is met:

• The personal data is no longer necessary for the fulfilment of the agreed purpose.
• You withdraw a voluntary declaration of consent you have given (however, this does not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal).
• Your personal data has been processed unlawfully up to this point.
• There is a legal obligation to delete data.
• The personal data was collected in relation to information society services offered (persons under 16 years of age).

Furthermore, you have the right to request that we restrict processing if one of the following conditions applies:

• You dispute the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful and you oppose the erasure of your personal data and request the restriction of the use of your personal data instead.
• If we no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
• If you have objected to the processing, as long as it is not yet clear whether our legitimate reasons outweigh yours.

10. RIGHT TO DATA PORTABILITY

You have the right to receive the personal data we have stored about you, insofar as it is processed in an automated procedure, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided. When exercising your right to data portability, you have the right to have your personal data transferred directly from us to another controller, where technically feasible. The right to data portability may be restricted if the rights or freedoms of other persons are affected by the exercise of this right.

11. RIGHT OF WITHDRAWAL IN THE CASE OF CONSENT AND CONTINUATION OF CONSENT GRANTED

Insofar as we process personal data relating to you on the basis of a declaration of consent, you have the right to revoke the consent you have given. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. With regard to compliance with storage periods, point 8 of this privacy policy must also be observed in this regard.

12. RIGHT OF APPEAL TO THE SUPERVISORY AUTHORITY

If you feel it is necessary to lodge a complaint with the competent supervisory authority, you are free to do so at any time. The address of the competent supervisory authority in Bavaria is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de

13. OBLIGATION TO PROVIDE YOUR PERSONAL DATA AND POSSIBLE CONSEQUENCES OF REFUSING TO PROVIDE IT

The provision of your personal data is necessary to fulfil the above purposes.
Without this data, access to our premises or electronic registration is not possible.

14. AUTOMATED DECISION-MAKING AND PROFILING

No automated decision-making takes place with regard to you. No profiling (meaningful information about the logic involved, the scope and the intended effects of such processing on you) is carried out using the personal data collected from you.

15. CHANGE OF PURPOSE

If we intend to change the purpose for which your personal data was originally collected, we will inform you in advance in a detailed and transparent manner. In this case, we will of course provide you with all the information required by law. If the change of purpose involves the processing of personal data based on a voluntary declaration of consent, we will inform you accordingly and ask for your formal consent.

16. OPEN QUESTIONS, COMPLAINTS OR SUGGESTIONS

Please feel free to contact us with any questions, complaints or suggestions regarding data protection. If necessary, you are welcome to contact our data protection officer (see point 2 of this privacy policy).

Status of the privacy policy: 28 October 2025

Dear applicants, dear employees,

With this privacy policy, we fulfil our legal information obligations in accordance with the General Data Protection Regulation (GDPR) and provide you with transparent information about how we handle your personal data.

1. Responsible body

The following entity is responsible for the collection and processing of your personal data and for compliance with data protection regulations:

Green IT Solution GmbH
Billerberg 5
82266 Inning am Ammersee
Germany
Phone: +49 89 215 37 01-0
Email: info@greenit-solution.de

2. DATA PROTECTION CONTACT

Our officially appointed data protection officer can be contacted at the following address:

Green IT Solution GmbH – Data Protection
Billerberg 5
82266 Inning am Ammersee
Email: datenschutz@greenit-solution.de

3. PURPOSE OF DATA COLLECTION

Your personal data will be processed for the following purposes:

• Evaluation and processing of incoming applications
• Conducting job interviews and selecting applicants
• Concluding an employment contract (establishing an employment relationship)
• Implementation of the employment relationship
• Termination of the employment relationship

4. LEGAL BASIS

Your personal data is processed on the basis of Section 26(1) of the Federal Data Protection Act (BDSG) (new).

5. FURTHER DETAILS ON DATA USE

In order to recruit and hire new suitable personnel or to establish, implement and terminate an employment relationship, we require a minimum amount of personal data. We always observe the principle of data minimisation and do not collect any personal data that we do not absolutely require in accordance with point 3 of this privacy policy. If we wish to collect further personal data that is not covered by point 3 of this privacy policy, we will ask you for your voluntary consent.

6. DISCLOSURE OF YOUR PERSONAL DATA

Your personal data will only be shared internally for the purposes defined in section 3 of this privacy policy, in accordance with the principle of data minimisation and other data protection principles.

Sharing within the group of companies:

Green IT Solution GmbH is part of a group of companies (PromoData GmbH, Green IT Solution GmbH, Green IT Services GmbH and HCD Consulting GmbH).
Within the framework of the shared management systems (certified according to ISO 9001, 27001, 45001 and EMAS) and the shared internal guidelines, personal data may be passed on to other companies in the group if this is necessary for the performance or support of the respective processing activity.
Such transfer shall only take place if the processing or task in question is actually carried out by another affiliated company (e.g. IT, human resources or accounting services).
All affiliated companies are contractually and organisationally obliged to comply with data protection regulations.
Where necessary, personal data may also be transferred to HCD Consulting AG (a wholly owned subsidiary of HCD Consulting GmbH) in Switzerland, insofar as this is necessary for internal administrative purposes, for the provision of services or for the performance of contracts (Art. 6(1)(b) and (f) GDPR).
The European Commission has issued an adequacy decision for Switzerland.
This means that the level of data protection there is equivalent to that in the EU; additional safeguards (e.g. standard contractual clauses) are not required.
Your personal data may be disclosed externally under the following circumstances:

• Disclosure of your personal data (contact details) to contractors, subcontractors or cooperation partners within the scope of the employment relationship, insofar as this is necessary for the fulfilment of orders. Any disclosure will only take place to the extent necessary. Where possible, your personal data will not be disclosed.
• Commissioning of support services that require access to your personal data or where such access cannot be completely ruled out. This includes, for example, IT support services, payroll accounting services or the use of tax advisory services.
• Disclosure of your personal data (contact details) within the scope of supplier management, insofar as this is necessary for the fulfilment of orders. Any disclosure will only take place to the extent necessary. Where possible, we will refrain from disclosing your personal data.
• Disclosure of your personal data to authorities and health insurance companies due to legal obligations.

7. TRANSFER OF YOUR PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS (OUTSIDE THE SCOPE OF THE GDPR)

Your personal data will not be transferred to countries outside the EU or to international organisations. Should this become necessary in the future, you will be informed in advance and all necessary measures will be taken to protect your data.

8. STORAGE PERIOD AND DELETION

Your personal data will only be stored for as long as is necessary to fulfil the aforementioned purposes or as long as there are legal retention obligations.
After these periods have expired, your data will be deleted unless consent has been given for longer storage.

9. RIGHT TO INFORMATION, DELETION, CORRECTION, OBJECTION AND RESTRICTION OF USE OF YOUR PERSONAL DATA

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access this personal data and to the following information:

• the purposes of the processing
• the categories of personal data that are being processed
• the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• where the personal data are not collected from the data subject, any available information as to their source
• where there is automated decision-making, including profiling (meaningful information about the logic involved, as well as the significance and intended effects of such processing for you).

If your personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate ‘safeguards’ in place to ensure an adequate level of data protection in connection with the transfer. We will provide you with a free copy of the personal data that is being processed. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request electronically, you will receive the information in a commonly used electronic format, unless you specify otherwise. The right to receive a copy may be restricted if it would adversely affect the rights and freedoms of others. You have the right to request that we correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement. To exercise this right, please contact our data protection officer. You have the right to request the erasure of your personal data stored by us if one of the following criteria is met:

• The personal data is no longer necessary for the fulfilment of the agreed purpose.
• You withdraw a voluntary declaration of consent (however, this does not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal).
• Your personal data has been processed unlawfully.
• There is a legal obligation to erase the data.
• The personal data was collected in relation to information society services offered (persons under 16 years of age).

Furthermore, you have the right to request that we restrict processing if one of the following conditions applies:

• You dispute the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful and you oppose the erasure of your personal data and request the restriction of the use of your personal data instead.
• If we no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
• If you have objected to the processing, as long as it is not yet clear whether our legitimate reasons outweigh yours.

10. RIGHT TO DATA PORTABILITY

You have the right to receive the personal data we have stored about you, insofar as it is processed in an automated procedure, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided. When exercising your right to data portability, you have the right to have your personal data transferred directly from us to another controller, where technically feasible. The right to data portability may be restricted if the rights or freedoms of other persons are affected by the exercise of this right.

11. RIGHT OF WITHDRAWAL IN THE CASE OF CONSENT AND CONTINUATION OF CONSENT GRANTED

Insofar as we process personal data relating to you on the basis of a declaration of consent, you have the right to revoke the consent you have given. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. With regard to compliance with storage periods, point 8 of this privacy policy must also be observed in this regard.

12. RIGHT OF APPEAL TO THE SUPERVISORY AUTHORITY

If you feel it is necessary to lodge a complaint with the competent supervisory authority, you are free to do so at any time. The address of the competent supervisory authority in Bavaria is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de

13. OBLIGATION TO PROVIDE YOUR PERSONAL DATA AND POSSIBLE CONSEQUENCES OF REFUSING TO PROVIDE IT

On the one hand, we are legally obliged to process personal data relating to you (this also includes passing it on to authorities or health insurance companies, for example). On the other hand, we need the data collected from you to decide on, establish, implement and terminate the employment relationship. Without the data collected, it would not be possible to decide on, establish, implement and terminate an employment relationship.

14. AUTOMATED DECISION-MAKING AND PROFILING

No automated decision-making takes place with regard to you. No profiling (meaningful information about the logic involved, the scope and the intended effects of such processing on you) is carried out using the personal data collected from you.

15. CHANGE OF PURPOSE

If we intend to change the purpose for which your personal data was originally collected, we will inform you in advance in a detailed and transparent manner. In this case, we will of course provide you with all the information required by law. If the change of purpose involves the processing of personal data based on a voluntary declaration of consent, we will inform you accordingly and ask for your formal consent.

16. OPEN QUESTIONS, COMPLAINTS OR SUGGESTIONS

Please feel free to contact us with any questions, complaints or suggestions regarding data protection. If necessary, you are welcome to contact our data protection officer (see point 2 of this privacy policy).

Status of the privacy policy: 28 October 2025

We are delighted that you are interested in our company. Data protection is a particularly high priority for the management of Green IT Solution GmbH. It is generally possible to use the Green IT Solution GmbH website without providing any personal data. However, if a data subject wishes to use specific services offered by our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, such as the name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in compliance with the country-specific data protection regulations applicable to Green IT Solution Ltd. Through this privacy policy, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, this privacy policy informs data subjects about their rights.
As the controller, Green IT Solution GmbH has implemented numerous technical and organisational measures to ensure the most complete protection possible for the personal data processed via this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

A. BASIC INFORMATION PURSUANT TO ARTICLES 13/14 OF THE GDPR

1. RESPONSIBLE AUTHORITY

The following entity is responsible for the collection and processing of your personal data and for compliance with data protection regulations:

Green IT Solution GmbH
Billerberg 5
82266 Inning am Ammersee
Germany
Phone: +49 89 998 20 92-0
Email: info@greenit-solution.de

2. DATA PROTECTION CONTACT

Our officially appointed data protection officer can be contacted at the following address:

Green IT Solution – Data Protection
Billerberg 5
82266 Inning am Ammersee
Email: datenschutz@greenit-solution.de

3. SUPERVISORY AUTHORITY

If you believe that Green IT Solution GmbH is processing your personal data unlawfully, you can lodge a complaint with the data protection supervisory authority. The competent supervisory authority pursuant to Art. 55 GDPR is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de

B. Definitions of terms

The privacy policy of Green IT Solution GmbH is based on the terminology used by the European legislators and regulators when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

In this privacy policy, we use the following terms, among others:

a) personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’). A natural person is considered identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

b) data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c) processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

e) profiling

Profiling is any form of automated processing of personal data consisting of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

f) pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

g) data controller or person responsible for processing

The controller or data controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

h) processor

A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

i) recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) third party

A third party is a natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

k) consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

C. PURPOSES AND SCOPE OF DATA PROCESSING

1. Processing of communication data

Your personal data will be processed for the following purposes:

• Preparation of quotations
• Preparation of a purchase agreement
• Processing of complaints
• Provision of the contractually agreed service
• Billing of the contractually agreed service

In addition, each time a user accesses our pages, access data relating to this process is stored in a log file on our server.

Each data record consists of:

• IP address
• Date and time
• Page accessed/name of the file accessed
• Amount of data transferred
• Notification of whether the access/retrieval was successful
• Browser, including version and operating system
• In the event of an error, the error message is stored

We store IP addresses in server log files for a period of 12 weeks. This storage is carried out for reasons of data security in order to ensure the stability and operational security of our website. The legal basis for this is Art. 6(1)(f) GDPR.

2. Recipients and disclosure of data

For contract processing, we also process delivery addresses, order/payment and shipping data; for delivery purposes, we transfer this data to the selected shipping service provider (Art. 6(1)(b) GDPR).
Furthermore, we do not pass on your data to third parties unless you have given your consent. However, for the hosting and maintenance of our website, we rely on the use of service providers who are obliged to comply with the legal requirements via a data processing agreement in accordance with Art. 28 GDPR.
Your personal data will only be passed on internally for the fulfilment of contractual obligations or other tasks in connection with the activities mentioned in point C.1.

Sharing within the group of companies:

Green IT Solution GmbH is part of a group of companies (PromoData GmbH, Green IT Solution GmbH, Green IT Services GmbH and HCD Consulting GmbH).
Within the framework of the shared management systems (certified according to ISO 9001, 27001, 45001 and EMAS) and the shared internal guidelines, personal data may be passed on to other companies in the group if this is necessary for the performance or support of the respective processing activity.
Such transfer shall only take place if the processing or task in question is actually carried out by another group company (e.g. IT, human resources or accounting services).
All affiliated companies are contractually and organisationally obliged to comply with data protection regulations.
Where necessary, we may also transfer personal data to HCD Consulting AG (a wholly owned subsidiary of HCD Consulting GmbH) in Switzerland, insofar as this is necessary for internal administrative purposes, for the provision of services or for the performance of contracts (Art. 6(1)(b) and (f) GDPR).
The European Commission has issued an adequacy decision for Switzerland. This means that the level of data protection there is equivalent to that in the EU; additional safeguards (e.g. standard contractual clauses) are not required.

Your personal data may be disclosed externally under the following circumstances:

• Commissioning a subcontractor to fulfil the contractual obligations that we have agreed with you within the framework of our cooperation.
• Commissioning support services that require access to your personal data or where such access cannot be completely ruled out. This includes, for example, IT support services, services related to invoicing or the use of tax advisory services.
• Disclosure of your personal data due to legal obligations.
• Obtaining information from credit agencies.
• Disclosure of personal data through automated comparison with databases within the scope of export control.
• Payment processing (only for online/shop orders): If you order goods or services via one of our online shops and choose an electronic payment method there, we will transfer the data required for payment processing (e.g. invoice amount, order, payment method, name and email address, if applicable) to the payment service provider you have selected (e.g. PayPal, Stripe) to execute the payment (Art. 6 (1) (b) GDPR). Further processing by the payment service provider is carried out under its own data protection responsibility; for more information, please refer to the data protection information of the respective payment service provider.

Transfer of your personal data to third countries or international organisations (outside the scope of the GDPR)

Your personal data will not be transferred outside our group of companies to countries outside the EU or to international organisations. Should this become necessary in the future, you will be informed in advance and all necessary measures will be taken to protect your data.

3. Cookies & Tracking

The websites of Green IT Solution GmbH use cookies. Cookies are text files that are stored on a computer system via an internet browser. Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that allows websites and servers to be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A specific Internet browser can be recognised and identified via the unique cookie ID.

By using cookies, Green IT Solution GmbH can provide users of this website with more user-friendly services that would not be possible without cookies. Cookies enable us to optimise the information and offers on our website for the benefit of the user. Cookies enable us to recognise users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, users of a website that uses cookies do not have to re-enter their access data each time they visit the website, as this is done by the website and the cookie stored on the user’s computer system. Another example is the cookie used for a shopping basket in an online shop. The online shop uses a cookie to remember the items that a customer has placed in their virtual shopping basket.
The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programmes. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

4. Collection of general data and information

The Green IT Solution GmbH website collects a range of general data and information each time the website is accessed by a data subject or an automated system. This general data and information is stored in the server log files. The following may be recorded: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (known as the referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serves to avert danger in the event of attacks on our information technology systems.
When using this general data and information, Green IT Solution GmbH does not draw any conclusions about the data subject. Rather, this information is required in order to (1) deliver the content of our website correctly, (2) optimise the content of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by Green IT Solution GmbH on the one hand statistically and on the other hand with the aim of increasing data protection and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

5. Rights of the data subject

a) right to confirmation

Every data subject has the right granted by European directives and regulations to request confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they may contact an employee of the controller at any time.

b) right to information

Every person affected by the processing of personal data has the right, granted by European directives and regulations, to obtain from the controller, at any time and free of charge, information about the personal data stored about them and a copy of this information. Furthermore, European directives and regulations grant the data subject the right to obtain the following information:

• the purposes of the processing
• the categories of personal data that are being processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• where the personal data are not collected from the data subject: all available information on the origin of the data
• the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to obtain information about whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards in connection with the transfer.
If a data subject wishes to exercise this right to information, they can contact an employee of the controller at any time.

c) right to rectification

Every person affected by the processing of personal data has the right granted by European directives and regulations to request the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, taking into account the purposes of the processing, including by means of a supplementary statement.
If a data subject wishes to exercise this right of rectification, they may contact an employee of the controller at any time.

d) right to erasure (right to be forgotten)

Any person affected by the processing of personal data has the right granted by European directives and regulations to request that the controller delete personal data concerning them without delay, provided that one of the following reasons applies and insofar as the processing is not necessary:

• The personal data has been collected or otherwise processed for purposes for which it is no longer necessary.
• The data subject withdraws their consent on which the processing was based in accordance with Article 6(1)(a) GDPR or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR.
• The personal data has been processed unlawfully.
• The erasure of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
• The personal data has been collected in relation to information society services offered in accordance with Article 8(1) of the GDPR.

If one of the above reasons applies and a data subject wishes to request the deletion of personal data stored by Green IT Solution GmbH, they may contact an employee of the controller at any time. The Green IT Solution GmbH employee will ensure that the deletion request is complied with immediately.

If the personal data has been made public by Green IT Solution GmbH and our company is obliged to delete the personal data as the controller in accordance with Art. 17 (1) GDPR, Green IT Solution GmbH shall take appropriate measures, including technical measures, taking into account the available technology and implementation costs, to inform other controllers who process the published personal data that the data subject has requested these other data controllers to delete all links to this personal data or copies or replications of this personal data, unless processing is necessary. The employee of Green IT Solution GmbH will take the necessary steps in each individual case.

e) right to restriction of processing

Any person affected by the processing of personal data has the right, granted by European directives and regulations, to request that the controller restrict processing if one of the following conditions is met:

• The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful, the data subject opposes the erasure of the personal data and requests the restriction of use instead.
• The controller no longer needs the personal data for the purposes of the processing, but the data subject needs it for the establishment, exercise or defence of legal claims.
• The data subject has objected to the processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by Green IT Solution GmbH, they may contact an employee of the controller at any time. The Green IT Solution GmbH employee will arrange for the processing to be restricted.

f) right to data portability

Every person affected by the processing of personal data has the right granted by the European legislator to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out using automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Furthermore, when exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this does not adversely affect the rights and freedoms of others.

To exercise their right to data portability, the data subject may contact a Green IT Solution GmbH employee at any time.

g) right to object

Every person affected by the processing of personal data has the right granted by the European legislator to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them which is carried out on the basis of Article 6(1)(e) or (f) of the GDPR. This also applies to profiling based on these provisions.

In the event of an objection, Green IT Solution Ltd. will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If Green IT Solution GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data for such marketing purposes. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to Green IT Solution GmbH processing their data for direct marketing purposes, Green IT Solution GmbH will no longer process the personal data for these purposes.
In addition, the data subject has the right to object, on grounds relating to their particular situation, to the processing of personal data concerning them carried out by Green IT Solution GmbH for scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
To exercise the right to object, the data subject may contact any employee of Green IT Solution GmbH or another employee directly. The data subject is also free to exercise their right to object in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.

h) automated individual decision-making, including profiling

Any person affected by the processing of personal data has the right granted by European directives and regulations not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is based on the data subject’s explicit consent.
If the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller, or (2) is made with the explicit consent of the data subject, Green IT Solution GmbH shall take appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.
If the data subject wishes to exercise their rights in relation to automated decisions, they may contact an employee of the controller at any time.

i) right to withdraw consent under data protection law

Every person affected by the processing of personal data has the right, granted by European directives and regulations, to withdraw their consent to the processing of personal data at any time.
If the person concerned wishes to exercise their right to withdraw consent, they may contact an employee of the controller at any time.

6. Data protection provisions regarding the use of Google Analytics (with anonymisation function)

The controller has integrated the Google Analytics component (with anonymisation function) into this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering and evaluation of data about the behaviour of visitors to websites. A web analytics service collects, among other things, data about which website a data subject came to a website from (so-called referrer), which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analytics is mainly used to optimise a website and for cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The controller uses the addition ‘_gat._anonymizeIp’ for web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the data subject’s internet connection if access to our website is made from a Member State of the European Union or from another State party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor traffic on our website. Google uses the data and information obtained to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.

Google Analytics places a cookie on the information technology system of the data subject. By placing the cookie, Google enables an analysis of the use of our website. Each time one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, is accessed, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission settlements.
The cookie is used to store personal information, such as the access time, the location from which access originated, and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the Internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.
The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programmes.

Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information relating to visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the data subject’s information technology system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.

Further information and Google’s applicable data protection provisions can be found at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link: https://www.google.com/intl/de_de/analytics/.

7. Privacy policy regarding the use of Google Tag Manager

The controller has integrated Google Tag Manager into this website. Google Tag Manager is a free service that allows us to manage tags and configure mobile applications via a user-friendly web interface. Further information about Google Tag Manager can be found here: https://www.google.com/intl/de/tagmanager/features.html.

The operator of the services is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Ireland.
The purpose of the processing is to manage tags and configure mobile applications via a user-friendly web interface.

Each time you visit our website, personal data, including the IP address of the Internet connection used by the data subject, may be transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties or use it for interest-based advertising.

It is possible to object to interest-based advertising by Google. To do so, the data subject must access the link www.google.de/settings/ads from each of the internet browsers they use and make the desired settings there.

Further information and Google’s applicable data protection provisions can be found at https://policies.google.com/privacy.

8. Legal basis for processing

Art. 6(1)(a) GDPR serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of enquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. In this case, processing would be based on Article 6(1)(d) of the GDPR. Finally, processing operations could be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations that are not covered by any of the above legal bases if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, sentence 2 of the GDPR).

9. Legitimate interests in processing pursued by the controller or a third party

If the processing of personal data is based on Article 6(1)(f) of the GDPR, our legitimate interest is the performance of our business activities for the benefit of all our employees and shareholders.

10. Routine deletion and blocking of personal data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the storage purpose or if this has been provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the purpose of storage no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

11. Legal or contractual requirements for the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide personal data; possible consequences of failure to provide data

We would like to point out that the provision of personal data is in some cases required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information on the contractual partner). In some cases, it may be necessary for a data subject to provide us with personal data in order to conclude a contract, which we must then process. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with them. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will explain to the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

12. Existence of automated decision-making

As a responsible company, we refrain from automated decision-making or profiling.

13. Payment provider

PayPal

If you choose one of the payment options offered by our partner PayPal, PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, the data you enter during the ordering process will be transmitted to PayPal for the purpose of executing the contractual payment. Detailed information on this can be found in PayPal’s privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE
The basis for the transfer of your data to PayPal is primarily the processing of your contract data in accordance with Art. 6 (1) lit. b GDPR and our legitimate interest in a technically flawless online offering and its economically efficient design and optimisation in accordance with Art. 6 (1) lit. f GDPR.

Stripe

If you choose one of the payment options offered by our partner Stripe, Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, the data you enter during the ordering process will be transmitted to Stripe for the purpose of executing the contractual payment. Detailed information on this can be found in Stripe’s privacy policy:
https://stripe.com/de/privacy
The basis for the transfer of your data to Stripe is primarily the processing of your contractual data in accordance with Art. 6 (1) lit. b GDPR and our legitimate interest in a technically flawless online offering and its economically efficient design and optimisation in accordance with Art. 6 (1) lit. f GDPR.

15. Cookies, including third-party cookies, on websites that can be accessed via links from our website.

1. Cookie name: PHPSESSID
Provider: Green IT Solution.net
Type: HTTP
Expiration: Session
Purpose: Maintains the user’s status across all page requests.

2. Cookie name: __utm.gif
Provider: google-analytics.com
Type: HTTP
Expiration: Session
Purpose: This cookie is used to determine what type of device or browser software the visitor is using, allowing the website to be formatted accordingly.

3. Cookie name: __utma
Provider: Green IT Solution.net
Type: HTTP
Expiration: 2 years
Purpose: Collects data on how often a user has visited a website, as well as data for the first and last visit. Used by Google Analytics.

4. Cookie name: __utmb
Provider: Green IT Solution.net
Type: HTTP
Expiration: 1 day
Purpose: Registers a timestamp with the exact time at which the user accesses the website. Used by Google Analytics to calculate the duration of a website visit.

5. Cookie name: __utmc
Provider: Green IT Solution.net
Type: HTTP
Expiration: Session
Purpose: Registers a timestamp with the exact time the user accesses the website. Used by Google Analytics to calculate the duration of a website visit.

6. Cookie name: __utmt
Provider: Green IT Solution.net
Type: HTTP
Expiration: 1 day
Purpose: Used to throttle the speed of requests to the server.

7. Cookie name: __utmz
Provider: Green IT Solution.net
Type: HTTP
Expiration: 6 months
Purpose: Collects data on where the user came from, which search engine was used, which link was clicked and which search terms were used. Used by Google Analytics.

Status of the privacy policy: 28 October 2025

Dear customers, dear interested parties,

With this privacy policy, we fulfil our legal information obligations in accordance with the General Data Protection Regulation (GDPR) and provide you with transparent information about how we handle your personal data.

1. Responsible body

The following entity is responsible for the collection and processing of your personal data and for compliance with data protection regulations:

Green IT Solution GmbH
Billerberg 5
82266 Inning am Ammersee
Germany
Tel.: +49 89 215 37 01-0
Email: info@greenit-solution.de

2. DATA PROTECTION CONTACT

Our officially appointed data protection officer can be contacted at the following address:

Green IT Solution GmbH – Data Protection
Billerberg 5
82266 Inning am Ammersee
Email: datenschutz@greenit-solution.de

3. PURPOSE OF DATA COLLECTION

Your personal data will be processed for the following purposes:

• Preparation of individual quotations for work or services requested from us
• Preparation of a service or contract for work and materials
• Provision of the contractually agreed service
• Invoicing for the contractually agreed service

4. LEGAL BASIS

The processing of your personal data is based on Article 6(1)(b) of the GDPR.

5. FURTHER DETAILS ON DATA USE

In order to provide our contractually agreed services or to be able to prepare an individual offer for you upon request, we require a minimum amount of personal data.
We always observe the principle of data minimisation and do not collect any personal data that we do not need to fulfil our tasks.

6. DISCLOSURE OF YOUR PERSONAL DATA

Your personal data will only be shared internally for the purpose of fulfilling contractual obligations or other tasks related to the activities mentioned in point 3.

Sharing within the group of companies:

Green IT Solution GmbH is part of a group of companies (PromoData GmbH, Green IT Solution GmbH, Green IT Services GmbH and HCD Consulting GmbH).
Within the framework of the shared management systems (certified according to ISO 9001, 27001, 45001 and EMAS) and the shared internal guidelines, personal data may be passed on to other companies in the group if this is necessary for the performance or support of the respective processing activity.
Such transfer shall only take place if the processing or task in question is actually carried out by another affiliated company (e.g. IT, human resources or accounting services).
All affiliated companies are contractually and organisationally obliged to comply with data protection regulations.
Where necessary, personal data may also be transferred to HCD Consulting AG (a wholly owned subsidiary of HCD Consulting GmbH) in Switzerland, insofar as this is necessary for internal administrative purposes, for the provision of services or for the performance of contracts (Art. 6(1)(b) and (f) GDPR).

The European Commission has issued an adequacy decision for Switzerland.

This means that the level of data protection there is equivalent to that in the EU; additional safeguards (e.g. standard contractual clauses) are not required.

Your personal data may be disclosed externally under the following circumstances:

• Commissioning a subcontractor to fulfil the contractual obligations that we have agreed with you within the framework of our cooperation.
• Commissioning support services that require access to your personal data or where such access cannot be completely ruled out. This includes, for example, IT support services, services related to invoicing or the use of tax advisory services.
• Disclosure of your personal data due to legal obligations.
• Obtaining information from credit agencies.
• Disclosure of personal data through automated comparison with databases within the scope of export control.
• Payment processing (only for online/shop orders).

If you order goods or services via one of our online shops and select an electronic payment method there, we will transfer the data required for payment processing (e.g. invoice amount, order, payment method, name and email address, if applicable) to the payment service provider you have selected (e.g. PayPal, Stripe) to execute the payment (Art. 6(1)(b) GDPR). Stripe) to execute the payment (Art. 6 para. 1 lit. b GDPR).

Further processing by the payment service provider is carried out under its own data protection responsibility; for more information, please refer to the data protection information of the respective payment service provider.

7. TRANSFER OF YOUR PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS (OUTSIDE THE SCOPE OF THE GDPR)

Your personal data will not be transferred to countries outside the EU or to international organisations. Should this become necessary in the future, you will be informed in advance and all necessary measures will be taken to protect your data.

8. STORAGE PERIOD AND DELETION

Your personal data will only be stored for as long as is necessary to fulfil the aforementioned purposes or as long as there are legal retention obligations.
After these periods have expired, your data will be deleted unless you have given your consent for it to be stored for longer.

9. RIGHT TO INFORMATION, DELETION, CORRECTION, OBJECTION AND RESTRICTION OF USE OF YOUR PERSONAL DATA

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access this personal data and to the following information:

• the purposes of the processing
• the categories of personal data that are being processed
• the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• where the personal data are not collected from the data subject, any available information as to their source
• where there is automated decision-making, including profiling (meaningful information about the logic involved, as well as the significance and intended effects of such processing for you).

If your personal data is transferred to a third country or to an international organisation, you have the right to be informed of the appropriate ‘safeguards’ in place to ensure an adequate level of data protection in connection with the transfer. We will provide you with a free copy of the personal data that is being processed. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request electronically, you will receive the information in a commonly used electronic format, unless you specify otherwise. The right to receive a copy may be restricted if it would adversely affect the rights and freedoms of others. You have the right to request that we correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the

completion of incomplete personal data, including by means of a supplementary statement. To exercise this right, please contact our data protection officer. You have the right to request the erasure of your personal data stored by us if one of the following criteria is met:

• The personal data is no longer necessary for the fulfilment of the agreed purpose.
• You withdraw a voluntary declaration of consent (however, this does not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal).
• Your personal data has been processed unlawfully.
• There is a legal obligation to erase the data.
• The personal data was collected in relation to information society services offered (persons under 16 years of age).

Furthermore, you have the right to request that we restrict processing if one of the following conditions applies:

• You dispute the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful and you oppose the erasure of your personal data and request the restriction of the use of your personal data instead.
• If we no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
• If you have objected to the processing, as long as it is not yet clear whether our legitimate reasons outweigh yours.

10. RIGHT TO DATA PORTABILITY

You have the right to receive the personal data we have stored about you, insofar as it is processed in an automated procedure, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided. When exercising your right to data portability, you have the right to have your personal data transferred directly from us to another controller, where technically feasible. The right to data portability may be restricted if the rights or freedoms of other persons are affected by the exercise of this right.

11. RIGHT OF WITHDRAWAL IN THE CASE OF CONSENT AND CONTINUATION OF CONSENT GRANTED

Insofar as we process personal data relating to you on the basis of a declaration of consent, you have the right to revoke the consent you have given. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. With regard to compliance with storage periods, point 8 of this privacy policy must also be observed in this regard.

12. RIGHT OF APPEAL TO THE SUPERVISORY AUTHORITY

If you feel it is necessary to lodge a complaint with the competent supervisory authority, you are free to do so at any time. The address of the competent supervisory authority in Bavaria is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de

13. OBLIGATION TO PROVIDE YOUR PERSONAL DATA AND POSSIBLE CONSEQUENCES OF REFUSING TO PROVIDE IT

We require the personal data collected from you in order to fulfil our contractual obligations or to prepare an individual quote. Without this personal data, it is not possible to prepare quotes or provide the desired services and work.

14. AUTOMATED DECISION-MAKING AND PROFILING

No automated decision-making takes place with regard to you. No profiling (meaningful information about the logic involved, the scope and the intended effects of such processing on you) is carried out using the personal data collected from you.

15. CHANGE OF PURPOSE

If we intend to change the purpose for which your personal data was originally collected, we will inform you in advance in a detailed and transparent manner. In this case, we will of course provide you with all the information required by law. If the change of purpose involves the processing of personal data based on a voluntary declaration of consent, we will inform you accordingly and ask for your formal consent.

16. OPEN QUESTIONS, COMPLAINTS OR SUGGESTIONS

Please feel free to contact us with any questions, complaints or suggestions regarding data protection. If necessary, you are welcome to contact our data protection officer (see point 2 of this privacy policy).

Status of the privacy policy: 28 October 2025

Dear suppliers and service providers,

With this privacy policy, we fulfil our legal information obligations in accordance with the General Data Protection Regulation (GDPR) and provide you with transparent information about how we handle your personal data.

1. Responsible body

The following entity is responsible for the collection and processing of your personal data and for compliance with data protection regulations:

Green IT Solution GmbH
Billerberg 5
82266 Inning am Ammersee
Germany
Phone: +49 89 215 37 01-0
Email: info@greenit-solution.de

2. DATA PROTECTION CONTACT

Our officially appointed data protection officer can be contacted at the following address:

Green IT Solution GmbH – Data Protection
Billerberg 5
82266 Inning am Ammersee
Email: datenschutz@greenit-solution.de

3. PURPOSE OF DATA COLLECTION

Your personal data will be processed for the following purposes:

• Requesting individual quotes for work or services
• Concluding a service or work contract or executing an order
• Questions about work performed, services provided or products supplied, including the handling of complaints
• Settlement of invoices

4. LEGAL BASIS

The processing of your personal data is based on Article 6 of the GDPR, paragraph 1, letter b (upon conclusion of a contract, e.g. service contract or purchase contract) and/or Article 6 of the GDPR, paragraph 1, letter f (in the case of pre-contractual measures at the request of the controller).

5. FURTHER DETAILS ON DATA USE

In order to provide contractually agreed services or, of course, to request an individual quote, we naturally require a minimum amount of personal data.
We always observe the principle of data minimisation and do not collect any personal data that we do not absolutely require in accordance with point 3 of this privacy policy.

6. DISCLOSURE OF YOUR PERSONAL DATA

Your personal data will only be shared internally for the purpose of fulfilling contractual obligations or other tasks related to the activities mentioned in point 3.

Sharing within the group of companies:

Green IT Solution GmbH is part of a group of companies (PromoData GmbH, Green IT Solution GmbH, Green IT Services GmbH and HCD Consulting GmbH).
Within the framework of the shared management systems (certified according to ISO 9001, 27001, 45001 and EMAS) and the shared internal guidelines, personal data may be passed on to other companies in the group if this is necessary for the performance or support of the respective processing activity.
Such transfer shall only take place if the processing or task in question is actually carried out by another group company (e.g. IT, human resources or accounting services).
All affiliated companies are contractually and organisationally obliged to comply with data protection regulations.
Where necessary, personal data may also be transferred to HCD Consulting AG (a wholly owned subsidiary of HCD Consulting GmbH) in Switzerland, insofar as this is necessary for internal administrative purposes, for the provision of services or for the performance of contracts (Art. 6(1)(b) and (f) GDPR).
An adequacy decision has been issued by the European Commission for Switzerland.

This means that the level of data protection there is equivalent to that in the EU; additional safeguards (e.g. standard contractual clauses) are not required.

Your personal data may be disclosed externally in the following circumstances:

• Forwarding your contact details for coordination between several contractors, in the event that another service provider/supplier is commissioned to fulfil the contractual obligations that we have agreed with you within the scope of our cooperation
• Commissioning of support services that require access to your personal data or where such access cannot be completely ruled out. This includes, for example, IT support services, services related to invoicing or the use of tax advisory services
• Disclosure of your personal data due to legal obligations.

7. TRANSFER OF YOUR PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS (OUTSIDE THE SCOPE OF THE GDPR)

Your personal data will not be transferred to countries outside the EU or to international organisations. Should this become necessary in the future, you will be informed in advance and all necessary measures will be taken to protect your data.

8. STORAGE PERIOD AND DELETION

Your personal data will only be stored for as long as is necessary to fulfil the aforementioned purposes or as long as there are legal retention obligations.
After these periods have expired, your data will be deleted unless you have given your consent for it to be stored for longer.

9. RIGHT TO INFORMATION, DELETION, CORRECTION, OBJECTION AND RESTRICTION OF USE OF YOUR PERSONAL DATA

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access this personal data and to the following information:

• the purposes of the processing
• the categories of personal data that are being processed
• the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data is not collected from the data subject, all available information on the origin of the data
• in the case of automated decision-making, including profiling (meaningful information about the logic involved, as well as the significance and intended effects of such processing for you).

If your personal data is transferred to a third country or to an international organisation, you have the right to be informed about the appropriate ‘safeguards’ in place to ensure an adequate level of data protection in connection with the transfer. We will provide you with a free copy of the personal data that is being processed. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request electronically, you will receive the information in a commonly used electronic format, unless you specify otherwise. The right to receive a copy may be restricted if it would adversely affect the rights and freedoms of others. You have the right to request that we correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement. To exercise this right, please contact our data protection officer. You have the right to request the erasure of your personal data stored by us if one of the following criteria is met:

• The personal data is no longer necessary for the fulfilment of the agreed purpose.
• You withdraw a voluntary declaration of consent (however, this does not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal).
• Your personal data has been processed unlawfully.
• There is a legal obligation to erase the data.
• The personal data was collected in relation to information society services offered (persons under 16 years of age).

Furthermore, you have the right to request that we restrict processing if one of the following conditions applies:

• You dispute the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful and you oppose the erasure of your personal data and request the restriction of the use of your personal data instead.
• If we no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
• If you have objected to the processing, as long as it is not yet clear whether our legitimate reasons outweigh yours.

10. RIGHT TO DATA PORTABILITY

You have the right to receive the personal data we have stored about you, insofar as it is processed in an automated procedure, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided. When exercising your right to data portability, you have the right to have your personal data transferred directly from us to another controller, where technically feasible. The right to data portability may be restricted if the rights or freedoms of other persons are affected by the exercise of this right.

11. RIGHT OF WITHDRAWAL IN THE CASE OF CONSENT AND CONTINUATION OF CONSENT GRANTED

Insofar as we process personal data relating to you on the basis of a declaration of consent, you have the right to revoke the consent you have given. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. With regard to compliance with storage periods, point 8 of this privacy policy must also be observed in this regard.

12. RIGHT OF APPEAL TO THE SUPERVISORY AUTHORITY

If you feel it is necessary to lodge a complaint with the competent supervisory authority, you are free to do so at any time. The address of the competent supervisory authority in Bavaria is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de

13. OBLIGATION TO PROVIDE YOUR PERSONAL DATA AND POSSIBLE CONSEQUENCES OF REFUSING TO PROVIDE IT

We require the personal data collected from you in order to fulfil our contractual agreements.
Without this personal data, it may not be possible to fulfil these agreements.

14. AUTOMATED DECISION-MAKING AND PROFILING

No automated decision-making takes place with regard to you. No profiling (meaningful information about the logic involved, the scope and the intended effects of such processing on you) is carried out using the personal data collected from you.

15. CHANGE OF PURPOSE

If we intend to change the purpose for which your personal data was originally collected, we will inform you in advance in a detailed and transparent manner. In this case, we will of course provide you with all the information required by law. If the change of purpose involves the processing of personal data based on a voluntary declaration of consent, we will inform you accordingly and ask for your formal consent.

16. OPEN QUESTIONS, COMPLAINTS OR SUGGESTIONS

Please feel free to contact us with any questions, complaints or suggestions regarding data protection. If necessary, you are welcome to contact our data protection officer (see point 2 of this privacy policy).

Status of the privacy policy: 28 October 2025

This privacy policy is intended to provide information about the nature, scope and purpose of the collection and use of personal data by Green IT Solution GmbH in relation to trade fairs.
Green IT Solution GmbH takes the protection of personal data very seriously and treats it confidentially and in accordance with legal requirements.
Definitions of the terms used (e.g. ‘personal data’ or ‘processing’) can be found in Art. 4 GDPR.

1. Responsible body

The following entity is responsible for the collection and processing of your personal data and for compliance with data protection regulations:

Green IT Solution GmbH
Billerberg 5
82266 Inning am Ammersee
Germany
Phone: +49 89 215 37 01-0
Email: info@greenit-solution.de

2. DATA PROTECTION CONTACT

Our officially appointed data protection officer can be contacted at the following address:

Green IT Solution GmbH – Data Protection
Billerberg 5
82266 Inning am Ammersee
Email: datenschutz@greenit-solution.de

3. PURPOSE OF DATA COLLECTION

Your personal data will be processed for the following purposes:

• Sending information material upon request
• Processing enquiries
• Preparing individual quotations
• Drawing up a purchase, service or contract for work and services

4. LEGAL BASIS

If you provide us with your contact details in order to receive information about products, services or news, to arrange a consultation appointment or to respond to enquiries, the processing will be carried out on the following legal basis:
Article 6(1)(a) of the GDPR
‘… the data subject has given consent to the processing of his or her personal data for one or more specific purposes.’

If this involves the initiation or execution of contracts concluded with your company, this is done on the following legal basis:
Article 6 of the GDPR, paragraph 1, letter f
‘… processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data…’

5. FURTHER DETAILS ON DATA USE

Our legitimate interest lies in the fact that the initiation and execution of contracts with your company are only possible if we process a minimum amount of personal data (e.g. contact details of contact persons) in order to communicate efficiently and effectively.
For all matters relating to contracts or their initiation with you directly, e.g. the preparation of offers or the conclusion of purchase contracts, we process your personal data on the following legal basis:
Article 6 of the GDPR, paragraph 1, letter b
‘… processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.’

6. DISCLOSURE OF YOUR PERSONAL DATA

Your personal data will only be shared internally for the purposes defined in section 3 of this privacy policy, in accordance with the principle of data minimisation and other data protection principles.

Sharing within the group of companies:

Green IT Solution GmbH is part of a group of companies (PromoData GmbH, Green IT Solution GmbH, Green IT Services GmbH and HCD Consulting GmbH).
Within the framework of the shared management systems (certified according to ISO 9001, 27001, 45001 and EMAS) and the shared internal guidelines, personal data may be passed on to other companies in the group if this is necessary for the performance or support of the respective processing activity.
Such transfer shall only take place if the processing or task in question is actually carried out by another group company (e.g. IT, human resources or accounting services).
All affiliated companies are contractually and organisationally obliged to comply with data protection regulations.
Where necessary, personal data may also be transferred to HCD Consulting AG (a wholly owned subsidiary of HCD Consulting GmbH) in Switzerland, insofar as this is necessary for internal administrative purposes, for the provision of services or for the performance of contracts (Art. 6(1)(b) and (f) GDPR).
An adequacy decision has been issued by the European Commission for Switzerland.

This means that the level of data protection there is equivalent to that in the EU; additional safeguards (e.g. standard contractual clauses) are not required.

Your personal data may be disclosed externally in the following circumstances:

• Forwarding to our sales representatives for further processing of your request.
• The IT service providers working for us have access to your data within the scope of their administrative activities.

7. TRANSFER OF YOUR PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS (OUTSIDE THE SCOPE OF THE GDPR)

Your personal data will not be transferred to countries outside the EU or to international organisations. Should this become necessary in the future, you will be informed in advance and all necessary measures will be taken to protect your data.

8. STORAGE PERIOD AND DELETION

Your personal data will only be stored for as long as is necessary to fulfil the aforementioned purposes or as long as there are legal retention obligations.
After these periods have expired, your data will be deleted unless consent has been given for longer storage.

9. RIGHT TO INFORMATION, DELETION, CORRECTION, OBJECTION AND RESTRICTION OF USE OF YOUR PERSONAL DATA

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access this personal data and to the following information:

• the purposes of the processing
• the categories of personal data that are being processed
• the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• where the personal data are not collected from the data subject, any available information as to their source
• where there is automated decision-making, including profiling (meaningful information about the logic involved, as well as the significance and intended effects of such processing for you).

If your personal data is transferred to a third country or to an international organisation, you have the right to be informed about the appropriate ‘safeguards’ in place to ensure an adequate level of data protection in connection with the transfer. We will provide you with a free copy of the personal data that is being processed. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request electronically, you will receive the information in a commonly used electronic format, unless you specify otherwise. The right to receive a copy may be restricted if it would adversely affect the rights and freedoms of others. You have the right to request that we correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement. To exercise this right, please contact our data protection officer. You have the right to request the erasure of your personal data stored by us if one of the following criteria is met:

• The personal data is no longer necessary for the fulfilment of the agreed purpose.
• You withdraw a voluntary declaration of consent (however, this does not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal).
• Your personal data has been processed unlawfully.
• There is a legal obligation to erase the data.
• The personal data was collected in relation to information society services offered (persons under 16 years of age).

Furthermore, you have the right to request that we restrict processing if one of the following conditions applies:

• You dispute the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful and you oppose the erasure of your personal data and request the restriction of the use of your personal data instead.
• If we no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
• If you have objected to the processing, as long as it is not yet clear whether our legitimate reasons outweigh yours.

10. RIGHT TO DATA PORTABILITY

You have the right to receive the personal data we have stored about you, insofar as it is processed in an automated procedure, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided. When exercising your right to data portability, you have the right to have your personal data transferred directly from us to another controller, where technically feasible. The right to data portability may be restricted if the rights or freedoms of other persons are affected by the exercise of this right.

11. RIGHT OF WITHDRAWAL IN THE CASE OF CONSENT AND CONTINUATION OF CONSENT GRANTED

Insofar as we process personal data relating to you on the basis of a declaration of consent, you have the right to revoke the consent you have given. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. With regard to compliance with storage periods, point 8 of this privacy policy must also be observed in this regard.

12. RIGHT OF APPEAL TO THE SUPERVISORY AUTHORITY

If you feel it is necessary to lodge a complaint with the competent supervisory authority, you are free to do so at any time. The address of the competent supervisory authority in Bavaria is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de

13. OBLIGATION TO PROVIDE YOUR PERSONAL DATA AND POSSIBLE CONSEQUENCES OF REFUSING TO PROVIDE IT

In order to fulfil the tasks mentioned in point 3, we require your personal data, as we need to communicate with you for this purpose. Without the relevant contact details, this communication is not possible.

14. AUTOMATED DECISION-MAKING AND PROFILING

No automated decision-making takes place with regard to you. No profiling (meaningful information about the logic involved, the scope and the intended effects of such processing on you) is carried out using the personal data collected from you.

15. CHANGE OF PURPOSE

If we intend to change the purpose for which your personal data was originally collected, we will inform you in advance in a detailed and transparent manner. In this case, we will of course provide you with all the information required by law. If the change of purpose involves the processing of personal data based on a voluntary declaration of consent, we will inform you accordingly and ask for your formal consent.

16. OPEN QUESTIONS, COMPLAINTS OR SUGGESTIONS

Please feel free to contact us with any questions, complaints or suggestions regarding data protection. If necessary, you are welcome to contact our data protection officer (see point 2 of this privacy policy).

Status of the privacy policy: 28 October 2025

Dear network partners, dear friends,

With this privacy policy, we are fulfilling our legal information obligations in accordance with the General Data Protection Regulation (GDPR) and providing you with transparent information about how we handle your personal data.

1. Responsible body

The following entity is responsible for the collection and processing of your personal data and for compliance with data protection regulations:

Green IT Solution GmbH
Billerberg 5
82266 Inning am Ammersee
Germany
Phone: +49 89 215 37 01-0
Email: info@greenit-solution.de

2. DATA PROTECTION CONTACT

Our officially appointed data protection officer can be contacted at the following address:

Green IT Solution GmbH – Data Protection
Billerberg 5
82266 Inning am Ammersee
Email: datenschutz@greenit-solution.de

3. PURPOSE OF DATA COLLECTION

Your personal data will be processed for the following purposes:

• Establishing contact and coordinating potential collaboration
• Coordinating common interests
• Implementing collaboration
• Exchanging experiences

4. LEGAL BASIS

The processing of your personal data is based on Article 6(1)(f) of the GDPR.

5. FURTHER DETAILS ON DATA USE

In order to carry out our voting correspondence in accordance with point 3 of this privacy policy, we require a minimum amount of personal data. In this context, we always observe the principle of data minimisation.

6. DISCLOSURE OF YOUR PERSONAL DATA

Your personal data will only be shared internally for the purpose of fulfilling contractual obligations or other tasks related to the activities mentioned in point 3.

Sharing within the group of companies:

Green IT Solution GmbH is part of a group of companies (PromoData GmbH, Green IT Solution GmbH, Green IT Services GmbH and HCD Consulting GmbH).
Within the framework of the shared management systems (certified according to ISO 9001, 27001, 45001 and EMAS) and the shared internal guidelines, personal data may be passed on to other companies in the group if this is necessary for the performance or support of the respective processing activity.
Such transfer shall only take place if the processing or task in question is actually carried out by another affiliated company (e.g. IT, human resources or accounting services).
All affiliated companies are contractually and organisationally obliged to comply with data protection regulations.
Where necessary, personal data may also be transferred to HCD Consulting AG (a wholly-owned subsidiary of HCD Consulting GmbH) in Switzerland, insofar as this is necessary for internal administrative purposes, for the provision of services or for the performance of contracts (Art. 6(1)(b) and (f) GDPR).

The European Commission has issued an adequacy decision for Switzerland. This means that the level of data protection there is equivalent to that in the EU; additional safeguards (e.g. standard contractual clauses) are not required.

Your personal data may be disclosed externally under the following circumstances:

• Commissioning support services that require access to your personal data or where such access cannot be completely ruled out. (This includes, for example, IT support services, services related to invoicing or the use of tax advisory services.)
• Disclosure of your personal data due to legal obligations.
• Disclosure of your personal data to other network partners.

7. TRANSFER OF YOUR PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS (OUTSIDE THE SCOPE OF THE GDPR)

Your personal data will not be transferred to countries outside the EU or to international organisations. Should this become necessary in the future, you will be informed in advance and all necessary measures will be taken to protect your data.

8. STORAGE PERIOD AND DELETION

Your personal data will only be stored for as long as is necessary to fulfil the aforementioned purposes or as long as there are legal retention obligations.
After these periods have expired, your data will be deleted unless consent has been given for longer storage.

9. RIGHT TO INFORMATION, DELETION, CORRECTION, OBJECTION, AND RESTRICTION OF USE OF YOUR PERSONAL DATA

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access this personal data and to the following information:

• the purposes of the processing
• the categories of personal data that are being processed
• the recipients or categories of recipients to whom your personal data has been or will be disclosed, in particular recipients in third countries or international organizations
• if possible, the planned duration for which your personal data will be stored, or, if this is not possible, the criteria for determining this duration
• the existence of a right to rectify or erase personal data concerning you or to restrict processing by us or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• if the personal data is not collected from the data subject, all available information about the origin of the data
• if automated decision-making, including profiling, is used (meaningful information about the logic involved, as well as the significance and intended effects of such processing for you).

If your personal data is transferred to a third country or to an international organization, you have the right to be informed about the appropriate “safeguards” in place to ensure an adequate level of data protection in connection with the transfer. We will provide you with a free copy of the personal data that is being processed. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request electronically, you will receive the information in a commonly used electronic format, unless you specify otherwise. The right to receive a copy may be restricted if it would adversely affect the rights and freedoms of others. You have the right to request that we correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement. To exercise this right, please contact our data protection officer. You have the right to request the erasure of your personal data stored by us if one of the following criteria is met:

• The personal data is no longer necessary for the fulfillment of the agreed purpose.
• You withdraw a voluntary declaration of consent (however, this does not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal).
• Your personal data has been processed unlawfully.
• There is a legal obligation to delete the data.
• The personal data was collected in relation to information society services offered (persons under 16 years of age).

Furthermore, you have the right to request that we restrict processing if one of the following conditions applies:

• You dispute the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful and you oppose the erasure of your personal data and request the restriction of the use of your personal data instead.
• If we no longer need your personal data for the purposes of processing, but you need it to assert, exercise, or defend legal claims.
• If you have objected to the processing, as long as it is not yet clear whether our legitimate reasons outweigh yours.

10. RIGHT TO DATA PORTABILITY

You have the right to receive the personal data we have stored about you, insofar as it is processed in an automated procedure, in a structured, commonly used, and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided. When exercising your right to data portability, you have the right to have your personal data transferred directly from us to another controller, insofar as this is technically feasible. The right to data portability may be restricted if the rights or freedoms of other persons are affected by the exercise of this right.

11. RIGHT OF WITHDRAWAL IN THE CASE OF CONSENT AND CONTINUATION OF CONSENT GRANTED

Insofar as we process personal data relating to you on the basis of a declaration of consent, you have the right to revoke the consent you have given. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. With regard to compliance with storage periods, point 8 of this privacy policy must also be observed in this regard.

12. RIGHT TO APPEAL TO THE SUPERVISORY AUTHORITY

If you feel it is necessary to lodge a complaint with the competent supervisory authority, you are free to do so at any time. The address of the competent supervisory authority in Bavaria is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de

13. OBLIGATION TO PROVIDE YOUR PERSONAL DATA AND POSSIBLE CONSEQUENCES OF REFUSING TO PROVIDE IT

You are under no obligation to provide your personal data.
Failure to provide personal data will not result in any disadvantage to you.

14. AUTOMATED DECISION-MAKING AND PROFILING

No automated decision-making takes place with regard to you personally. No “profiling” (meaningful information about the logic involved, the scope, and the intended effects of such processing on you personally) is carried out using the personal data collected from you.

15. CHANGE OF PURPOSE

If we intend to change the purpose for which your personal data was originally collected, we will inform you in advance in a detailed and transparent manner. In this case, we will of course provide you with all the information required by law. If the change of purpose involves the processing of personal data based on a voluntary declaration of consent, we will inform you accordingly and ask for your formal consent.

16. OPEN QUESTIONS, COMPLAINTS OR SUGGESTIONS

Please feel free to contact us with any questions, complaints or suggestions regarding data protection. If necessary, you are welcome to contact our data protection officer (see point 2 of this privacy policy).

Status of the privacy policy: 28 October 2025

This privacy policy is intended to provide information about the nature, scope and purpose of the collection and use of personal data in connection with outdoor video surveillance by Green IT Solution GmbH at its Ellwangen site.
Green IT Solution GmbH takes the protection of personal data very seriously and treats it confidentially and in accordance with legal requirements. As new technologies and the constant development of data processing procedures and methods may result in changes to this privacy policy, we recommend that you review the privacy policy at regular intervals.
Definitions of the terms used (e.g. ‘personal data’ or ‘processing’) can be found in Art. 4 GDPR.

1. Responsible body

The following entity is responsible for the collection and processing of your personal data and for compliance with data protection regulations:

Green IT Solution GmbH
Billerberg 5
82266 Inning am Ammersee
Germany
Phone: +49 89 215 37 01-0
Email: info@greenit-solution.de

2. DATA PROTECTION CONTACT

Our officially appointed data protection officer can be contacted at the following address:

Green IT Solution GmbH – Data Protection
Billerberg 5
82266 Inning am Ammersee
Email: datenschutz@greenit-solution.de

3. PURPOSE OF DATA COLLECTION

Video surveillance serves to protect against burglary, theft and damage to property. In the event of such incidents, the recordings are intended to assist in the investigation and, if necessary, serve as evidence.
They will not be used for any other purpose.

4. LEGAL BASIS

The data is processed in accordance with GDPR Art. 6 (1) (f) to safeguard legitimate interests:
‘ … processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data prevail …’

5. FURTHER DETAILS ON DATA USE

The legitimate interest pursued by Green IT Solution GmbH is the effective protection of the company’s property. Past incidents have shown that video surveillance contributes significantly to the investigation and evidence gathering in the event of incidents. In addition, video surveillance is a recognised means of prevention.
The rights and freedoms of individuals are protected by limited storage time and a focus on important and critical areas.

6. DISCLOSURE OF YOUR PERSONAL DATA

Your personal data will only be shared internally for the purposes defined in section 3 of this privacy policy, in accordance with the principle of data minimisation and other data protection principles.
The recordings will only be viewed in the event of an incident by a small, pre-defined group of employees.
Data is stored securely on Green IT Solution GmbH servers on the company’s premises.

Sharing within the group of companies:

Green IT Solution GmbH is part of a group of companies (PromoData GmbH, Green IT Solution GmbH, Green IT Services GmbH and HCD Consulting GmbH).
Within the framework of the shared management systems (certified according to ISO 9001, 27001, 45001 and EMAS) and the shared internal guidelines, personal data may be passed on to other companies in the group if this is necessary for the performance or support of the respective processing activity.
Such transfer shall only take place if the processing or task in question is actually carried out by another affiliated company (e.g. IT, human resources or accounting services).
All affiliated companies are contractually and organisationally obliged to comply with data protection regulations.
Where necessary, personal data may also be transferred to HCD Consulting AG (a wholly owned subsidiary of HCD Consulting GmbH) in Switzerland, insofar as this is necessary for internal administrative purposes, for the provision of services or for the performance of contracts (Art. 6(1)(b) and (f) GDPR).
An adequacy decision has been issued by the European Commission for Switzerland.

This means that the level of data protection there is equivalent to that in the EU; additional safeguards (e.g. standard contractual clauses) are not required.

Your personal data is not usually disclosed to external parties, but may be disclosed in the following circumstances:

• In the context of investigating incidents and gathering evidence, information may be passed on to investigating authorities.
• Green IT Solution GmbH is supported in the operation and administration of the video system by TELENOT ELECTRONIC GMBH, Wiesentalstraße 60, 73434 Aalen. In the context of necessary maintenance work (e.g. troubleshooting), it is theoretically possible that employees of the service provider may have access to the video recordings.
• In the context of building surveillance, Schwäbisch Hall Facility Management GmbH, Crailsheimer Straße 52, 74523 Schwäbisch Hall, also has live access to the image transmission from the cameras. There is no access to the stored videos.

As required by Article 28 of the General Data Protection Regulation (GDPR), a so-called data processing agreement has been concluded with both service providers, which on the one hand ensures confidentiality and on the other hand guarantees that access to the area where the video data is stored will only be granted in cases of absolute necessity and on the instructions of Green IT Solution GmbH (e.g. in the event of an error).

7. TRANSFER OF YOUR PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS (OUTSIDE THE SCOPE OF THE GDPR)

Your personal data will not be transferred to a third country or to an international organisation outside the EU/EEA.

8. STORAGE PERIOD AND DELETION

Your personal visitor data will be automatically deleted by ‘Einfach Gast’ in accordance with the storage periods agreed with us, at the latest after 3 months.
Longer storage will only take place if this is necessary to investigate a security-related incident. In this case, the data will be deleted immediately after the process has been completed.

9. RIGHT TO INFORMATION, DELETION, CORRECTION, OBJECTION AND RESTRICTION OF USE OF YOUR PERSONAL DATA

You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to access this personal data and to the following information:

• the purposes of the processing
• the categories of personal data that are being processed
• the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to rectification or erasure of personal data concerning you or to restriction of processing by us or a right to object to such processing
• the existence of a right to lodge a complaint with a supervisory authority
• where the personal data are not collected from the data subject, any available information as to their source
• where there is automated decision-making, including profiling (meaningful information about the logic involved, as well as the significance and intended effects of such processing for you).

If your personal data is transferred to a third country or to an international organisation, you have the right to be informed about the appropriate ‘safeguards’ in place to ensure an adequate level of data protection in connection with the transfer. We will provide you with a free copy of the personal data that is being processed. For any further copies you request, we may charge a reasonable fee based on administrative costs. If you make the request electronically, you will receive the information in a commonly used electronic format, unless you specify otherwise. The right to receive a copy may be restricted if it affects the rights and freedoms of other persons. You have the right to request that we correct any inaccurate personal data concerning you without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement. To exercise this right, please contact our data protection officer. You have the right to request the erasure of your personal data stored by us if one of the following criteria is met:

• The personal data is no longer necessary for the fulfilment of the agreed purpose.
• You withdraw a voluntary declaration of consent (however, this does not affect the lawfulness of the processing carried out on the basis of the consent until its withdrawal).
• Your personal data has been processed unlawfully.
• There is a legal obligation to erase the data.
• The personal data was collected in relation to information society services offered (persons under 16 years of age).

Furthermore, you have the right to request that we restrict processing if one of the following conditions applies:

• You dispute the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data.
• The processing is unlawful and you oppose the erasure of your personal data and request the restriction of the use of your personal data instead.
• If we no longer need your personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
• If you have objected to the processing, as long as it is not yet clear whether our legitimate reasons outweigh yours.

10. RIGHT TO DATA PORTABILITY

You have the right to receive the personal data we have stored about you, insofar as it is processed in an automated procedure, in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, to whom the personal data was provided. When exercising your right to data portability, you have the right to have your personal data transferred directly from us to another controller, where technically feasible. The right to data portability may be restricted if the rights or freedoms of other persons are affected by the exercise of this right.

11. RIGHT OF WITHDRAWAL IN THE CASE OF CONSENT AND CONTINUATION OF CONSENT GRANTED

Insofar as we process personal data relating to you on the basis of a declaration of consent, you have the right to revoke the consent you have given. However, this does not affect the lawfulness of the processing carried out on the basis of the consent until revocation. With regard to compliance with storage periods, point 8 of this privacy policy must also be observed in this regard.

12. RIGHT OF APPEAL TO THE SUPERVISORY AUTHORITY

If you feel it is necessary to lodge a complaint with the competent supervisory authority, you are free to do so at any time. The address of the competent supervisory authority in Bavaria is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
91522 Ansbach
Phone: +49 (0) 981 180093-0
Fax: +49 (0) 981 180093-800
Email: poststelle@lda.bayern.de

13. OBLIGATION TO PROVIDE YOUR PERSONAL DATA AND POSSIBLE CONSEQUENCES OF REFUSING TO PROVIDE IT

If you do not want recordings of yourself to be stored, you must remain outside the areas covered by video surveillance. These areas are signposted.

14. AUTOMATED DECISION-MAKING AND PROFILING

No automated decision-making takes place with regard to you. No profiling (meaningful information about the logic involved, the scope and the intended effects of such processing on you) is carried out using the personal data collected from you.

15. CHANGE OF PURPOSE

If we intend to change the purpose for which your personal data was originally collected, we will inform you in advance in a detailed and transparent manner. In this case, we will of course provide you with all the information required by law. If the change of purpose involves the processing of personal data based on a voluntary declaration of consent, we will inform you accordingly and ask for your formal consent.

16. OPEN QUESTIONS, COMPLAINTS OR SUGGESTIONS

Please feel free to contact us with any questions, complaints or suggestions regarding data protection. If necessary, you are welcome to contact our data protection officer (see point 2 of this privacy policy).

Status of the privacy policy: 28 October 2025