Privacy Policy
This Privacy Policy is a translation of the German Privacy Policy. In case of discrepancies, the German Privacy Policy shall prevail.
We place the highest value on protecting your data and maintaining your privacy. Below, we provide information on the collection and use of personal data when using our website.
Controller:
Greenmark IT GmbH
Leinstraße 3
31061 Alfeld (Leine)
Deutschland
Telephone: +49 (0) 5181 8 55 37 - 0
Telefax: +49 (0) 5181 8 55 37 - 29
E-Mail: hostmaster@greenmark-it.de
1. Anonymous Data Collection
You may visit our websites without providing any personal information. In this context, no personal data is stored without your consent. To improve our offerings, we only analyze statistical data that does not allow us to draw conclusions about your identity. The following data is collected when accessing our websites: date, time and duration of visit, web browser and browser settings used, internet service provider, approximate location, country, and IP address.
2. General Information on Data Processing and Legal Bases
This privacy policy informs you about the type, scope, and purpose of the processing of personal data within our online services and related websites, functions, and content (hereinafter collectively referred to as "Online Offer" or "Website"). This privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) used to execute the Online Offer.
The terms used, such as "personal data" or "processing," refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
The personal data of users processed within the scope of this Online Offer includes inventory data (e.g., names and addresses of customers), contract data (e.g., services used, names of personnel, payment information), usage data (e.g., the websites visited within our Online Offer, interest in our products), and content data (e.g., entries in the contact form).
The term "user" encompasses all categories of data subjects affected by the data processing. These include our business partners, customers, prospects, and other visitors to our Online Offer. The terms used, such as "user," are intended to be gender-neutral.
We process users' personal data only in compliance with the applicable data protection provisions. This means that user data is processed only when a legal permission exists, i.e., particularly if data processing is required for the provision of our contractual services (e.g., order processing) and online services, or when legally required, when the user has given consent, or based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation and security of our Online Offer pursuant to Art. 6(1)(f) GDPR, in particular in measuring reach and collecting access data).
We point out that the legal basis for consent is Art. 6(1)(a) and Art. 7 GDPR, the legal basis for processing for the fulfillment of our services and implementation of contractual measures is Art. 6(1)(b) GDPR, the legal basis for processing for compliance with our legal obligations is Art. 6(1)(c) GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6(1)(f) GDPR.
3. Security Measures
We implement organizational, contractual, and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are observed and to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and by the lock symbol in your browser's address bar.
When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
4. Collection and Processing
Collection and Processing of Data in Response to Inquiries via Email, Telephone, or Fax** When you contact us via email, telephone, or fax, your inquiry, including all personal data resulting therefrom (name, inquiry), will be stored and processed for the purpose of addressing your concerns. We will not disclose this data without your consent.
The processing of this data is based on Article 6(1)(b) of the General Data Protection Regulation (GDPR), provided that your inquiry is related to the fulfillment of a contract or is necessary for the execution of pre-contractual measures. In all other cases, the processing is based on your consent (Article 6(1)(a) GDPR) and/or on our legitimate interests (Article 6(1)(f) GDPR), as we have a legitimate interest in the effective handling of inquiries directed to us.
The data you send us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage ceases to apply (e.g., after the completion of processing your inquiry). Mandatory statutory provisions – in particular, statutory retention periods – remain unaffected.
5. Collection, Processing, and Use of Personal Data
We collect personal data only to the extent provided by you. The processing and use of your personal data occur for the fulfillment and execution of your order as well as for the processing of your inquiries. After the complete fulfillment of the contract, all personal data will initially be stored, taking into account tax and commercial law retention periods, and will then be deleted after the retention period has expired, provided that you have not consented to further processing and use.
6. Transfer of data to third parties and third-party providers
Transfer of data to third parties occurs only within the framework of statutory provisions. We disclose users' data to third parties only if this is necessary for contractual purposes based on Article 6(1)(b) GDPR or based on legitimate interests according to Article 6(1)(f) GDPR for the economic and efficient operation of our business.
If we employ subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data in accordance with the applicable legal provisions.
For all other data processing activities over which we do not have control, particularly for domain registration services, the data controller is the registry operator of the respective top-level domain (TLD) as well as ICANN or agents as joint controllers with the registry operator.
If, within the framework of this privacy policy, contents, tools, or other means from other providers (hereinafter collectively referred to as "third-party providers") are used and their specified seat is located in a third country, it is assumed that a data transfer to the countries of residence of the third-party providers takes place. "Third countries" are understood to mean countries in which the GDPR is not directly applicable, i.e., generally countries outside the EU or the European Economic Area. The transfer of data to third countries occurs either when there is an adequate level of data protection, user consent, or otherwise a legal permission is in place.
Our website incorporates tools from companies based in the USA. If these tools are activated, your personal data may be transferred to the respective companies' US servers. We would like to point out that the USA is not considered a safe third country under EU data protection law. US companies are required to disclose personal data to security authorities without you being able to take legal action against this as the data subject. Therefore, it cannot be ruled out that US authorities (e.g., intelligence services) may process, evaluate, and permanently store your data located on US servers for surveillance purposes. We have no influence over these processing activities. Under the so-called “Data Privacy Framework” (DPF), the EU Commission has also recognized the level of data protection as adequate for certain companies from the USA under the adequacy decision of July 10, 2023. You can find the list of certified companies and additional information about the DPF on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English). We will inform you in the privacy notices which service providers we use are certified under the Data Privacy Framework.
7. Collection of Access Data and Logfiles
Based on our legitimate interests in accordance with Article 6(1)(f) GDPR, we collect data about each access to the server on which this service is located (so-called server logfiles). Access data includes the name of the retrieved website, file, date and time of retrieval, amount of data transmitted, notification of successful retrieval, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
Logfile information is stored for security reasons (e.g., for the clarification of abuse or fraud) for a maximum of 4 weeks and then deleted. Data whose further retention is necessary for evidential purposes are exempt from deletion until the final clarification of the respective incident.
8. Rights of data subject
Users have the right to obtain, upon request and free of charge, information about the personal data that we have stored about them.
Additionally, users have the right to rectify inaccurate data, restrict processing, and delete their personal data, where applicable, to assert their rights to data portability, and in the case of unlawful data processing, to lodge a complaint with the competent supervisory authority. Supervisory authorities: https://www.datenschutz-bayern.de/infoquel/ds-inst/deutschland-privat.html
Users may also revoke their consent, generally with future effect. Please send your request to datenschutz(at)greenmark-it.de.
9. Information for Applicants
We have established a separate mailbox for applications, which can be reached at bewerbung(at)greenmark-it.de. This mailbox is exempt from email archiving. If you send your application to a different address, we cannot prevent its storage.
If you wish for us to consider you for other open positions in our company and retain your application beyond the maximum retention period of 6 months, please let us know.
We assume that we may respond to unencrypted application emails unencrypted as well. If you do not wish this, please indicate so in your application email.
Application documents will be retained for a maximum of 6 months after receipt, unless you wish for us to consider your application for future job postings.
10. Newsletter
Use of the e-mail address for sending newsletters
We use your e-mail address to send you information and offers by newsletter, provided you have expressly consented to this. The data processing serves the sole purpose of advertising. For this purpose, we process your e-mail address and any other data that you have voluntarily provided when registering for our newsletter. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by sending us a message. Your e-mail address will then be removed from the mailing list. Despite removal from the mailing list, we may continue to store your email address in a blacklist to prevent you from receiving future newsletter emails from us. This storage takes place on the basis of Art. 6 para. 1 lit. f GDPR out of our and your legitimate interest in preventing the reuse of your e-mail address for sending our newsletter. You have the right to object to this processing of your personal data at any time on grounds relating to your particular situation.
Use of CleverReach
We use the service of CleverReach GmbH & Co. KG (Schafjückenweg 2, 26180 Rastede; "CleverReach") within the scope of order processing. We pass on the information provided by you during the newsletter registration (e-mail address, first and last name, if applicable) to CleverReach. The data processing serves the purpose of sending the newsletter and its statistical evaluation. In order to evaluate newsletter campaigns, the newsletters sent contain a 1x1 pixel graphic (tracking pixel) or a tracking link. This enables us to determine whether you have opened the newsletter and whether you have clicked any integrated links. Conversion tracking enables us to analyse whether, for example, a purchase has been made after clicking a link in the newsletter or you have registered on our website. Within this context, we collect your personal data such as IP address, browser type and device as well as the time. A usage profile can be generated from this data under a pseudonym. The data collected will not be used to identify you personally. The collected data is only used for statistical analysis to improve newsletter campaigns. The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you. You can find more information and the Cleverreach privacy policy at: https://www.cleverreach.com/de-de/datenschutz/ and https://www.cleverreach.com/de-de/newsletter-tool/newsletter-reporting/.
Use of Brevo (formerly Sendinblue)
We use the service of Sendinblue GmbH (Köpenicker Straße 126, 10179 Berlin; "Brevo") for the newsletter dispatch within the scope of order processing. We pass on the information you provide when registering for the newsletter (e-mail address, first and last name, if applicable) to Brevo. The data processing serves the purpose of sending the newsletter and its statistical evaluation. In order to evaluate newsletter campaigns, the sent e-mail newsletters contain a 1x1 pixel graphic (tracking pixel) and/or a tracking link. This enables us to determine whether you have opened the newsletter and whether you have clicked any integrated links. Within this context, your personal data such as IP address, browser type and device as well as the time of opening may also be collected. From this data, user profiles can be created under a pseudonym. The data collected will not be used to identify you personally. The collected data is only used for statistical analysis to improve newsletter campaigns. The processing of your personal data is based on Art. 6 para. 1 lit. f GDPR from our overriding legitimate interest in a targeted, effective advertising and user-friendly newsletter system. On grounds relating to your particular situation, you have the right to object at any time to this processing of personal data concerning you. You can find more information and Brevo's privacy policy at: https://www.brevo.com/de/legal/privacypolicy/.
11. Disclosure of Data to Law Enforcement Authorities
We reserve the right to disclose personal data to the competent law enforcement authorities if there are concrete indications of unlawful activities. This applies in particular in cases of suspected fraud, identity theft, or other criminal offenses in connection with orders placed through our online shop. The legal basis for this is Art. 6 (1) lit. f GDPR in conjunction with Section 24 BDSG, as we have a legitimate interest in investigating and preventing criminal acts, and disclosure is necessary to enable prosecution.
12. Data Deletion
The data stored with us will be deleted as soon as it is no longer necessary for the purpose for which it was collected and there are no statutory retention obligations opposing deletion. If the users' data cannot be deleted because it is required for other legally permissible purposes, its processing will be restricted, meaning that the data will be blocked and not processed for other purposes. This applies, for example, to users' data that must be retained for commercial or tax reasons. According to legal regulations, retention is for 6 years in accordance with § 257 (1) HGB (Commercial Code) (commercial books, inventories, opening balances, annual financial statements, commercial correspondence, booking documents, etc.) and for 10 years in accordance with § 147 (1) AO (Fiscal Code) (books, records, management reports, booking documents, commercial and business letters, tax-relevant documents, etc.).
13. Right of Objection
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS DUE TO OUR OVERWHELMING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.
F YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE DATA CONCERNED. FURTHER PROCESSING IS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS, AND FREEDOMS, OR IF THE PROCESSING IS NECESSARY FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA CONCERNING SUCH MARKETING. YOU MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE THE PROCESSING OF THE PERSONAL DATA CONCERNING DIRECT MARKETING PURPOSES.
14. Data Protection Officer
If you have any questions regarding this statement or our handling of your data, please feel free to contact our Data Protection Officer:
HB E-Commerce Rechtsanwaltsgesellschaft mbH
Kohlgartenstraße 11-13
04315 Leipzig
datenschutz(at)greenmark-it.de
If we do not respond to your inquiry to your satisfaction or within a reasonable time frame, you have the option to contact the data protection supervisory authorities.
15. Changes to the Privacy Policy
We regularly make changes to our privacy policy to ensure compliance with legal regulations in the future. Your rights to information, rectification, deletion, and objection remain unaffected by such changes. Please always pay attention to the latest version of the update.
Users are encouraged to regularly inform themselves about the content of the privacy policy.
As of: 08/2025