Data Protection Declaration
By visiting this website, you agree to the processing of certain personal data. While there is no personal data collected during the initial page load, certain functions of this website and related services can trigger processing of personal data, which is why visitors shall be informed about the details of this processing, its purpose, and of course their personal rights. Every data processing process on this website occurs in accord with federal data protection law, including the General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (BDSG)Federal Data Protection Law (BDSG). Therefore an agreement for this data processing is obtained if there is no legal basis for an individual case of data processing.
Responsible in the sense of the GDPR and the BDSG is:
Neighbourhoodie Software GmbH, Ohlauer Straße 43, 10999 Berlin, Germany
Email: [email protected]
Phone: +49 157 334 87 590
Managing Directors: Jan Lehnardt, Simone Haas
Business Seat: Berlin
Registration Court: Amtsgericht Charlottenburg
Registration Number: HRB 157851 B
Value added tax ID acc. to § 27a UStG: DE 2945 12169
Responsible for content: Jan Lehnardt, Simone Haas
Short Version: “Your Rights”
In accord with the GDPR and the BDSG, the persons affected by data processing have a right to Access (Art. 15 GDPR) for the data that is collected from them. They can request a confirmation of the data processing and a handout of the collected data. Additionally, they have a right to lodge a complaint with a supervisory authority (Art. 77 GDPR), a right to rectification (Art. 16 GDPR) that can also be evoked due to incomplete data. They have a right to erasure (“right to be forgotten”) (Art. 17 GDPR), a right to restriction of processing (Art. 18 GDPR), as well as a right to data portability (Art. 20 GDPR). Persons affected have a right to object (Art. 21 GDPR) to the future processing of their data, and the restrictions regarding the automatic individual decision-making, including profiling (Art. 22 GDPR) are in place.
This website uses so-called “cookies” (session cookies and permanent cookies). Cookies are text files generated by a server, in which information about the user that is accessing the site is stored. These cookies are stored on the user’s device. Session cookies are only valid for the duration of the website visit, permanent cookies are permanently stored on the user’s device. On repeated website access by the user, the server can identify the user by use of the permanent cookies and process the user-related information. The data that is collected by cookies can be merged with the data collected via the creation of user profiling.
If the user does not agree to the usage of cookies, they have the option to disable usage of cookies via their web browser, as well as to delete already created cookies. When not using cookies, the correct display and functionality of the website cannot be assured.
Cookies are exclusively used for enabling security features by our service provider Cloudflare.
Statistics, Display, Co-operation with federal authorities
We are not collecting statistical data.
When registering and using our Greenkeeper service, it is possible that user-related data is collected. This data is exclusively transferred to the following commissioned third parties:
|Asana, 1550 Bryant Street, 8th Floor, San Francisco, CA 94103||Project planning||TNH, internal||DPA|
|Slack, San Francisco, 500 Howard Street, San Francisco, CA 94105, United States||Communication||TNH, internal||DPA|
|Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA||E-Mail, Contact form, Google Drive for document processing||TNH, Greenkeeper||DPA|
|Mailchimp, Atlanta, Georgia, USA||Distribution of newsletter for informational and/or advertising reasons||Greenkeeper Exit-Survey||DPA|
|Digital Ocean, CA, USA||Hosting||Greenkeeper||https://www.digitalocean.com/security/gdpr/data-processing-agreement/|
|Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia||CRM||Greenkeeper Enterprise||https://www.pipedrive.com/en/privacy|
|Stripe, San Francisco, CA, USA||Payment provider Greenkeeper SaaS||Greenkeeper SaaS||https://stripe.com/de/privacy|
|Quaderno, Las Palmas, Barcelona, Berlin||Taxation EU when payment for Greenkeeper SaaS||Greenkeeper SaaS||https://quaderno.io/privacy/|
|Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA||Hosting||Webseite https://greenkeeper.io||DPA|
|Rollbar, 51 Federal Street, Suite 401, San Francisco, CA 94107||Error Reporting||Greenkeeper SaaS||In PDF form in our cloud|
|CloudAMQP, 84codes AB, Sveavägen 98, 11350 Stockholm, Sweden||Job queue||Greenkeeper SaaS||https://www.cloudamqp.com/dpa.html|
|Intercom R&D Unlimited Company, Stephen Court, 18-21 St. Stephen’s Green, Dublin 2, Republic of Ireland||Greenkeeper Support, reachable over [email protected], [email protected]||Greenkeeper Support||DPA|
Transmission of data is not legally or contractually obligated, and there is no other obligations for it. However, the transmission is required for completion of contracts provided by us, since we cannot complete our services without this transmission of data.
In addition to the general information about the Right to Revocation of an Agreement (see below), we inform you that you, at any time, have the possibility to revoke any collection, processing and/or usage of data transmitted to us. A revocation like this is not bound to a certain submission method and can therefore be submitted using your preferred mode of communication.
Contact via E-Mail
If you contact us via E-Mail, the information under the heading “Contact Form” applies.
Duration and Deletion
The data processed on this website will be deleted upon reaching the intended purpose of its processing, but not before expiration of a legal retention period. The data will be saved for as long as is required for conclusion and/or fulfillment of a contract, if there are no other contractual of legal obligations related to store of this data.
Legal basis for the processing of data is GDPR Art. 6 §1a if the data is processed according to consent of the affected individual. However, the data processing is often based on GDPR Art. 6 §1b for contract fulfillment, or on GDPR Art. 6 §1f for protection of interests. Said interests represent the act of providing and maintaining the online services for informing (potential) customers and (potential) business partners, as well as other parties interested in this online appearance. In exceptional cases, the legal basis can also be another reason as described in GDPR Art. 6 §1c-e.
According to the GDPR and the BDSG, the persons affected by data processing have the following rights:
Right to Information: Affected parties can request a confirmation of the processing of their personal data from the responsible parties. This includes information about the intent of the processing, the recipients or categories of recipients that receive the processed data, and, if possible, the planned duration of the criteria for setting the duration of data retention. It also includes the existence of a right to erasure or rectification of the data, the existence of a right to submitting complaints to the supervisory authorities, information about the origin of the data if it did not originate from the affected party, the existence of an automated decision making including profiling and, in these cases, the involved logic as well as the scope and the intended consequences, and finally, information regarding transmission of data into third-party countries or to an international organization in these cases. Affected parties also have the right to receive a copy of the processed data.
If the right to rectification, erasure or restriction is invoked, the affected can request to see who the processed data is transmitted to.
Right to lodge a complaint with a supervisory authority: Affected parties have the right to lodge a complaint with a supervisory authority if they hold the belief that the processing of data violated the GDPR.
Right to rectification: Affected parties can request the rectification of incorrect related user data. A rectification can also lie in the completion of relevant data.
Right to erasure (“right to be forgotten”): Affected parties can request the immediate erasure of personal data, if the data is currently irrelevant for the specified purpose, or, if the legal basis for data processing is the consent of the affected, if this consent is retracted and there is no other legal basis for the processing of data. Affected parties can request erasure if the they object according to GDPR Art. 21 §1 against the processing of data, and if there are no prioritised qualifying reasons, or if the affected objects according to GDPR Art. 21 §2. They can request erasure if the data is illegally processed, or if the erasure is necessary for fulfillment of a legal requirement according to union law or the law of the member state(s) of the affected, or if the data was upraised in relation to provided services of the information society according to GDPR Art. 8 §1. The requirement to erasure does not apply to the affected if the processing occurs for exercising the right to free speech and information, if the processing occurs to fulfill a legal obligation that is required according to union law or law of the member state(s) of the affected, for realization of an obligation in public interest, for reasons of public interest in the area of public health, for archival reasons in public interest, for scientific or historic research purposes or for statistical purposes according to GDPR Art. 89 §1, as far as the right to erasure hinders the realization of these goals or makes them unattainable, or as far as it is required for the enforcement or defending of legal claims.
Right to restriction of processing: Affected parties can request a restriction of processing from the responsible parties, if the correctness of the personal data is contested by the affected. This right is exercised for a time period which allows for the affected to verify the correctness of the data, and subsequently if the processing of the data would be unlawful. The affected can also exercise the right to restriction of processing if the processing of data is unlawful and, instead of erasure of personal data, request restriction of processing of personal data. The right can also be exercised if the responsible party does no longer need personal data for purposes of data processing, or if the affected has objected to the processing according to GDPR Art. 21 §1, as long as it is unclear whether the reasoning of the responsible parties outweighs those of the affected parties. In case the right to restriction of processing is exercised, the data can only be processed with consent of the affected parties, or for reasons of enforcement or defense of legal claims from an important public interest of the union or the member states. The affected parties are to be informed about annulment of the restriction.
Right to Data Portability: Affected parties can request their personal data that is available to the responsible parties be provided in a structured, common, and machine-readable format. They have a claim that this data is transmitted to another responsible party without interruptions, if the processing occurs on the basis of a mutual agreement or for purposes of contract fulfillment, and if it happens using automated processes. The direct transmission to another responsible party can be requested as far as it is feasible technically.
Right to Object: Affected parties can object against the processing of related personal data at all times, if the processing is required for the realization of a duty in public interest, or the enforcement of public interest is required by the responsible parties, or if the processing is required for preservation of the stated interests of the responsible parties or other affiliated third parties and as far as the interests or basic rights and freedoms of protection of personal data do not outweigh it. This also applies to data-based profiling. Processing has to be omitted when not compelling, protection-worthy reasoning that outweighs the interests, rights and freedoms of the affected can be produced for the processing of data, or when the processing serves the enforcement or defence of legal claims.
Affected parties can object at all times if the processing takes place for purposes of direct advertising. This also applies for profiling (for more details, see below), as far as it is related to such direct advertising. In such cases, further processing of data is not allowed.
The right to object can be exercised regardless of the guidelines 2002/58/EG via automated processes, for which technical specifications are in use. The affected can only object against the processing that occurs because of scientific or historical research purposes according to GDPR Art. 89 §1 if the processing is not required for fulfilling a task in public interest.
Automatic individual decision-making, including profiling: Affected parties can demand to not be subjected to a decision that is based exclusively on automated processing (including profiling) that may have legal consequences or other significant impairments, unless it is for contract conclusion or fulfillment, or if it is required due to legal regulations of the union or member state(s) of the responsible parties, and these regulations include appropriate measures for preservation of the rights and freedoms as well as the justified interests of the affected, or if the automated processing occurred with consent of the affected.
Right to Revocation: The possibility to revoke any agreement for the processing of personal data without naming of any reasons exists at all times and without a specified form. A revocation merely has to be declared to the responsible parties or towards a representative of any of the responsible parties.