Confidentiality and protection of your personal data („Data“) is very important to us. We process Data of our clients, business partners and their employees ("you") exclusively on the basis of the legal regulations in force particularly with regard to the General Data Protection Regulation ("GDPR").
We herewith inform you about the most important aspects of the Data processing and your corresponding rights.
1. General information
The controller of the Data processing activities as described in this Privacy Policy is
GreenTech & Industry Partners GmbH
Julius-Tandler-Platz 6/4 A-1090 Vienna, Austria
(in the following referred to as "we", "us")
For any request and further information regarding the processing of your Data, please contact us at office@gtip.at.
2. Data we process
We process in particular Data necessary to provide and administrate our services such as name, address, contact person, e-mail address, telephone number, legal and tax registration numbers, project/contract and company information.
3. Purpose & legal basis of the processing
We process your Data for the performance of:
- our duties according to our (pre-)contractual relationship with you (Art 6 (1) lit b GDPR) (e.g. completion of an order),
- compliance with other legal obligations (Art 6 (1) lit c GDPR) (e.g. compliance obligations, statutory retention obligations),
- and/or for the purpose of legitimate interests, except where such interests are overridden by your interests in the confidentiality of your Data (Art 6 (1) lit f GDPR).
4. Data storage
Your Data is stored for as long as you or your employer is in a business relationship with us and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).
5. Transfer of data
As far as necessary for rendering our services and duties according to our relationship, your Data may be transferred to third parties, in particular to the following recipients in the course of the processing:
- (potential) contract and project partners
- banks and financial institutions
- notaries, lawyers, tax advisers
- service providers (processors such as accountants, IT-service providers)
- authorities.
All service providers are obliged to keep your personal Data confidential and may use your personal Data only on our behalf and in line with our instructions.
If the above-mentioned recipients of your Data are located outside the EEA and it has not been established by a decision of the EU Commission that the country concerned has an adequate level of Data protection, we will ensure that the transfer takes place on the basis of standard contractual clauses (as amended from time to time) or otherwise in accordance with Articles 46, 47 or 49 GDPR.
6. Data security
We take all necessary and appropriate technical and organizational measures to protect the rights and freedoms of Data subjects as well as review these measures on a regular basis. Accordingly, our IT providers are contractually obliged to adhere to all standards of applicable Data protection laws. Please note that e-mails are sent using commercially available software programs, some of which are not encrypted. If contents to be transmitted are particularly confidential or worthy of protection for Data subjects, they should be transmitted to us by post or end-to-end encrypted.
7. Your rights
Information and access
You are entitled to obtain information from us as to which Data are being processed and to get access to that Data upon your request. We will provide you with a copy of the Data undergoing processing free of charge, unless the disclosure may adversely affect the rights and freedoms of others.
Withdrawing consent
Should you have consented to a specific use of your Data, you can withdraw that consent at any time, by contacting us under above mentioned e-mail address.
Rectification and Erasure
You are entitled to request rectification of inaccurate Data or completion of incomplete Data concerning you without undue delay.
You are entitled to request erasure of Data without undue delay, if:
- Data are no longer necessary in relation to the purposes for which they were collected,
- You object to the processing,
- Data have been unlawfully processed,
- Data have to be erased for compliance with a legal obligation applicable to us.
However, we are not obliged to execute such erasure if processing is necessary:
- for exercising the right of freedom of expression and information,
- for compliance with a legal obligation to which we are subject,
- for the establishment, exercise or defence of legal claims.
Restriction of Processing
You are entitled to request the restriction of processing of Data in the following circumstances and for the following periods of time:
- you contest the accuracy of the Data concerning you; restriction of processing may be affected for a period enabling us to verify the accuracy of the relevant Data,
- the processing is unlawful and you oppose the erasure of the Data and request the restriction of their use instead,
- we do no longer need the Data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,
- you have objected to processing, for the period until the verification whether our legitimate grounds override those of you.
Data Portability
You are entitled to Data portability, namely to receive your Data which you have provided to us and which is processed
- based on the concluded contract
- and by automated means
in a structured, commonly used and machine-readable format.
You are entitled to request that the Data is transmitted directly to another controller by us, where technically feasible. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of Data concerning you which is based on our legitimate interests according to Art 6 (1) f GDPR. If you object to processing of your Data we shall cease to process this Data unless our legitimate interests to processing your Data prevail.
Right to file complaint
If you believe your Data protection rights have been infringed in any way, you can complain to the competent supervisory authority. In Austria this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, www.dsb.gv.at).