Privacy Information

We are pleased to welcome you to our website. The protection of your personal data is an important concern for us. Below, we inform you in accordance with Articles 12, 13, and 21 of the General Data Protection Regulation (GDPR) about the handling of your personal data when using the website https://cagc-de.eu/ (hereinafter referred to as “Website”). Personal data refers to individual details concerning personal or factual circumstances of a specific or identifiable natural person. This includes information such as name, address, telephone number, and date of birth.

A. Controller & Data Protection Officer

This privacy information applies to data processing by:

Central Agency for Green Commerce GmbH
Langenstücken 36 A

D-22393 Hamburg

Email: datenschutz@cagc-de.eu

B. Collection and Storage of Personal Data as well as Type and Purpose of Their Use

I. Informational Use of the Website

You can visit the website without providing any personal information. If you merely use the website for informational purposes (i.e., not signing up, registering, or entering into a contract) and browse the website without entering personal data, no personal data will be processed, except for the data that your browser automatically transmits to our server. Since some of this data, such as your IP address, is considered personal data, you will find information about its processing on this website below:

When accessing our website, your browser automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until automated deletion:

  • IP address of the requesting computer,
  • Date and time of access, time zone,
  • Access status/HTTP status code,
  • Name and URL of the retrieved file,
  • Amount of data,
  • Website from which access occurs (referrer URL)
  • Used browser,
  • If applicable, the operating system of your computer as well as the name of your internet service provider.

The data mentioned above is processed by us for the following purposes:

  • Ensuring a smooth connection setup of the website,
  • Ensuring a comfortable use of our website,
  • Evaluating system security and stability as well as
  • Other administrative purposes.

The legal basis for data processing is Article 6 (1) sentence 1 lit. f GDPR. Our legitimate interest arises from the above-listed purposes for data collection.

II. User Inquiries

In addition to the purely informational use of our website, you can actively use our website to contact us. In addition to the processing of your personal data during a purely informational use, we also process further personal data that we need to respond to your contact inquiry.

To process and respond to your inquiries to us, e.g., to our email address or through the contact form provided on the website, we process the personal data you provide in this context. This always includes your name, email address, and telephone number to provide you with a response, as well as any other information you send us as part of your message.

We process your personal data to respond to user inquiries based on the following legal bases:

  • To protect our legitimate interests according to Article 6 (1) lit. f GDPR; our legitimate interest lies in properly answering customer inquiries;
  • If the inquiry aims at concluding a contract, the additional legal basis is Article 6 (1) lit. b GDPR;
  • If the inquiry aims at asserting your rights as a data subject, the additional legal basis is Article 6 (1) lit. c GDPR, as the processing of your data is necessary for fulfilling legal obligations.

III. Enforcement of Rights

Your personal data is also processed to assert our rights and enforce our legal claims. Additionally, your personal data is processed to defend against legal claims. Finally, your personal data is processed as far as necessary to prevent or investigate criminal offenses.

The personal data mentioned above is processed on the following legal bases:

  • To protect legitimate interests according to Article 6 (1) sentence 1 lit. f GDPR, as far as legal claims are asserted or we defend ourselves in legal disputes or prevent or investigate criminal offenses.

IV. Compliance with Legal Regulations

We also process your personal data on our website to fulfill other legal obligations. These may arise from processing orders or business communications. This includes, in particular, retention periods under commercial, trade, or tax law.

We process your personal data based on the following legal basis:

  • To fulfill a legal obligation to which we are subject according to Article 6 (1) lit. c GDPR in conjunction with commercial, trade, or tax law, as far as we are obliged to record and retain your data.

V. Company Sale/Merger, etc.

We process your personal data under certain circumstances to handle a (partial) sale of the company or a merger (or similar processes such as acquisition in the context of liquidation, insolvency, dissolution, etc.) with another company. In the event that another company acquires the assets, which may also include your personal data, from us or intends to acquire them, or we carry out or aim for a merger with another company, we may have to grant this company access to your personal data stored with us or transfer this data for the purpose of examining and executing the sale/merger of the company (e.g., to determine the company’s value or business risks, to transfer data/assets, etc.).

We process your personal data based on the following legal basis

  • To protect our legitimate interests according to Article 6 (1) lit. f GDPR to organize and carry out a planned company sale or planned merger.

VI. Disclosure of Data, Categories of Recipients

Your data will generally only be disclosed to third parties if this is legally permitted or required or if you have given your consent. Your data will also be shared with the necessary extent with the service providers used to provide our services. The disclosure of data is limited to what is necessary to provide our services for you. In some cases, service providers receive your data as processors and are strictly bound by our instructions when handling your data. In other cases, the recipients act independently with your data, which is transmitted to them.

The following categories of recipients are used:

  • IT service providers for hosting and designing the website;
  • Collection agencies and legal advisors in asserting claims;
  • Public authorities and institutions, as far as we are legally obligated to do so.

No transmission of your personal data to third parties occurs for other than the purposes listed below.

VII. Transfer to Third Countries

No personal data is transmitted to service providers outside the European Economic Area (EEA).

VIII. Duration of Storage

1. Informational Use

In the case of purely informational use of the website, your personal data is stored on the servers exclusively for the duration of the visit to the website. After you leave the website, your personal data will be stored for a duration of 365 days. After this storage period, your data will be automatically deleted unless we need it for other purposes (especially for evidential purposes in the case of attacks on our server infrastructure or other legal violations).

2. User Inquiries

In the case of active use of the website, your personal data will initially be stored for the duration of responding to your inquiry or for the duration of the business relationship. This also includes the initiation of a contract (pre-contractual relationship) and the processing and execution of a contract.

Additionally, your personal data will be stored until the statute of limitations for any legal claims arising from the relationship with you has expired, so that they can be used as evidence if necessary. The statute of limitations typically ranges from 1 to 3 years but can also be up to 30 years.

Upon expiration of the statute of limitations, your personal data will be deleted unless there is a legal obligation to retain it, for example, under the Commercial Code (§§ 238, 257 Abs. 4 HGB) or the Fiscal Code (§ 147 Abs. 3, 4 AO). These retention obligations may range from two to ten years.

IX. Rights of Affected Persons

If personal data is processed from you, you are considered an “affected person” under the GDPR. You have the right:

  • According to Article 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage duration, the existence of a right to rectification, deletion, restriction of processing, or objection, the existence of a right to lodge a complaint, the source of your data, if it has not been collected from us, as well as information about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • According to Article 16 GDPR, to request the immediate rectification of inaccurate or the completion of your personal data stored with us;
  • According to Article 17 GDPR, to request the deletion of your personal data stored with us, as far as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, or for asserting, exercising, or defending legal claims;
  • According to Article 18 GDPR, to request the restriction of processing of your personal data as far as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion, and we no longer need the data, but you need it for the assertion, exercise, or defense of legal claims, or you have lodged an objection to the processing according to Article 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format, or to request the transfer to another controller;
  •  in accordance with Art. 7 (3) GDPR, to revoke your consent once given to us at any time. As a result, we will no longer be permitted to continue the data processing that was based on this consent for the future, and
  • in accordance with Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority of your usual place of residence or workplace or our company’s headquarters.

The relevant supervisory authority is:

The Hamburg Commissioner for Data Protection and Freedom of Information

Ludwig-Erhard-Str. 22

20459 Hamburg

Tel.: (040) 428 54-4040

Fax: (040) 428 54-4000

Email: mailbox@datenschutz.hamburg.de

However, we recommend that you first always direct a complaint to our data protection officer or the data protection contact of the respective platform operator.

Your requests to exercise your rights should, if possible, be addressed in writing to the address provided above or directly to our data protection officer.

X. Right to Object

If your personal data is processed based on legitimate interests according to Art. 6 (1) sentence 1 lit. f GDPR or Art. 6 (1) sentence 1 lit. e) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data, provided that there are reasons arising from your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

If you wish to exercise your right of withdrawal or objection, it is sufficient to send an email to datenschutz@cagc-de.eu.

XI. Website – Extent of Your Obligation to Provide Data

In general, you are not required to provide us with your personal data. However, if you do not do so, we may not be able to provide you with, among other things, our website, respond to your inquiries, send you information, or enter into a contract with you.

XII. Profiling / Automated Decision-Making

We do not use methods of profiling (an automated analysis of your personal circumstances) or automated decision-making.

XIII. Updates and Changes to This Privacy Policy

This privacy policy is currently valid and was last updated in November 2022.

Due to the further development of our website and offers or due to amended legal or regulatory requirements, it may become necessary to change this privacy policy. The latest privacy policy can be accessed at any time on the website at https://cagc-de.eu/datenschutz/.