Unless expressly indicated otherwise, this policy and all terms used therein shall be interpreted in line with the stipulations and definitions of the General Data Protection Regulation (GDPR)
The controller in the meaning of data protection law is:
Green Mare Services Lda. & Comandita („we“, „us“, „our“),
Avenida Arriaga, 42b Edifício Arriaga 6.2,
9000-064 Funchal, Madeira, Portugal
2. Purposes and Legal Basis of the Data Processing
We undertake to comply with all data protection provisions and requirements when handling the data of visitors and users of our website. In general, we process your data exclusively to the extent necessary and permitted by data protection law in order to provide you with our website and the content and services provided thereon. We may supplement the following general information in context of the specific data collection (e.g. forms on our website).
a. Informational Use of our Website
For the purpose of technically providing the website, we may need to process certain automatically submitted information from you in order for your browser to display our website and for you to use the website. This information is automatically collected each time you visit our website and stored in server log files. These log files contain, inter alia, the following information: IP address, date and time of the server request, pages accessed, referrer-URL (the previously visited page). The log files are automatically deleted after one week.
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 letter f GDPR and Art. 6 para. 1 sentence letter b GDPR, as far as the processing is necessary to operate the website.
The temporary storage of the IP address is necessary to enable the website to be delivered to the user’s computer. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 para. 1 sentence 1 letter f GDPR.
The aforementioned data is stored for a duration of […]
b. When Using our Services / Products
We process the personal data of our users on the basis of Art. 6 para. 1 sentence 1 letter b GDPR in order to provide them with our contractual or pre-contractual services (e.g. data access). The data processed by us includes, for example, your profile data (customer ID, company, contact details, payment data) and further information you provide when requesting specific services (e.g. via data forms) or concluding agreements with us.
c. When Contacting us
If you contact us with an inquiry and provide us with personal data, we will process this data only to the extent necessary to respond to your inquiry. If your inquiry is of a contractual or pre-contractual nature, we will process your data on the basis of Art. 6 para. 1 sentence 1 letter b DSGVO; otherwise on the basis of our legitimate interests to be able to process your inquiry to your satisfaction on the basis of Art. 6 para. 1 sentence 1 letter f DSGVO.
d. (Third Party) Tracking Mechanisms (e.g. Cookies)
|Cookie-Name||Data recipients||Purpose||Storage duration||Essential|
• as far as we deploy essential cookies this is based on Art. 6 para. 1 letter b GDPR as the cookies are required to provide our services,
• as far as we use optional cookies, this is based on Art. 6 para. 1 sentence 1 letter a GDPR and your express consent provided via our cookie consent tool.
e. Legal Compliance
We also process your personal data in order to fulfil other legal obligations that we are subject to in connection with the provision of our services to you. These may include retention periods under commercial, trade or tax law.
The processing of your data for the fulfillment of legal obligations is based on Art. 6 para. 1 sentence 1 letter c GDPR.
f. Law Enforcement / fraud prevention and other legitimate business interests
We may also process your personal data (i) in order to assert our rights and enforce our legal claims or defend ourselves against legal claims and/or (iii) for the purpose of detecting fraudulent behavior and misuse of our services.
We process your data for the aforementioned purposes based on our legitimate interests pursuant to Art. 6 para 1 sentence 1 letter f GDPR.
4. Disclosure of Personal Data to Third Parties / Recipients of Data
We do not transfer your personal data to third parties unless this is necessary to fulfill our legitimate business purposes (e.g. data-sharing with IT providers) or provide our services or we are required to do so by law, court order or governmental authority. For the provision of our services we may use technical service providers by way of data processing in accordance with Art. 28 GDPR.
5. Transfer of Personal Data to a Third Country
In general, we do not transfer your personal data to Third Countries within the meaning of the GDPR outside the European Economic Area unless we expressly inform you otherwise in this privacy notice or by separate notice. If data is transferred to a third country, this is always done in accordance with the requirements of Art. 44 ff GDPR. In particular, if there is no EU Commission adequacy decision for the country in question, we will conclude the respective current Standard Contractual Clauses with the data recipient and, if necessary, check and implement further required measures.
6. Duration of Storage
We generally store your data as long is as this required for the respective purposes for which your data is collected.
In addition, we will store your personal data until any legal claims arising from the relationship with you become time-barred, in order to be able to use them as evidence if necessary. The limitation period is generally 36 months, but can also be up to 30 years.
Upon expiry of the limitation period, we delete your personal data, unless there is a legal obligation to further store such data, for example pursuant to the German Commercial Code (sec. 238, 257 para. 4 HGB) or from the Tax Code (sec. 147 para. 3, 4 AO). These retention obligations can last from two to ten years.
7. Rights of the Data Subjects
Under the GDPR you are entitled to the following rights as data subject, which you can assert against us:
– Right to access: You are entitled to request confirmation from us at any time within the scope of Art. 15 GDPR as to whether we are processing personal data relating to you; if this is the case, you are also entitled under Art. 15 GDPR to receive information about and access to such personal data as well as other specific information (inter alia, processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of transfers to third countries, the appropriate guarantees) and a copy of the data.
– Right to rectification: According to Art. 16 GDPR, you are entitled to demand correction of the personal data stored about you if it is inaccurate or incorrect.
– Right to erasure: You are entitled, under the conditions of Art. 17 GDPR, to request from us the erasure of personal data relating to you without delay. Please note, that there is no right of erasure inter alia if the processing of personal data is necessary for (i) the exercise of the right to freedom of expression and information, (ii) the fulfilment of a legal obligation to which we are subject (e.g. statutory retention obligations) or (iii) the assertion and exercise of or defence against legal claims.
– Right to restrict processing: Under the conditions of Art. 18 GDPR you are entitled to request from us the limitation of the processing of your personal data.
– Right to data portability: You are entitled, under the conditions of Art. 20 GDPR, to request from us the provision to you of the personal data relating to you that you have submitted to us in a structured, current and machine-readable format.
– Right of revocation: You have the right to revoke your consent to the processing of personal data at any time with effect for the future without incurring any costs other than the transmission costs according to the basic rates.
– Right of appeal to a supervisory authority: You are entitled to file a complaint with a supervisory authority, in particular in the Member State of your place of residence, work or suspected infringement, under the conditions laid down in Article 77 GDPR, if you believe that the processing of personal data concerning you infringes the GDPR. The right of appeal is not prejudicial to any other administrative or judicial remedy.
However, we recommend that you always address a complaint to us first.
Right to Object pursuant to Art. 21 GDPR
You have the right to object at any time to processing of your personal data which is based on the legitimate interests pursued by us or a third party, on grounds relating to your particular situation or if the objection is directed against general or direct advertising tailored to you. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.
If you wish to exercise your right of objection, please send us an e-mail to email@example.com or contact us by other means (cf. no. 1).
8. Voluntary and Mandatory Provision of Data
You are under no legal or contractual obligation to provide us with your data. Please note, however, that the provision of some data is necessary in order to provide you with the services offered on the website.
9. Automated Decision-making/Profiling
We do not use automated decision making or profiling (an automated analysis of your personal circumstances).