A. Data protection declaration according to the GDPR
1. Name and address of the controller
The controller for purposes of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data privacy nature is:
Greensill Bank AG
Tel.: +49 421 3075-0
2. Name and address of the data protection officer
The data protection officer is:
Mr. Ingo Dibowski
Greensill Bank AG
Tel.: +49 421 3075-221
Fax: +49 421 3075-210
4. Collection of general data and information
The website of Greensill Bank AG collects a series of general data and information each time the internet site is opened by a data subject or an automated system. This general data and information is saved in the logfiles of the server. It can collect the type and versions of the browser used, the operating system used by the accessing system, the website from which an accessing system came to our website (so-called referrer), the sub-website that steered the accessing website to our website, the date and time of an access to the website, an internet protocol address (IP address), the internet service provider of the accessing system and other similar data and information, that serves the emergency response in the case of an attack on our information technology systems.
Greensill Bank AG can draw no conclusions about the data subject by using this general data and information.
5. Registration on our website
It is not possible to register on the website of Greensill Bank AG.
Greensill Bank AG does not create a newsletter.
7. Newsletter tracking
Newsletter tracking is not used by Greensill Bank AG.
8. Blog with comment function
A blog with comment function is not provided by Greensill Bank AG.
9. Contact options
Electronic contact on the website of Greensill Bank AG is only possible via the provided email address. If the data subject makes contact with the controller via this channel, the personal data transmitted by the data subject are automatically stored. The storage is solely for the purpose of processing or contacting the data subject. The data will not be disseminated to third parties.
10. Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only as long as required to achieve the purpose of storage. It may also be stored in so far as this is stipulated in regulations of the European Union by European or national legislators, or the laws or other regulations to which the controller is subject.
As soon as the purpose of storage lapses or a storage period prescribed by the aforementioned regulations expires, the personal data are routinely blocked or deleted.
11. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of GDPR and you are entitled to the following rights with respect to the controller:
11.1 Right to information
You may require the controller to confirm whether your personal data are processed by us.
If there is such processing, you can request information from the person responsible about the following:
a. the purposes for which the personal data are processed;
b. the categories of personal data that are processed;
c. the recipients or categories of recipients to whom your personal data have been or will be disclosed;
d. the planned duration of the storage of your personal data relating to you or, if it is not possible to give specific information, the criteria for determining the storage duration;
e. the right to rectification or deletion of your personal data, a right to limit the processing by the controller or a right to object to such processing;
f. the right of appeal to a supervisory authority;
g. all available information about the origin of the data, if the personal data are not collected from the data subject;
h. the existence of automated decision-making, including profiling in accordance with article 22 (1) and (4) of the GDPR and, at least in these cases, meaningful information about the logic involved, the scope and the intended impact of such processing for the data subject.
You have the right to request information about whether the personal data relating to you are transmitted to a third party country or to an international organisation. In this context, you may demand to be informed of the appropriate guarantees in accordance with article 46 of the GDPR in connection with the transmission.
11.2 Right to rectification
You have the right to rectification and/or completion from the controller, if your processed personal data are incorrect or incomplete. The controller must make the correction without delay.
11.3 Right to restrict processing
Under the following conditions, you may request the restriction of the processing of your personal data:
a. if you dispute the accuracy of your personal data, for a period of time which allows the controller to verify the accuracy of the personal data;
b. the processing is unlawful, and you reject the erasure of the personal data and instead demand the restriction of the use of personal data;
c. the controller no longer needs the personal data for the purposes for which they are processed, but they need them for the assertion, exercise or defence of legal claims, or
d. if you have filed an objection against the processing in accordance with article 21 (1) of the GDPR and have not yet established whether the legitimate reasons of the controller outweigh your reasons.
If the processing of your personal data has been restricted, this data, apart from its storage, may only be processed subject to your consent or to the assertion, exercise or defence of legal claims or to protect the rights of another natural person or legal entity or for reasons of an important public interest of the European Union or of a Member State.
If the limitation of processing has been restricted according to the above conditions, the controller will inform you before the restriction is lifted.
11.4 Right to erasure
11.4.1. You may demand that the controller erase your personal data immediately, and the controller is obligated to remove this data immediately, provided that one of the following reasons applies:
a. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
b. You revoke your consent to the processing according to article 6 (1)(a) or article 9 (2)(a) GDPR and there is no other legal basis for processing.
c. You file an objection pursuant to article 21 (1) GDPR to the processing and there are no overriding reasons for the processing, or you file an objection to the processing in accordance with article 21 (2) GDPR.
d. your personal data has been processed unlawfully.
e. the erasure of your personal data is necessary for the fulfilment of a legal obligation under the law of the European Union or the law of the Member States to which the controller is subject.
f. Your personal data has been collected in relation to information society services provided in accordance with article 8 (1) of the GDPR.
11.4.2. If the controller has made your personal data public and they are obligated to delete it in accordance with article 17 (1) GDPR, they shall, taking into account the available technology and the implementation costs, take appropriate measures, including of a technical nature, they shall notify the controllers that process the personal data that the data subject has requested the erasure of all links to this personal data or of copies or replicas of such personal data..
11.4.3. The right to erasure does not exist if the processing is necessary
a. for the exercise of the right to freedom of expression and information;
b. to fulfil a legal obligation, which requires processing under the law of the European Union or of the Member State to which the controller is subject, or to carry out a task, which is in the public interest or in the exercise of public authority that has been vested in the controller;
c. for reasons of public interest in the field of public health in accordance with article 9 (2) (h) and (i) and article 9 (3) GDPR;
d. for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with article 89 (1) GDPR, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of this processing;
e. for the assertion, exercise or defence of legal claims.
11.5 Right to be informed
If you have exercised the right to rectify, erase or restrict the processing to the controller, the latter is obligated to inform all recipients to whom your personal data was disclosed, to make this correction or erasure of the data or restrict the processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed by the controller about these recipients.
11.6 Right to data transferability
You have the right to receive your personal data, which you have provided to the controller, in a structured, common and machine-readable format. You also have the right to transmit this data to another controller without hindrance by the controller to whom the personal data were provided, if
a. The processing is based on a consent according to the article 6 (1)(a) GDPR or article 9 (2) (a) GDPR or in a contract pursuant to article 6 (1) (b) GDPR and
b. the processing is done using automated procedures.
In exercising this right, you also have the right to ascertain that your personal data was transmitted directly from a controller to another controller, as far as this is technically feasible. Freedoms and rights of other persons may not be infringed by this.
The right to transfer data does not apply to the processing of personal data necessary for the performance of a task, which is in the public interest or is carried out in the exercise of public authority that has been vested in the controller.
11.7 Right to object
You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process your personal data, unless they can prove compelling reasons for the processing that outweigh your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims.
If your personal data is processed for direct advertising, you have the right to object to the processing of your personal data at any time for the purpose of such advertising; this also applies to profiling as far as it is related to such direct advertising.
If you object to the processing for direct advertising purposes, then your personal data will no longer be processed for these purposes.
In connection with the use by information society services, irrespective of Directive 2002/58/EC, you have the option to exercise your right of objection by means of automated procedures that use technical specifications.
11.8 Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of the consent does not affect the legality of the processing due to the consent until the revocation.
11.9 Existence of automatic decision making
As a responsible company, we do not engage in automatic decision making or profiling.
11.10 Right to appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State of your domicile, your workplace or the location of the suspected Infringement if you consider that the processing of your personal data is in breach of the GDPR.
The supervisory authority, at which the complaint was filed, shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under article 78 of the GDPR.
12. Transfer of data to third parties
The website is hosted by Plutex GmbH, Bremen.
13. Legal basis for processing
In so far as we obtain the consent of the data subject for the processing of personal information, article 6 (1) (a) EU General Data Protection Regulation (GDPR) is the legal basis.
Article 6 (1) (b) GDPR is the legal basis for the processing of personal data necessary to fulfil a contract, to which the data subject is a party. This also applies to processing, which is necessary for the implementation of pre-contractual measures.
In so far as a processing of personal data is necessary to fulfil a legal obligation, to which our company is subject, article 6 (1) (c) GDPR is the legal basis.
Article 6 (1) (d) GDPR is the legal basis in the event that vital interests of the data subject or other natural persons require the processing of personal data.
If the processing is necessary to maintain a legitimate interest of our company or a third party and the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, article 6 (1)(f) GDPR is the legal basis for processing. The legitimate interests of our company lie in the conduct of our business activities.
14. Duration of storage of personal data
Personal data will be stored for the duration of the respective statutory retention period. At the end of the period, the data will be erased routinely, unless they are required for the initiation of a contract or the performance of the contract.