Datenschutz | green flexibility

PRIVACY POLICY

Information on Data Processing for This Website in Accordance with Art. 13 of the EU General Data Protection Regulation (GDPR) Regarding the Collection of Personal Data from the Data Subject

(Version: GDPR 2.1, November 2025)

The green flexibility development GmbH is the controller for this website and, as a provider of an online service, is obliged at the start of your visit to inform you in a precise, transparent, understandable, and easily accessible manner—using clear and simple language—about the type, scope, and purpose of the collection and use of personal data. This information must be available to you at all times.

We place the utmost importance on the security of your data and compliance with data protection regulations. The processing of personal data is subject to the provisions of currently applicable European and national laws.

The following data protection information is intended to show you how we handle your personal data and how you can get in touch with us:

green flexibility development GmbH
Bahnhofstraße 6

87435 Kempten
Germany

Phone: +49 831 206935 0
Email: hallo@green-flexibility.com

Authorized Managing Directors:
Christoph Ostermann (CEO), Christoph Lienert, Bernd Arkenau, and Hermann Schweizer

Our Data Protection Officer:
Sven Lenz
Datenschutzkanzlei Lenz GmbH & Co. KG
Bahnhofstraße 50
87435 Kempten
Germany

If you have any questions regarding data protection or other privacy-related matters, you are welcome to send an email to our data protection team at: datenschutz@green-flexibility.com

A. General

For better readability, we avoid gender-specific differentiation. In the sense of equal treatment, all terms apply to all genders. The meaning of terms used, such as “personal data” or its “processing,” can be found in Article 4 of the GDPR.

Personal data processed in connection with this website include:

Usage data (e.g., pages visited on our website)
Content data (e.g., entries in online forms)

B. Specific

Data Protection Information
We ensure that any data collected from you is processed solely in connection with handling your inquiries, for internal purposes, and to provide the services or content you request.

Legal Basis for Data Processing
We process your personal data only in compliance with applicable data protection regulations and on the basis of the following legal grounds:

Processing for the performance of our services and the execution of contractual measures
Article 6(1)(b) GDPR
Processing to fulfill our legal obligations
Article 6(1)(c) GDPR
Consent
Article 6(1)(a) and Article 7 GDPR
Processing to safeguard our legitimate interests
Article 6(1)(f) GDPR

Transfer of Data to Third Parties
Please note that data may be transferred to third parties.

Your data is shared with third parties only within the framework of legal requirements. We only share your data when necessary, e.g., for contractual purposes, or based on legitimate interests in the economic and efficient operation of our business.

If we use subcontractors to provide our services, we take appropriate legal, technical, and organizational measures to ensure the protection of personal data in accordance with applicable legal provisions.

Transfer of Data to a Third Country or an International Organization
A “third country” is a country where the GDPR does not apply directly, generally meaning any country outside the EU or European Economic Area.

Data may be transferred to a third country or an international organization.

In doing so, the EU Commission’s adequacy decision is taken into account. This means that the third country or international organization provides an adequate level of data protection.

For transfers to the USA: Since July 2023, an adequacy decision of the EU Commission (Data Privacy Framework) recognizes the USA as a third country with a data protection level comparable to the EU. The adequacy decision can now serve as a legal basis for data transfers to certified organizations in the USA.

The US services used are certified under the Data Privacy Framework. Details are available from the individual services.

Storage Duration of Your Personal Data
We adhere to the principles of data minimization and avoidance. This means we only store your data as long as necessary to fulfill the purposes mentioned above or as required by statutory retention periods. Once the respective purpose no longer applies or the statutory retention periods have expired, your data is routinely blocked or deleted in accordance with legal requirements.

Contact
When contacting us electronically (e.g., via contact form or email), personal data is processed. The information you provide is stored solely for the purpose of processing your request and for any follow-up questions.

The legal basis for this is:

Processing for the performance of our services and the execution of contractual measures (Article 6(1)(b) GDPR)

Please note that emails can be intercepted or altered without authorization during transmission. Additionally, we use software to filter unwanted emails (spam filter). Emails may be rejected if they are mistakenly identified as spam due to certain characteristics.

What Rights Do You Have?

a) Right of Access
You have the right to obtain free information about the personal data we have stored about you. Upon request, we will provide you in writing with details of which personal data we hold, including the source of the data, recipients, and the purpose of processing.

b) Right to Rectification
You have the right to have your personal data corrected if it is inaccurate. You may also request a restriction of processing, for example, if you dispute the accuracy of your personal data.

c) Right to Restriction of Processing
You may request that your data be blocked. To ensure that a restriction of processing can always be respected, the data must be kept in a blocked file for control purposes.

d) Right to Erasure
You can request the deletion of your personal data, provided that no statutory retention obligations exist. If such obligations exist, we will block your data upon request. If the legal requirements are met, we will also delete your personal data without requiring a request from you.

e) Right to Data Portability
You have the right to request that we provide the personal data you have submitted to us in a format that allows transfer to another controller.

f) Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority.

Our competent supervisory authority:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27, 91522 Ansbach, Germany
Phone: +49 981 53-1300
Fax: +49 981 53-981300

The complaint form can be accessed via the following link: https://www.lda.bayern.de/de/beschwerde.html

Note: A complaint may also be lodged with any data protection supervisory authority within the EU.

g) Right to Object
You have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data under Article 6(1)(e) and (f); this also applies to profiling based on these provisions.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

If personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such advertising; this also applies to profiling insofar as it is related to such direct marketing. In the event of such an objection, we will no longer process your personal data for direct marketing purposes. It is sufficient to send us a corresponding email.

h) Right of Withdrawal
You have the right at any time to withdraw your consent to the processing of your personal data with effect for the future, without providing any reasons. The withdrawal does not result in any disadvantages for you. It is sufficient to send us a corresponding email.

Such a withdrawal, however, does not affect the lawfulness of processing carried out up to the time of withdrawal based on Article 6(1)(a) GDPR.

To exercise your rights as a data subject, please send an email to one of the addresses mentioned above.

Protection of Your Personal Data
We implement contractual, technical, and organizational security measures according to the state of the art to ensure compliance with data protection laws and to protect processed data against accidental or intentional manipulation, loss, destruction, or unauthorized access.

These security measures include, in particular, the encrypted transmission of data between your browser and our server. A 256-bit SSL (AES 256) encryption technique is used for this purpose.

Your personal data are protected in connection with the following points (excerpt):

a) Maintaining the confidentiality of your personal data
To maintain the confidentiality of the data stored with us, we have implemented various measures for access, entry, and access control.

b) Maintaining the integrity of your personal data
To maintain the integrity of the data stored with us, we have implemented various measures for transfer and input control.

c) Maintaining the availability of your personal data
To maintain the availability of the data stored with us, we have implemented various measures for order and availability control.

The security measures in use are continuously improved in line with technological developments. Despite these precautions, due to the insecure nature of the Internet, we cannot guarantee the security of data transmission to our website. Therefore, any data transmission by you is at your own risk.

Protection of Minors
Personal information may only be provided to us by individuals under the age of 16 if the explicit consent of their legal guardians is given. These data are processed in accordance with this privacy policy.

Server Log Files
The provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include:

Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of the server request
IP address

A merging of these data with other data sources does not take place.

The legal basis for data processing is, according to Article 6(1)(f) GDPR, our legitimate interest.

Online Applications via a Form

We offer applicants a career section on our website where we advertise open positions. Applications for these positions can be submitted via an online form, which redirects to a subpage. Participation in the application process requires applicants to provide all personal data necessary for a thorough and informed evaluation and selection via the form.

To facilitate this, we use the service provider Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany, to whom the data is transmitted when the page is accessed and the data is entered. Information about data protection in the application process is provided directly within the input form. We have concluded a data processing agreement with the provider, which ensures the protection of the data and prohibits unauthorized disclosure to third parties.

Information obligations within the framework of the application process are provided directly on the career page.

Cookies are small text files stored locally in the cache of your web browser. Cookies enable, for example, the recognition of your browser. The files are used to help the browser navigate the website and to fully utilize all functions.

We use the following technically necessary cookies, from our perspective and from the provider Wix:

XSRF-TOKEN: Cookie for fraud detection on calls (session)
Hs: Security cookie for Hive (session)
svSession: Session cookie for identification (6 months)
SSR-caching: Performance cookie for rendering (24 hours)
server-session-bind: Cookie for API protection (session)

The processing is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Our interest lies in the secure and efficient provision of content on our website.

Cookie Consent Tool

To obtain effective user consent for cookies and cookie-based applications that require consent, we use a so-called “Cookie Consent Tool.”

This website uses the Cookie Consent Tool from Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany (booked via the provider Wix).

The Cookie Consent Tool is displayed to users upon visiting the page in the form of an interactive interface, where consent for specific cookies and/or cookie-based applications can be granted via checkboxes. Using the tool ensures that all consent-required cookies/services are only loaded if the respective user has given consent by checking the box. This guarantees that such cookies are set on the user’s device only if consent has been given.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed in this context.

If, in individual cases, personal data (e.g., IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this occurs based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, aiming for a legally compliant, user-specific, and user-friendly consent management for cookies, and thus for a legally compliant design of our website.

Another legal basis for processing is Art. 6(1)(c) GDPR. As a controller, we are legally obliged to make the use of technically unnecessary cookies dependent on the respective user’s consent.

Further information about the operator and settings of the Cookie Consent Tool can be found directly in the respective interface on our website.

Website Hosting

For hosting our website and displaying its content, we use the system of the following provider: Wix.com Inc., 100 Gansevoort Street, New York, NY 10014. This provider, in turn, uses the Google Cloud Platform for hosting.

All data collected on our website is processed on the provider’s servers.

We have concluded a data processing agreement or standard contractual clauses with Wix, which ensures the protection of our website visitors’ data and prohibits unauthorized disclosure to third parties.

Data may be transferred to a third country (here: USA) or an international organization. Since July 2023, an adequacy decision by the EU Commission (Data Privacy Framework) exists, which recognizes the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can now serve as a basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, Google LLC is listed as a certified company.

Use of Google Maps

We use Google Maps (API) on this website, provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”). Google Maps is a web service for displaying interactive map data. Using this service, our location is shown to you and directions are facilitated.

Where legally required, we have obtained your consent for the processing of your data as described above in accordance with Art. 6(1)(a) GDPR in conjunction with § 25 TTDSG.

You can revoke your consent at any time with effect for the future. To exercise your revocation, please deactivate this service in the "Cookie Consent Tool" provided on the website.

Data may be transferred to a third country (here: USA) or an international organization. Since July 2023, an adequacy decision by the EU Commission (Data Privacy Framework) exists, recognizing the USA as a third country with a level of data protection comparable to that of the EU. The adequacy decision can serve as a basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, Google LLC is listed as a certified company.

Google stores your data (even for users not logged in) as usage profiles and evaluates it.

You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right. If you do not agree with the future transmission of your data to Google in connection with the use of Google Maps, you also have the option to completely deactivate the Google Maps web service by disabling JavaScript in your browser. In this case, Google Maps and the map display on this website can no longer be used.

The Terms of Service for Google can be viewed at: https://www.google.de/intl/de/policies/terms/regional.html, and the additional terms for Google Maps can be found at: https://www.google.com/intl/de_US/help/terms_maps.html

Detailed information on data protection in connection with the use of Google Maps can be found on Google’s website (“Google Privacy Policy”): https://www.google.de/intl/de/policies/privacy

Use of WIX FAQ

This website uses the content management system (CMS) of WIX.com Ltd., Namal 40, 6350671 Tel Aviv, Israel to integrate a FAQ section on our website.

The processing is carried out for the purpose of content delivery to display a FAQ section on the website.

We base this use on Art. 6(1)(f) GDPR. Our legitimate interest lies in providing a FAQ section.

Further information on data processing by Wix can be found in Wix’s privacy policy: https://de.wix.com/about/privacy

Use of Visitor Analytics

On our website, we use the analytics tool Visitor Analytics, provided by Visitor Analytics GmbH, Seestraße 76, 82335 Berg, Germany.

Visitor Analytics allows us to statistically evaluate user behavior on our website and present website usage in clear and user-friendly dashboards. This serves to optimize our online offering.

The following information may be processed in this context:

IP address (filtered or pseudonymized, depending on the selected settings)
Usage data (e.g., visited pages, duration of visit, click behavior)
Technical information (e.g., device type, operating system, browser type, screen resolution)
Geographical location data (based on anonymized IP address)

No data transfer to a third country takes place.

All of the processing described above, in particular setting cookies for storing and reading information on the device you use to access the website, occurs only if you have given us your explicit consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG.

To exercise your revocation, please deactivate this service via the "Cookie-Consent-Tool" provided on the website.

We have concluded a data processing agreement with Visitor Analytics, obliging them to protect the data of our customers and not to pass it on to third parties.

Further information about Visitor Analytics’ data protection policies can be found at: https://www.twipla.com/de/support/rechtliches-datenschutz-zertifikate/standardintegration/datenverarbeitungsvertrag-cookie-informationen

Meta-Pixel for Creating Custom Audiences with Enhanced Data Matching

Within our online offerings, the so-called "Meta-Pixel" of the social network Facebook is used in enhanced data matching mode, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Quay, Dublin 2, Ireland ("Facebook").

When a user clicks on an advertisement displayed on Facebook, the URL of our linked page receives an addition via the Meta-Pixel. This URL parameter is then supplemented in the user’s browser by setting a cookie from our website. Additionally, this cookie collects specific customer data, such as the email address, which we collect on our website linked to the Facebook ad during actions like purchases, account registrations, or sign-ups (enhanced data matching). The cookie is read by the Meta-Pixel, enabling the transfer of the data, including specific customer data, to Meta.

Using the Meta-Pixel with enhanced data matching, Meta can accurately determine the visitors of our online offerings as a target group for displaying advertisements (so-called "Facebook Ads"). This allows us to show our Facebook Ads only to Facebook users who have shown interest in our online offerings or who exhibit certain characteristics (e.g., interests in specific topics or products, determined based on visited websites) that we transmit to Meta (so-called “Custom Audiences”).

By using the Pixel, we also aim to ensure that our Facebook Ads correspond to the potential interest of users and are not perceived as intrusive. Furthermore, we can evaluate the effectiveness of our Facebook advertising for statistical and market research purposes by tracking whether users were redirected to our website after clicking a Facebook ad (so-called “Conversion”). This allows us to better measure the effectiveness of our advertising campaigns by capturing more attributed conversions.

All transmitted data is stored and processed by Meta, making a connection to the respective user profile possible. Facebook may use the data for its own advertising purposes in accordance with the Facebook Data Use Policy (https://www.facebook.com/about/privacy/). The data may also enable Facebook and its partners to display advertisements on and off Facebook. For this purpose, we have concluded a joint responsibility agreement with Meta pursuant to Art. 26 GDPR.

These processing activities occur only with explicit consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 25 TTDSG. You can revoke your consent at any time with future effect. To revoke your consent, remove the checkmark next to the “Meta-Pixel” setting in the “Cookie-Consent-Tool” embedded on the website.

The information generated by the Meta-Pixel is generally transmitted to a Meta server and stored there. This may also involve transfer to servers of Meta Inc. in the USA. Since July 2023, an adequacy decision by the EU Commission (Data Privacy Framework) exists, recognizing the USA as a third country with a level of data protection comparable to the EU. The adequacy decision can now serve as a so-called appropriate safeguard pursuant to Art. 45 GDPR for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, Meta Inc. is listed as a certified company.

Google reCAPTCHA

We use the reCAPTCHA feature from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This feature primarily serves to distinguish whether an input is made by a human being or abusively by automated and machine-based processing.

The service includes sending the IP address and potentially other data required by Google for the reCAPTCHA service to Google and is based on Art. 6(1)(f) GDPR on the basis of our legitimate interest in determining individual responsibility on the internet and preventing abuse and spam.

When using Google reCAPTCHA, it is also possible that personal data may be transmitted to the servers of Google LLC in the USA.

Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which recognizes the USA as a third country with a level of data protection comparable to the EU. The adequacy decision can now serve as a basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, Google LLC is listed as a certified company.

Further information about Google reCAPTCHA and Google’s privacy policy can be found here: https://www.google.com/intl/de/policies/privacy

HubSpot

This website uses the services of HubSpot, a software-based marketing service provided by HubSpot Ireland Ltd., 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland. The parent company is HubSpot, Inc., 25 First Street, Cambridge, MA 02141, USA.

HubSpot allows various customer service and customer management functions to be digitally synchronized and processed through a central interface. HubSpot enables lead generation, centralized email and newsletter marketing, contact management through segmentation and CRM, and the management of contact forms.

To perform these functions, HubSpot uses cookies—small text files stored locally in your web browser cache on your device—which allow us to analyze your use of the website. These cookies collect certain information such as IP address, location, and the time of the page visit. Information collected via HubSpot is stored on HubSpot servers and processed on our behalf.

On our website, HubSpot is used specifically in the form of the contact form. This use is based on Art. 6(1)(f) GDPR, as our legitimate interest lies in providing a functional contact form.

Data may be transmitted to a third country (here, the USA) or an international organization. Since July 2023, an adequacy decision by the EU Commission (Data Privacy Framework) exists, recognizing the USA as a third country with a level of data protection comparable to the EU. This decision can serve as a basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, HubSpot Inc. is listed as a certified company.

We have concluded a data processing agreement with HubSpot, obligating HubSpot to protect our customers’ data and not to pass it on to third parties.

Further information about HubSpot’s data protection practices is available here: https://legal.hubspot.com/de/datenschutz

Tracking by WIX

This website uses the tracking service of Wix.com Ltd., Namal 40, 6350671 Tel Aviv, Israel for the analysis, optimization, creation of the website, and personalization of website content.

The following personal data may be collected by this service:

IP address
Browser information
Referrer URL
Device operating system
Date and time of visit
Visited websites
Usage data
Click path
Screen resolution
Timestamp
Amount of data transferred
Internet service provider
Geographic location
Device identifier

All processing described above, particularly the setting of cookies for storing and reading information on the device you use to access the website, takes place only if you have given your explicit consent pursuant to Art. 6(1)(a) GDPR in conjunction with § 25(1) TTDSG.

To withdraw your consent, please disable this service using the “Cookie-Consent-Tool” provided on the website.

We have concluded a data processing agreement or standard contractual clauses with Wix, ensuring the protection of our visitors’ data and prohibiting unauthorized sharing with third parties.

Data may be transferred to a third country (here, USA) or an international organization. Since July 2023, there has been an adequacy decision by the EU Commission (Data Privacy Framework), which recognizes the USA as a third country with a level of data protection comparable to the EU. This adequacy decision can now serve as a basis for data transfers to certified organizations in the USA. According to the list of certified companies published by the US Department of Commerce, Google LLC is listed as a certified company.

Information on how Wix handles visitor data can be found in sections 4, 12, and 13 of Wix’s privacy policy: https://de.wix.com/about/privacy

Social Networks

In addition to this online offer, we also maintain presences on various social media platforms, which you can access via corresponding buttons on our website. When you visit such a presence, personal data may be transmitted to the provider of the social network. It is possible that, in addition to storing the data you specifically enter in this social medium, other information may also be processed by the social network provider.

Further information is available in our Social Media privacy information at the following link: https://www.green-flexibility.com/informationspflichten-socialmedia

Changes to Our Privacy Policy

We reserve the right to update our privacy policy at short notice to ensure that it always complies with current legal requirements or to implement changes to our services. This may, for example, involve the introduction of new services. The new privacy policy applies to your subsequent visits.

CAREER

CONTACT

PRIVACY POLICY