Privacy Policy

This is machine translated text. Original German text still prevails.

1Section 1- General Information

  • 1.1Responsible

    The controller within the meaning of Art. 4 No. 7 DSGVO is the person who alone or jointly with others determines the purposes and means of the processing of personal data.

    Person responsible for the processing of personal data within the framework of the App the:

    HejGreen & Friends UG, Wallstr. 8, 60594 Frankfurt, Germany

    E-mail:info@hej.greenTel.: +49(0)69 20025450

    You can find more information about the person responsible in the imprint at https://hej.green/en/legal-notice/.

  • 1.2Information collected by the respective app store when downloading the app

    When downloading the app, certain information is transmitted to the app store selected by you (e.g. Google Play or Apple App Store). In particular, the user name, the email address, the customer number of your account, the time of the download, payment information and the Mac address (Media Access Control) may be processed. The processing of this data is carried out exclusively by the respective App Store and is beyond our sphere of influence. The responsible party does not receive this data.

  • 1.3Service provider for the operation of the app

    With regard to our app, we work together with further service providers on the basis of order processing contracts within the meaning of Art. 28 DSGVO. These service providers are:

    • Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. We use Amazon's web services to operate the technical infrastructure of our app. For more information about Amazon's processing practices, please visit https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf. Due to the server structure of Amazon, it cannot be ruled out that personal data of the European offshoot of Amazon and its affiliated companies may also be transferred to countries outside the EU, in particular to the USA. There, it is possible that government authorities can access the data even without a court order.

    • Stripe, Inc, 185 Berry Street, Suite 550, 94107 San Francisco, USA. We use the service provider Stripe to process payments for corporate customers within the scope of the contract. The trans-mission of essential invoice data is based on Art. 6 para. 1 lit. b DSGVO. It cannot be ruled out that individual personal data in the USA may be accessed by government authorities even without a court order.

    • Phrase.com - pálená 108/51, 110 00 Prague 1, Czech Republic and Memsource GmbH, ABC-Straße 4, 20354 Hamburg, Germany provide, under joint responsibility with each other and under a commissioned processing contract for the data controller, services with regard to the automatic translation of the texts displayed in the app. The processing takes place on servers in the European Union. The translation is part of the app so that it can be used by users across borders. The transmission of data is based on Art. 6 para. 1 lit. b DSGVO and is limited to technical data such as IP address.

  • 1.4Provision of the app and creation of log files

    When you use our app, our system automatically collects data and information from the end device used. The following data is collected:

    • What personal data do we process through the provision of the app and when creating the log files and what are they used for?

      (1) Information about the app and the version used

      (2) The operating system, the system version and the device ID as well as the manufacturer of the retrieval device.

      (3) The IP address as well as the MAC address of the retrieval device

      (4) Date and time of access

      (5) A unique ID for the recognition of the user

      This data is stored in the log files of our system. This data is not stored together with personal data of a specific user, so that individual app users are not identified. The data is also anonymised after the deletion period so that it is no longer possible to draw conclusions about an individual person. The anonymised data allows us to monitor and improve the stability and availability of the app over a longer period of time. The temporary (automated) storage of the data is necessary for the course of the app use in order to enable the delivery of the app content.

      This personal data is also stored and processed to maintain the compatibility of the app with the respective runtime environments (Android or iOS versions) for as many visitors as possible and to combat abuse and eliminate malfunctions. For this purpose, it is necessary to log the technical data of the retrieving end device in order to be able to react as early as possible to display errors, attacks on our IT systems and/or errors in the functionality of the app.

    • What is the legal basis for this processing?

      Art. 6 para. 1 lit. f DSGVO (legitimate interest): Our legitimate interest is to ensure the achievement of the purpose described above. Without created log files, no delivery of the app can take place, as the data is required, among other things, for the delivery of the content.

    • How long will your data be stored?

      The data is deleted when it is no longer needed to ensure the compatibility of the app for all visitors. This is the case at the latest 3 months after using the app.

    • Possibility of objection and deletion

      You can object to this processing at any time in accordance with Art. 21 DSGVO and request deletion of your data in accordance with Art. 17 DSGVO. You can find out which rights you have and how to exercise them in section 12 of this privacy policy.

  • 1.5General information on how to contact us

    Please note that in the case of unencrypted communication by e-mail, complete data security cannot be guaranteed on the transmission path to our IT systems, so that we expressly recommend encrypted communication or the postal service for information requiring a high level of confidentiality.

    The following are some of the risks associated with unencrypted transmission by email:

    • personal data could be disclosed to third parties without authorisation due to incorrect entry of the e-mail address

    • With the unencrypted e-mail, you have no information on the recipient side, e.g. which or how many employees have access to the e-mail.

    • Due to the transmission of data via several distributed intermediate points in the case of e-mail, unauthorised third parties are always able to access the data without encryption.

2Section 2 - Functions of the App

  • 2.1Registration

    • What personal data do we process from you during registration and what is it used for?

      Our app can only be used with a registered user account. During user registration, an e-mail address, a user name and a password must be assigned. We also need your telephone number to secure your account via our 2-factor authentication. When registering, you must also provide your name, date of birth and how you became aware of our app.

      The 2 factor authentication only concerns the registration process. In this context, we will send you a one-time password via Google Firebase.

      In the case of companies, further data (address data, administrator e-mail, company name) is also collected and processed to enable the subsequent billing of booked packages.

      All mandatory fields must be filled in for registration.

      Immediately after registration, we will send you an SMS for two-factor authentication. With the e-mail address and the password you can authenticate yourself later at our login server.

      Your name and date of birth are used to further personalise your experience of the app by addressing you personally and helps us to hide entries that may be irrelevant to you.

      Alternatively, you can register on our site with a social login (e.g. Apple or Google). However, the other mandatory fields must also be completed.

    • What is the legal basis for the processing?

      Art. 6 para. 1 lit. b DSGVO (implementation of (pre)contractual measures): The app cannot be used without registration.

    • Who gets access to your registration data?

    • The personal data you enter during registration will only be processed by HejGreen & Friends UG as the provider of the app to provide the user account. How long will your data be stored?

      The data collected during registration will be stored by us for as long as you maintain a user account with us. Please note, however, that we must retain some data (especially in the case of business accounts) for up to ten years due to legal retention obligations (e.g. in the case of bookings and orders subject to a charge) within the scope of tax law obligations, even if you delete the corresponding user account. This data will then be deleted immediately as soon as there are no longer any legal retention periods to the contrary.

    • Your rights

      You can find out what rights you have and how to exercise them at the end of this privacy policy.

    • Necessity of the information and consequences of failure to provide it

      Registration is technically necessary for the use of the app, as otherwise the user account cannot be made available. If you object to the data processing of the registration data, we can no longer fulfil our contractual obligations and the use of the app is only possible to a limited extent, as we then have to delete and deactivate the user account. If you want to use the app in a meaningful way, you must at least fill in the fields marked as mandatory during registration (user name and password) and may not object to the data processing. The entry of further data requires the existence of a user account. Registration of companies is not possible if the registration data entered is incorrect. If the data is entered incorrectly or not at all, the app and the associated user account cannot be used. However, the rest of the app can still be used without registration.

  • 2.2Login area - user account

    • What personal data do we process when you log in to your user account and what is the purpose of this processing?

      If you wish to use the integrated social logins, we will store the personal data entered via the social login: First name, last name, e-mail address in our system and use them to use the functions stored in the system. We will not store the password itself, as the authentication runs exclusively via the corresponding provider. We will only store the authentication confirmation received from the platform.

    • What is the legal basis for the processing?

      Art. 6 para. 1 lit. b DSGVO (implementation of (pre)contractual measures): Without the login data, logging into the user account is not possible due to a lack of access authorisation.

    • How long will your data be stored?

      The collected data will be stored for as long as you maintain the user account with us. Please note, however, that we have to retain some data for up to ten years due to legal retention obligations (e.g. for bookings made) within the framework of the retention obligations under tax law. The data will then be deleted when there are no longer any legal deadlines to the contrary.

    • Your rights

      You can find out what rights you have and how to exercise them at the end of this privacy policy.

    • Necessity of the information and consequences of failure to provide it

      The user account can only be used after successful registration. For this purpose, the provision and processing of personal data is mandatory. It is not possible to use the app without logging into your user account. If you enter the data incorrectly or not at all, you will not be able to use your user account.

  • 2.3Creation of a user or company profile

    • What personal data do we use to create your user profile and what is it used for?

      We use the data you enter during registration and all the data you enter in the app to customise the functions you use (e.g. posts, comments, etc.) so that it is possible to identify who from the community wrote the post. To do this, your profile (your username and, if applicable, the picture or date of birth you uploaded) is linked to the function you used. We create a user profile for this purpose. We also use this data in aggregated form to improve the app and for contract management (e.g. notification of adjustments to the terms and conditions and information about new features of the app.

      If you wish to use the integrated social logins, we will store the personal data entered via the social login: First name, last name, e-mail address in our system and use them to use the functions stored in the system. We will not store the password itself, as the authentication runs exclusively via the corresponding provider. We will only store the authentication confirmation received from the platform.

    • What is the legal basis for the processing?

      The collection and processing of your personal data is based on Art. 6 para. 1 lit. b DSGVO (implementation of (pre)contractual measures): Without the provision of your personal data, the use of the app is not possible or only possible to a limited extent.

    • How long will your data be stored?

      Your personal data of the user profile will be stored as long as your user account exists in the app. The data will be deleted at the latest when there are no legal deadlines for deletion.

    • Your rights

      You can find out what rights you have and how to exercise them at the end of this privacy policy.

    • Necessity of the information and consequences of failure to provide it

      The personal data of your user profile is required to provide the functions of the app. If you do not have a user profile with us, you will not be able to make transactions in the app and you will not be able to use many of the features of the app. If you object to the creation of a user profile, you will not be able to use the app and we will have to deactivate your user account.

  • 2.4Error reporting

    • Which of your personal data do we process in the context of error reporting and what are they used for?

      The data recorded as part of our error reporting (model and operating system of the accessing device, version number of the app, a time specification and crash reporter key) serve to guarantee the function of the app and optimise the functionality of the app. The detection and processing of errors in the app is required in order to be able to provide the app permanently and to be able to react to security problems with the required speed.

    • What is the legal basis for processing for the purpose of error reporting?

      Art. 6 para. 1 lit. f DSGVO (legitimate interest): Our legitimate interest is to ensure the achievement of the purpose described above.

    • How long will your data be stored?

      Your personal data will be deleted immediately after the corresponding errors have been corrected, provided that there are no legal retention periods.

    • Your rights

      You can find out what rights you have and how to exercise them at the end of this privacy policy.

    • Necessity of the information and consequences of failure to provide it

      The provision of your personal data is not required by law or contract and is not necessary for the conclusion of a contract. Failure to provide such data may result in the app not functioning correctly for a longer period of time, as we are unable to correct errors in the app.

  • 2.5Push Notifications:

    • Which of your personal data do we process within the scope of the push notifications and what are they used for?

      Depending on the operating system (Apple or Android), an ID is assigned to your user device and stored. If the app sends a push notification to this ID, the message is automatically sent to the corresponding device you are using.

      The transmission of push messages serves to facilitate communication with you as a user of the app and to display activities and communication within the app.

    • What is the legal basis for the processing?

      Art. 6 para. 1 lit. a DSGVO (consent): Your permission when installing the app or in the app or the settings of the mobile device.

    • How long will your data be stored?

      Your personal data will be deleted immediately after sending a push notification, unless there are legal retention periods. We do not store your push notifications on the server at HejGreen & Friends UG .

    • Your rights

      You can deactivate the sending of push notifications at any time by either deactivating push notifications completely in the app settings or by withdrawing the corresponding authorisation for the app via the functions provided for this purpose in the operating system of the mobile end device used.

      You can therefore object to the processing of your personal data for sending push notifications at any time in accordance with Article 21 of the GDPR by using the deactivation functions listed above and request the deletion of your data in accordance with Article 17 of the GDPR. You can find out which rights you have and how to exercise them at the end of this privacy policy.

    • Necessity of the information and consequences of failure to provide it

      The provision of your personal data for sending push notifications is not required by law or contract and is not necessary for the conclusion of a contract. However, the use of the ID for the purpose of using push notifications must take place if you want to receive push notifications. Deactivating this function will therefore mean that you will no longer receive push notifications from the app.

  • 2.6Feedback form

    • What personal data is collected and to what extent is it processed?

      The data you entered in our feedback form, which you entered in the input mask of the contact form.

    • Legal basis for the processing of personal data

      Art. 6 para. 1 lit. a DSGVO (consent): Your permission when installing the app or in the app or the settings of the mobile device.

    • Purpose of the data processing

      We will only use the data collected via our contact form or feedback form to process the specific contact request received via the feedback form. Please note that in order to fulfil the contact request, we may also send e-mails to the address specified in your profile. This is so that you can receive confirmation from us that your enquiry has been correctly forwarded to us. However, sending this confirmation email is not obligatory for us and is only for your information.

    • Duration of storage

      After processing your enquiry, the data collected in the context of the enquiry will be deleted immediately, unless there are legal retention periods.

    • Your rights

      You can find out what rights you have and how to exercise them at the end of this privacy policy.

    • Necessity of providing personal data

      The use of the contact forms is on a voluntary basis and is neither contractually nor legally required. You are not obliged to contact us via the contact form, but can also use the other contact options provided on our website. If you wish to use our contact form, you must fill in the fields marked as mandatory. If you do not fill in the required information of the contact form, you will either not be able to send the request or we will unfortunately not be able to process your request.

  • 2.7User interactions with the platform

    • What personal data do we use to create your user profile and what is it used for?

      Within the framework of posts, i.e. the publication of content and your user profile , you can freely de-termine which content you make part of posts, comments and profiles on our platform. Personal data may also be included in the post. If you wish to publish the personal data of third parties, we ask you to obtain the consent of the persons concerned.

    • What is the legal basis for the processing?

      The collection and processing of your personal data is based on Art. 6 para. 1 lit. b DSGVO (implementation of (pre)contractual measures): Without the provision of your personal data in the context of the postings, the publication of postings is not possible.

    • How long will your data be stored?

      Your data or the data you entered will remain until the posting is deleted by you or by us. If you delete your user account, we will anonymise the data of your user profile and only display an anonymous name. The contents of the posting will remain in existence indefinitely unless the posting is deleted.

    • Your rights

      You can find out what rights you have and how to exercise them at the end of this privacy policy.

    • Necessity of the information and consequences of failure to provide it

  • 2.8Use of web services

    Google Analytics

    • Scope of the processing of personal data

      In the app, we use the web tracking service of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Analytics). Within the scope of web tracking, Google Analytics uses cookies that are stored on your device and that enable an analysis of the use of the app and your usage behaviour (so-called tracking). We carry out this analysis on the basis of the Google Analytics tracking service in order to constantly optimise our offer and make it more available. When you use the app, data such as your IP address and your user activities in particular are transmitted to servers of Google Ireland Limited. We carry out this analysis on the basis of Google's tracking service in order to constantly optimise the app and make it more available. We also need the web tracking for security reasons. Web tracking allows us to track whether third parties are attacking the app. The information from the web tracker allows us to take effective countermeasures and protect the personal data we process from these cyber attacks. By enabling IP anonymisation within the Google Analytics tracking code of the App , your IP address will be anonymised by Google Analytics before transmission. The app uses a Google Analytics tracking code that has been extended by the Opera-tor gat._anonymizeIp(); to enable only anonymised collection of IP addresses (so-called IP masking).

    • -Legal basis for the processing of personal data

      The legal basis for the data processing is your consent in the app regarding the use of web tracking (consent through clear confirming action or behaviour) in accordance with Art. 6 para. 1 lit. a DSGVO.

    • Purpose of the data processing

      On our behalf, Google will use this information to evaluate your use of the app, to compile reports on your activities and to provide us with other services related to the use of the app and the internet. We also need the web tracking for security reasons. Web tracking allows us to track whether third parties are attacking the app. The information from the web tracker enables us to take effective countermeasures and protect your personal data processed by us from cyber attacks.

    • Duration of storage

      Google will store the data relevant to the provision of web tracking for as long as is necessary to fulfil the booked web service. Data collection and storage are anonymised. If there is a reference to a person, the data will be deleted immediately, insofar as this is not subject to any statutory retention obligations. In any case, the data will be deleted after expiry of the retention period.

    • Possibilities of objection and deletion

      If you do not want Google to receive and process your personal data via the web tracking functions integrated in the app and, if applicable, to assign this data directly to your Google profile, you cannot use the app. You can find out what rights you have and how to exercise them at the end of this privacy policy. You can find Google's security and data protection principles at https://policies.google.com/privacy?hl=de.

    Google Firebase Tools

    • Scope of the processing of personal data

      On our site, we use services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 (hereinafter: Google). These services are Firebase Analytics, Firebase Crashlytics, Firebase Cloud Messaging and a Firebase real-time database.

      You can find more information about Google's data protection at https://firebase.google.com/terms/analytics.

      Due to the corporate structure of Google It cannot be ruled out that personal data will also be transferred by Google and its affiliated companies to countries outside the EU, in particular to the USA. There, it is possible that government authorities can access the data even without a court order.

      The Crashlytics service uses the Crashlytics installation UUIDs, crash traces and data in breakpad minidump format. Examples of collected data can be found at https://firebase.google.com/support/privacy#crash-stored-info.

      The Analytics service accesses mobile ad IDs, IDFVs / Android IDs, the Firebase installation IDs, and Analytics app instance IDs. In principle, Analytics thus accesses (partially anonymised) key figures in order to evaluate your user behaviour across several instances.

    • Legal basis for the processing of personal data

      For the services Firebase Crashlytics, Firebase Analytics and Firebase Cloud Messaging, the legal basis is Art. 6 para. 1 p. 1 lit. a DSGVO (consent), through consent when using our app.

    • Purpose of the data processing

      Cloud Messaging: Firebase Cloud Messaging uses Firebase installation IDs to determine which devices to send messages to. The app can thus send push notifications specifically to the correct users.

      Crashlytics: Firebase Crashlytics uses crash stack traces to associate crashes with a project, send email notifications to project members, display them in the Firebase console and help Firebase customers debug crashes. It uses Crashlytics installation UUIDs to measure the number of users affected by a crash, and minidump data to handle NDK crashes. The service enables the app to detect, check and better fix technical errors that occur.

      Firebase Analytics: Firebase Analytics uses the data to provide analytics and attribution information. The exact information collected may vary depending on the device and environment. Ultimately, the goal is to use the collected data to advertise and improve the website. On our behalf, Google will use this information to evaluate your use of the app, compile reports on usage activities within the app and provide us with other services related to app usage and internet usage. The IP address transmitted by your browser within the scope of Google will not be merged with other data from Google.

    • Duration of storage

      The duration of storage is governed by Google's terms and conditions. These can be found at https://firebase.google.com/support/privacy and depend on the services.

    • In detail:

      Crashlytics: Firebase Crashlytics stores crash stack traces, extracted minidump data and associated identifiers (including Crashlytics installation UUIDs) for 90 days.

      Firebase Analytics: Firebase Analytics retains certain data associated with the advertising identifier (e.g. Apple's advertiser identifier and provider identifier, Android advertising ID) for 60 days and retains aggregate reporting without automatic expiry. Retention of user-level data, including conversions, is set for up to 14 months.

    • Necessity of the information and consequences of failure to provide it

      The provision of your personal data is not required by law or contract. The non-provision ensures that some functions may not be available or only available to a limited extent.

    • Possibility of objection and removal

      You can revoke your consent regarding the use of crash reports (crashlytics) on iOS devices at any time with future effect by deactivating the "Crashlytics" function in the settings of the iOS apps ("Data" menu item).

      For Android devices, you can revoke your consent regarding the use of crash reports (Crashlytics) at any time with effect for the future in the Android settings. You can usually find these settings in the settings of your end device under the item "Google" and there in the three-point menu at the top right under the menu item "Use & Diagnostics". Here you can deactivate the sending of the corresponding data.

      You can revoke your consent to the analysis of your user behaviour (Analytics) at any time in the settings ("Data" menu item) of the APP with effect for the future.

      You can also object to the processing of your data at any time in accordance with Art. 21 DSGVO.

      For further information on data protection, please refer to the data protection information of Firebase Crashlytics at https://firebase.google.com/support/privacy.

  • 2.9Access to functions of your terminal

    In order to be able to use all the functions of our app, it requires access to certain functions of your end device:

    • Siri & Search (IOS only)

      Our app accesses the "Siri & Search" function by default, which allows you to control the app using shortcuts from Siri. It also influences the search results on your device.

    • Memory

      This access is needed so that the app can cache data offline on the end device. This may be necessary, for example, when using the camera function.

    • Camera

      Use the camera function to share photos in the app or update your profile picture.

    • Location (tracking service):

      By enabling the location function, the system's own services such as WLAN, GSM triangulation, GPS, Bluetooth and possibly other available sensors are used to determine the user's location. The background is the display of nearby events for the user.

    • Access to all networks

      This allows us to use an existing internet connection (WLAN or mobile phone) to transfer data.

    • Receive internet data:

      This uses an assigned ID that is assigned to the user device at the corresponding push service provider. The use serves to send push messages to your end device, e.g. to display notifications.

    • What personal data of yours do we process and what is it used for?

      We process all personal data collected from you in the App and aggregation data we collect from your interactions with the App and the associated insights from the various platforms you use to provide you with the features of the App. We also process your personal data by anonymising your Usage Data and Insights Data and comparing it to Usage Data and Insights Data of other users. This enables us to evaluate offers from advertising partners and to provide you with the full functionality of the app.

    • Legal basis for the processing of personal data

      Art. 6 para. 1 lit. a DSGVO (consent). The app only obtains access to your personal data with your express consent when using the corresponding app functions.

      All functions for which we do not collect consent (use of device memory to store app content, receive internet data and network access, Siri & Search) are necessary for the performance of the contract (Art. 6 para. 1 lit. b DSGVO).

    • How long will your data be stored?

      Access to the respective device functions is required while using the app. If data is also collected, for example when exporting or downloading files to the storage space of your end device, these files are generally stored until you manually delete the files.

    • Possibility of objection and removal

      You can revoke your consent at any time or object to the use of the permissions by revoking the corresponding permissions for the app in the app settings of your operating system. You can switch access to the permissions of your end device on or off for most end devices in the "Settings" under "Apps". Please note that deactivating access rights may have a negative impact on the functionality of the app. You can find out which rights you have and how to exercise them at the end of this privacy policy.

    • Receive internet data:

      This uses an assigned ID that is assigned to the user device at the corresponding push service provider. The use serves to send push messages to your end device, e.g. to display notifications.

  • 2.10Payment methods

    In the case of corporate customers, we will transfer the data required for payment processing to our bank for further processing in accordance with Art. 6 Para. 1 lit b DSGVO.

3Section 3 - Your rights

  • 3.1Right to information

    You have the right to request confirmation as to whether we are processing your personal data. If this is the case, you have the right to information about the information specified in Article 15 (1) and (2) of the GDPR. We will also be happy to provide you with a copy of the data, provided that the rights and freedoms of other persons are not affected (cf. Art. 15 (4) of the GDPR).

  • 3.2Right of rectification

    Pursuant to Art. 16 DSGVO, you have the right to have any incorrect personal data stored with us (such as address, name, etc.) corrected at any time. You can also request that the data stored with us be completed at any time. A corresponding adjustment will be made immediately. As a registered customer, you can also adjust some data yourself in your user profile at any time, such as your address data, billing address, registration data, etc.

  • 3.3Right to erasure

    Pursuant to Art. 17 (3) of the GDPR, this right does not exist if

    • the data is no longer needed;

    • due to the revocation of your consent, the legal basis of the processing has ceased to exist without replacement;

    • you have objected to the processing and there are no overriding legitimate grounds for the proc-essing;

    • your data is processed unlawfully;

    • a legal obligation requires this

    • a collection pursuant to Art. 8 (1) DSGVO has taken place.

    Pursuant to Art. 17 (1) DSGVO, you have the right to demand that we delete the personal data we have collected about you if

    • processing is necessary for the exercise of the right to freedom of expression and information;

    • Your data has been collected on the basis of a legal obligation;

    • the processing is necessary for reasons of public interest;

    • the data is necessary for the assertion, exercise or defence of legal claims.

  • 3.4Right to restrict processing

    According to Art. 18 (1) DSGVO, you have the right in individual cases to demand the restriction of the processing of your personal data. This is the case, for example, if

    • the accuracy of the personal data is disputed by you;

    • the processing is unlawful and you do not consent to erasure;

    • the data is no longer needed for the purpose of processing, but the data collected serves the as-sertion, exercise or defence of legal claims;

    • an objection to the processing has been lodged pursuant to Art. 21 (1) DSGVO and it is still un-clear which interests prevail.

  • 3.5Right of revocation

    If you have given us express consent to process your personal data (Art. 6 para. 1 lit. a DSGVO), you can revoke this consent at any time. Please note that the lawfulness of the processing carried out on the basis of the consent up to the revocation is not affected by this.

  • 3.6Right to object

    You have the right to object at any time in accordance with Art. 21 DSGVO. You have this right if there are reasons from a special situation that concerns you. Please note that the objection only relates to the storage and processing of data that we have collected on the basis of Art. 6 Para. 1 lit. f DSGVO (legitimate interest).

  • 3.7Right to data portability

    We will provide you or a responsible person named by you with the following data in a common machine-readable format upon request pursuant to Art. 20 (1) DSGVO:

    • Data collected on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a DSGVO or Art. 9 para. 2 lit. a DSGVO;

    • Data that we have received from you in accordance with Art. 6 Para. 1 lit. b DSGVO within the framework of existing contracts;

    insofar as the data have been processed within the framework of an automated procedure.

  • 3.8Right to data portability

    You can exercise your rights at any time by contacting us using the contact details below or by contacting our Data Protection Officer:

    HejGreen & Friends UG, Wallstr. 8, 60594 Frankfurt, Germany

    E-mail: info@hej. green, +49(0)69 20025450

4Right to complain to the supervisory authority pursuant to Art. 77 para. 1 DSGVO

  • If you suspect that your data is being processed illegally on our site, you can of course seek judicial clarification of the issue at any time. In addition, any other legal option is open to you. Independently of this, you have the option of contacting a supervisory authority in accordance with Art. 77 (1) DSGVO. You have the right to lodge a complaint pursuant to Article 77 of the GDPR in the EU Member State of your place of residence, your place of work and/or the place of the alleged infringement, i.e. you can choose the supervisory authority you wish to contact from the above-mentioned places. The supervisory authority to which the complaint has been submitted will then inform you of the status and outcome of your submission, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.