Privacy Policy

In the following we would like to inform you about our Privacy Policy.

Here you will find information about the collection and use of personal data when using our website. In doing so, we adhere to the data protection law applicable in Germany. You can call up this declaration at any time on our website. We expressly point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security flaws and cannot be completely protected from access by third parties. The use of the contact data in our imprint for commercial advertising is expressly not welcome, unless we have given our prior written consent or a business relationship already exists. The provider and all persons named on this website hereby object to any commercial use and disclosure of their data.

1. Responsible Party

The party responsible for processing your personal data via this Internet platform within the meaning of the GDPR is greenhats® GmbH, Buchenweg 22, 35096 Weimar (Lahn), owner Arwid Carlo Zang.

2. Purpose of Personal Data Collection

You can visit our website without providing any personal data. Insofar as personal data (such as surname, first name, birth name, as well as the declaration that you are acting exclusively as a consumer according to § 13 BGB (German Civil Code), optionally the indication of address and bank data (bank details, PayPal)) is collected on our pages, this is done according to Art. 6 Para. 1a GDPR based on your consent.

Insofar as a contractual relationship between you and us is to be established, developed or changed or you make an inquiry to us, we collect and use personal data from you insofar as this is necessary to fulfil contractual obligations (Art. 6 Para. 1 b GDPR) (inventory data). We collect, process and use personal data insofar as this is necessary to enable you to use the website (usage data). This includes in particular the pre-contractual measures as well as the measures necessary for implementation.

The purposes of data processing are primarily based on the specific service order (e.g. IT security services (security checks / bug bounty checks / penetration tests); data protection / compliance and forensics (data protection web check / bug bounty compliance checks / other); auditing of management systems; insurance solutions; software solutions).

In addition, your browser automatically transmits server log data when you use our website. This includes information on operating systems, browser type and version, referrer (URL of the page from which you came to us), IP address and time of your visit.

Your personal data will not be passed on to third parties without your express consent. This may be necessary in the execution of the contract. Under point 6 you will find a list of any third parties.

3. How long is personal data stored?

We process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. Tax and commercial retention periods are taken into account here. By order of the competent authorities, we may provide information about this data (inventory data) in individual cases, insofar as this is necessary for the purposes of criminal prosecution, to avert danger, to fulfil the legal tasks of the constitutional protection authorities or the military counter-intelligence service or to enforce intellectual property rights.

4. Data Sources

Commenting Function

In the context of the comment function, we collect personal data (e.g. name, e-mail) in the context of your comments on a contribution only to the extent to which you have communicated it to us. When a comment is published, the e-mail address you entered is saved but not published. Your name will be published unless you have written under a pseudonym.

Contact Form

If you use the contact form, data necessary for processing will be collected. This includes your name, address and email address, as well as the telephone number and possibly the tax identification number and your account data. The processing of the data serves exclusively the processing of your establishment of contact or the completion of the contractual relationship.

5. Rights of the Persons Concerned

As a user of our website, you have the right, in accordance with Art. 15 GDPR, to request information from us about the data stored about you or your pseudonym. According to Art. 16 GDPR you have the right of correction. In addition, pursuant to Article 17 GDPR, you may exercise your right of deletion or restrict data processing pursuant to Article 18 GDPR. On request, we will send you your data in a structured, common and machine-readable format in accordance with Art. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

If you use your right of objection pursuant to Art. 21 GDPR, we will no longer process your personal data, unless there are compelling reasons for the processing which are worthy of protection and which serve your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Please note that inquiries can only be answered in written form for security reasons. To do so and to exercise your right of objection and revocation, please use the following address:

6. Who receives my data?

Within greenhats® GmbH, those departments will have access to your data which are required to fulfil contractual obligations or for which you have given us your consent to the transfer of data. Contractors commissioned by us (Art. 28 GDPR) may also receive data for these purposes. These include companies in the areas of IT security consulting services, software solutions, insurance solutions, compliance consulting and data protection consulting. With regards to the transfer of data to recipients outside greenhats® GmbH, it should be noted that we only work with contract processors who offer sufficient guarantees that suitable technical and organisational measures are used which comply with the legal data protection requirements and guarantee the protection of the rights of the persons concerned. You can find the transmitted data in the general terms and conditions of the respective partners.

7. Cookies

This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will shorten your IP address within Member States of the European Union or in other countries party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link. The current link is: In view of the discussion about the use of analytics tools with complete IP addresses, we would like to point out that this website uses Google Analytics with the extension "_anonymizeIp()" and therefore IP addresses are only processed further in abbreviated form in order to exclude direct personal reference.