Privacy Policy

In the following we would like to inform you about our Privacy Policy.

Here you will find information about the collection and use of personal data when using our website. In doing so, we adhere to the data protection law applicable in Germany. You can call up this declaration at any time on our website. We expressly point out that data transmission on the Internet (e.g. when communicating by e-mail) may have security flaws and cannot be completely protected from access by third parties. The use of the contact data in our imprint for commercial advertising is expressly not welcome, unless we have given our prior written consent or a business relationship already exists. The provider and all persons named on this website hereby object to any commercial use and disclosure of their data.

1. Responsible Party

The party responsible for processing your personal data via this Internet platform within the meaning of the GDPR is greenhats® GmbH, Buchenweg 22, 35096 Weimar (Lahn), owner Arwid Carlo Zang.

2. Purpose of Personal Data Collection

You can visit our website without providing any personal data. Insofar as personal data (such as surname, first name, birth name, as well as the declaration that you are acting exclusively as a consumer according to § 13 BGB (German Civil Code), optionally the indication of address and bank data (bank details, PayPal)) is collected on our pages, this is done according to Art. 6 Para. 1a GDPR based on your consent.

Insofar as a contractual relationship between you and us is to be established, developed or changed or you make an inquiry to us, we collect and use personal data from you insofar as this is necessary to fulfil contractual obligations (Art. 6 Para. 1 b GDPR) (inventory data). We collect, process and use personal data insofar as this is necessary to enable you to use the website (usage data). This includes in particular the pre-contractual measures as well as the measures necessary for implementation.

The purposes of data processing are primarily based on the specific service order (e.g. IT security services (security checks / bug bounty checks / penetration tests); data protection / compliance and forensics (data protection web check / bug bounty compliance checks / other); auditing of management systems; insurance solutions; software solutions).

In addition, your browser automatically transmits server log data when you use our website. This includes information on operating systems, browser type and version, referrer (URL of the page from which you came to us), IP address and time of your visit.

Your personal data will not be passed on to third parties without your express consent. This may be necessary in the execution of the contract. Under point 6 you will find a list of any third parties.

3. How long is personal data stored?

We process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation and processing of a contract. Tax and commercial retention periods are taken into account here. By order of the competent authorities, we may provide information about this data (inventory data) in individual cases, insofar as this is necessary for the purposes of criminal prosecution, to avert danger, to fulfil the legal tasks of the constitutional protection authorities or the military counter-intelligence service or to enforce intellectual property rights.

4. Data Sources

Commenting Function

In the context of the comment function, we collect personal data (e.g. name, e-mail) in the context of your comments on a contribution only to the extent to which you have communicated it to us. When a comment is published, the e-mail address you entered is saved but not published. Your name will be published unless you have written under a pseudonym.

Contact Form

If you use the contact form, data necessary for processing will be collected. This includes your name, address and email address, as well as the telephone number and possibly the tax identification number and your account data. The processing of the data serves exclusively the processing of your establishment of contact or the completion of the contractual relationship.

5. Rights of the Persons Concerned

As a user of our website, you have the right, in accordance with Art. 15 GDPR, to request information from us about the data stored about you or your pseudonym. According to Art. 16 GDPR you have the right of correction. In addition, pursuant to Article 17 GDPR, you may exercise your right of deletion or restrict data processing pursuant to Article 18 GDPR. On request, we will send you your data in a structured, common and machine-readable format in accordance with Art. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

If you use your right of objection pursuant to Art. 21 GDPR, we will no longer process your personal data, unless there are compelling reasons for the processing which are worthy of protection and which serve your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Please note that inquiries can only be answered in written form for security reasons. To do so and to exercise your right of objection and revocation, please use the following address:

6. Who receives my data?

Within greenhats® GmbH, those departments will have access to your data which are required to fulfil contractual obligations or for which you have given us your consent to the transfer of data. Contractors commissioned by us (Art. 28 GDPR) may also receive data for these purposes. These include companies in the areas of IT security consulting services, software solutions, insurance solutions, compliance consulting and data protection consulting. With regards to the transfer of data to recipients outside greenhats® GmbH, it should be noted that we only work with contract processors who offer sufficient guarantees that suitable technical and organisational measures are used which comply with the legal data protection requirements and guarantee the protection of the rights of the persons concerned. You can find the transmitted data in the general terms and conditions of the respective partners.

7. Cookies

We do not use cookies on our website, i.e. you can visit our website without cookies being stored on your terminal device.

If you register and log in to our site, we use so-called session cookies to recognize that you have already visited individual pages of our website. Session cookies are automatically deleted after you leave our website.

We base data processing in connection with the use of cookies on your voluntarily given consent, Art. 6 (1) p. 1 lit. f DSGVO, as well as our legitimate interests and those of third parties, Art. 6 (1) p. 1 lit. f DSGVO, because the use of cookies is necessary to protect the aforementioned interests.

8. Youtube

We use the provider YouTube, among others, for the integration of videos. YouTube is operated by YouTube LLC with headquarters at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with headquarters at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

On some of our websites, we use plugins of the provider YouTube in extended data protection mode, so that no cookies are stored. When you call up the Internet pages of our website that are provided with such a plugin - for example, our media library - a connection is established to the YouTube servers and the plugin is displayed. This transmits to the YouTube server which of our Internet pages you have visited. If you are logged in as a member of YouTube, YouTube assigns this information to your personal user account. When using the plugin, such as clicking on the start button of a video, this information is also assigned to your user account. You can prevent this assignment by logging out of your YouTube user account as well as other user accounts of the companies YouTube LLC and Google Inc. before using our website and deleting the corresponding cookies of the companies.

Further information on data processing and notes on data protection by YouTube (Google) can be found at