Green Elephant Privacy Policy & User Registry

Last Updated: June 6th, 2018
 

INTRODUCTION

This privacy policy describes the ways in which Green Elephant Oy (“Green Elephant”, “We”, “Us”) protects the privacy of the user of our services and what personal data we collect and process about the user. Personal data refers to the information that can be used to identify a natural person.

This document describes and informs about our user registry under the Finnish Personal Data Act (523/1999) 10 and 24 § and other applicable European legislation, such as the EU General Data Protection Regulation (“GDPR”).

Please note that this privacy policy covers the Personal Data that is related to the User (“User”) using the Green Elephant Services which includes any websites, applications and other services under the greenelephant.org domain, as well as the Green Elephant homepage of www.greenelephant.org (“Homepage”, “Website”, “Site”, “Service”, “Services”).  Any re-directions, links or referrals to second or third parties’ online services or websites that the user might come in contact with while in the domain of using the Green Elephant Site are not applicable by this privacy policy. Please also be aware that we are not responsible for the privacy policies or practices of any second or third parties.

Do keep in mind that you might violate the privacy and data protection rights of another user (natural person), if you submit material that can be identifiably linked to the other user. That being stated, please retain from submitting material that might violate the rights of another user.

THE DATA GREEN ELEPHANT COLLECTS

In this section we describe the personal data collected by the Site.

THE DATA WE COLLECT ABOUT OUR VISITORS

In this document, the people visiting our Homepage (www.greenelephant.org) are referred to as “Visitors”. If you are a visitor to Green Elephant’s Homepage, this section applies to you.

The data that our Homepage collects about its Visitors depends on behavioural factors, such as what the actions of the Visitor have been. We may collect information about our Visitors that includes, but is not limited to, the attributes listed below, which represents the Personal Data collected as of the writing of this section. The data can also be collected through second or third-party tools, provided that the Visitor has allowed for the Site to use cookies for improving their experience with Us. Further details about the third-party tools can be found in the next section of this document.

  • Name

  • E-mail address

  • Phone number

  • Current location based on IP-address

  • Information related to the device, browser, and operating system used to access the Site

  • Employer and employment related information, such as but not limited to, job title and department/team

  • Pictures, video and other audiovisual material

  • Pages visited and/or actions performed while on the Site 

  • Other information submitted via forms or via chat while using the Site

DATA COLLECTED AUTOMATICALLY

The Site and Service may automatically collect the following information from our users that in certain circumstances may constitute Personal Data.

We collect meta data from the http(s) requests (and other network traffic) transferred between the User’s client device and the Site. The meta data includes the anonymized Internet protocol (IP) address of the device the user uses to access the Site and information about the operating system and browser of the client device, as well as the device itself.

We may place “cookies” on the hard drive of the device that the user uses to access the Site and/or use other similar technical measures, such as clear gifs (a.k.a. web beacons). While using the Site, you have the option to decline from the use of cookies and similar technology by choosing so from our cookie policy banner, or by adjusting your browser settings. In this case, our standard cookie shall not be placed but we do still need to place a small cookie on your browser to remember your choice. We would also like to remind you that if you disable cookies (via the aforementioned mechanism or for example by turning them off in your browser), you might not be able to use some features of the Site.

The actions performed by individual users within the Site can be recorded while preserving anonymity.

Google Analytics and/or other third-party analytics tools and tools containing analytics features, such as (but not necessarily limited to) HubSpot, Facebook, and YouTube are used on the Site. These services can also be used as an element of the Site and/or the Service. By using cookies, and other technology, such as clear gifs (a.k.a. web beacons), these services can collect and store data, such as (but not limited to) time of visit, pages visited and actions performed, and time spent on each page of the Site, the Internet Protocol address, and the type of browser and operating system used in the devices used to access the Site.

THE PURPOSES FOR WHICH WE USE THE DATA

All data that will be processed by Green Elephant as either the Data Controller, or Data Processor, will be based on one or more of the lawful grounds for processing personal data according to Article 6.1 of the GDPR. Whenever feasible and reasonable, we always seek to acquire explicit consent from the data subject for most purposes, such as marketing or other communication. We also seek consent for each purpose separately, whenever feasible but do occasionally process data according to our legitimate interests, for example by performing actions aimed to grow the business, such as direct marketing, in which case you shall always have right to opt-out at any time by simply contacting our Data Protection Officer or via other applicable means.

Some of the processing we do, can however, be based on our contractual obligations towards our Customers as Data Controllers, whom shall be responsible for the lawfulness of their own processing practices.

All of our processing shall be based on one or more of the following:

  • Consent of the data subject

  • Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract

  • Processing is necessary for compliance with a legal obligation

  • Processing is necessary to protect the vital interests of a data subject or another person

  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller

  • Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.


We use the data that we collect about our Users for the following purposes:

a) Personal data you provide to the Site: We use the personal data you provide to the Site for the following purposes:

  • To set up and maintain your user account with the Site

  • To communicate and let partners communicate with you

  • To provide features and information available in and via the Site

  • To personalize the Site

  • To develop, improve, protect and manage the Site

  • To process any transactions you may enter into in the Site

  • For market research and direct electronic marketing, or the facilitation of that, in accordance with applicable law. In all such correspondence, You shall always have the opportunity to unsubscribe from receiving direct marketing free of charge.

  • To prevent and investigate fraud and other misuses

  • To protect our rights and/or our property

  • To audit and analyze the Site and/or your use of the Site

  • To ensure the technical functionality and security of the Site

In addition, certain actions you choose to make in the Site, can lead to automated actions and decision-making. These shall always be used only for the purposes mentioned above. For instance, by subscribing for blog or guide updates, you shall be sent automated emails about new content to our site when new content is published, by downloading one or more of our guides or by subscribing to our newsletter, you shall automatically be sent related materials via email and by reserving a spot for or inquiring about our services, you shall be assigned to one of our account managers and your contact details shall be forwarded to them in order for them to help you get the most out of the services. You might also receive one or more emails related to helping you get started with Green Elephant services. You can always opt-out of any of these actions at any time, either via the opt-out link in the footer of automated emails, or by contacting our Data Protection Officer.

b) Data collected automatically: We use the data collected automatically for the following purposes:

  • To provide features and information available in and via the Site 

  • To personalize the Site

  • To develop, improve, protect and manage the Site

  • For market research and direct electronic marketing, or the facilitation of that, in accordance with applicable law. In all such correspondence, You shall have the opportunity to unsubscribe from receiving direct marketing free of charge

  • To audit and analyze the Site and/or your use of the Site

  • To ensure the technical functionality and security of the Site

HOW GREEN ELEPHANT DISCLOSES DATA

We do not sell, lease, rent, share or otherwise disclose personal data, including user details, with third parties, unless otherwise stated below. The personal data collected in the Site may be disclosed in the following manner:

a) Personal data you provide to the Site: We may disclose personal data you provide to the Site with the following categories of third parties:

  • To service providers, such as payment processors and data storage and processing service providers, which enable us to provide the Site to you

  • To our customers and/or partners in compliance with applicable laws

  • To public authorities, such as law enforcement, if we are legally required to so or if we need to protect our rights or the rights of third parties; and

  • To our subsidiaries and affiliates or a subsequent owner, co-owner or operator of the Site and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all of our stock and/or assets or other corporate reorganization, in accordance with this Privacy Policy.

b) Data collected automatically: The data collected automatically in the Site may be disclosed to the following categories of third parties:

  • To service providers, such as data analysis companies;

  • To our customers and/or partners in compliance with applicable laws;

  • To public authorities, such as law enforcement, if we are legally required to do so or if we need to protect our rights or the rights of third parties; and

  • To our subsidiaries and affiliates; or a subsequent owner, co-owner or operator of the Site and their advisors in connection with a corporate merger, consolidation, restructuring, or the sale of substantially all of our stock and/or assets or other corporate reorganization, in accordance with this Privacy Policy.

Moreover, we may disclose information to aforementioned third parties in an aggregate format that does not constitute personal data and does not allow the identification of individual users.

CUSTOMER’S AND USER’S RIGHTS

We honor the data subjects’ rights and shall comply with relevant legislation as both as a Data Processor (for any data we Process on behalf of a Data Controller) and Data Controller (any data for which our Customers are the Data Controller for).

As a Data Subject, you shall have the following rights, except where otherwise determined by Applicable Law: to “be forgotten” (via deletion or pseudonymization), to have your personal data corrected or updated, to data portability and to receive a copy of the data being processed, to object to processing and collection of your personal data and to withdraw your consent at any time, as well as to lodge a complaint with the supervisory authority.

Whenever you withdraw consent, you acknowledge and accept that this may have a negative influence on the quality of the Sites as well as may cause the impossibility of access to certain Services. You further agree that Green Elephant shall not be held liable with respect to any loss and/or damage to Your personal data. 

If you are a Data Subject looking to exercise your rights under this section (Data Subject Access Rights Procedure), you should notice that in certain cases, the data can be owned and controlled by our Customers as Data Controllers. In practice, this means that we have no right to provide you with access to your data, or otherwise respond to your requests as we can only act on requests directly from the Data Controller. Thus, you should usually contact the Data Controller instead of us to exercise your rights as a data subject.

However, if you do want to exercise your rights under this section related to the data that we control regarding you, you should send a written request to dpo@greenelephant.org. Prior to us being able to let you exercise your rights, you must verify your identity in order for us to ensure that your rights can’t be exercised, and your data be accessed, by another party. If your request is valid, we are the Data Controller for the said data, and you have successfully identified yourself, we shall comply with your request without unnecessary delay, typically within a month, unless there are legal, accounting, reporting or practical obstructions to your request, in which case we shall let you know of these obstructions in the same timeframe.

For our Customers, if you are the Data Processor and shall receive these kinds of requests from your data subjects, you are free to use our APIs to proceed with the request. For requests that require manual action from us, please submit your request to dpo@greenelephant.org in writing and provide us with proof your authority to act on behalf of the Customer, as well as the original request by the Customer along with any and all information required to identify and prove that the request originates from said Data Subject. We shall seek to comply to you request without unnecessary delays, typically within the same one-month time period, unless there are legal, accounting, reporting or practical obstructions to your request, in which case we shall let you know of these obstructions within the same time period. Please note that this work is generally not part of any of our plans or contracts and we shall thus invoice you based on the hourly price from our mutual Agreement (or Terms of Use in case there isn’t a separate Agreement) and the realized number of hours required to fulfill the request.

Should the requests need Green Elephant to deliver data in some formats, the used formats shall be a commonly used, structured and machine-readable format, such as JSON or CSV.

You also have the right to opt out of receiving electronic direct marketing communications from us: To opt out of all electronic direct marketing communications (such as email or SMS-messages) that you may receive from us, please adjust your notification settings by clicking on the link in the footer of any marketing email you’ve received from us, or by contacting us at dpo@greenelephant.org.

Please note that certain Site related email communication is mandatory for our Customers, such as communication related to billing and other transactions, as well as those related to certain actions performed by the user, such as a contact request. For other notifications from the Site, please adjust the notification settings. If you have any concern about your privacy, you are kindly requested to forward an email to us at dpo@greenelephant.org containing a detailed description of concerns. Green Elephant will do its best to resolve such issues within a reasonable time and without unnecessary delay.

DATA SECURITY

We care about your privacy and do our best to protect any and all of your data from undesired parties through a variety of organizational and technical measures, such as physical access control, logical access control (i.e. non-physical access control measures such as passwords), data access control, data transfer control, input control, availability measures, and data separation. For example, access to your information is behind a password and our servers and/or service provider’s services are secured and protected by a number of measures, such as firewall and adherence to principles of security by design. Even so, we cannot guarantee that your personal data are always secure because data security measures in use from time to time may be vulnerable due to a number of factors. By using the Site, you accept the risk of any and all vulnerabilities leading to exposure of your personal data. For additional details on security of our Service, please contact our Data Protection Officer.

DATA RETENTION

With respect to the retention of data in our Site, we seek not to keep or process data any longer than necessary to fulfill our obligations towards our Customers and other stakeholders, or the requirements of our business. As a general rule of thumb, data is stored until Customer cancels their contract or a User becomes obsolete for our business and up to a maximum of 12 months after that for customer service and backup purposes. If a User requests to delete their account, or exercise their rights related to Personal Data, their data can either be deleted or pseudonymized (for example if deletion would lead to loss of other data) to fulfill their right to be forgotten. Backups, which may contain otherwise deleted data, are kept for a maximum of 12 months. These policies are subject to exceptions due to obligations in areas such as legal, reporting and audit.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

We currently store all of the data for our Service inside the European Union, ETA countries, or on the servers of our Sub-Processors outside the EU/ETA area with appropriate action being taken to guarantee the legitimacy of the data. Certain Sub-Processors of ours have operations also outside of the European Union and, depending on the situation, may transfer data outside of the European Union. In these situations, we have binding agreements with our Sub-Processors to ensure they have taken appropriate measures to ensure an adequate level of protection for the data as described in the EU Data Protection Directive and other applicable legislation, such as the General Data Protection Regulation. We include a list of Sub-Processors used to provide the Site earlier in this document are also glad to provide you with a list of our current Sub-Processors for the Site, as well as more details on the transfers being made upon a request to our Data Protection Officer.

We also reserve the right for the Service and/or the Site, or some elements of them, to be hosted on servers located in countries outside the European Union or European Economic Area. In this case, appropriate measures shall be taken to ensure the privacy, security and confidentiality of your data as described in appropriate legislation. However, the laws applicable to the protection of personal data in such countries may be different from those applicable in your home country. By using the Site, you consent to personal data about you being transferred outside the European Union.

CHANGES TO THE PRIVACY POLICY

From time to time we may change this Privacy Policy without further notice. We will be updating the “Last Updated” legend on top of this page accordingly. Should we significantly change the ways in which we gather, use and/or disclose personal data, we might send an e-mail to users of our service, whose email address we hold. By using the Site following any changes to this Privacy Policy constitutes your acceptance of any such changes made.

GOVERNING LAW AND DISPUTE RESOLUTION

This Privacy Policy forms an integral part of our Terms of Service. The Governing Law and Dispute Resolution mechanism found in Our Terms of Service shall also apply to Our Privacy Policy, or in case it doesn’t or isn’t applicable, the Governing Law and Dispute resolution shall be based on the home municipality of Green Elephant Oy, currently Helsinki, Finland.

CONTACT INFORMATION

Green Elephant has elected to appoint a Data Protection Officer. The current Data Protection Officer serves as the primary point of contact in all matters privacy related. He/she may be reached via e-mail at dpo@greenelephant.org.

For any further inquiries, you may contact us (Green Elephant Oy), the owner and administrator of the register, via e-mail at dpo@greenelephant.org.

Green Elephant Oy
Business id: 2732829-2
Lönnrotinkatu 19 C 2
00120 Helsinki
Finland

The Learning Web-App

Would you like to try our Free Learning App?

Join our mailing list to receive access to the personalised free web-app and the latest news and updates from our team.

You have Successfully Subscribed!

Pin It on Pinterest

Share This