1. Content of this data protection information
With this data protection information, we, Green City AG i.I. and its following subsidiaries, Green City Solarimpuls I GmbH & Co. KG, Green City Energy Kraftwerkspark III GmbH & Co. KG, SUMMIQ AG, Green City Solarpark 2020 GmbH & Co. KG, Green City Windpark 2021 GmbH & Co. KG, Zirkus-Krone-Straße 10, 80335 Munich, which personal data we collect, process and use when you visit our websites. In addition, you will find out in this data protection notice which choices and objection options you have with regard to your data.
The term “personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more special features that express the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Further official definitions can be found in Art. 4 GDPR explained.
2. Basic information on data collection and the scope of use
The responsible body for your data is Green City AG i.I., unless you request information about financial products. In the latter case, the responsible body is Green City Finance GmbH, Zirkus-Krone-Straße 10, 80335 Munich.
When you visit our websites, we do not collect any personal data. We collect and use such data only if and to the extent necessary to carry out the respective service, for example when you request the sending of information or register for an event.
In the forms of our websites, mandatory fields are marked with an asterisk (*). Filling in all other fields is voluntary.
For the operation of the websites or the dispatch of newsletters ordered by you, we may use technical service providers by way of order data processing. The technical operation of the software (hosting) is carried out by a provider in Germany.
Unless expressly stated in this Privacy Notice, we do not transfer personal data to countries outside the European Union (EU) or the European Economic Area (EEA).
Green City AG i.I.
Contact of the Data Protection Officer for Green City AG i.I.
Herr Fritz Spaeder
c/o Kanzlei Müller-Heydenreich Bierbach & Kollegen
Contact of the Data Protection Officer for all group companies
MASLATON Rechtsanwaltsgesellschaft mbH
Reps. d. d. GF shareholder Prof. Dr. Martin Maslaton
Holbeinstraße 24, 04229 Leipzig, Germany
3. Web Hosting / Server Log
When you visit our websites, it is technically necessary that data is transmitted to our web server via your Internet browser. The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:
- Domain visited
- Date and time of the request
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- Web browser and operating system used
- IP address of the requesting computer
- amount of data transferred
We collect the listed data in order to ensure a smooth connection to the website and to enable a comfortable use of our website by users. In addition, the log file is used to evaluate system security and stability as well as administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 sentence 1 lit. f GDPR.
a) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and through which certain information flows to the body that sets the cookie. Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
b) This website uses the following types of cookies, the scope and functionality of which are explained below:
- Transient cookies (see a.)
- Persistent cookies (see b.).
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
You can configure your browser settings according to your wishes and
e.B. refuse to accept third-party cookies or all cookies. So-called “third party cookies” are cookies that have been set by a third party, therefore not by the actual website on which you are currently located. We would like to point out that by deactivating cookies, you may not be able to use all the functions of this website.
5. Further functions and offers of our website
a) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you usually have to provide further personal data that we use to provide the respective service and to which the aforementioned principles for data processing apply.
b) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly checked.
c) Furthermore, we may pass on your personal data to third parties if we offer promotion participation, competitions, contracts or similar services together with partners. Further information can be obtained by providing your personal data or in the description of the offer below.
d) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
6. Investor Portal
In the investor portal, we provide the respective investors with information on certain placed ecological investments (from various issuers of the Green City Group).
In order to log in to the investor portal on www.greencity.de/ag/login/, investors need an investor number and password assigned by us. In addition, first name, last name, salutation and e-mail address are collected. The legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. a GDPR.
7. Request for information about website forms / newsletter / event registration / competition
a) Ordering information documents
If you order information documents on our website, this is done in a so-called double opt-in procedure. This means that after submitting the form, you will receive an e-mail asking you to confirm your order. This confirmation is necessary so that no one can register with foreign e-mail addresses. Only then will you receive an e-mail with the requested documents (download link or, if selected, by post).
If you take this option, the data entered in the input mask will be transmitted to us and stored. These data are: first name, last name, e-mail address. At the time of sending the message, the following data is also stored: date and time.
In this context, the data will not be passed on to third parties.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is the implementation of pre-contractual measures or a contract acc. Art. 6 para. 1 sentence 1 lit. b GDPR or your consent given to us in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Continued processing will only take place if it is necessary in the context of a resulting initiation and processing of a contract or for the fulfilment of resulting contractual purposes.
b) Order newsletter
We send newsletters, e-mails and other electronic notifications with advertising information (hereinafter referred to as “newsletter”) only with the consent of the recipients or a legal permission.
Content of the newsletter
In the Green City newsletter, we inform about topics and products from the corporate environment: renewable energies, ecological investments, energy consulting, energy policy and current event information.
Double opt-in and logging
The registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you will be asked to confirm your registration. This confirmation is necessary so that no one can register with foreign e-mail addresses. With the confirmation you give us your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR that we may use your personal data for the purpose of sending the desired newsletter.
The subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time, e-mail address as well as the IP address. Likewise, the changes to your data stored at MailChimp are logged.
Use of the shipping service provider “MailChimp”
The newsletter and the document order are sent via “MailChimp”, a newsletter distribution platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. This transfer takes place in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR and serves our legitimate interest in the use of an effective advertising, secure and user-friendly newsletter system.
Both the e-mail addresses of our newsletter recipients and their other data described in this notice are stored on mailChimp’s servers in the USA.
MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, mailChimp may use this data according to its own information to optimize or improve its own services, for example for the technical optimization of the dispatch and presentation of the newsletter or for economic purposes to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them themselves or to pass them on to third parties.
We trust in the reliability and IT and data security of MailChimp. MailChimp is certified under the US-EU data protection agreement “
” and thus undertakes to comply with EU data protection regulations. An order processing contract is concluded with Mailchimp in the form of the “Data Processing Addendum“.
be viewed here
To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to provide your name. This information is only used to personalize the newsletter.
Statistical survey and analysis
The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is retrieved from the MailChimp server when the newsletter is opened. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined with the help of the IP address) or the access times.
Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our ambition nor that of MailChimp to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to its sending via MailChimp and the statistical analyses expire. A separate revocation of the dispatch via MailChimp or the statistical evaluation is not possible.
A link to cancel the newsletter can be found at the end of each newsletter.
We would also like to draw your attention to the possibilities of objecting to the collection of data for advertising purposes on the website
(for the European area).
c) Event registration
If you register for an event on our website by e-mail, your data will be forwarded to the e-mail address of the Green City employee responsible for the event. The legal basis for the processing of the data is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR or Your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR.
The data will be used exclusively for processing in relation to this event and will be deleted after the purpose has ceased to exist.
When participating in one of our competitions, we collect the following data as mandatory information from you: your surname and first name and your e-mail address. We process this data for the purpose of carrying out the competition. So we need e.B. Your e-mail address in order to be able to contact you in case of winning and to ask for your postal address. The data processing is thus carried out for the fulfilment of a (competition) contract, Art. 6 para. 1 sentence 1 lit. b GDPR.
8. Collection and evaluation of usage data (tracking)
a) Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files that are stored on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of our website is usually transmitted to a Google server in the USA and stored there. However, with the activation of IP anonymization on our website (see below), your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On our behalf, Google will use this information to evaluate your use of our website, to compile reports on website activity and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
We have extended the code integrated into our website with the addition “gat._anonymizeIp();” to ensure an anonymous collection of IP addresses.
Google Inc. based in the USA, it is certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU. The processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR or § 15 para. 3 TMG on the basis of our legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
You can object to the above-mentioned tracking by means of Google Analytics by clicking on the following link. A cookie is then set that prevents the future collection of your data when you visit our website (so-called opt-out cookie). Click here to deactivate Google Analytics.
You can also prevent the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.
You can also prevent the collection of the data generated by the cookie and related to your use of our website (including your IP address) and transmission to Google as well as the processing of this data by Google by
and installing the browser extension (plugin) available under the following link.
Further information on data protection at Google Analytics can be found in
b) Google Remarketing
Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This feature makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one device (e.B. mobile phone) can also be displayed on another of your devices (e.B. tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on every device on which you log in with your Google Account.
To support this feature, Google Analytics collects users’ authenticated IDs, which are temporarily linked to our Google Analytics data to define and create audiences for cross-device ad advertising.
You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google Account; follow this link: https://www.google.com/settings/ads/onweb/
The summary of the collected data in your Google Account takes place exclusively on the basis of your consent, which you can give or revoke with Google (Art. 6 para. 1 sentence 1 lit. a GDPR). In the case of data collection operations that are not merged into your Google Account (e.B. because you do not have a Google Account or have objected to the merger), the collection of the data is based on Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest arises from the fact that the website operator has an interest in the anonymous analysis of website visitors for advertising purposes.
Our website uses the web analysis service Hotjar of Hotjar Ltd.. Hotjar Ltd. is a European company based in Malta (Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, tel.: +1 (855) 464-6788).
With this tool, movements on the websites on which Hotjar is used can be tracked (so-called heatmaps). For example, it is clear how far users scroll and which buttons users click on and how often. Furthermore, it is also possible to obtain feedback directly from the users of the website with the help of the tool. Above all, hotjar’s services can improve the functionality of the Hotjar-based website by making it more user-friendly, valuable and easier to use for end users.
When using this tool, we pay particular attention to the protection of your personal data. So we can only understand which buttons are clicked, the history of the mouse, how far it scrolls, the screen size of the device, device type and browser information, geographical point of view (only the country) and the preferred language to display our website. Areas of the websites in which personal data about you or third parties are displayed are automatically hidden by Hotjar and are therefore not comprehensible at any time. In order to exclude direct personal reference, IP addresses are only stored and further processed anonymously. However, Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that is transmitted by your browser as part of web page requests. These would be, for example, cookies or your IP address. In these exceptional cases, this processing is carried out in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR on the basis of a legitimate interest in the statistical analysis of user behaviour for optimisation and marketing purposes.
Hotjar offers every user the opportunity to prevent the use of the Hotjar tool with the help of a “Do Not Track header”, so that no data about the visit to the respective website is recorded. This is a setting that all common browsers support in current versions. For this purpose, your browser sends a request to Hotjar with the note to deactivate the tracking of the respective user. If you use our websites with different browsers/computers, you must set up the “Do Not Track header” for each of these browsers/computers separately.
When visiting a Hotjar-based website, you can prevent hotjar from collecting your data at any time by going to our opt-out page https://www.hotjar.com/legal/compliance/opt-out and clicking Deactivate Hotjar.
For more information about Hotjar Ltd. and the Hotjar tool, see:
9. Embedded videos
This website uses the YouTube embedding function to display and play videos from the provider “YouTube”, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
Regardless of the playback of the embedded videos, a connection to the Google network “DoubleClick” is established each time this website is accessed, which can trigger further data processing operations without our influence.
Google LLC, based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which ensures compliance with the data protection level applicable in the EU.
Plugins of the video portal Vimeo, Vimeo channels
Plugins of the video portal Vimeo of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated on our websites. Each time you visit a page that offers one or more Vimeo video clips, a direct connection is established between your browser and a Vimeo server in the USA. Information about your visit and your IP address is stored there. Through interactions with the Vimeo plugins (e.B clicking the start button), this information is also transmitted to Vimeo and stored there. The integration of the videos serves to safeguard our legitimate interests, which prevail in the context of a balancing of interests, in an optimal marketing of our offer in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
If you have a Vimeo user account and do not want Vimeo to collect data about you through this website and link it to your member data stored at Vimeo, you must log out of Vimeo before visiting this website.
In addition, Vimeo calls up the tracker Google Analytics via an iFrame in which the video is accessed. This is Vimeo’s own tracking to which we have no access. You can prevent tracking by Google Analytics by using the deactivation tools that Google offers for some Internet browsers. Users can also prevent Google from collecting the data generated by Google Analytics and relating to their use of the website (including their IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout
10. Embedded maps (Google Maps)
We bind map material from Google Maps, a map service of Google Inc. (“Google”), to display an interactive map on our websites. By using Google Maps, information about your use of this website (including your IP address) may be transmitted to a Google server in the USA and stored there.
Google Maps is carried out in the interest of an appealing presentation of our online offer and the easier findability of the addresses listed by us on the website. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR. Further information can be found in
11. Data transfer and recipients
A transfer of your personal data to third parties does not take place, except
– if we have explicitly pointed this out in the description of the respective data processing.
– if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
– the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
– in the event that for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR there is a legal obligation and
– in so far as this is provided for in Art. 6 para. 1 sentence 1 lit. b GDPR is necessary for the processing of contractual relationships with you.
In addition, we use external service providers for the provision of our services and the processing of our services, which we carefully select and commission in writing. These are bound by our instructions and are regularly checked by us. Gem. Art. 28 GDPR required order processing contracts are concluded before commissioning. Specifically, these are service providers for web hosting, the sending of e-mails as well as the maintenance and care of our IT systems. Your personal data will also not be passed on to third parties by the service providers working for us under any circumstances.
11. Storage period
The duration of the storage of personal data is measured by the relevant statutory retention periods (e.B. from commercial law and tax law). After expiry of the respective period, the corresponding data will be routinely deleted. If data is required for the fulfilment or initiation of a contract or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of revocation or objection.
13. Your rights
Below you will find information on which rights of data subjects the applicable data protection law grants you vis-à-vis the controller with regard to the processing of your personal data:
The right to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can find out about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision-making including profiling and, where applicable, meaningful information on their details.
The right, in accordance with Article 16 GDPR, to demand the correction of incorrect or completion of your personal data stored by us without undue delay.
The right to request the deletion of your personal data stored by us in accordance with Article 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
The right to demand the restriction of the processing of your personal data in accordance with Article 18 GDPR if the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR
The right, in accordance with Article 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller.
The right to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office specified above or, if applicable, that of your usual place of residence or workplace.
Right to revoke granted consent in accordance with Art. 7 para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the affected data immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
14. Right to object
If your personal data is provided by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right, in accordance with Article 21 GDPR, to object to the processing of your personal data, insofar as this is done for reasons arising from your particular situation. Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to specify a particular situation.
If you have any questions about data protection with us or would like to know what personal data we have stored about you, please contact the respective data protection administrator.
Status of this data protection notice: 02 May 2022