Privacy policy

As of: October 21, 2024

Data protection and the protection of your personal data is our top priority. We inform you below about the processing of your personal data on our website and in the company. Personal data is processed in accordance with the provisions of the General Data Protection Regulation (DSGVO) and the the new Federal Data Protection Act (BDSG-neu).

A. Name and address of the person responsible

Greenbone AG
Neumarkt 12
49074 Osnabruck

Represented by the Board of Directors:
Dr. Jan-Oliver Wagner (CEO), Elmar Geese

Telephone: + 49 541-760278-0
E-mail: info@greenbone.net

B. Contact details of the data protection officer

C&S Consulting
Data privacy officer Matthias Wöstemeyer
Mittelheide 11
49124 Georgsmarienhütte, Germany

C. Processing of personal data on our website

1 Provision of the website and creation of log files

It is not necessary for you to provide personal data simply to visit our website and retrieve the information contained therein. During your visit to our website, we only collect and use data that your internet browser automatically transmits to us:

  • the date and time of access one of our websites
  • your browser type
  • your browser settings
  • your IP address
  • the pages you visited

We use this data to enable you to visit our site technically. Furthermore, we use this data for statistical purposes and to improve the design and layout of our website. We store the IP address for the purposes of guaranteeing and maintaining IT security (e.g., detection and defense against so-called DOS attacks) and functionality. The legal basis for the temporary storage of the data is Art. 6 para. 1 letter f DSGVO.

2 Personal data

Personal data is only collected if you provide it voluntarily as part of a contact inquiry, as part of a newsletter order or when registering on the Community Portal.

3 Contact forms, inquiries, Newsletters

There are several contact forms on our website which can be used for electronic contact. When using these options, the data entered in the input mask is transmitted to us and stored. This data depends on the respective form:

  • Name
  • Company
  • E-mail address
  • Telephone number
  • Street, house number
  • Postcode, place of residence
  • Country
  • Content of the message

For the processing of data, your consent may be obtained in the context of the contact request and reference is made to this data protection declaration. The data sent via the form will be transmitted to us in encrypted form. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

4 Newsletter/Community Portal

Registration/Login/Use/Delete Account As soon as a new account is created in the Community Portal by a data subject, the following personal information is stored in our database:

  • IP address of the data subject
  • User name
  • Password (encrypted)
  • E-mail address

Registration in the Community Portal takes place via your e-mail address, a user name (pseudonym) and a password. The user name is visible to everyone. Only the portal operator or an administrator has access to the e-mail address. Optionally and voluntarily, the following data can also be entered:

  • Avatar
  • Name
  • Two-factor authentication
  • Time zone
  • Location
  • Signature

If a data subject chooses the option to become a member, the controller will send an automatic confirmation e-mail to verify, through the double opt-in process, that the owner of the e-mail address provided has indeed opted in to this option. By registering as a member, the user is further sent weekly summaries of popular posts by e-mail. During active use by a data subject (registered user), the following technically necessary (personal) data, among others, are collected by the forum software in the database:

  • Time of the last login
  • Time of the last post
  • Number of failed login attempts
  • Number of warnings
  • IP address
  • Access logs/client headers
  • Statistical data such as:
    • Number of posts
    • Number of visited and created
    • Number of likes received/given
    • Duration of reading time

There will be no disclosure of this collected personal data to third parties, unless such disclosure is required by law or serves the legal defense of the data controller. Note: All contributions published in the forum can be viewed by anyone and are therefore public. If you want your account to be deleted, simply send us your request for deletion to the following e-mail address: communityportal@greenbone.net. However, your request for deletion must come from the e-mail address to which the account is registered in the forum in order to ensure that you are indeed the owner.

Note: When deleting an account, the posts you have made will still be publicly viewable.

hCaptcha

We use the hCaptcha security service (hereinafter “hCaptcha”) on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation (“IMI”). hCaptcha is used to check whether user actions on our online service (such as submitting a login or contact form) meet our security requirements. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the “invisible mode” may take place completely in the background.

Website visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(b) of the GDPR: the processing of personal data is necessary for the performance of a contract to which the website visitor is party (for example, the website terms) or in order to take steps at the request of the website visitor prior to entering into a contract. Our online service (including our website, mobile apps, and any other apps or other forms of access offered by us) needs to ensure that it is interacting with a human, not a bot, and that activities performed by the user are not related to fraud or abuse. In addition, processing may also be based on Art. 6(1)(f) of the GDPR: our online service has a legitimate interest in protecting the service from abusive automated crawling, spam, and other forms of abuse that can harm our service or other users of our service. IMI acts as a “data processor” acting on behalf of its customers as defined under the GDPR, and a “service provider” for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha’s privacy policy and terms of use, please visit the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms

5 Purposes and legal bases for data processing on the website

The processing of personal data from the input masks serves us solely to process the contact on the basis of a legitimate interest (Art.6 para.1 letter f DSGVO). If the contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 letter b DSGVO. By registering in our Community Portal, we regularly inform you in the forum as well as by e-mail newsletter about interesting offers, news and stories about the company and our products. The legal basis for the processing of the data is the existence of consent in accordance with Art. 6 (1) a DSGVO. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) (f) DSGVO. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 letter b DSGVO.

The newsletter (registration on the website) provides regular information about industry news, analyses, practical tips and instructions on our products, product updates, offers and invitations to events, promotions and webinars. The legal basis for the processing of data is the existence of consent in accordance with Art. 6 para. 1 letter a GDPR.

6 Duration of storage for data processing on the website

The data for sending newsletters and registration in the Community Portal are stored until the data subject objects to the sending of the newsletter with effect for the future or deletes their account in Community Portal, as long as this does not conflict with statutory retention obligations. Contact forms/e-mail contact: if the purpose for storing the data no longer applies, the personal data will be blocked or deleted as long as this does not conflict with statutory retention obligations.

Newsletter website: The storage period of the data for the newsletter dispatch takes place until the data subject objects to the sending of the newsletter with effect for the future.

7 Recipients or categories of recipients of the data (if data Is transmitted)

Within the company, those departments/employees will receive your data that need it to process your request; order processors used by us may also receive your data for these purposes.

8 Information on the rights of those affected

Every data subject has the following data protection rights under the GDPR:

  • Right to information according to Art. 15 GDPR
  • Right to correct incorrect data according to Art. 16 GDPR
  • Right to deletion according to Art. 17 GDPR
  • Right to restriction of processing according to Art. 18 GDPR
  • Right to data portability according to Art. 20 GDPR
  • Right to object according to Art. 21 GDPR

To exercise your above-mentioned rights or to withdraw your consent, please contact the above-mentioned data controller, You have the right to complain to a supervisory authority. You may exercise this right by contacting a supervisory authority in the Member State of your residence, place of work or the place of the alleged infringement. Before contacting the competent supervisory authority with a complaint, we would like to ask you to clarify this matter with our data protection officer.

9 Transfer to a third country

There are currently no data transfers to third countries and there are no plans to do so in the future.

D. Cookies/Integration of services and content from third parties

We use so-called “cookies” on our website. These are small text files that are sent from our web server to your computer in order to identify it for the duration of your visit. We do not collect any personal data via these cookies. The presentation of our website is also possible without the storage of cookies. You can deactivate the storage of cookies in the settings of your browser or set it in such a way that it informs you of the intended storage by an Internet site. In this case, you decide whether to accept the cookie. However, for the full functionality of our website, it is necessary for technical reasons to allow temporary cookies in their entirety.

E. Social networks

We do not integrate any plugins or trackers that transmit data to social networks. However, we would like to point out here that we provide links that lead to these platforms.

1 Youtube

Within our online offer, there are diagrams and buttons that redirect to the YouTube platform. The provider of this platform is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If the users are members of the YouTube platform, YouTube can assign the call-up of the above-mentioned content and functions to the user’s profile there. In order to prevent YouTube from collecting the above-mentioned data through your forwarding from our website, please log out of YouTube before clicking on any links. You can find the data protection information of the social network at: Privacy Policy: https://policies.google.com/privacy?hl=en

2 LinkedIn

Within our online offer, there are diagrams and buttons that forward to the LinkedIn platform. The provider of this platform is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. If the users are members of the LinkedIn platform, LinkedIn can assign the call-up of the above-mentioned content and functions to the user’s profile there. To prevent LinkedIn from collecting the above-mentioned data through your forwarding from our website, log out of LinkedIn before activating any links. You can find the data protection information of the social network at: Privacy Policy: https://www.linkedin.com/legal/privacy-policy

F. Safety measures

We use technical and organizational security measures to protect personal data, in particular against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons. Our security measures are continuously improved in line with technological developments. We would like to point out that, despite all security measures, the transmission of data via the Internet may result in third parties taking note of or falsifying such data.

G. Contact

If you have any questions or suggestions regarding this data protection declaration, please contact us at the address given in the imprint.

H. Updating our data protection policy

The ongoing technical development in the area of IT technology and the Internet also requires an adjustment of the existing data protection declaration. We therefore reserve the right to make additions or changes to this data protection declaration.