top of page

Privacy Policy – Greennect

This policy explains how Greennect collects, uses, stores, and protects personal data of visitors and users of this website and related services, in line with the EU General Data Protection Regulation (GDPR) and the Dutch Algemene verordening gegevensbescherming (AVG).​

 

Who we are

Greennect
The Hague, Netherlands
Email: support@greennect.nl

 

Greennect determines the purposes and means of processing personal data collected through this website and acts as the “data controller” under GDPR and the Dutch AVG.​

​

If Greennect engages external service providers that process personal data on its behalf (for example, hosting, email, or form tools), those providers act as “data processors” under GDPR and only process data according to Greennect’s written instructions.​

​

What information do we collect?

Greennect collects the following categories of personal data when you use this website or our services:​

  • Identification and contact details: name, email address, organisation name, and similar information you provide.

  • Content of communications: information you enter in contact forms, audit or intake forms, and other messages you send.

  • Uploaded files: documents and other files you submit through the audit or assessment forms.

  • Usage and technical data: IP address, browser type, pages visited, timestamps, and cookie information collected for security and simple analytics, where enabled.​

 

Greennect does not intentionally collect special categories of personal data (such as health information, political opinions, or religious beliefs) through this website and requests that users do not include this type of information in forms or uploads.​

 

If Greennect ever needs to process special categories of data for a specific engagement, this will only be done with a clear lawful basis and appropriate safeguards, documented separately.​

 

​How we collect your information

Greennect collects personal data in three main ways:

  • Directly from you: when you complete contact or audit forms, request information, schedule a call, or communicate by email.

  • Automatically: through essential cookies and basic analytics tools that record limited usage data to keep the website secure and improve performance.​

  • Through service providers: when external tools (such as Google Forms or email providers) process the data you submit on Greennect’s behalf.​

​​

Why we collect this information (purposes)

Greennect uses personal data only for explicit and legitimate purposes:

  • Communication and support: responding to questions, sending information requested, and following up on contact requests.

  • Service delivery: planning and delivering audits, reviews, and other sustainability-related services you request, including preparing proposals and reports.

  • Account and relationship management: maintaining records of interactions, engagements, and project history.​

  • Service improvement: analysing aggregated and pseudonymised website or service usage to improve content, usability, and relevance.​

  • Security and abuse prevention: monitoring and protecting the website, forms, and email systems against misuse, fraud, and technical issues.​

  • Legal and regulatory compliance: maintaining records required under Dutch and EU law and responding to lawful requests from competent authorities.​

Greennect does not use your personal data for automated decision-making that produces legal or similarly significant effects on you.​

 

Legal basis for processing (GDPR Article 6)

Greennect relies on the following lawful bases under Article 6 GDPR for processing personal data:​

  • Consent:

    • When you submit a form, request to receive information, or agree to the use of non-essential cookies or analytics (if applicable).

  • Contract or steps before a contract:

    • When processing is necessary to prepare, conclude, or perform a contract with you or your organisation (for example, delivering an audit or consultancy engagement).

  • Legitimate interests:

    • Improving websites and services, ensuring IT and data security, and maintaining business records, provided these interests are not overridden by your privacy rights.​

  • Legal obligation:

    • When Greennect must retain or share certain information to comply with EU or Dutch laws (for example, tax or accounting rules).​

 

Where processing is based on consent, you can withdraw that consent at any time by contacting Greennect using the details above. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.​

 

How long do we keep your information?

Greennect applies retention periods that are aligned with the purpose and legal requirements:​

  • Contact and general enquiry data: usually up to 12 months after the last interaction, unless a longer retention is needed for a potential or ongoing engagement.

  • Service-related and project data: up to 3 years after the end of the relevant service or engagement, unless a more extended period is required by law or needed to establish, exercise, or defend legal claims.

  • Audit documents and uploaded files: stored only as long as needed for the audit or service and for a reasonable period afterwards for quality assurance and documentation, unless longer retention is required by law.

  • Website analytics and logs: typically up to 12 months, in line with security and improvement needs.​

 

When data is no longer needed, Greennect either deletes it or securely anonymises it.​

​

Who has access to your information?

Access to personal data is restricted and managed according to the need-to-know principle:​

  • Internal access: only authorised individuals working with or for Greennect who need the data to perform their tasks (for example, communications, audits, and service delivery).

  • External processors: carefully selected providers that support website hosting, email services, form tools (including Google Forms), productivity tools, and secure cloud storage. These providers act as data processors and must comply with GDPR through data processing agreements.​

 

Greennect does not sell or rent your personal data to third parties and does not share data with unrelated third parties for their own marketing purposes.​

Personal data may be shared with public authorities, regulators, or legal advisors if required by law or necessary to protect Greennect’s legal rights, always within the limits of the GDPR and Dutch law.​

​

International data transfers

Some service providers (for example, Google) may process or store personal data outside the European Economic Area (EEA).​

In such cases, Greennect ensures that appropriate safeguards are in place, such as:

  • An adequacy decision by the European Commission for the recipient country (for example, under the EU–US Data Privacy Framework for eligible providers).​

  • Standard Contractual Clauses or equivalent transfer mechanisms, combined with additional safeguards where required by GDPR and guidance from the European Data Protection Board.​

Details of relevant transfer mechanisms used for specific processors or tools can be provided on request.​

 

Cookies and tracking

This website uses cookies and similar technologies to ensure core functionality and, where configured, to collect limited analytics data.​

  • Essential cookies: required for basic site operation and security. These are used without consent as they are strictly necessary.

  • Analytics cookies: may be used to understand visits and user flows in an aggregated way. Where these cookies are not strictly necessary, they are only placed with your consent in line with applicable EU ePrivacy and GDPR rules.​

You can manage or delete cookies through your browser settings, and, where a cookie banner is used, you can choose which optional cookies to accept or reject.​

If Greennect uses Google Forms for audits or other assessments, Google may place its own cookies. In that case, Google acts as a processor for Greennect and applies its own technical measures in line with GDPR and its Data Processing Agreement.​

​

Use of Google Forms and similar tools

When you complete an audit or other form via Google Forms (or similar tools):

  • Google processes the personal data you enter as a processor on behalf of Greennect.​

  • Data may be stored on servers in multiple regions; Greennect relies on Google’s GDPR commitments and, where relevant, EU-approved transfer mechanisms such as adequacy decisions or Standard Contractual Clauses.​

  • Greennect configures forms to collect only the data necessary for the specific audit or assessment purpose.​

You can also contact Greennect directly if you prefer not to use Google Forms for submitting your information.​

​

Your rights under GDPR

As a data subject in the EU/EEA, you have the following rights regarding your personal data processed by Greennect:​

  • Right of access: to obtain confirmation whether Greennect processes your data and to receive a copy of that data.

  • Right to rectification: to correct inaccurate or incomplete data.

  • Right to erasure (“right to be forgotten”): to request deletion of your data in specific situations, for example, when it is no longer necessary for the purposes for which it was collected.

  • Right to restriction: to request limited processing in specific cases.

  • Right to object: to object to processing based on legitimate interests, on grounds relating to your particular situation.

  • Right to data portability: to receive specific data in a structured, commonly used, and machine-readable format and to transmit it to another controller where technically feasible.

  • Right to withdraw consent: where processing is based on consent, you can withdraw consent at any time.

To exercise these rights, contact Greennect at support@greennect.nl, clearly stating your request and how Greennect can identify you.​

​

Greennect may need to verify your identity before fulfilling a request and will respond without undue delay, within the time limits set by the GDPR.​

If you believe that your data protection rights have been violated, you also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or with your local supervisory authority in the EU/EEA.​

 

Security

Greennect takes appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure.​

Measures may include:

  • Secure hosting with reputable providers and encryption in transit (HTTPS/TLS).

  • Access controls, strong authentication, and least-privilege principles for staff and contractors.

  • Regular updates and patches for systems and tools used to process personal data.

  • Internal practices for handling, storing, and deleting data in line with retention policies.​

If a personal data breach is likely to result in a risk to your rights and freedoms, Greennect will assess the impact and, where required by the GDPR, notify the Dutch Data Protection Authority and affected individuals.​

 

Children’s data

Greennect’s website and services are aimed at businesses and professionals and are not designed for children under 16.​

Greennect does not knowingly collect personal data from children. If you believe that a child has provided personal data to Greennect, please contact support@greennect.nl so that appropriate steps can be taken.​

 

Data Protection Officer and contact

At Greennect’s current scale and activities, appointing a formal Data Protection Officer (DPO) is not mandatory under GDPR. If this changes, Greennect will update this policy with the DPO’s contact details.​

For any questions about this policy or Greennect’s data protection practices, or to exercise your rights, contact:

 

Email: support@greennect.nl
Location: The Hague, Netherlands​

 

Changes to this policy

Greennect may update this privacy policy to reflect changes in services, applicable laws, or data protection practices.​

 

Updated versions will be published on this page with a new “last updated” date. Where changes are material, Greennect may provide an additional notice (for example, a banner on the website or an email to affected users)

bottom of page