Privacy policy

1. Data Protection Overview

General Remarks
This document gives a brief overview of how we handle your personal data while you’re on our site. Personal data includes any information that can identify you, either directly or indirectly. For more detailed information on how we protect your data, please see our data protection declaration below.

Data Collection on This Site
Who Handles Data Collection
The site operator is responsible for collecting and processing data on this site. You can find their contact details in the “Data Controller” section of our data protection declaration.

How We Collect Your Data

We collect your data in two main ways:

Directly from You: When you provide information, such as filling out a contact form.

Automatically: Through our IT systems when you visit the website. This includes technical details like your internet browser, operating system, and the time of your visit, which are collected automatically as soon as you access the site.

What We Use Your Data For

We use some of your data to ensure the website runs smoothly and without errors. Additionally, we may analyze other data to understand your user behavior and improve your experience on our site.

What rights do you have regarding your data?

You have the right to access information about the source, recipient, and purpose of your stored personal data at any time, free of charge. You can also request corrections or deletion of your data. If you’ve consented to data processing, you can withdraw your consent at any time going forward. Additionally, you can ask for a restriction on the processing of your data under certain conditions and file a complaint with the relevant supervisory authority.

Feel free to contact us anytime with any questions about data protection.

Analysis Tools and Third-Party Services

When you visit this website, your browsing behavior may be analyzed for statistical purposes using various analysis tools.

For more details on these tools, please refer to the privacy policy below.

2. Hosting

We host our website content with the following provider:

External Hosting

Our website is hosted externally. Personal data collected through the site is stored on the servers of our hosting provider(s).
This may include IP addresses, contact requests, meta and communication data, contract details, contact information, names, website access logs, and other data generated through the website.

We use external hosting to fulfill our contracts with current and potential clients (Article 6(1)(b) GDPR) and to ensure our online services are delivered quickly, securely, and efficiently through a professional provider (Article 6(1)(f) GDPR). If we have obtained your consent, data processing will be based on Article 6(1)(a) GDPR and Article 25(1) of the TDDDG, especially for purposes like storing cookies or accessing information on your device (such as fingerprints). You can withdraw your consent at any time.

Our hosting provider(s) will process your data only as needed to fulfill their performance obligations and follow our instructions.

We use the following hosting provider:

Infomaniak Network AG
Rue Eugène Marziano 25
1227 Les Acacias (GE)

Data processing

We have entered into a Data Processing Agreement (DPA) for the use of the above-mentioned service. This contract, required by data protection laws, ensures that our visitors’ personal data is handled solely according to our instructions and in compliance with the GDPR.

3. General Notes and Data Protection

We take your privacy seriously and handle your personal data with care, following legal regulations and this privacy policy.

When you use our website, we collect various types of personal data—information that can identify you. This policy explains what data we collect, how we use it, and for what purposes.

Please note that data shared over the Internet (like through email) may be vulnerable to security risks, and complete protection against unauthorized access is not guaranteed.

Responsible Party

The organization responsible for handling your data on this website is:

GreenPlaces Asset Management SA
Rue du Valentin 34
1004 Lausanne
Switzerland

Phone: +41 58 590 55 00
Email: Info@GreenPlaces.ch

This is the entity that decides how and why your personal data (like names and email addresses) is processed.

Storage duration

Unless a more specific storage period has been specified in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you assert a justified request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, the deletion will take place after these reasons no longer apply.

Legal Basis for Data Processing

We process your data based on several legal grounds: with your consent, as outlined in Article 6(1)(a) GDPR for general data and Article 9(2)(a) GDPR for sensitive data; if you agree to share data with third parties or accept cookies, as per Article 49(1)(a) GDPR and Section 25(1) TDDDG, and you can withdraw your consent at any time. We also process data to fulfill contracts or pre-contractual obligations under Article 6(1)(b) GDPR, to comply with legal requirements under Article 6(1)(c) GDPR, and based on our legitimate interests according to Article 6(1)(f) GDPR. Specific details about the legal basis for processing your data are provided in the following sections of this privacy policy.

Recipients of Personal Data

In our business activities, we sometimes need to share personal data with external organizations. This can happen for several reasons: to fulfill a contract, to meet legal obligations (such as reporting to tax authorities), based on our legitimate interests (under Article 6(1)(f) GDPR), or if another legal basis allows it.

When we work with service providers, we only share personal data under a valid contract for data processing. If we collaborate on data processing with others, we have a joint processing agreement in place.

Revoking Your Consent

You can withdraw your consent for data processing at any time. This does not affect the legality of the data processing that occurred before you revoked your consent.

Right to Object

You have the right to object to data collection in certain situations and to direct advertising, as outlined in Article 21 of the GDPR.

Right to Object

If we process your personal data based on Article 6(1)(e) or (f) of the GDPR, you can object at any time due to your specific situation. This also includes any related profiling. The specific legal bases for our data processing are detailed in our privacy policy. If you object, we will stop processing your data unless we can show that there are compelling reasons that override your interests, rights, or freedoms, or if the processing is necessary to establish, exercise, or defend legal claims (under Article 21(1) of the GDPR).

If your data is used for direct advertising, you can also object at any time, including to any profiling related to direct advertising. Once you object, we will stop using your data for these advertising purposes (under Article 21(2) of the GDPR).

Beschwerderecht bei der zuständigen Aufsichtsbehörde

Im Falle von Verstößen gegen die DSGVO steht den Betroffenen ein Beschwerderecht bei einer Aufsichtsbehörde, insbesondere in dem Mitgliedstaat ihres gewöhnlichen Aufenthalts, ihres Arbeitsplatzes oder des Orts des mutmaßlichen Verstoßes zu. Das Beschwerderecht besteht unbeschadet anderweitiger verwaltungsrechtlicher oder gerichtlicher Rechtsbehelfe.

Right to Lodge a Complaint

If you believe that your data protection rights under the GDPR have been violated, you can file a complaint with a supervisory authority. This is typically done in the country where you live, work, or where the issue occurred. This right to complain does not affect your ability to seek other administrative or legal remedies.

Right to Data Portability:

You have the right to receive the data we process about you, based on your consent or required for contract performance, in a structured, commonly used, and machine-readable format. If you request that this data be directly transferred to another controller, we will do so to the extent technically possible.

Information, Correction, and Deletion

Under the applicable legal provisions, you have the right to access, free of charge, information about your personal data, including its origin, recipients, and the purpose of processing. You also have the right to request corrections or deletions of your data if needed. If you have any questions regarding your personal data, feel free to contact us at any time.

Right to Restrict Processing

You can request a restriction on the processing of your personal data at any time. To make such a request, simply contact us. This right applies in the following situations:

If you contest the accuracy of your personal data, we will need time to verify it. During this review period, you have the right to request that the processing of your data be restricted. Additionally, if you believe that the processing of your data was or is unlawful, you can ask for the processing to be restricted rather than having the data erased.

If we no longer need your personal data but you need it to exercise, defend, or assert legal claims, you have the right to ask us to restrict its processing instead of deleting it.

If you have exercised your right to object under Article 21(1) of the GDPR, we need to balance your interests against ours. While this evaluation is ongoing, you can request a restriction on the processing of your personal data.

If you have requested a restriction on the processing of your personal data, this data—aside from being stored—can only be processed with your consent, for legal claims, to protect the rights of others, or for significant public interest reasons within the European Union or a Member State.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as buyers or enquiries that you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

4. Data Collection on This Website: Cookies

Our website uses “cookies,” which are small data files that don’t harm your device. Cookies are stored on your device either temporarily, for the duration of your visit (session cookies), or permanently (persistent cookies). Session cookies are automatically deleted when you leave our site, while persistent cookies stay on your device until you delete them or they are removed by your browser.

Cookies can come from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies allow us to integrate services from other companies into our website, such as payment processing.

Cookies serve different purposes. Some are essential for the website to function properly, like keeping track of your shopping cart or displaying videos. Others help us analyze user behavior or serve targeted advertising.

Cookies necessary for electronic communication, requested functions (like the shopping cart), or website optimization (such as audience measurement cookies) are stored based on Art. 6 para. 1 lit. f GDPR, unless a different legal basis applies. The website operator has a legitimate interest in using these cookies to ensure the site functions correctly and efficiently. If we ask for consent to store cookies or similar technologies, we process them based solely on your consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG), which you can withdraw at any time.

You can adjust your browser settings to be notified about cookies, accept them only on a case-by-case basis, reject them in certain situations or altogether, and enable automatic deletion when you close the browser. Please note that disabling cookies may affect the functionality of this website.

For details on which cookies and services we use, please refer to this privacy policy.

Contact Form

By filling out our contact form, you authorize us to store the information you provide (such as your name and email) to handle your request and provide an appropriate response. We are committed to not sharing this data with third parties without your explicit consent.

The processing of this data is based on Article 6(1)(b) of the GDPR when your request is related to the performance of a contract or necessary for pre-contractual measures. In other cases, the processing is based on our legitimate interest in effectively handling inquiries (Article 6(1)(f) of the GDPR) or your consent (Article 6(1)(a) of the GDPR), if consent has been requested; you can withdraw your consent at any time.

We keep the data you provide for as long as necessary to address your request and then delete it, unless we are required by law to retain it longer.

Enquiries by Email, Phone, or Fax

When you contact us via email, phone, or fax, we will store and process your enquiry, including all personal data (such as your name and the details of your enquiry), to address your request. We will not share this information with third parties without your consent.

We process this data based on Article 6(1)(b) of the GDPR if your enquiry is related to a contract or necessary for pre-contractual measures. In other cases, the processing is based on our legitimate interest in effectively handling inquiries (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if consent has been requested; you can withdraw your consent at any time.

The data you provide will be kept until you request its deletion, revoke your consent, or the purpose for storing the data no longer applies (e.g., after your request has been fulfilled). Mandatory legal provisions, including statutory retention periods, remain unaffected.

5. Social Media: Facebook

Our website integrates elements from the social network Facebook, provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland. According to Facebook, the data collected may also be transferred to the USA and other countries.

For an overview of Facebook’s social media elements, visit: https://developers.facebook.com/docs/plugins/?locale=de_DE.

When the social media element is active, a direct connection is established between your device and Facebook’s servers. Facebook receives information that you have visited our site, including your IP address. If you click the Facebook “Like” button while logged into your account, you can link the content of our site to your Facebook profile. This allows Facebook to associate your visit with your user account. Please note that, as the website provider, we do not have access to the data transmitted or how Facebook uses it. For more details, please refer to Facebook’s privacy policy at: https://de-de.facebook.com/privacy/explanation.

The use of this service is based on your consent, as outlined in Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG. You can withdraw your consent at any time.

When personal data is collected on our website using this tool and shared with Facebook, both we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are jointly responsible for this data processing (Art. 26 GDPR). This joint responsibility is limited to the collection and transfer of data to Facebook. Facebook’s processing of data after transfer is not covered by this joint responsibility. Our mutual obligations are detailed in an agreement on joint processing, which you can review here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information and ensuring the tool is implemented securely on our website. Facebook handles the data security of its products. You can exercise your data subject rights (such as information requests) directly with Facebook. If you exercise these rights with us, we are required to forward them to Facebook.

Instagram

Our website integrates features from the Instagram service, provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

When these features are active, a direct connection is established between your device and Instagram’s servers, allowing Instagram to receive information about your visit to our site.

If you are logged into your Instagram account, you can link the content of our site to your Instagram profile by clicking the Instagram button. This enables Instagram to associate your visit with your user account. Please note that, as the site provider, we do not have access to the data transmitted or how Instagram uses it.

To use this service, you need to give us your consent as required by data protection regulations (Article 6 of the GDPR and Article 25 of the TDDSG). You can withdraw your consent at any time.

When we collect and send your data from our site to Facebook or Instagram, we share this responsibility with Meta Platforms Ireland in Dublin. This responsibility covers only the collection and transfer of data. After the data is sent, Facebook or Instagram is responsible for processing it.

We have outlined our respective roles in an agreement, which you can review here: https://www.facebook.com/legal/controller_addendum. According to this agreement, we handle data protection information and ensure that Facebook or Instagram tools are properly integrated into our site. Facebook is responsible for data security on its platforms.

To exercise your data rights (such as access requests), please contact Facebook directly. If you reach out to us, we will forward your request to Facebook.

Data transfers to the United States are governed by the EU’s standard contractual clauses. For more information, visit the following links: https://www.facebook.com/legal/EU_data_transfer_addendum, https://privacycenter.instagram.com/policy/ und https://de-de.facebook.com/help/566994660333381.

For more information, please check Instagram’s privacy policy here: https://privacycenter.instagram.com/policy/.

Instagram is certified under the “EU-US Data Privacy Framework” (DPF), an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the U.S. Companies certified by the DPF commit to these standards. For more details, you can contact the provider via this link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active.

6. analysis tools and advertising WP Statistics

This website uses WP Statistics to analyze visitor activity. The tool is provided by Veronalabs, located at Tatari 64, 10134 Tallinn, Estonia (https://veronalabs.com).

WP Statistics helps us understand how our site is used by tracking various data points. This includes log files such as IP addresses, referrers, browsers, user origins, and search engines used, as well as actions taken by visitors, like clicks and page views.

7. Newsletter Newsletter data

To receive our newsletter, we need your email address and some information to verify that it’s really yours and that you consent to receiving it. We don’t collect any additional data unless you choose to provide it voluntarily. Your information is used solely to send you the newsletter and is not shared with third parties.

The data you provide when signing up for the newsletter is processed based on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent to store your data and email address, or to use them for sending the newsletter, at any time—just use the “unsubscribe” link in the newsletter. This will not affect the legality of any data processing that occurred before you withdrew your consent.

The data you provide to subscribe to our newsletter will be stored by us or our newsletter service provider until you unsubscribe. After you unsubscribe or when the data is no longer needed, it will be removed from the distribution list. We also reserve the right to delete or block email addresses from our list at our discretion, as part of our legitimate interest (as outlined in Art. 6 para. 1 lit. f GDPR).

Data stored for other purposes won’t be affected by this.

If you unsubscribe from our newsletter, your email address may be added to a blacklist by us or our newsletter service provider to prevent future mailings. This data is used solely for this purpose and won’t be combined with other information. This process helps us meet legal requirements and protect both your interests and ours (as outlined in Art. 6 para. 1 lit. f GDPR). The blacklist data is kept indefinitely, but you can object to this if you think your interests outweigh our need to keep it.

8. plugins and tools Google Fonts (local hosting)

This site uses Google Fonts for consistent font display, but we host these fonts locally. This means there is no connection to Google’s servers.

For more information about Google Fonts, visit https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.