1. PREAMBLE
Greenomy SRL (“Greenomy”, “we”, “our”, “us”) considers the safeguards of Personal Data of Users of its Services of paramount importance. For this reason Greenomy complies with the EU General Data Protection Regulation 2016/679 (“GDPR”).
This Privacy Policy sets out how Greenomy will treat your Personal Data when using our Services.
2. DATA CONTROLLER
For the purpose of this Privacy Policy, Greenomy is the Data Controller of your Personal Data.
| Name | Greenomy SRL |
| Address | Avenue Louise 54, 1050 Brussels, Belgium |
| privacy@greenomy.io |
3. EMPLOYEES, SERVICE PROVIDERS AND GREENOMY’s AFFILIATES
We may disclose your Personal Data to some of our employees, ,our service providers and Greenomy’s Affiliate insofar as reasonably necessary for the purposes set out in this Privacy Policy.
Greenomy has in place written agreements with each of its service providers that are compliant with GDPR. Nevertheless, Greenomy remains responsible for the processing of Personal Data within its Services.
Except as provided in this Privacy Policy, we will not share your Personal Data to any third party.
4. COOKIES
To find out more about how we use cookies, please see our Cookies Policy.
5. BOOK A DEMO & PRIVACY
5.1. Personal Data we collect
If you book a demo with Greenomy via our Website, the below Personal Data that you submit to us will be forwarded to Calendly, a third-party that provides calendar services.
| Personal Data | Source |
| First name and last name, email address | Submitted by User when requesting a demo of our Services via the “Book a Demo” page of our Website. |
5.2. How we use your Personal Data and on which legal basis
We use your Personal Data to communicate effectively with you, conduct our business and respond to your demo requests (Article 6.1.(b) and 6.1.(f) GDPR).
5.3. How long we store your Personal Data
Your Personal Data will be stored within Calendly's database and in our internal computer systems for as long as you are still interested in a Greenomy demo.
6. NEWSLETTER & PRIVACY
6.1. Personal Data we collect
| Personal Data | Source |
| Email address | Submitted by Users when subscribing to our newsletter via our Website. |
6.2. How we use your Personal Data and on what legal basis
We use your email address for the sole purpose of sending you the newsletter. The processing of the Personal Data entered into the newsletter subscription form occurs exclusively on the basis of your consent (Art. 6.1.(a) GDPR). You may revoke this consent at any time, by clicking on the “Unsubscribe” link in the newsletter.
6.3. How long we store your Personal Data
The Personal Data you submitted for the purpose of subscribing to the newsletter will be stored by Greenomy until you unsubscribe from the newsletter, following which your Personal Data will be deleted from the newsletter distribution list.
7. PLATFORM & PRIVACY
7.1. Personal Data we collect
| Personal Data | Source |
| First name and last name, professional email address | Submitted by Users when creating a User Account on our Platform |
| Any Personal Data as may be present in documents uploaded by Users on our Platform | Submitted by Users when uploading documents containing such Personal Data on our Platform |
7.2. How we use your Personal Data and on what legal basis
a. Create and manage your account to use the Services
We process your Personal Data for the purpose of entering into a business relationship with you and to perform our contractual obligations toward you. This includes: setting up your User Account and providing important information related to the Services (Article 6.1.(b) GDPR).
b. Customer Support
We process your Personal Data to administer our customer relationship with the company you represent, including managing your user account, providing customer support, and documenting support matters (Article 6.1.(b) GDPR).
c. Prevent fraud and protect our Services.
We have a legitimate interest in ensuring the ongoing security and proper operation of our Services and associated IT services and networks by enabling secure logins (Article 6.1.(f) GDPR).
d. Send communications to you
We have a legitimate interest in providing you with updates on our Services and related offers where you have purchased or shown interest in similar services from us (Article 6.1.(f) GDPR).
e. General aggregation of Personal Data
We have a legitimate interest in creating aggregate data sets for benchmarking purposes as an additional service to Users (Article 6.1.(f) GDPR). These data sets do not allow (directly or by inference) the re-identification of any data subject as the source of such data.
7.3. How long we store your Personal Data
We will keep your Personal Data for as long as we have a contractual relationship with you. Afterwards, we will retain your Personal Data to comply with our legal obligations and unless you request the deletion of your Personal Data.
8. GREENOMY ACADEMY & PRIVACY
8.1. Personal Data we collect
| Personal Data | Source |
| First name and last name, professional email address | Submitted by Users when creating a User Account on the Greenomy Academy. |
8.2. How we use your Personal Data and on what legal basis
a. Providing courses
We use your Personal Data to enable you to navigate the Greenomy Academy, to enrol and participate in courses and programs on the Greenomy Academy, to learn effectively in such courses and programs, to obtain products and services on the Greenomy Academy such as certificates. We offer products and services on the basis that it is necessary to fulfil our contractual obligations to you under the Terms of Use (Art. 6.1.(b) GDPR).
b. Communicating with you
We use information we collect to communicate with you, including answering your course and platform questions and notifying you of course and Greenomy Academy maintenance and updates. We do this on the basis of our legitimate interests in keeping learners up to date about our courses and responding to learner questions (Art. 6.1.(f) GDPR).
8.3. How long we store your Personal Data
We will retain your Personal Data for as long as your account is active or as needed for the Greenomy Academyor to comply with our legal obligations, resolve disputes, enforce our agreements, and as otherwise permitted by applicable law.
9. WEBINAR & PRIVACY
9.1. Webinar Software
Our Webinars are hosted by the platform LiveStorm, a company incorporated under the laws of France, with registered seat at 60, rue François 1er 75008 Paris France. You can find their privacy policy here: https://livestorm.co/privacy-policy.
9.2. Personal Data we collect
| Personal Data | Source |
| First name, last name, email address | Submitted by you on our Website. |
9.3. Session’s recording
Greenomy may record the Webinar with a view to publish it on the Platform and the Website to allow its customers to watch the event online. If that is the case, this will be mentioned on the Webinar invitation.
We may record the Webinar solely for the purpose of making it available for invitees who would like to replay it or could not attend it. If the Webinar is recorded, we will inform you and take measures to keep the participants list anonymous. If the Webinar is recorded for further publication, we will make it clear in the invitation.
9.4. How we use your Personal Data and on what legal basis
a. Participation in to Webinars
We use your Personal Data to manage the attendance to our Webinar and keep you updated about them. This includes sending you notifications before the Webinars take place so that you can participate in them (Article 6.1.(b) GDPR).
b. Communication
If the Webinar is held in the framework of a Pilot, we use your Personal Data to communicate to the bank which is inviting your company to the Pilot the contact details of all those included in the list of registrants, subject to your explicit consent (Article 6.1.(a) GDPR).
In addition, we use your Personal Data to communicate the name of participants to Greenomy’s Affiliates, subject to your informed consent (Article 6.1.(a) GDPR).
c. Promotion
We may use your Personal Data to contact you for sharing information about Greenomy products and services subject to your informed consent ((Article 6.1.(f) GDPR). Additionally, we may use your Personal Data to inform you of similar future Webinars or to send surveys about Webinars (Article 6.1.(f) GDPR).
9.5. How do we share your Personal Data and with whom
Subject to consent as explained above, access to your Personal Data is also granted to Greenomy’s Affiliates and the bank which is inviting your company to the Pilot as the case may be.
9.6. How long we store your Personal Data
We will retain your Personal Data for as long as your account is active or as needed to comply with our legal obligations, resolve disputes, enforce our agreements, and as otherwise permitted by applicable law.
10. CAREERS & PRIVACY
In order to see which Personal Data we collect in our recruitment process, how we use your Personal Data, on what legal basis, and for how long we store your Personal Data, please visit: https://careers.greenomy.io/privacy-policy.
11. YOUR RIGHTS OVER YOUR PERSONAL DATA
11.1. Your rights
You have the following rights regarding your Personal Data:
a. To know how we are processing your Personal Data and to access to your Personal Data held by Greenomy (DSAR-01);
b. To request the rectification of inaccurate or incomplete Personal Data (DSAR-02);
c. To request the erasure of your Personal Data when, among others, such data is no longer necessary for the initial purposes for which it was initially collected, in accordance with applicable law (DSAR-03);
d. To restrict our processing of your Personal Data, under certain circumstances (in which case we will only retain the Personal Data for the exercise and/or defence of Greenomy's rights) (DSAR-04);
e. To request the portability of your Personal Data, which will allow you to obtain and reuse the personal data in a usable electronic format for your own purposes and across different services without hindrance to usability, including its transmission to another third party (DSAR-05);
f. To withdraw the consent you may have granted to a specific processing, at any time (DSAR-06)
11.2. How to exercise your rights
In order to exercise any of these rights, please send your Data Subject Access Request by email to privacy@greenomy.io specifying the code of your specific request.
11.3. Right to lodge a complaint with supervisory authority
In accordance with Article 77 GDPR you have the right to lodge a complaint with a supervisory authority, in particular in the European Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that Greenomy’s processing of your Personal Data infringes the GDPR.
Please visit the website of your relevant supervisory authority for more information on how to submit such a complaint.
12. SECURITY OF YOUR PERSONAL DATA
Security is in our DNA and embedded in our people, processes, and technologies. We take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your Personal Data. We have implemented several management systems that attests of our security maturity:
- ISO 27001 Certified - Information Security Management System (ISMS)
- ISO 27701 Certified - Privacy Information Management System (PIMS)
- SOC 2 Type 1 (expected Q2 2023) - Attestation of controls designed and implemented
13. THIRD-PARTY WEBSITES
The Website and the Greenomy Academy may contain links to third party websites. Greenomy is not responsible for the privacy policies or practices of third party websites, so you should pay attention anytime you are redirected to a third-party website and be sure to review its privacy policy.
14. SUBPROCESSORS
14.1. Subprocessors
Greenomy uses various subprocessors to assist in the delivery of the Services. These sub-processors may process your personal data if you use our Services.
| Entity | Service | Address | Purpose | Location of Personal Data |
| Calendly LCC | Book a demo | 115 E Main St., Ste A1BBuford, GA 30518 USA | Calendar Scheduling | United States |
| SFDC Ireland Limited (Salesforce) | Newsletter | Level 1, Block A, Nova Atria North, Sandyford Business District, Dublin 18, Ireland | Marketing Automation by Salesforce (Pardot) | European Union |
| Amazon Web Services EMEA SARL | Platform | 38 avenue John F. Kennedy, L-1855 Luxembourg | Cloud Infrastructure Hosting | European Union |
| MongoDB | Platform | Building 2 Number One Ballsbridge, Shelbourne Rd, Ballsbridge, Dublin 4, D04 Y3X9, Ireland | Platform’s database | European Union |
| Mailjet SAS | Platform | Rue Jules Lefebvre 4 75009 Paris France | Automatic email distribution | European Union |
| Crisp IM SARL | Platform | 2 Boulevard de Launay, 44100 Nantes, France | Live Chat of the Platform | Germany and the Netherlands |
| M4KE.IT SPRL | Platform and Website | Rue Lambert-Lomb ard 5 4000 Liège Belgium | IT Development | Belgium and Germany |
| Learnworlds | Greenomy Academy | Gladstonos 120, Foloune Building, 2nd Floor, B1, Limassol, 3032, Cyprus | Online Training facilitation | European Union |
| LiveStorm SAS | Webinar | 60 rue François 1er, 75008 Paris, France | Webinar Software | European Union |
| TeamTailor AB | Greenomy Career | Östgötagata 16, 116-21 Stockholm, Sweden | Applicant tracking software | European Union |
| Allbound, Inc. | Platform | 3411 Pierce Dr, Chamblee, GA 30341, United States | Partner Management System | United States |
14.2. Infrastructure subprocessor: Service Data Storage
Greenomy uses Amazon Web Services EMEA SARL for cloud hosting services as a logical service. Greenomy has completed a review of the AWS Compliance Program to understand the robust controls in place at AWS to maintain security and compliance of the cloud. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS Compliance Enablers build on traditional programs, helping Greenomy operate in an AWS security control environment.
AWS has certification for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, 27701:2019, 22301:2019, 9001:2015, and CSA STAR CCM v4.0
AWS System and Organization Controls (SOC) Reports are independent third-party examination reports that demonstrate how AWS achieves key compliance controls and objectives. The purpose of these reports is to help understand the AWS controls established to support operations and compliance. There are five AWS SOC Reports:
- AWS SOC 1 Report,
- AWS SOC 2 Security, Availability & Confidentiality Report,
- AWS SOC 2 Privacy Type II Report,
- AWS SOC 3 Security, Availability & Confidentiality Report, publicly available as a whitepaper.
15. CONTACT
If you have any questions about this Privacy Policy or our treatment of your Personal Data, please write to our Data Protection Officer (“DPO”) by email or by post to the following address:
Data Protection Officer Greenomy SRL
Avenue Louise 54
1050 Brussels
Belgium
16. MODIFICATION OF THE PRIVACY POLICY
We may update this Privacy Policy from time-to-time by posting a new version on our Website. All changes are effective immediately upon communication. We encourage you to occasionally check this page to ensure you are happy with any changes to the Privacy Policy.
Material modifications will be subject to notification by Greenomy by Website notice, email or any other form of communication.
17. DEFINITIONS
Any capitalised term used herein will have the meaning ascribed to it under this Section.
| Term | Definition |
| Greenomy’s Affiliate | Any person, corporation, or other entity which, directly or indirectly, controls, is controlled by or is under common Control with Greenomy at any point in time. |
| GDPR | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). |
| Greenomy | Greenomy SRL, a limited liability company, incorporated under the laws of Belgium, having its registered office and principal place of business at Avenue Louise 54, 1050 Brussels, Belgium. |
| Greenomy Academy | Greenomy educational platform: https://academy.greenomy.io |
| Greenomy Career | Greenomy recruitment portal: https://careers.greenomy.io. |
| Personal data | Information relating to an identified or identifiable natural person pursuant to the GDPR. |
| Pilot | The short-term subscription to the Platform by a bank inviting you for the purpose of evaluating the fitness of the Platform and Greenomy’s Services. |
| Platform | All-inclusive reference to the software developed by Greenomy, including: the Portals, APIs and any integration or add-on functionalities. |
| Services | An all-inclusive reference to the Services provided by Greenomy, including: Website, Greenomy Academy, Platform, Webinar, etc. |
| Trust Portal | Greenomy trust platform: https://.trustportal.greenomy.io. |
| User | The individual using our Services. The User corresponds to the subject of Personal Data. |
| Website | Greenomy website: https://greenomy.io. |
| Webinar | Greenomy webinars. |
