general

Privacy Notice for Business Partners, Clients and Suppliers

 

Introduction

At Green Giraffe Advisory we are aware of the trust you are placing in us, and we are committed to protecting your privacy. Therefore, this privacy notice for business partners, clients and suppliers (hereafter “Privacy Notice”) is intended to explain how we collect, handle, store, and protect the personal data when you i) have an agreement with us, ii) are a supplier to Green Giraffe Advisory, iii) visit our web page or iv) are, in any other way,  interacting with us relating to Green Giraffe Advisory’s communications, such as networking events and online or offline newsletters and magazines. Any references to “you” shall for the purpose of this Privacy Notice refer to you in your capacity as business partner, client or supplier.

If you are an employee or job applicant applying for a job at Green Giraffe Advisory, we kindly refer you to the Privacy Notice for Employees and Job Applicants.

As used in this Privacy Notice, “Green Giraffe Advisory” refers to one or more of Green Giraffe Advisory B.V. network of member firms and/or their related entities. Green Giraffe Advisory and each of its member firms are legally separate and independent entities registered under the laws of each country where business is developed. When used in this Privacy Notice, “Green Giraffe Advisory”, “we”, “us” and “our” refer to Green Giraffe Advisory B.V. as a group.

Green Giraffe Advisory B.V. is a private company with limited liability (besloten vennootschap met beperkte aansprakelijkheid) organized and existing under the laws of the Netherlands and registered with the trade register of the chamber of commerce in the Netherlands under number 76178897. Its registered office and principal place of business is at Plompetorengracht 19, 3512 CB Utrecht, the Netherlands.

 

Disclaimer

The information materials and opinions contained on this website are for general information purposes only, are not intended to constitute professional advice, and should not be relied on or treated as a substitute for specific advice relevant to particular circumstances. Green Giraffe Advisory does not accept any responsibility for any loss which may arise from reliance on information or materials published on this website.

Certain parts of this site link to external internet sites, and other external internet sites may link to this website. Green Giraffe Advisory is not responsible for the content of any external internet sites, our Disclaimer, Legal Notice & Privacy Policy only applies to this website contents and it expressly does not cover any links to websites of third parties.

 

Copyright and links

The materials published on this website are unless otherwise stated the copyright works of Green Giraffe Advisory. You may make copies of materials published which are of interest to you for your own personal use and you may provide occasional copies of individual publications (in paper or electronic form) to others for information purposes only provided that you do so free of charge. When you do make copies for yourself or others, the content of the published material and the copyright notices must remain intact, your communication of the content must not be misleading or inaccurate and a copy of this notice must accompany any copies of the materials which you provide to others. You may not republish any content or material available on our website on any other public website or alerter service without our prior written consent. You may not create a link to any part of our website, without our prior written consent. No other use of the materials published on this website is permitted without the express prior written consent of Green Giraffe Advisory.

The photos on this website are (among others) from Siemens AG, RePower, Areva, Van Oord.

 

Some definitions:

Data Controller: a data controller is an entity that determines the purposes, conditions, and means of processing personal data. Green Giraffe Advisory is regarded as the Data Controller for business partners, clients and suppliers.

GDPR team: the team responsible within Green Giraffe Advisory for the personal data protection policies and procedures and making sure that Green Giraffe Advisory is acting in accordance with all personal data protection regulations. If you have any questions or concerns relating to your personal data, please contact the GDPR team via the contact details stated in the section “Contact” below.

 

Updates to this Privacy Notice

We may unilaterally change or update this Privacy Notice by amending this page, so make sure you check this page from time to time. If there are substantive adjustments made to this Privacy Notice, a clear notification will be made available on our website.

 

Contents of this Privacy Notice

In this Privacy Notice we explain:

• what personal data we collect and how;
• for what purposes and on what grounds we process your personal data;
• how long we keep your personal data;
• who we share your personal data with;
• how your personal data is protected;
• the rights you have as data subject;
• our use of cookies;
• how you can contact us.

 

Personal data

Personal data is any information relating to an identified or identifiable natural person. Personal data that we process may include:

• Basic information such as your first and last name, prefix, title;
• Contact details such as your e-mail address, postal address and phone number;
• Data related to the device you use to visit our website, such as an IP address;
• Data related to your visit to our website;
• Personal data you provide us with for the purpose of attending events or meetings, such as access and dietary requirements;
• Any other personal data relating to you which you may provide us with or that we may obtain in relation to the purposes and based on grounds set out below.

We collect personal data by way of: i) you providing this data to us, ii) other sources, such as counterparties we do business with, iii) the Trade Register, iv) using publicly available sources or v) if you have previously provided your personal data to us.

 

Legal basis for the processing of personal data

Green Giraffe Advisory may process your personal data on the grounds of the following legal bases:

 

 

Retention period

Green Giraffe Advisory will not store your personal data any longer than is necessary to achieve the purposes stated in this Privacy Notice or to comply with the relevant laws and regulations (i.e. such as data retention requirements in the jurisdictions we operate or in case data is used for exercising/defending any legal claims). These retention periods may differ per jurisdiction where Green Giraffe Advisory operates. If you wish to be informed on the retention periods for a specific case, please contact us at forgetme@greengiraffegroup.com.

 

Sharing with others

To be able to provide our services, it may be necessary for us to transfer your personal data to a recipient in a country outside of the European Economic Area (i.e. in the case we are subcontracting certain services, or to our wholly owned overseas Green Giraffe Advisory member firms). In that case, Green Giraffe Advisory will ensure that the data transfer is compliant with the applicable law (see also the section below “Transfer of personal data”).

In some cases, we may also share your personal data with third parties. This may include, but is not limited to:

• Third parties relevant to the services that we provide (i.e. in case we have to subcontract another party to perform a part of our services you requested from us);
• Third parties that we engage with, such as supervisory authorities and other bodies, in order to comply with legal obligations (i.e. if requested, sharing data with regulators of regulated Green Giraffe Advisory entities);
• Third party suppliers in connection with the processing of your personal data for the purposes described in this Privacy Notice, such as IT providers (i.e. such as data saved in any Green Giraffe Advisory cloud environment), communication service providers or other suppliers to whom we outsource certain support services.

We will only transfer your personal data to the above-mentioned third parties for the purposes and on the legal grounds stated in this Privacy Notice. To the extent that a third party processes your personal data as a data processor of Green Giraffe Advisory, Green Giraffe Advisory will conclude a processor agreement with such party that meets the requirements set out in the EU GDPR.

If you wish to receive a list of third parties with whom we share your personal data with, please contact forgetme@greengiraffegroup.com.

 

Security & Automated decision making

Green Giraffe Advisory has taken technical and organisational measures to ensure an appropriate level of security to protect your personal data from unauthorised or unlawful processing and from loss, destruction, damage, alteration or disclosure. Examples of such measures include:

• Physical security of access to our offices and floors
• Your data is stored on servers in controlled, secure environments
• A range of data flow detection and prevention methods
• Restrictions on connecting non-approved devices to the Green Giraffe Advisory network
• Regular training of our employees on data protection and privacy matters

In addition, we limit access to your personal data to those employees, contractors and other third parties who have a need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. We also have procedures to deal with any suspected data security breaches and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

We do not use any automated processes to make decisions about you without human intervention.

If you have any questions regarding the security of your personal data, or if there are indications of misuse, please contact forgetme@greengiraffegroup.com.

 

Your rights

Depending on your local data protection regulations, you have certain rights available to you when it comes to your personal data that we process. Below is a summary of those rights as well as information on how to exercise them and any limitations to them.

• Right to request access to your personal data. This right enables you to receive a copy of the personal data we hold about you and to check that we are processing your personal data lawfully.
• Right to request rectification of the personal data that we hold about you. This right enables you to have any incomplete or inaccurate personal data we hold about you corrected. Please note that the local regulations may prohibit that we delete entries in certain cases. It is important that the personal data we hold about you is accurate and current.
• Right to request erasure of your personal data. This right enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it.
• Right to object to processing of your personal data where we are relying on our legitimate interest (or that of a third party) as a legal basis for processing and there is something about your particular situation which makes you want to object to processing. You also have the right to object where we are processing your personal data for direct marketing purposes.
• Right to request the restriction of processing of your personal data. This right enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish accuracy of the data or the reason for processing the data.
• Right to request that we transmit your personal data to another party (also known as data portability).
• Where our processing is solely based on your specific consent, the right to withdraw your consent at any time. Such withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. It is important to note that if the processing activity is not solely based on your consent, and there is another legal justification or obligation to continue the processing, we may – depending on the type of legal justification – continue to process the personal data.
• For French and Spanish data subjects: you have the right to give instructions regarding the storage, deletion and communication of your personal data after your death. If you have not given any instructions, your heirs can exercise certain rights, in particular:
• The right of access, if it is necessary for the settlement of the succession.
• The right to request an update of the personal data of the deceased.
• The right to close the deceased’s accounts and to cease the processing of his/her personal data.

For certain personal information requests, we must first verify your identity before processing your request. To do so, we may ask you to provide us with your full name, contact information, and relationship to us. Depending on your request, we may ask you to provide additional information. Once we receive this information, we will then review it and determine whether we are able to match it with the information we maintain about you to verify your identity. In order for us to efficiently handle your request we kindly ask you to provide as much detail about the nature of your request, where relevant, to what processing activities the request sees. We aim to get back to your request within 30 days upon receipt of the request.

If you wish to exercise one or more of the abovementioned rights, kindly send an email to forgetme@greengiraffegroup.com.

 

Disclaimer:

Although Green Giraffe Group is committed to providing a high level of personal data protection and equal treatment, in this regard it is important that you are aware that the abovementioned rights are based on EU GDPR and UK GDPR regulations. In this respect, certain rights may not be legally enforceable by you towards Green Giraffe Group in case you are based in another non-EU and/or non-UK jurisdiction (where different data protection regulations apply) or if you are not covered as a data subject under the EU GDPR and UK GDPR regulations. Our GDPR team is happy to answer any questions you might have in this respect.

 

Transfer of personal data

We will not transfer your personal data to recipients outside the EU or EEA unless we have ensured compliance with Chapter V of the EU GDPR.

We operate in an international environment and therefore, some personal data may be transferred outside the EEA in order to enable the functioning of our daily work and business operations. These kinds of transfers may include, for example, the email exchange required by certain work assignments.

In order to ensure that your personal data receive an adequate level of protection, we have ascertained that sufficient safety measures have been implemented to allow for the transfer, including where the European Commission have deemed the country to provide an adequate level of protection for personal data, or by use of specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data essentially equivalent protection as it has in the EEA.

Furthermore, for our Japanese clients and business partners, specific consent may be requested for data transfers outside Japan if the jurisdiction to which the personal data is being transferred to, has not been assessed by the Japanese data protection authorities to have adequate privacy protection regulations. This means that – in such case – if we want to transfer your personal data even with other member firms within our group we will need to obtain your consent for such transfers. Such consent can always be freely retracted by you.

 

Cookies

Green Giraffe Advisory uses cookies on its website. A cookie is a simple text file that is stored on your computer by a web browser. Please refer to our cookie policy published on our website for more information.

 

Contact

If you have any questions, comments or complaints in relation to this Disclaimer, Legal Notice & Privacy Notice or the processing of your personal data by Green Giraffe Advisory, please feel free to contact your regular contact within our firm or our GDPR team via forgetme@greengiraffegroup.com.

You also have the right to lodge a complaint with the supervisory data protection authority in your country of residence, place of work or in the country where an alleged breach of data protection law has occurred. Contact details of the most relevant data protection authorities for Green Giraffe Advisory are: