Privacy notice
How GreenDirective.eu handles personal data in the sustainability reporting software.
This notice is a software product baseline and should be reviewed by qualified legal counsel before production launch.
Controller and processor roles
For account, billing, product analytics, support, and website interactions, the GreenDirective.eu operator acts as controller. For sustainability data uploaded by a customer about its employees, suppliers, customers, facilities, or evidence, GreenDirective generally acts as processor for the customer unless otherwise agreed.
Personal data processed
We may process account identifiers, contact details, login/session data, support messages, audit logs, IP addresses, cookie identifiers, uploaded evidence metadata, supplier questionnaire contacts, and content users submit into the service.
Purposes and legal bases
Purposes include providing the SaaS, authentication, security, billing, support, report generation, legal compliance, fraud prevention, service improvement, and consent-based optional analytics or marketing where enabled.
Retention
Account and workspace data is retained while the account or contract is active, then deleted or anonymized according to configured retention and legal hold requirements. Evidence and report snapshots should follow the customer retention policy.
Rights
Individuals may request access, rectification, erasure, restriction, portability, objection, and consent withdrawal. Some requests may require identity verification or customer/controller coordination.