Home
Home

Privacy Policy

Last Update: 12.08.2024

The protection of your privacy when processing personal data is an important concern for us. When you visit our website, our web servers store the IP address of your internet service provider, the website from which you visit us, the web pages you visit on our site and the date and duration of your visit as standard. This information is essential for the technical transmission of the web pages and secure server operation. There is no personalized analysis of this data. If you send us data via the contact form or by document upload, this data will be stored on our servers as part of the data backup. Your data will only be used by us to process your request. Your data will be treated as strictly confidential. It will not be passed on to third parties without your consent.


Responsible Authority:

backbone.one GmbH
Ullmannstraße 16
1150 Vienna
Austria

E-mail: info@backbone.one

Personal Data

Personal data refers to information about you as an individual. This includes your name, address, and email address. You are not required to disclose personal data to visit our website, although in certain instances, such as when requesting a service or information material, we may need such information to fulfill your request. We will always inform you when we require such information. Additionally, we only collect and store data that you provide to us voluntarily or automatically.

When you use our services, we typically collect only the data necessary to provide you with the service. Any additional information we may request is voluntary. Our processing of personal data is always aimed at providing our services or pursuing our commercial objectives.

Automatically stored non-personal data (server log-data)

The provider of the website automatically collects and stores information in server log files, which your browser automatically transmits to us. This includes:

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status
  • Web browser and operating system used
  • Full IP address of the requesting computer


These data are not merged with other data sources. The processing is carried out in accordance with Article 6(1)(f) of the General Data Protection Regulation ("GDPR") based on our legitimate interest in improving the stability and functionality of our website.

For technical security reasons, especially to defend against attempted attacks on our web server, we temporarily store this data. It is not possible for us to identify individual persons based on this data. The IP addresses are deleted from our servers after a maximum of three months, making it impossible to establish a reference to individual users. Additionally, the data is processed in anonymized form for statistical purposes only; there is no comparison with other datasets or disclosure to third parties, even in part.

Cookies

When you visit our website, we may store information on your computer in the form of cookies. Cookies are small files transferred from an internet server to your browser and stored on its hard drive. Without your consent, only the Internet Protocol (IP) address is stored, without any additional personal data. The information stored in cookies allows us to automatically recognize you on your next visit to our website, thereby facilitating your use of the site.

The legal basis for the use of cookies is our legitimate interest under Article 6(1)(f) of the General Data Protection Regulation (GDPR). You can, of course, visit our website without accepting cookies. If you do not want your computer to be recognized on your next visit, you can refuse the use of cookies by changing the settings in your browser to "reject cookies." You can find the respective procedure in the user manual of your browser. However, if you reject the use of cookies, there may be limitations in the use of certain areas of our website.

Security

We have implemented technical and administrative security measures to safeguard your personal data against loss, destruction, manipulation, and unauthorized access. All our employees and service providers are bound by applicable data protection laws.

Whenever we collect and process personal data, it is encrypted prior to transmission, ensuring protection against misuse by third parties. Our security protocols undergo continual enhancement, and our privacy policies are regularly updated. Please ensure you have access to the most recent version.

Google

Unless stated otherwise in this Privacy Policy, the operator of all Google services mentioned herein is Google Ireland Limited, located at Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Google Tag Manager

On this website, we use the "Google Tag Manager" service. The Tag Manager is a tool designed for the management of tags used in online marketing tracking. It is important to note that the Tag Manager itself does not process any personal data, as its function is solely to manage other services, such as Google Analytics, etc.

For more information about the Tag Manager, please visit: https://www.google.com/intl/de...

Disclaimer

We do not accept liability for damages resulting from insufficient protection of your computer against third-party access.

Rights of Data Subjects

Please do not hesitate to reach out to us at any time if you wish to inquire about the personal data we hold about you, or if you would like to have it corrected or deleted. Additionally, you have the right to request restrictions on processing (Art. 18 GDPR), to object to processing (Art. 21 GDPR), and to data portability (Art. 20 GDPR). In such cases, please contact us directly.

  • Right to Information:
    You have the right to request information from us about whether and to what extent we process your data.

  • Right to Rectification:
    Should we process incomplete or incorrect data, you have the right to request its correction or completion at any time.

  • Right to Erasure:
    You can request the deletion of your data from us if we are processing it unlawfully or if such processing disproportionately interferes with your legitimate interests. Please note that there may be legal obligations preventing immediate deletion. Nevertheless, we will promptly and fully delete your data, unless legally binding or statutory retention obligations prevent us from doing so.

  • Right to Restriction of Processing:
    You have the right to request the restriction of processing your data if:
  1. You contest the accuracy of the data for a period allowing us to verify its accuracy.
  2. The processing is unlawful, but you oppose its erasure and request restriction instead.
  3. We no longer need the data for the intended purposes, but you require it for the establishment, exercise, or defense of legal claims, or
  4. You have objected to processing, pending the verification of whether our legitimate grounds override yours.

  • Right to Data Portability:
    You can request that we provide you with the data you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, where:
  1. The processing is based on consent or on a contract, and
  2. The processing is carried out by automated means.
If technically feasible, you can request that we transmit your data directly to another controller.

  • Right to Object:
    If we process your data based on legitimate interests, you have the right to object to such processing at any time, including profiling based on these provisions. We will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims. You have the right to object at any time to processing of your data for direct marketing purposes.

  • Right to Lodge a Complaint:
    If you believe that the processing of your data violates Austrian or European data protection law, please contact us to clarify any issues. You also have the right to lodge a complaint with the Austrian Data Protection Authority, the supervisory authority in Austria.

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna
Austria
Phone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at

In case of doubt, we may request additional information to confirm your identity.

Changes to this Privacy Policy

We reserve the right to amend our privacy policies if deemed necessary due to new technological developments. Please ensure that you have access to the most recent version. Any significant changes to this privacy policy will be communicated on our website.

For inquiries regarding data protection matters, all interested parties and visitors to our website can reach us at:

backbone.one GmbH
Ullmannstraße 16
1150 Vienna
Austria

E-mail: info@backbone.one

greens :) data protection information

A. Introduction

We, backbone.one GmbH, provide you with this data protection notice for the website www.greens.one so that you can understand what personal data we process and why we process it.

We have briefly summarized the most important points below:

  • The controller is backbone.one GmbH, Ullmannsraße 16, 1150 Vienna.
  • We process your personal data to facilitate the conclusion of an energy supply contract with Maxenergy Austria Handels GmbH, Albertgasse 35, 1080 Vienna ("Maxenergy") and transmit this personal data to
    Maxenergy for this purpose. Maxenergy is responsible for the processing of personal data in the context of this energy supply contract.
  • We as backone.one gmbH are service providers acting on our own behalf and use your personal data for these purposes, e.g. to provide the website.
  • You have the right of access, rectification, erasure, objection to processing, withdrawal of consent, not to be subject to automated decision-making and to lodge a complaint with a data protection supervisory authority.

B. Who is responsible for data processing?

The controller (referred to as "we" in this privacy policy) for the processing of your personal data is

backbone.one GmbH
Ullmannstraße 16
1150 Vienna
Vienna, Austria

If you have any questions, simply send us an e-mail to info@backbone.one.


C. What personal data do we process and for what purposes?

In this section, we explain how we process your personal data and for what purposes:

  • "Personal data" is any information that can be used to directly or indirectly identify a specific person. This may include your name, address, email address or telephone number, but also your payment details, IP address or cookie data.
  • "Processing" means any operation which is performed on personal data, whether or not by automated means, such as collection, recording, adaptation or alteration, use or disclosure by transmission.


I Provision of the website and creation of log files

1. How do we process your personal data and to what extent?
Each time you access our website, we automatically collect personal data and information from the system of the accessing device regarding the connection used and your usage behavior. We process the following personal data:

Information about the browser type and version used

  • operating system
  • IP address
  • Date and time of access
  • Websites from which you accessed our website
  • Websites that you access via our website


This technically necessary personal data is automatically transmitted by your browser to our server so that we can display our website to you. We store the personal data in the log files of our system. We do not store this personal data together with your other personal data.

2. For what purposes do we process your personal data?
The storage of your IP address by the system is necessary to enable delivery of the website to your end device. For this purpose, we must store your IP address for the duration of the session. Storage in log files takes place to ensure the functionality of the website and also to be able to store your consent in the event of a successful booking order from Greens, the energy industry identification method of the IP address. In addition, we use the personal data to ensure the security of our information technology systems. We do not evaluate the personal data in this context for marketing purposes.

3. What is the legal basis for this data processing?
The legal basis for the storage of your personal data and the log files is our legitimate interest, Art. 6 para. 1 lit. f GDPR, in the provision of a secure and functioning website. The legal basis for the processing of your personal data and log files in order to be able to display the contents of the website in your Internet browser is the fulfillment of the contract, Art. 6 para. 1 lit. b GDPR.

4 How long do we store your personal data?
We delete personal data that we process for the provision of a secure and functioning website and the display of content on the website when the respective session has ended.
We delete personal data stored in log files after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing client. In addition, we only store this personal data to fulfill any statutory retention obligations or, to the extent necessary and legally permissible, to assert or defend against legal claims.


II Use of cookies

We use cookies and similar technologies, such as pixels or tags ("cookies") on our website. We use the cookies and process the personal data collected by the cookies to provide you with the website and its functionalities, to offer you an optimal booking experience, to provide and improve our services, to learn about your usage behavior and to display individualized advertising and content on our website and third-party sites and in our newsletters.

You can find the cookies we use in our cookie settings. You can access the cookie settings on the website at any time via the link at the bottom of the footer.

You can consent to or reject the setting of cookies and the processing of the personal data collected by cookies - apart from cookies that are absolutely necessary for the provision of our website - when you first visit our website and at any time thereafter in our cookie settings. To do this, you must check or uncheck the box next to the cookie and click on "Save selection and agree". These settings apply to the device you are using (mobile or computer). If you do not agree to the setting of cookies, certain subpages or functionalities on the website may not be available.


III Commissioning of energy supply contracts

1. How do we process your personal data and to what extent?
Our website offers the option of commissioning an energy supply contract with Maxenergy. The personal data entered in the input masks during the booking process is transmitted to us and stored. The personal data that is not marked as "optional" is mandatory for commissioning Maxenergy, and we initially process the following data in order to show you the expected monthly costs of the energy supply contract:

  • For private households: Number of people in the household
  • If applicable for businesses: size of business
  • Annual consumption in kWh
  • Zip code
  • Grid operator


We process the following data as part of the booking process:

  • First and last name
  • Gender
  • Date of birth
  • E-mail address
  • Telephone number
  • Details of the situation (relocation, new supplier change)
  • Meter point number or meter number
  • Switch date
  • Discount code (optional)
  • Data for payment processing via SEPA transfer (IBAN and name of the account holder)
  • IP address
  • Customer number, personnel number (if available)
  • Contract partner number (if available)
  • Product data (selected product, conditions, start time and term)


2. For what purposes do we process your personal data?
The data processing serves to prepare the conclusion of the energy supply contract with Maxenergy.

3. What is the legal basis for this data processing?
The legal basis for the processing of your personal data is the fulfillment of the contract, Art. 6 para. 1 lit. b GDPR, since the core of the contractual relationship is the commissioning of Maxenergy.
The legal basis for the processing of the IP address is our legitimate interest, Art. 6 lit. f GDPR, to prevent fraud.

4. How long do we store your personal data?
We process your personal data for as long as is necessary to fulfill the contract. In addition, we store this personal data in order to be able to provide our services to you (customer portal, dashboard, etc.) as well as to fulfill any statutory retention obligations or, to the extent necessary and legally permissible, to assert or defend against legal claims.

5. To whom do we transfer your personal data?
We transmit the data listed in section 1 to Maxenergy to enable the energy supply contract. The data is required so that Maxenergy can conclude an energy supply contract with you.

IV Registration and use of your account

1. How do we process your personal data and to what extent?
You can register on the website and create an account. We process the following data when you create a customer account:

  • Personal data that we collect during registration (first name, last name, e-mail address, password, date of registration)
  • Personal data that we process to verify your registration (IP address, time of registration for "My account" and confirmation of the email address, click on the confirmation link in the confirmation email)
  • Contract data as described above under III.1.


2. For what purposes do we process your personal data?
We process the personal data in order to provide you with the services in connection with the registration and use of the account.

3. What is the legal basis for this data processing?
The legal basis for data processing in connection with the registration and use of the account is the fulfillment of the contract, Art. 6 para. 1 lit. b GDPR.

4. How long do we store your personal data?
We process your personal data for as long as the user contract for the customer account exists. Beyond this, we only store this personal data to fulfill any statutory retention obligations or, to the extent necessary and legally permissible, to assert or defend against legal claims.


V Newsletter and marketing communication

We process your personal data for newsletters and marketing communications if you have consented to receiving newsletters and marketing communications.

1. For what purposes do we process your personal data?
We process the aforementioned personal data in order to send you the newsletter and, if applicable, existing customer communications. We also process the personal data in order to get to know your interests and to provide content in the newsletter that is tailored to your interests.

2. What is the legal basis for this data processing?
If you have registered for our newsletter, the legal basis for the processing of personal data is your consent, Art. 6 para. 1 lit. a GDPR.
The legal basis for processing the personal data of our existing customers is our legitimate interest, Art. 6 para. 1 lit. f GDPR, in staying in contact with customers and suggesting products that may be of interest to them.

3. What objection and removal options are available to you?
You can withdraw your consent for the newsletter at any time with effect for the future by clicking on the unsubscribe link at the end of each newsletter or by sending an email to info@backbone.one stating the email address to which the newsletter should no longer be sent.

VI E-mail contact

1. How do we process your personal data and to what extent?
If you contact us by e-mail, we process the personal data you send us with the e-mail.
We do not pass this personal data on to third parties. We use the personal data exclusively for processing and responding to the inquiry.

2. For what purposes do we process your personal data?
We only process your personal data from the input screen or the personal data transmitted with the e-mail to process your request.
We process the other personal data processed during the sending process in order to prevent misuse of the contact form and to ensure the security of our information technology systems.

3. What is the legal basis for this data processing?
The legal basis for the processing of personal data transmitted in the course of contacting us via the contact form or by email is our legitimate interest in the efficient and timely provision of the requested information and the security of our IT systems, Art. 6 para. 1 lit. f GDPR. If the contact is aimed at the conclusion of a purchase contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

D. To whom do we transfer your personal data?

We sometimes work together with other companies for the data processing described in this data protection notice. These companies are processors or other controllers. We provide information about specific data recipients in this privacy policy and in the cookie settings. Below you will find further information about data recipients:

I Processors
We use processors primarily to provide the website and the platform. Processors, such as IT service providers, process your personal data strictly on the basis of our instructions. We have carefully selected these processors and have concluded data processing agreements with them. If these processors are located outside the European Economic Area (EEA), section D.IV. below also applies.

II Other controllers
In certain cases, we may transfer your personal data to other controllers who process your personal data for their own purposes rather than on our instructions, insofar as this is necessary for the performance of the contract or the provision of services (e.g. to Maxenergy). These other controllers may only use the personal data transmitted in this way for the purpose for which we have transmitted it. The transfer of your personal data to these other controllers takes place for the fulfillment of the contract, Art. 6 para. 1 lit. b GDPR, or on the basis of our legitimate interest, Art. 6 para. 1 lit. f. GDPR. GDPR, to make our operations efficient. If these other controllers are located outside the EEA, Section D.IV. below also applies.

III Legal obligation or enforcement of legal obligations
Otherwise, we will only transfer your personal data to other controllers if and to the extent required by law to enforce legal claims or to investigate or prevent suspected or actual unlawful activities. In these cases, we will inform you separately about the respective transfer if and insofar as this is legally required.

IV Transfer to third countries
If we transfer your personal data to processors or other controllers in countries outside the EEA (e.g. to the USA), the transfer is based on an adequacy decision of the EU Commission for the recipient country or the legally required standards and security mechanisms (e.g. by agreeing the so-called EU standard contracts).

E. What rights do you have as a data subject?

If we process your personal data, you are a data subject within the meaning of the GDPR and you have the rights listed below vis-à-vis us if the legal requirements are met. You can exercise these rights at any time by sending us an email to info@backbone.one

I Right to information
You can request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and to further information, e.g. the processing purposes, the recipients and the planned duration of storage or the criteria for determining the duration.

II Right to rectification
You have the right to rectification and/or completion of your personal data if it is incorrect or incomplete.

III Right to restriction of processing
You may request the restriction of the processing of your personal data.

IV Right to erasure
You can demand that we erase the personal data concerning you, provided that there are no exceptions, e.g. statutory retention obligations.

V Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.

VI Right to object
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you.
If we process your personal data for direct marketing purposes, you have the right to object to this processing at any time without further justification.

VII Right to withdraw your consent
You have the right to withdraw your consent at any time. Even if you withdraw your consent, the processing that took place on the basis of your consent prior to the withdrawal remains lawful.

VIII Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

IX Right to lodge a complaint with a data protection supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you by us violates the GDPR.