Basic information and scope of application
We at Environomica Consulting Limited collect, process and use personal data only in compliance with existing data protection regulations. The legal framework for data protection is provided by the General Data Protection Regulation (GDPR). The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. In the following, you will learn which personal data may arise from which of your activities on our homepage or through the use of our services and how you retain control over your data.
We work according to the principle of data minimization
We collect, process and use data in accordance with the principle of data minimization. The information of personal data within our forms for general contact, engagements as network member or partnerships is limited exclusively to the purpose-related extent. If the purpose ceases to apply and there is no storage obligation, we will delete the data immediately after the purpose has expired. If there is a retention obligation, we block your data for the duration of the statutory retention period and delete the data after the expiry of the retention period. Further transmission of the data will only take place if it is legally permissible or if you have expressly agreed to the transmission.
Information of Controller
Environomica Consulting Limited
Spring Valley Rd 114,
1636 Nairobi, Kenya
Tel.: +254 710 228 226
Information of the Data Protection Officer
Via Plinio il Vecchio, 15
23900 Lecco, Italy
Tel.: +39 392 519 9987
Environomica Consulting Limited (“us”, “we”, or “our”) operates the www.environomica.com website (hereinafter referred to as the “Service”). This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.
We use your data to provide and improve the Service, for general communication exchange, engagements as network member or partnerships. By using the Service, you agree to the collection and use of information in accordance with this policy.
- Service: Service is the www.environomica.com website operated by Environomica Consulting Limited.
- Personal Data: Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
- Usage Data: Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
- Cookies: Cookies are small files stored on your device (computer or mobile device).
- Data Processors (or Service Providers): Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
- Data Subject (or User): Data Subject is any living individual who is using our Service and is the subject of Personal Data.
Types of Data Collected
We collect several different types of information for various purposes to provide and improve our Service to you.
1. Personal Data
While using our Service or engaging with us as a business, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
- Email address
- First and last name
- Address, State, Province, ZIP/Postal code, City
- Professional and academic background
- Regional experience
- Languages spoken
- Profile photo
We may use your Personal Data to contact you for project assignments, with newsletters or marketing materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.
We are highly committed to safeguard your privacy and proprietary information. We are the sole users of the information collected on this site and will not sell, rent or otherwise distribute this information to third parties without your consent. Provided your consent, we may use your information to include it into offers for potential projects.
2. Usage Data
We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
3. Tracking Cookies Data
Our website uses so-called cookies. These are text files that are stored on your computer by the server. They contain information about the browser, the IP address, the operating system and the Internet connection. We do not pass this data on to third parties or link it to personal data without their consent. Cookies fulfill two main tasks. They help us to make it easier for you to navigate through our website and enable the website to be displayed correctly. They are not used to introduce viruses or start programs.
Users have the possibility to access our website without cookies. To do this, the corresponding settings must be changed in the browser. Please inform yourself about the help function of your browser on how to deactivate cookies. However, we would like to point out that this may impair some of the functions of this website and limit user comfort.
Examples of the Cookies we use:
- Transient Cookies: These cookies are automatically deleted when you close your browser. These include in particular session cookies. They store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close your browser.
- Persistent Cookies: These cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.
- Prevention of cookies: You can configure your browser settings according to your wishes and, for example, reject the acceptance of third-party cookies or all cookies. We would like to point out that you may then not be able to use all the functions of this website.
Recipients of data or categories of recipients
Within Environomica Consulting Limited those offices that need your data to fulfill their contractual and legal obligations will have access to it.
External service providers (contract processors)
Your data may be passed on to service partners, e.g. IT and software service providers for support and maintenance work, as part of the support of our website in order to support us in providing our services. The website is hosted by a provider as an order processor according to Art. 28 GDPR.
Processing of your personal data by commissioned service providers may take place within the framework of order processing pursuant to Art. 28 GDPR.
Use of Data
Environomica Consulting Limited uses the collected data for various purposes:
- To provide and maintain our Service
- To notify you about changes to our Service
- To allow you to participate in interactive features of our Service when you choose to do so
- To engage with you as network members
- To gather analysis or valuable information so that we can improve our Service
- To monitor the usage of our Service
- To detect, prevent and address technical issues
- To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information
Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)
Environomica Consulting Limited may process your Personal Data because:
- We need to perform a contract with you
- You have given us permission to do so
- The processing is in our legitimate interests and it is not overridden by your rights
- To comply with the law
Environomica Consulting Limited will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.
Disclosure of Data
Under certain circumstances, Environomica Consulting Limited may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). Environomica Consulting Limited may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Environomica Consulting Limited
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
We may use third-party Service Providers to monitor and analyse the use of our Service.
2. Social Media plug-ins
We integrate the following social media services into our websites on the basis of our legitimate interests in the representation of our company on social media as part of our public relations work pursuant to Art. 6 Para. 1 lit. f GDPR Plug-ins: – Facebook (Operator: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA) – Twitter (Operator: Twitter Inc., 795 Folsom St.., Suite 600, San Francisco, CA 94107, USA) – Vimeo (Operator: Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011, USA) – LinkedIn: (Operator: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA). These plugins usually collect data from you by default and transmit it to the servers of the respective provider. The plugins also collect personal data such as your IP address and send it to the servers of the respective provider, where it is stored and processed. In addition, social plugins set a cookie with a unique identifier when the website in question is accessed. This also enables the providers to create profiles about your usage behavior. This also happens if you are not a member of the social network of the respective provider. If you are a member of the social network of the provider and you are logged into the social network during your visit to this website, your data and information about your visit to this website may be linked to your profile on the social network. We have no influence on the exact extent of the data collected from you by the respective provider. For more detailed information about the scope, type and purpose of data processing and about rights and setting options to protect your privacy, please refer to the data protection information of the respective provider of the social network.
These are available at the following addresses:
- Facebook: https://www.facebook.com/policy.php
- Twitter: https://twitter.com/privacy/
- Vimeo: http://vimeo.com/privacy
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
You can subscribe to our newsletter on our website. This is done by entering a valid e-mail address in the “Newsletter” contact form. The indication of the name is voluntary for you and serves only for personal speech.
You will only receive our newsletter with your unambiguous consent in accordance with Article 6 para. 1 lit a GDPR. To do this, you must reconfirm the e-mail that we sent to the corresponding address following your registration.
The shipping service provider is appointed on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR and a contract processing agreement pursuant to Art. 28 para. 3 sentence 1 GDPR.
The dispatch service provider can use the recipient’s data in pseudonymous form, i.e. without allocation to a user, to optimise or improve its own services, e.g. for technical optimization of dispatch and presentation of the newsletter or for statistical purposes. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass on the data to third parties.
If you no longer wish to receive the newsletter, you will find a corresponding button “unsubscribe” or “unsubscribe” (at the end of the newsletter) in every newsletter you receive, which you can use to cancel your subscription.
Of course, you can revoke your consent to the storage and processing of the data provided within the scope of the newsletter dispatch at any time with effect for the future via our contact provided.
4. Further contact forms / Contact by e-mail
If you contact us via the online form or by e-mail, we store the information you provide in order to be able to answer your inquiry and ask possible follow-up questions.
We collect, process and use this data only to the extent necessary to process your order directly or to initiate or conclude a contract pursuant to Art. 6 Para. 1 lit. b GDPR. For the answering of all other inquiries, which do not aim at initiation or a conclusion of a contract, the indicated personal data become on the legal basis of our entitled interests after art. 6 exp. 1 lit. f DSGVO to answer the inquiries duly. The customer data collected will be deleted after the conclusion of the order or termination of the business relationship as well as the final answer to the inquiry. Legal retention periods remain unaffected.
We only transfer personal data to third parties if this is necessary within the framework of contract processing, for example to the credit institution commissioned with payment processing, is legally permissible or you have given your consent.
You can apply to become a member in our network or a business collaboration partner. Your details will only be used to process your application and match you, once accepted as a member or partner, with potential client projects. Please note that e-mails sent un-encrypted are not transmitted with access protection. For a qualified application, please submit your CV and company profile.
Without the information collected for the expert pool we will unfortunately not be able to process your application. In addition, you have the option of voluntarily providing additional information. The legal basis for the data processing of your application is the initiation of an employment relationship in accordance with Art. 6 Para. 1 b GDPR or the initiation of a contractual relationship in the realm of joint client projects.
If you have applied for a specific position and this position has already been filled or we consider you to be suitable for another position as well or even better, we would like to forward your application within our group of companies. Please let us know if you agree to your application being forwarded.
Your personal data will be deleted within a maximum of 6 months after completion of the application process, unless you have expressly given us your consent for a longer storage of your data or a contract has been concluded.
Rights of data subjects
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. For this purpose, an informal e-mail notification to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which a processing is based can be found in this data protection declaration. If you file an objection, we will no longer process your personal data concerned unless we can prove compelling reasons for the processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defense of legal claims (objection according to Art. 21 para. 1 GDPR).
If your personal data are processed for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling in so far as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes (objection according to Art. 21 para. 2 GDPR).
Right of appeal to a supervisory authority
In the event of infringements of the GDPR, the persons concerned have the right to appeal to a supervisory authority, in particular in the Member State of their habitual residence, workplace or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.
Right to data transferability
You have the right to have data which we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible.
Information, blocking, deletion and correction
Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, their origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. You can contact us at any time at the address given in the text above for this and other questions on the subject of personal data.
Right to limitation of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given. The right to limit the processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the examination you have the right to demand the restriction of the processing of your personal data.
- If the processing of your personal data has taken place unlawfully, you can demand the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to demand the restriction of the processing of your personal data instead of deletion.
- If you have lodged an objection pursuant to Art. 21 Para. 1 GDPR, a balance must be struck between your and our interests. As long as it is not yet clear whose interests predominate, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, such data may not be processed – apart from its storage – without your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
Data processing within the scope of our business services
We process the data of our contractual partners and interested parties as well as clients, suppliers, service providers and customers according to Art. 6 Para. 1 lit. b. GDPR in order to provide them with our contractual or pre-contractual services. The data processed, the type, scope and purpose and the necessity of their processing are determined by the underlying contractual relationship. The processing data includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) as well as contract data (e.g. services used, contract contents, contractual communication, names of contact persons), payment data (e.g. bank details, payment history) and company or personal profiles (e.g. reference projects, fields of expertise, language skills, etc.). We do not process any special categories of personal data, unless these are part of a commissioned or contractual processing. We process data which are necessary for the justification and fulfillment of the contractual services and point out the necessity of their indication, if this is not evident for the contracting parties. Disclosure to external persons or companies will only take place if it is necessary within the framework of a contract. When processing the data provided to us within the framework of an order, we act in accordance with the instructions of the client and the legal requirements.
Within the scope of using our online services, we can store the IP address and the time of the respective user action. The storage takes place on the basis of our justified interests of the users in the protection from abuse and other unauthorized use. This data will not be passed on to third parties unless it is necessary to pursue our claims pursuant to Art. 6 Para. 1 lit. f. GDPR is necessary or there is a legal obligation to do so pursuant to Art. 6 Para. 1 lit. c. GDPR.
The data will be deleted when the data is no longer required for the fulfillment of contractual or statutory duties of care and for handling any warranty and comparable obligations, whereby the necessity of storing the data is reviewed every three years. In all other respects, the statutory storage obligations shall apply.
Data processing at trade fairs / handling business cards
If you provide us with your contact data at a trade fair, e.g. by providing us with your business card, we could store this data in our system run by Google LLC. We use your data to contact you as requested, to establish a business relationship and to send you information material (Art. 6 para. 1 lit a, b and f GDPR). Your data will be deleted if you so wish or if the purpose of the processing no longer applies and storage is no longer necessary, provided there are no legal storage periods to the contrary.
We may use the e-mail address and postal address provided within the framework of the initiation and conclusion of a contractual relationship to inform you about similar product and service offers by e-mail and post from now on due to our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. If you do not wish to receive any further advertising information by e-mail or post, you can object to the use of your contact data for advertising purposes at any time with effect for the future without incurring any costs other than the transmission costs according to the basic tariffs. You can address your objection to the following contact addresses. E-mail email@example.com or mail to Environomica Consulting Limited, Spring Valley Rd 114, 1636 Nairobi, Kenya.
Your data will be deleted if there is a legal obligation, the purpose of processing no longer applies and storage is no longer necessary or is objected to, unless there are legal storage periods to the contrary.
Cooperation with contract processors and third parties
Insofar as we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, pursuant to Art. 6 Para. 1 lit. b GDPR is necessary for the performance of the contract), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).If we commission third parties with the processing of data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
Other service providers, partners and third parties
We may cooperate with other partners if it is necessary to fulfill our service offers or if we are legally obliged to disclose data. These may be the following partners or third parties:
- Credit institutions and payment service providers
- Credit agencies
- Call center for support
- Passing on to public bodies or by court order
- Advertising agencies
- Marketing and Sales
We attach great importance to processing your data within the EU and beyond. It may happen that we use service providers who operate outside the EU. In these cases, we ensure that an appropriate level of data protection is established in accordance with Art. 44 -49 GDPR before your personal data is transferred. This means that EU standard agreements or an adequacy decision, such as the EU Privacy Shield, or other contractual and technical measures achieve a level of data protection that is comparable to the standards within the EU.
Origin of personal data
We process personal data that we receive within the scope of our business relationship. In addition, to the extent necessary for the provision of our services and for the fulfillment of the contract, we process personal data which we have received from other companies in our group of companies or from other third parties (e.g. credit agencies) in a permissible manner (e.g. for the execution of orders, for the fulfilment of contracts or on the basis of consents given by you). In addition, we process personal data that we have obtained and are permitted to process from publicly accessible sources (e.g. trade and association registers, press, media).
Categories of personal data
We process the following categories of personal data about you: Personal data (name, address and other contact data, date of birth), possibly order data (e.g. delivery order), payment data, data from the fulfillment of our contractual obligations, advertising and sales data, documentation data (data from consultation and service discussions) as well as comparable data.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only occur if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or allow the data to be processed in a third country only if the special requirements of Art. 44 ff. GDPR. This means that the processing takes place, for example, on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
If necessary, we process and store personal data for the duration of the business relationship. This also includes the initiation and execution of a contract. For the duration of the existence of warranty and guarantee claims, the necessary personal data will be stored. In addition, we store personal data insofar as we are legally obliged to do so. We delete personal data of the person concerned as soon as the purpose of storage no longer applies and statutory retention periods do not prevent deletion. Legal or contractual provisions governing the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data
We will inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may result from contractual provisions (e.g. information on the contractual partner). For the conclusion of a contract, it is necessary that you provide us with personal data. Without this data, we will generally have to refuse to conclude a contract or will no longer be able to execute an existing contract and may have to terminate it. If there is a legal obligation to provide the data, you are obliged to provide us with personal data. If you do not provide the data, we may not establish the desired business relationship. Before the data subject provides personal data, the data subject may contact our data protection officer. Our data protection officer informs the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, whether there is an obligation to provide the personal data and what consequences the non-availability of the personal data would have.
Automated decision making
As a responsible organisation, we do not use exclusively automated decision-making within the meaning of Art. 22 GDPR, which has legal effect for you, to establish contractual relationships.
Objection to advertising e-mails
We hereby object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information material. The operators of this website expressly reserve the right to take legal action against unsolicited mailing or e-mailing of spam and other similar advertising materials.
Liability for links
Our offer contains links to external websites of third parties, on whose contents we have no influence. Therefore, we cannot assume any liability for these external contents. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal infringements at the time of linking. Illegal contents were not recognisable at the time of linking. A permanent control of the contents of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of any legal infringements, we will remove such links immediately.
Changes to our data protection information
In order to ensure that our data protection information always complies with the current legal requirements, we reserve the right to make changes at any time. This also applies in the event that the data protection information has to be adjusted due to new or revised services, for example, new services. The new data protection information will then take effect the next time you visit our website. This page should be called up regularly in order to obtain information on the current status of our data usage regulations (current status: July 2021).