Privacy Policy for the processing of personal data in the Investor Dashboard of Greenrock Energy Austria GmbH


This Privacy Policy informs you about how GreenRock Energy Austria GmbH (hereinafter collectively also "we") handles your personal data (hereinafter also "your data") in the context of subscribing to the GREBI and GREBII-token. 

We attach great importance to protecting the personal rights of users (hereinafter "Users" or "You"), comply with the applicable data protection regulations and take the necessary measures to protect Your Data.


1. data controller

Responsible for the processing of your data on this website is:

GreenRock Energy Austria GmbH, Herzog-Friedrich-Straße 10, 6020 Innsbruck, Austria, e-mail:


2. data processing and purposes of use

2.1 General

"Personal data" are all data and information relating to an identified or identifiable person. This includes, for example, contact data such as name, telephone number, address or e-mail address, as well as other information that you provide to us, for example, during registration.

Any handling of personal data, including but not limited to the collection, storage, management, use, transmission, disclosure or deletion of your data, is considered "processing" or "handling".

Your data will only be used for the respective purposes communicated to you in this Privacy Policy. We take the necessary measures to ensure that your personal data is protected against loss, theft and misuse.

In the following, we will inform you about the cases in which we collect data about you, which data we process from you, for which purposes we use it and to whom it may be passed on. In addition, we will explain to you what rights you have vis-à-vis us with regard to your data and how you can assert these rights.


3 What data processing takes place?

3.1 Transmission of data via the Internet

When you visit this website, we process your IP address, the date and time of your visit, information about the browser you are using, including language settings and, if applicable, your operating system, the address of the website from which you have accessed our website (referral URL) and information about the files you have accessed. Your browser automatically transmits this data to your Internet service provider and the latter to us.

Why is this data processed?

We process this data so that you can load our website, for the purpose of testing and, if necessary, restoring system security and stability, and for statistical purposes (see below). We cannot assign this data to a specific person. The legal basis for this processing is our legitimate interest (Art. 6, para. 1 lit. f) DSGVO). We have a legitimate interest in ensuring that our website is displayed correctly on your screen and that we can determine and rectify the causes in the event of faults.

How long is this data stored? Do I have to provide this data?

This data is stored in log files and automatically anonymized after 7 days. The provision of this data is neither legally nor contractually required and is not necessary for the conclusion of a contract with us. However, a visit to our website without processing this data would not be possible for technical reasons.

3.2 Cookies storage

We use cookies on our website. Cookies are small files that contain an identification number. Cookies are stored on your computer or mobile device when you access our website. 

Why are cookies set?

Session cookies enable you to avoid having to make entries on our website again, even if you call up other websites in between. The purpose of these session cookies is therefore to facilitate the use of our website. The following session cookies are used exclusively to improve user comfort. 

  • Session Cookie
  • Auth Server Cookie

The legal basis is our legitimate interest (Art. 6, para. 1 lit. f) DSGVO). We have an interest in enabling you to use our website in a user-friendly manner and in optimizing our website or documenting user decisions.

How long is this data stored?

The following cookies are deleted immediately after closing the browser.

  • Session Cookie
  • Auth Server Cookie

Permanent cookies are not used by our site.

3.3 Registration and user account

Users can create a user account by registering with the Investors Dashboard. Via this user account the registered users have access to the services for managing their tokens and the associated claims. The user account stores data such as name, postal address, bank details and wallet information. System messages related to the management of the account (for example, registration, password reset, instructions, subscription confirmation and similar content) are sent by e-mail via the stored e-mail address.

Why are these data processed?

Without the mandatory registration data, no user account can be created and no revenue share distribution can take place. The processed data are those that are needed to identify and address the user. In addition, the bank details for the payments of the sales participation as well as the data on tax assessments are stored in the user profile. Accordingly, the legal basis is the fulfilment of our contract with you (Art. 6, para. 1 lit. b DSGVO).

How long is this data stored and do I have to provide it?

User data is stored for as long as the user account exists. If investors have terminated their user account, their data with regard to the user account will be deleted, unless its retention is necessary for reasons of commercial or tax law. 

3.4 Register management in accordance with the eWpG and the eWpRV

Under the Electronic Securities Act (eWpG), an electronic security is issued by the issuer effecting an entry in an electronic securities register instead of issuing a securities certificate. This Act and the corresponding legal regulation of the Ministry of Finance specify what information the register contains about the investor. The register is maintained by the registrar defined in the securities prospectus (Tangany GmbH, Amtsgericht München HRB 246113). The privacy policy of the registrar can be found at As the issuer, we have access to the contents of this register.

Why is this data processed?

We process this data in order to fulfil our contractual obligations towards you as an investor. (Art. 6, para. 1 lit. b DSGVO).

How long is this data stored and do I have to provide it?

The data will be processed as long as holders of the security. This processing ends with the deletion from the register. This does not apply to documents that we have to keep due to legal obligations (commercial and tax legislation).

3.5 Identification of the investor nor the anti-money laundering regulations

In order to identify the person with certainty, the Anti-Money Laundering Registrar is required by law to identify investors by appropriate means. 

Therefore, in the course of full registration, consumers are directed to an appropriate service provider to undertake this identification (KYC provider (KYC= Know Your Customer)), which then passes the data collected in its process to the Registrar. 

From institutional investors, documents identifying the Ultimate Beneficial Owner (UBO) are collected and forwarded to the Registrar.

Why is this data processed?

This data is processed so that we can clearly identify you as an investor in accordance with legal requirements and to ensure that distributions of interest are made to the authorized persons or companies. 

How long is this data stored and do I have to provide it?

Without the data from the identification process, no effective subscription to the bond and also no distribution of interest can take place. The data will be stored as long as the user account exists and rights arising from token ownership are asserted.

3.6 Logging of user actions

To ensure the integrity and to prove changes to investor data, both login and the saving of changes in the profile are recorded in a so-called entity change log. In addition, the opening of mails and the clicking of any links contained therein are recorded by our e-mail providers.

Why is this data processed?

This data is processed so that we can protect you as an investor from fraud in the best possible way. In addition, we use the data to defend claims against our company. Accordingly, the legal basis is our legitimate interest (Art. 6, para. 1 lit. f DSGVO).

How long is this data stored and do I have to provide it?

The data will be stored in accordance with the applicable limitation periods of claims arising from the contract between you as investor and us as issuer. 


4. transfer of data to third parties

Your personal data will not be disclosed, sold or otherwise transferred to third parties, unless this is necessary for the purpose of contract execution or to fulfil our legal obligations.

In order to fulfil our legal obligations as well as for contract processing, we engage service providers to assist us in processing your data for the above-mentioned purposes on our behalf. We have concluded appropriate contracts with these service providers (processors) to protect your data. Order processors only process data on our instructions and not for their own purposes.

A transfer of data to processors and the processing of data takes place exclusively within the borders and jurisdiction of the European Union.


5. data security

We take appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse, such as issuing instructions, training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymization and controls.


6. your rights

6.1 Right to information and correction

Within the legal framework, you have the right to receive information from us at any time and free of charge about whether and which of your personal data we process. In addition, you can demand that we correct or complete incorrect data about you in our systems.

6.2 Right to deletion and restriction

You have the right to request that we delete or restrict the processing of your personal data.

Please note that even after your request for deletion of your personal data, we may have to retain it due to legal or contractual retention obligations (for example, for billing purposes) and in this case we will only restrict or block your data as necessary. Furthermore, deletion of your data may mean that you can no longer use the services you have registered.

6.3 Right of objection

Insofar as we process data to protect our interests exclusively on the basis of Art. 6 (1) f DSGVO, you have the right to object to the processing of your data for reasons arising from your particular situation. If you object, we will no longer process the data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to enforce legal claims.

6.4 Right to data portability

Where applicable, you may also exercise your right to data portability.

6.5 Withdrawal of consent

You may revoke your consent to data processing, in principle with effect for the future, at any time. In the event of a revocation, we may no longer be able to provide you with personalized use of free and/or paid products.

6.6 Right of complaint

If applicable, you have the right to lodge a complaint regarding data processing with the competent supervisory authority.