PRIVACY POLICY OF THE GREENSEARCH.PL INTERNET PLATFORM

(Updated: 03/10/2026)

1. Who is who in this policy?

  1. Personal Data Administrator (abbreviated as "Administrator") or "We" – refers to us, Greensearch Limited Liability Greensearch with its registered office in Radom (26-600) at ul. Kazimierza Pułaskiego 6/10. We are the administrator of your personal data and we decide on the purposes and methods of its processing.
  2. For all matters relating to the protection of your personal data, you can contact us directly at the following email address:greensearch.
  3. You – any natural person who visits or uses our Platform (Visitor or User), in particular a natural person conducting business activity or a person representing a User who is not a natural person.
  4. Platform – our website available atgreensearch.
  5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
  6. Terms and Conditions – means the Terms and Conditions for the Provision of Services by the Greensearch.pl Internet Platform. Capitalized terms used in this Privacy Policy shall have the meanings assigned to them in these Terms and Conditions.

2. How, why, and on what basis do we process your data?

We collect your personal data primarily directly from you when you register an Account, fill out a contact form, publish an ad, or make a payment. Below you will find detailed information about the purposes for which we process your data, what data we process, the legal basis for processing it, and how long we store it.

Purpose of processingLegal basis under the GDPRWhat data do we process?Storage period
Conclusion and performance of the Account Service AgreementArt. 6(1)(b) – processing is necessary for the performance of a contract for the provision of Account Services concluded with the data subject or in order to take steps at the request of the data subject prior to entering into a contractFirst and last name, Email addressFor the duration of your Account on the Platform and until the expiry of any claims arising from the Account Service Agreement. Providing data is voluntary, but failure to do so will result in the inability to conclude and perform the above-mentioned Agreement (create an Account).
Conclusion and performance of the Agreement for the publication of the AnnouncementArt. 6(1)(b) – processing is necessary for the performance of a contract for the publication of an advertisement concluded with the data subject or in order to take steps at the request of the data subject prior to entering into a contractCompany, Tax ID, Logo, Location, Industry, Number of employees, Website address, Email address, Links to social media profiles, Other data provided in the company descriptionFor the duration of the Agreement until the expiry of any claims arising from the Agreement for the publication of the Announcement. Providing data is voluntary, but failure to do so will result in the inability to conclude and perform the above-mentioned Agreement (publication of the Announcement).
Handling inquiries via the contact formArt. 6(1)(f) – our legitimate interest (communication with users and responding to messages received)First and last name, Email address, Company, Other information provided in the messageFor the time necessary to handle and resolve the matter raised in the message, but no longer than until the objection is effectively lodged. Failure to provide the data will result in the inability to receive a response.
Conducting reviews and considering appeals against decisions on the handling of unacceptable contentArticle 6(1)(c) – legal obligation under the DSAFirst and last name, Company, Email address, Other contact detailsFor the time necessary to carry out the verification, but no longer than until the User's claims expire. Failure to provide the data will result in the inability to receive a response to the request and to exercise the above-mentioned rights.
Complaint handlingArticle 6(1)(c) – legal obligation arising from the provisions on the Administrator's liability in the event of non-compliance of the digital service with the relevant AgreementFirst and last name, Company, Email addressFor the duration of the complaint procedure, but no longer than until the User's claims expire. Failure to provide data will result in the inability to consider the complaint or exercise the above-mentioned rights.
Compliance with legal obligations in the field of accounting and taxesArticle 6(1)(c) – legal obligation under tax and accounting regulationsFirst and last name, Company name, Tax Identification Number, Registered office address/residential addressFor a period of 5 years from the end of the calendar year in which the tax payment deadline for the previous year expired. Failure to provide this information will result in our inability to fulfill the above obligations.
Compliance with personal data protection obligationsArticle 6(1)(c) – legal obligation under data protection regulationsFirst and last name, other data provided by the User, including contact details.Until the statute of limitations expires for claims arising from violations of personal data protection regulations. Failure to provide this data will result in the inability to properly exercise the above rights.
Determination, investigation, or defense against claimsArt. 6(1)(f) – our legitimate interest (protection of our rights in claims arising from the Agreements we conclude)First and last name, Company, Email address, Registered office address/home address, Tax Identification NumberUntil the expiry of the limitation period for claims arising in connection with the Agreements concluded by us. Failure to provide this data will result in our inability to take action.
Platform AdministrationArt. 6(1)(f) – our legitimate interest (obtaining information about Users' activity on the Platform)IP address, Device and browser information, Approximate location, Device operating systemUntil an effective objection is lodged or we achieve the purpose of processing. If you do not provide your data, we will not be able to ensure the proper functioning of the Platform.
Analysis of User activity on the PlatformArt. 6(1)(f) – our legitimate interest (ensuring the proper functioning of the Platform)Time spent on the Platform, IP address, Device and browser data, Approximate location, Device operating system, Subpages visited, and other activities undertaken on the PlatformUntil an effective objection is lodged or we achieve the purpose of processing. If you do not provide your data, we will not analyze your activity on the Platform.

3. Who can we share your data with?

We may entrust your personal data to third parties (our partners) who support us in our business activities. The recipients of your data may include:

  • hosting service provider: Amazon Web Services EMEA SARL (AWS) based in Luxembourg - for the purpose of storing data on servers;
  • payment operator: Stripe, Inc. based in the USA - for the purpose of handling and settling payments for paid Services;
  • accounting service provider: Kancelaria Księgowo – Finansowa H&P Spółka z ograniczoną odpowiedzialnością with its registered office in Otwock – for the purpose of keeping our accounts and providing accounting services to us;
  • IT and technical support service providers: FutureCode IT Consulting Sp. z o.o. other subcontractors who maintain and develop the Platform;
  • analytics service provider – Google;
  • authorized state authorities: Courts, public prosecutors, law enforcement authorities, supervisory authorities (e.g., President of the Personal Data Protection Office, President of the Office of Electronic Communications), if they request us to disclose data in accordance with applicable regulations.

4. Will your data be transferred outside the European Economic Area (EEA)?

Yes, in some cases your data may be transferred to third countries, i.e. outside the EEA. This is because we use global service providers such as:

  • Amazon Web Services (AWS) – servers can be located in various locations around the world.
  • Stripe, Inc. – the company's headquarters are located in the United States,
  • Google – the company's headquarters are located in the United States.

In connection with our use of services provided by, among others, the entities listed above, your personal data may be transferred to the following third countries: United Kingdom, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia, and Australia. The basis for the transfer of data to the above-mentioned third countries is:

  • in the case of the United Kingdom, Canada, Israel, and Japan – decisions of the European Commission confirming an adequate level of personal data protection in each of the above-mentioned third countries;
  • in the case of the USA, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia, and Australia —contractual clauses ensuring an adequate level of protection, in accordance with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.

You can obtain a copy of the data transferred to a third country from us.

5. What are your rights in relation to data processing?

The GDPR grants you a number of rights, which you can exercise by contacting us at the following email address:greensearch. These are:

  1. Right of access to data (Article 15 of the GDPR): you may request information on whether we process your data and, if so, obtain access to it and receive a copy (the first copy is free of charge, each subsequent copy may be subject to a fee).
  2. Right to rectification (Article 16 of the GDPR): if you believe that your data is incorrect or incomplete, you have the right to request that it be corrected.
  3. Right to erasure ("right to be forgotten") (Article 17 of the GDPR): you may request the erasure of your data if, for example, it is no longer necessary for the purposes for which it was collected. Please note that this right is not absolute and we will not be able to delete your data if its processing is based on a legal basis other than your consent.
  4. Right to restriction of processing (Article 18 of the GDPR): you may request that we restrict the processing of your data (i.e., mainly store it) in certain cases, e.g., when you contest its accuracy.
  5. Right to data portability (Article 20 of the GDPR): if the processing is based on a contract or consent and is automated, you have the right to receive your data from us in a structured, commonly used format and to send it to another controller.
  6. Right to object (Article 21 of the GDPR): if we process your data on the basis of our legitimate interest (Article 6(1)(f) of the GDPR), you have the right to object to such processing at any time for reasons related to your particular situation.
  7. Right to lodge a complaint with a supervisory authority: if you believe that we are processing your data unlawfully, you have the right to lodge a complaint with the President of the Personal Data Protection Office.
  8. Right to withdraw consent (Article 7(3) of the GDPR): if your data is processed on the basis of consent (e.g., for marketing activities), you have the right to withdraw your consent at any time. Please note that withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.

6. Do you have to provide your personal information?

  1. Providing data is voluntary, but often necessary to use our Services. Some of the processes described above involve the obligation to provide data, e.g., to comply with tax obligations.
  2. Without providing your details in the registration form, you will not be able to create an Account. Without providing your details in the contact form, we will not be able to respond to your inquiry.

7. Profiling and automated decision-making

  1. Please be advised that as part of the Platform's activities, we create your profile for marketing purposes (including direct marketing tailored to your preferences), which means that we process your data in an automated manner, including profiling, but this will not have any legal effects on you or significantly affect your situation in a similar way.
  2. The legal basis for the processing of personal data in this case is Article 6(1)(f) of the GDPR – legitimate interest, in this case conducting marketing activities tailored to the preferences of Users. Providing data is not mandatory, but it is necessary to achieve the above-mentioned purpose. Failure to provide such data means that we will not be able to conduct marketing activities tailored to Users' preferences.

8. Final provisions

  1. This Privacy Policy is an integral part of the Platform Terms and Conditions.
  2. We reserve the right to make changes to the Privacy Policy. We will notify you of any changes in advance on the Platform website.
  3. The policy comes into effect on September 1, 2025. The current version is valid from March 10, 2026.
PARP logo

The project is co-financed by the European Union under the European Funds for Eastern Poland 2021-2027 program. Priority FEPW.01 Entrepreneurship and innovation. Measure FEPW.01.01 Start-up platforms for new ideas. Component I incubation - development of a new business idea (Start-up Platform Central Innovation Accelerator: Mazovian StartUPolis)

PARP logo

Project co-financed by the European Union

Project title:

DD AI – an innovative and automated renewable energy project certification service

Project objective:

The aim of the project is to develop and implement the DD AI module—an artificial intelligence-based tool that automates the due diligence process for renewable energy projects (RES). The solution will reduce document analysis time by up to 90% and increase the reliability of project assessments, supporting developers, investors, and financial institutions in their decision-making.

Scope of activities:

The project will include, among other things:

  • configuration and development of AI modules
  • pilot tests in a demonstration environment,
  • integration of the DD AI module with the Greensearch platform,
  • compliance audit (AI Compliance, GDPR),
  • preparation of a marketing strategy and promotional activities.

Target groups:

The project is aimed at:

  • developers of renewable energy projects (photovoltaics, wind, BESS, biogas),
  • institutional and private investors,
  • law firms and consulting companies,
  • financial institutions financing renewable energy investments.

Project results:

  • launch of the DD AI module on the Greensearch platform,
  • automatic analysis and certification of renewable energy projects,
  • improving the quality and speed of due diligence processes,
  • increasing the transparency of the renewable energy investment market.

Project value:

Total value of the project: PLN 580,705.50

Contribution from European Funds:

Value of funding: PLN 469,680.25

Funding:

Project implemented under the European Funds for Eastern Poland 2021–2027