PRIVACY POLICY OF THE GREENSEARCH.PL INTERNET PLATFORM

(Updated: 11/18/2025)

§ 1. Who is who in this policy?

  1. Personal Data Administrator (abbreviated as "Administrator") or "We" – refers to us, Greensearch Limited Liability Company with its registered office in Radom (26-600) at ul. Kazimierza Pułaskiego 6/10. We are the administrator of your personal data and we decide on the purposes and methods of its processing.
  2. Data Protection Officer (DPO) – we have not appointed a Data Protection Officer, as this is not mandatory in our situation. In all matters relating to the protection of your personal data, you can contact us directly at the following e-mail address: kontakt@greensearch.pl.
  3. You – any natural person who visits or uses our Platform (Visitor or User), in particular a natural person conducting business activity or a person representing a User who is not a natural person.
  4. Platform – our website available at https://greensearch.pl/.
  5. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

§ 2. How, why, and on what basis do we process your data?

We collect your personal data primarily directly from you when you register an Account, fill out a contact form, or make a payment. Below you will find detailed information about the purposes for which we process your data, what data we process, the legal basis for processing it, and how long we store it.

Purpose of processingLegal basis under the GDPRWhat data do we process?Storage period
Conclusion and performance of the Account Agreement (provision of Services in accordance with the Terms and Conditions)Article 6(1)(b) – data necessary for the performance of a contractData provided during registration and in the User's profile, e.g., first name, last name, email address, phone number, company details (name, tax ID, address)For the duration of your Account on the Platform and until the expiry of any claims (as a rule, 3 years after the deletion of the Account at the end of the calendar year).
Handling inquiries via the contact formArt. 6(1)(f) – our legitimate interest (communication with users)Data provided in the form, e.g., first name, last name, e-mail address, company name, message contentFor the time necessary to handle and resolve the matter raised in the inquiry, and then until the statute of limitations expires for any claims.
Payment for paid servicesArticle 6(1)(b) – data necessary for the performance of a contractData necessary for processing payments, e.g., identification and transaction dataFor the time necessary to process the payment and settle the contract.
Compliance with legal obligations in the field of accounting and taxesArticle 6(1)(c) – legal obligation arising from tax regulations, in particular from the Accounting Act and the Tax OrdinanceData necessary for issuing and storing accounting documents (invoices), e.g., first and last name, company details (name, tax identification number, address)For a period of 5 years from the end of the calendar year in which the tax payment deadline related to the invoice expired.
Determination, investigation, or defense against claimsArt. 6(1)(f) – our legitimate interest (protection of our rights)All data necessary to prove the existence of a claim or to defend itUntil the proceedings concerning the claims are legally concluded or become time-barred.
Ensuring the security and proper functioning of the PlatformArticle 6(1)(f) – our legitimate interest (ensuring the integrity and availability of our services)IP address, server logs, device and browser dataUsually for a short period of time, for as long as necessary to ensure security (e.g., several weeks), unless they are evidence in proceedings.

§ 3. Who can we share your data with?

We may entrust your personal data to third parties (our partners) who support us in our business activities. We always ensure that our partners provide the highest level of protection. The recipients of your data may include:

  • hosting service provider: Amazon Web Services EMEA SARL (AWS) based in Luxembourg - for the purpose of storing data on servers.
  • payment processor: Stripe, Inc., based in the USA - for the purpose of handling and settling payments for paid Services.
  • Accounting service provider: Kancelaria Księgowo – Finansowa H&P Spółka z ograniczoną odpowiedzialnością with its registered office in Otwock – for the purpose of maintaining our accounting records.
  • IT and technical support providers: FutureCode IT Consulting Sp. z o.o. other subcontractors who maintain and develop the Platform.
  • authorized state authorities: Courts, public prosecutors, law enforcement authorities, supervisory authorities (e.g., President of the Personal Data Protection Office, President of the Office of Electronic Communications), if they request us to disclose data in accordance with applicable regulations.

§ 4. Will your data be transferred outside the European Economic Area (EEA)?

Yes, in some cases your data may be transferred to third countries, i.e. outside the EEA. This is because we use global service providers such as:

  • Amazon Web Services (AWS) – servers can be located in various locations around the world.
  • Stripe, Inc. – the company's headquarters are located in the United States.

Data transfers outside the EEA always take place with an adequate level of protection.

Important: However, we would like to inform you that transferring data to countries such as the US involves risks, as the laws there may not provide your data with protection equivalent to that in the European Union (e.g., public authorities may access your data on broader grounds than in the EU).

Due to our use of services provided by, among others, the entities listed above, your personal data may be transferred to the following third countries: the United Kingdom, Canada, the USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia, and Australia. The basis for transferring data to the above-mentioned third countries is:

  • in the case of the United Kingdom, Canada, Israel, and Japan – decisions of the European Commission confirming an adequate level of personal data protection in each of the above-mentioned third countries;
  • in the case of the USA, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia, and Australia —contractual clauses ensuring an adequate level of protection, in accordance with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679 of the European Parliament and of the Council.

You can obtain a copy of the data transferred to a third country from us.

§ 5. What are your rights in relation to data processing?

The GDPR grants you a number of rights, which you can exercise by contacting us at the following email address: kontakt@greensearch.pl. These are as follows:

  1. Right of access to data (Article 15 of the GDPR): you may request information about whether we process your data and, if so, obtain access to it and receive a copy.
  2. Right to rectification (Article 16 of the GDPR): if you believe that your data is incorrect or incomplete, you have the right to request that it be corrected.
  3. Right to erasure ("right to be forgotten") (Article 17 of the GDPR): you may request the erasure of your data if, for example, it is no longer necessary for the purposes for which it was collected. Please note that this right is not absolute and we will not be able to delete your data if its processing is necessary, for example, to establish, pursue, or defend legal claims.
  4. Right to restriction of processing (Article 18 of the GDPR): you may request that we restrict the processing of your data (i.e., mainly store it) in certain cases, e.g., when you contest its accuracy.
  5. Right to data portability (Article 20 of the GDPR): if the processing is based on a contract or consent and is automated, you have the right to receive your data from us in a structured, commonly used format and to send it to another controller.
  6. Right to object (Article 21 of the GDPR): if we process your data on the basis of our legitimate interest (Article 6(1)(f) of the GDPR), you have the right to object to such processing at any time for reasons related to your particular situation.
  7. Right to lodge a complaint with a supervisory authority: if you believe that we are processing your data unlawfully, you have the right to lodge a complaint with the President of the Personal Data Protection Office.
  8. Right to withdraw consent (Article 7(3) of the GDPR): if your data is processed on the basis of consent (e.g., for marketing activities), you have the right to withdraw your consent at any time. Please note that withdrawing your consent does not affect the lawfulness of processing based on consent before its withdrawal.

§ 6. Do you have to provide your personal data?

  1. Providing data is voluntary, but often necessary to use our Services.
  2. Without providing your details in the registration form, you will not be able to create an Account. Without providing your details in the contact form, we will not be able to respond to your inquiry.

§ 7. Profiling and automated decision-making

Please be advised that as part of the Platform's activities, we do not profile you or make fully automated decisions that would have legal consequences.

§ 8. Final provisions

  1. This Privacy Policy is an integral part of the Platform Terms and Conditions.
  2. We reserve the right to make changes to the Privacy Policy. We will notify you of any changes in advance on the Platform website.
  3. The policy shall enter into force on November 18, 2025.
PARP logo

The project is co-financed by the European Union under the European Funds for Eastern Poland 2021-2027 program. Priority FEPW.01 Entrepreneurship and innovation. Measure FEPW.01.01 Start-up platforms for new ideas. Component I incubation - development of a new business idea (Start-up Platform Central Innovation Accelerator: Mazovian StartUPolis)

PARP logo

Project co-financed by the European Union

Project title:

DD AI – an innovative and automated renewable energy project certification service

Project objective:

The aim of the project is to develop and implement the DD AI module—an artificial intelligence-based tool that automates the due diligence process for renewable energy projects (RES). The solution will reduce document analysis time by up to 90% and increase the reliability of project assessments, supporting developers, investors, and financial institutions in their decision-making.

Scope of activities:

The project will include, among other things:

  • configuration and development of AI modules
  • pilot tests in a demonstration environment,
  • integration of the DD AI module with the Greensearch platform,
  • compliance audit (AI Compliance, GDPR),
  • preparation of a marketing strategy and promotional activities.

Target groups:

The project is aimed at:

  • developers of renewable energy projects (photovoltaics, wind, BESS, biogas),
  • institutional and private investors,
  • law firms and consulting companies,
  • financial institutions financing renewable energy investments.

Project results:

  • launch of the DD AI module on the Greensearch platform,
  • automatic analysis and certification of renewable energy projects,
  • improving the quality and speed of due diligence processes,
  • increasing the transparency of the renewable energy investment market.

Project value:

Total value of the project: PLN 580,705.50

Contribution from European Funds:

Value of funding: PLN 469,680.25

Funding:

Project implemented under the European Funds for Eastern Poland 2021–2027