1. Who we are
GreenWave Sustainable Holdings Limited is the data controller for the personal data described in this policy. We are a private company limited by shares, registered in Ireland under company number 811598, with registered office at The Black Church, St. Mary's Place, Dublin 7, D07 P4AX, Ireland.
For any privacy queries, contact us at info@greenwavesustainable.com with "Privacy" in the subject line.
2. What this policy covers
This policy applies to personal data we receive through our website at greenwavesustainable.com, through the email addresses listed on the site, and through any direct communications you initiate with us about our services, projects, or career opportunities.
3. Personal data we collect
We collect only the data you choose to provide and a limited amount of technical data generated automatically when you access the site.
Information you give us
- Your name, email address, phone number, and any details you include when you contact us by email or through the contact links on the site.
- Information about your project, role, or organisation that you share in the course of an enquiry, partnership discussion, or career conversation.
- Any CV, biography, or supporting document you choose to send us in connection with a career or partnership discussion.
Information collected automatically
- Server log data (IP address, browser type, pages requested, timestamps) generated by our hosting provider for security and operational purposes. Logs are retained for up to 90 days.
The site does not currently use analytics, advertising, social media, or other tracking technologies. We do not set cookies that require consent. If we add analytics or similar technologies in future, we will update this policy and present a consent banner before any non-essential cookies are set.
4. Why we use your data and our legal basis
We process personal data under the bases set out in Article 6 of the General Data Protection Regulation:
- Legitimate interests (Article 6(1)(f)): to respond to enquiries, evaluate potential partnerships, manage our investor and counterparty relationships, secure our website and infrastructure, and pursue or defend legal claims.
- Steps prior to entering a contract (Article 6(1)(b)): where you contact us with a view to engaging us, investing alongside us, supplying services, or joining our team.
- Legal obligation (Article 6(1)(c)): where we are required to retain or disclose data under Irish or EU law, including company, tax, anti-money laundering, and sanctions legislation.
- Consent (Article 6(1)(a)): in the limited circumstances where we ask for it explicitly, for example before sending marketing communications.
5. Who we share data with
We do not sell personal data and we do not disclose it to third parties for their own marketing.
We share personal data only with:
- Service providers who process data on our behalf under written contracts compliant with Article 28 GDPR, including providers of business email, cloud storage, professional services, and IT security.
- Our legal, tax, audit, and compliance advisors where reasonably necessary.
- Counterparties, co-investors, lenders, regulators, and authorities where disclosure is necessary to advance a transaction you are part of, to comply with law, or to defend our legal interests.
6. International transfers
Our service providers may process data in jurisdictions outside the European Economic Area, including the United Kingdom and the United States. Where this occurs, transfers are protected by safeguards recognised under Chapter V of the GDPR, such as European Commission adequacy decisions (including the EU-U.S. Data Privacy Framework where applicable) or Standard Contractual Clauses, supplemented by transfer impact assessments where required.
7. How long we keep data
- Email correspondence and enquiry records: up to 24 months from the last contact, unless a live commercial relationship requires a longer period.
- Records relating to investors, counterparties, and transactions: for the duration of the relationship and for the periods required by Irish company law, tax law, and anti-money laundering legislation (typically six to seven years after the relationship ends).
- Recruitment data: up to 12 months after a recruitment process closes, unless you ask us to keep it on file for future opportunities.
- Server logs: up to 90 days.
8. Your rights
Under the GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:
- Right of access to a copy of the data we hold about you.
- Right to rectification of inaccurate or incomplete data.
- Right to erasure where one of the grounds in Article 17 applies.
- Right to restrict processing in certain circumstances.
- Right to data portability for data you provided to us, where processing is based on consent or contract and is carried out by automated means.
- Right to object to processing based on our legitimate interests, including the right to object to direct marketing at any time.
- Right to withdraw consent at any time where we rely on consent, without affecting processing carried out before withdrawal.
To exercise any of these rights, email info@greenwavesustainable.com with "Data Subject Rights Request" in the subject line. We will respond within one month of receiving your request, as required by Article 12 GDPR.
Right to lodge a complaint. If you believe we have infringed your data protection rights, you may lodge a complaint with the Irish Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland. Phone: +353 (0)761 104 800. Web: www.dataprotection.ie.
9. Security
We apply reasonable technical and organisational measures to protect personal data against accidental loss, unauthorised access, alteration, and disclosure. No system is perfectly secure, and we will notify you and the Data Protection Commission where required if a personal data breach occurs that meets the notification thresholds in Articles 33 and 34 GDPR.
10. Children
Our website and services are intended for business users. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. The version posted on the website is the version in force. Material changes will be highlighted at the top of this page for a reasonable period after the update.