GoGreenlightBack to Home

GoGreenlight - Privacy Policy

Standard Contractual Clauses

Last modified: 25.02.26

Notice of update - None

Updates reflects our ongoing commitment to data privacy, transparency, and minimizing external data dependencies.

1. Introduction

This Privacy Policy explains how GoGreenlight ApS processes personal data when you:

  • Visit our website
  • Create an account
  • Use the GoGreenlight platform
  • Contact us

GoGreenlight ApS

Nordtoft 30

9000 Aalborg

Denmark

CVR: 45992705

Email: contact@gogreenlight.ai

We are the data controller for personal data described in this Privacy Policy unless otherwise stated.

2. When We Act as Data Processor

When customers use the GoGreenlight platform to upload and manage personal data, GoGreenlight acts as data processor on behalf of the customer.

Processing in such cases is governed by the applicable Data Processing Agreement (DPA), available at:

/gogreenlight-dpa

If your personal data has been uploaded by one of our customers, please contact that customer directly.

3. Personal Data We Collect Directly

We may collect and process the following categories of personal data:

Account Information

  • Name
  • Email address
  • Phone number (if provided)
  • Company name
  • Role within organization

Technical Information

  • IP address
  • Device type
  • Browser type
  • Login timestamps
  • Usage logs

Communication Data

  • Information you provide when contacting us
  • Support requests
  • Email correspondence

4. Purpose and Legal Basis

We process personal data for the following purposes:

To Provide the Platform

Legal basis: Contract (Art. 6(1)(b) GDPR)

To Manage Accounts and Billing

Legal basis: Contract (Art. 6(1)(b))

Legal obligation (accounting requirements)

To Improve and Secure the Platform

Legal basis: Legitimate interest (Art. 6(1)(f))

We use aggregated and anonymized usage data to improve performance and security.

To Communicate With You

Legal basis: Contract or legitimate interest

5. AI Features

The platform includes AI-assisted functionality.

AI processing may involve:

  • Temporary processing of user inputs
  • Automated generation of visual or textual outputs

Unless explicitly agreed:

  • User Content is not used to train third-party foundation models
  • We do not use identifiable personal data to train general AI systems

AI functionality may rely on authorized sub-processors as described below.

6. Sub-processors and Transfers

We use trusted service providers for:

  • Cloud hosting
  • Database services
  • Authentication
  • Email delivery

An updated list of authorized sub-processors is available at:

/dpa-appendix-b

Processing primarily takes place within the EU/EEA.

Where personal data is transferred outside the EU/EEA, appropriate safeguards such as the EU-US Data Privacy Framework and Standard Contractual Clauses are applied.

7. Data Retention

We retain personal data:

  • For as long as necessary to provide services
  • As required by law (e.g., accounting obligations)
  • In accordance with customer instructions, when acting as data processor

Upon termination of services, data is handled in accordance with the DPA.

8. Security

We implement appropriate technical and organizational measures in accordance with applicable data protection laws, including Article 32 of the General Data Protection Regulation (GDPR), to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction.

Such measures are designed to ensure a level of security appropriate to the risk, taking into account the nature, scope, context, and purposes of processing.

Where GoGreenlight acts as a data processor, security measures are further governed by the applicable DPA.

9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase data (where applicable)
  • Restrict processing
  • Object to processing
  • Data portability

If we process your data as a data processor, please contact the relevant data controller first.

10. Complaints

If you believe we process your data unlawfully, you have the right to lodge a complaint with the Danish Data Protection Agency (Datatilsynet).

11. Cookies

Our website may use necessary technical cookies to ensure functionality.

If additional cookies are used, this will be disclosed via a cookie notice.

12. Changes to This Policy

We may update this Privacy Policy from time to time.

Material changes will be communicated appropriately.

CVR: 45992705