Plantera GmbH (“Plantera”) takes the protection of personal data very seriously. The protection of your privacy when using our websites is important to us. Therefore, we strictly comply with the national laws for data protection as well as the European General Data Protection Regulation (GDPR).
Responsible
The controller for the processing of your personal data is the
Plantera GmbH
Zum Hafenplatz 1
23570 Lübeck
Telefon: +49 (0)4502 / 7 800 600
Website: www.plantera.com
You can reach our data protection officer at the above postal address, with the addition of “To the data protection officer” or at the e-mail address: data@plantera.com.
Data processing for the provision of contractual services
You can send us requests for contractual services via our website (contact form) and our contact details stored there. Insofar as personal data is transmitted to us by you for this purpose or in any other way in connection with inquiries, we process this data for the purpose of responding to your inquiries, executing the order/contract and invoicing. For this we need your name, your address data and your e-mail address. Without this data we can not perform the contract with you. We may ask for further data, such as your telephone number, so that we can communicate with you regarding the service you have ordered. Depending on the order/contract, we may also require additional data; we will inform you of this on a case-by-case basis.
In the case of suppliers/service providers, we process the personal data provided by you for the purpose of ordering and calling up services on our part and to pay for your services. For this we need the (company) name, the address data as well as the account data. Depending on the service/contract, we may require additional data, which we will then explain on a case-by-case basis.
The basis for the data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
For more information on the processing of business partner data, see [LINK].
Data processing for communication with you
In addition to the contractual data, we process your communication data (company, names of contact persons, address, telephone number, e-mail address) in order to be able to contact and communicate with you. Personal data that you provide to us by e-mail, via the contact form or by telephone will only be processed for correspondence with you or only for the purpose for which you provided us with the data.
The basis for the data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures. Furthermore, a predominantly legitimate interest for the data processing by the company based on Art. 6 para. 1 lit. f GDPR cannot be excluded.
Data processing for the fulfillment of legal obligations
In addition, we process your data to fulfill legal obligations (e.g. regulatory requirements, when asserting rights in accordance with Articles 12 to 22 GDPR, commercial and tax law retention and verification obligations).
The basis for the data processing is Art. 6 para. 1 lit. c GDPR, which permits processing for compliance with a legal obligation.
Data processing of log files
Each time our website is accessed, usage data is transmitted by the respective Internet browser and stored in log files, the so-called server log files. Die dabei gespeicherten Datensätze enthalten die folgenden Daten: Datum und Uhrzeit des Abrufs, Name der aufgerufenen Seite, IP-Adresse, Referrer-URL (Herkunfts-URL, von der aus Sie auf die Webseiten gekommen sind), die übertragene Datenmenge, sowie Produkt und Versions-Informationen des verwendeten Browsers und das Betriebssystem Ihres PCs. The IP addresses of the users are deleted or anonymized after termination of use. The data is not evaluated in any other way, except for statistical purposes and then always in anonymized form. No personal “surf profiles” or similar are created or processed either.
The basis for the data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the purposes of the controller’s legitimate interests, provided that the interests or fundamental rights and freedoms of the data subject are not overridden. We have a legitimate interest in the anonymized analysis of user behavior in order to optimize our website and our offerings there, as well as to ensure data security on the website.
Cookies and Consent Management Tool
We use cookies. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by our web server. You can delete the cookies in the security settings of your browser at any time.
We use the consent management tool Complianz from the provider Complianz BV, Kalmarweg 14-5, 9723 JG in Groningen (NL), to control cookies on our website. This allows users to give consent to certain data processing operations or to revoke consent they have given. It also assists us in being able to provide evidence of a declaration of consent. For this purpose, we process information on the declaration of consent and further log data on this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. You can find information about the purposes, providers, technologies used, stored data and storage duration of individual cookies in the settings of our consent management tool. You can change and revoke a given declaration of consent at any time via the respective settings.
The storage of technically necessary cookies is based on Art. 6 para. 1 lit. f DSGVO in conjunction with. § 25 para. 2 No. 2 of the Telecommunications and Telemedia Data Protection Act (TTDSG).
For the use of other, non-essential cookies, we may obtain your consent. The data processing is then based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a GDPR in conjunction with. § 25 para. 1 TTDSG. You can revoke your consent at any time. The legality of the data processing already carried out remains unaffected by the revocation.
The use of the consent management tool required for the management of cookies is based on legal obligations pursuant to Art. 6 para. 1 Sentence 1 lit. c GDPR in conjunction with. § 25 TTDSG.
Cookie settings
External services
We use external services on some of our web pages. These external services help us make our website more interactive and provide you with direct links to partners or access to third party information. You can prevent the storage of cookies by setting your browser software accordingly, by making the appropriate selection in our Consent Management Tool.
The processing is based on your consent according to. Art. 6 par. 1 p. 1 lit. a GDPR in conjunction with. § 25 TTDSG. You can revoke your consent at any time. You can declare the revocation by sending a message to the aforementioned contact details or via the consent management tool used. The legality of the data processing operations already carried out remains unaffected by the revocation.
We use the following external services for certain purposes on our Internet pages:
Use of Matomo
We use the open source web analytics service Matomo, formerly Piwik, on our website.
The tool enables accurate analysis of overall performance and user behavior. The information generated by the cookie about the use of the website is stored on our own server. The IP address is anonymized before storage.
YouTube
On some of our Internet pages we may use plugins of the website YouTube from the provider
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube in extended data protection mode. According to YouTube, this mode causes YouTube not to store information about visitors to this website before they watch the video. The transfer of data to YouTube partners, on the other hand, is not necessarily excluded by the extended data protection mode. So, regardless of whether you watch a video, YouTube connects to the Google Double Click network.
As soon as you start a YouTube video on our website, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
Furthermore, YouTube may store various cookies on your end device after starting a video. These cookies allow YouTube to obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve the user experience, and prevent fraud attempts. The cookies remain on your terminal device until you delete them.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no control.
For more information about YouTube’s privacy practices, please see their privacy policy at: https://policies.google.com/privacy?hl=de.
Categories of recipients of the personal data
Your contractual and communication data will be forwarded to the responsible office and employees within our company in order to respond to your inquiries, for communication purposes or to carry out the order. The basis for this is again Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.
Your personal data will only be passed on or otherwise transferred to third parties outside our company if this is necessary for the purpose of contract processing or billing or if you have given your prior consent or if there is a legal basis for the transfer.
Insofar as we use the services of third parties (so-called processors) for the implementation and handling of processing operations, the provisions of the GDPR are complied with. Service providers who assist us in providing our services to you are:
– Hosting provider
– Email service provider
– IT service provider
– Service provider for data destruction
We disclose personal data to the following third parties who process personal data under their own responsibility (so-called responsible parties, cf. Art. 4 No. 7 DSGVO) within the scope of legal permissibility and necessity:
– Auditor
– Authorities
– Tax consultant
Data processing in the USA
Under certain circumstances, the use of the aforementioned products may result in the transfer of personal data to providers in the USA. Important in connection with data processing in the USA: According to the European Court of Justice, the data protection standard in the USA is currently insufficient and there is a risk that your data will be processed by US authorities, for control and monitoring purposes and possibly without any legal remedy. The Provider concerned shall ensure, within the scope of its order processing pursuant to. Art. 28 GDPR to provide sufficient safeguards under Chapter 5 GDPR to take appropriate mitigating measures in this regard.
Duration of data storage
In principle, we delete your data as soon as it is no longer required for the above-mentioned purposes, unless temporary storage is still necessary. For example, we store your data on the basis of statutory obligations to provide proof and to retain data, which result, among other things, from the German Commercial Code (Handelsgesetzbuch) and the German Fiscal Code (Abgabenordnung). The storage periods thereafter are up to ten full years. In addition, we retain your data for the period in which claims can be asserted against our company (statutory limitation period of three or up to thirty years).
Please refer to the Consent Management Tool for the storage period of the cookies used.
Data security
Your personal data is transferred securely by us through encryption. We use the SSL (Secure Socket Layer) coding system for this purpose. Furthermore, we secure our websites and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons. Our security measures are continuously improved in line with technical developments. However, we expressly point out that data transmission on the Internet may be subject to security vulnerabilities and cannot be completely protected against access by third parties, which applies in particular and especially to unencrypted communication by e-mail.
Responsibility for linked content
Links to websites of other providers may also be used on our website. In this respect, this privacy policy does not work. If personal data is processed when using the website of the other provider, please observe the data protection information of the respective provider. We are not responsible for the privacy practices of the provider.
Data subject rights
Every data subject has the right to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR and the right to data portability under Article 20 of the GDPR. To exercise the aforementioned rights, you may contact the above-mentioned offices.
If you have given us your consent to data processing, you can revoke this consent at any time without formalities. For this purpose, you can contact the above-mentioned office.
If we process your data to protect legitimate interests, you may object to this processing at any time without formal objection on grounds relating to your particular situation. For this purpose, you can also contact the above-mentioned offices.
If you exercise your rights in accordance with Art. 12 to 22 of the GDPR, we will process the personal data provided in this context for the purpose of implementing these rights as well as for the purposes of data protection control and otherwise restrict processing in accordance with Art. 18 of the GDPR. These processing operations are based on the legal basis of Art. 6 para. 1 lit. c DSGVO.
In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR).
Details of our other (social) company pages
Data processing in the context of our LinkedIn Page
We operate a company page on the social network linkedin.com of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”) and are provided with so-called page analytics by LinkedIn with regard to our services. For this operation of the LinkedIn company page, we are jointly responsible with LinkedIn within the meaning of Art. 26 GDPR. By way of the provision of further services by LinkedIn, in particular marketing solutions, we have concluded a commissioned processing agreement with LinkedIn pursuant to Art. 28 GDPR.
For the nature and scope of the information provided to LinkedIn, the related purposes of data processing by LinkedIn, its lawfulness, and information on how to exercise your rights, please refer to LinkedIn’s privacy notice at the URL https://www.linkedin.com/legal/privacy-policy and the shared responsibility agreement, found at the URL https://legal.linkedin.com/pages-joint-controller-addendum.
LinkedIn Ads (https://business.linkedin.com/de-de/marketing-solutions/ads) offers the possibility to place target group specific ads on LinkedIn. The data processing is carried out for the purpose of conversion tracking, advertising, remarketing, as well as for the optimization of our advertisements and page activities. For this purpose, a cookie is set, and pixels and ad tags are used. The following data is processed for this purpose: IP address, user agent data, device ID, search terms, articles viewed, pages visited, advertisements viewed, followers, connections, videos viewed, profile information, advertising identifier, operating system information, device information.
Page Analytics (https://www.linkedin.com/help/linkedin/answer/4499/linkedin-page-analytics-overview) is aggregate data that allows us to learn about how people interact with our site. The generation and provision of these page analytics is the responsibility of LinkedIn, we have no influence on it. LinkedIn assumes all obligations under the GDPR with respect to the processing of Insights Data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR, and Articles 32 to 34 GDPR).
The purpose of our data processing of the data provided by LinkedIn is the statistical evaluation of the use of our company page. This enables us, for example, to determine preferred visiting and posting times of our users and to use them for the optimization of our posts and our company site. In addition, we process personal data made publicly available by you on LinkedIn (e.g., clear names in the user profile) as well as data directly related to activities on our company page (e.g., contributions, posts, likes, tags), also for the purpose of communicating with you.
On some of our Services, we may use conversion tracking and retargeting tool LinkedIn Insight Tags. Here, a cookie is deposited in your browser, which makes it possible to track the behavior of visitors to our online activities if they were redirected to our offers by clicking on a LinkedIn advertisement. In this way, we can evaluate the effectiveness of our LinkedIn ads for statistical and market research purposes and optimize future advertising measures. The data collected in this way is anonymous for us and we cannot draw any conclusions about the identity of the users recorded in this way. However, the data is stored and processed by LinkedIn so that a connection to the respective user profile is possible and LinkedIn can use the data for its own advertising purposes. Through the possibility of retargeting, LinkedIn enables the placement of advertisements outside of our services. This use of data cannot be influenced by us as the site operator. If you are a LinkedIn member, you can control the remarketing function in your account settings or deactivate it by setting an opt-out cookie (see below). We have an interest in analyzing user behavior in order to optimize both our offer and, if necessary, advertising for our offer.
If you do not agree with the storage and use of your data in the context of the LinkedIn Insight Tag, you can deactivate the storage and use here. In this case, an opt-out cookie is stored in your browser that prevents LinkedIn from storing usage data. If you delete your cookies, this will have the effect that the opt-out cookie will also be deleted. The opt-out must then be reactivated when you visit our site again.
Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
The basis for the above data processing is Art. 6 para. 1 p. 1 lit. a GDPR. Insofar as you have given corresponding consent to LinkedIn, you can revoke this consent at any time vis-à-vis LinkedIn with effect for the future. Insofar as you have given us your consent in this regard, you can revoke this consent at any time with effect for the future.
Otherwise, the basis for our data processing is Art. 6 para. 1 p. 1 lit. f GDPR, which permits the processing of data for the purposes of the controller’s legitimate interests, provided that the interests or fundamental rights and freedoms of the data subject are not overridden. Our interest is in providing content and communication with LinkedIn users and improving the reach and effectiveness of our posts.
Please assert your rights to information, correction, deletion, restriction of processing and data portability of your stored Insights data against LinkedIn, as LinkedIn has assumed the corresponding obligations. For more information, please see LinkedIn’s privacy policy, at https://www.linkedin.com/legal/privacy-policy.