This Policy applies between you, the User of this Web Site and Plants To Your Door the owner and provider of this Web Site. This Policy applies to our use of any and all Data collected by us in relation to your use of the Web Site and our Services. This Policy was last updated on the 07 February 2021.
If you live in the European Economic Area or are a EU Citizen, Regulation (EU) 2016/679 (General Data Protection Regulation) is the European Regulation and in the UK, it is the Data Protection Act 2018.
We are Plants To Your Door LTD (“we”, “our”, “us”) with Company Number 12578736 of Woodgate House, Games Road, Barnet, United Kingdom, EN4 9HN. We are the data “controller”, which means we are responsible for deciding how and why your personal information is used. We’re also responsible for making sure it is kept safe, secure and handled legally.
We operate to the highest standards when protecting your personal information and respecting your privacy. If you have any questions about your personal information, or how we use it, you can contact us via email at firstname.lastname@example.org.
The Supervisory Authority
The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
What is personal data?
Personal data refers to any information relating to an identified or identifiable natural person (“Personal Data”).
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
What are the purposes for processing?
- Provision of the online offer, its contents and the website functions.
- Provision of contractual services, service and customer care.
- Answering contact enquiries and communication with users.
- Marketing, advertising and market research.
- Security measures.
What Personal Data is Collected?
Inventory data (e.g., names, addresses).
Contact details (e.g., e-mail, telephone numbers).
Content data (e.g., text input, messages, delivery notes).
Contract data (e.g., object of contract, duration, customer category).
Payment data (e.g., bank details, payment history).
Usage data (e.g., websites visited, interest in content, access times).
Meta/communication data (e.g., device information, IP addresses).
What are the relevant legal bases for processing your data?
The following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose.
Contract – This is where we process your information to fulfil a contractual arrangement we have made with you.
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc.
Legitimate Interests – This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime.
Vital interests – This is where we process your information for communications about security, privacy and performance improvements of our services. Or for establishing, exercising or defending our legal rights.
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them. There is more information on the Information Commissioners website (www.ico.org.uk).
- information about the processing of your personal data.
- obtain access to the personal data held about you.
- ask for incorrect, inaccurate or incomplete personal data to be corrected.
- request that personal data be erased when it’s no longer needed or if processing it is unlawful.
- object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation.
- request the restriction of the processing of your personal data in specific cases.
- receive your personal data in a machine-readable format and send it to another controller (‘data portability’).
- request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
- You also have the right in this case to express your point of view and to contest the decision
- Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information. You do however also have the right to lodge a complaint directly with the ICO, their contact details can be found on their website (www.ico.org.uk).
When do we disclose your Personal Data?
We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support this website and our services. This will only be done on the basis of a legal authorisation.
Also, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively).
In relation to information obtained about you from your use of our website, we may share a cookie identifier and IP data with analytic and advertising network services providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.
We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
Our main operations are based in the UK and your personal information is generally processed, stored and used within in the UK and other countries in the European Economic Area (EEA). In some instances, your personal information may be processed outside the European Economic Area. If and when this is the case we take steps to ensure there is an appropriate level of security so your personal information is protected in the same way as if it was being used within the UK and the EEA.
Where we need to transfer your data outside the UK or the EEA we will use one of the following safeguards:
- The use of approved standard contractual clauses in contracts for the transfer of personal data to third countries.
- Transfers to a non-EEA country with privacy laws that give the same protection as the UK and the EEA.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
How do we protect your Personal Data?
The data we collect from you may be stored, with appropriate technical and organisational security measures applied to it, on our servers in the UK. In all cases, we follow generally high data protection standards and advanced security measures to protect the personal data submitted to us, both during transmission and once we receive it.
Online presences in social media
We maintain online presences on the basis of our legitimate interests. We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users who are active there. Unless otherwise stated in this policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write articles on our online presences or send us messages.
Economic Analyses and Market Research
In order to run our business economically, to identify market trends, customer and user wishes, we analyse the data available to us on business transactions, contracts, enquiries, etc. In doing so, we process inventory data, communication data, contract data, payment data, usage data, metadata, whereby the persons concerned include customers, interested parties, business partners, visitors and users of the online offer.
This analyses is carried out for the purposes of business management evaluations, marketing and market research. The analyses serve us to increase user-friendliness, to optimise our offer and business efficiency and are not disclosed externally, unless they are anonymous analyses with summarised values.
What are Cookies?
“Cookies” are small files that are stored on the user’s computer. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit within an online offer.
Temporary cookies, or “session cookies” or “transient cookies”, are cookies that are deleted after a user leaves an online offer and closes his browser.
Cookies are described as “permanent” or “persistent” if they remain stored even after the browser is closed. For example, the login status can be saved if the user visits it after several days. Similarly, the interests of the users can be stored in such a cookie, which are used for coverage measurement or marketing purposes.
Third party cookies” are cookies from providers other than the person responsible for operating the online service (otherwise, if it is only their cookies, it is referred to as “first party cookies”).
We use temporary and permanent cookies and provide information on this in our data protection declaration.
If you do not want cookies to be stored on your computer, we ask you to use the corresponding option in the settings of your browser. Stored cookies can be deleted in the settings of your browser.
Collection of access data and log files
On the basis of our legitimate interests, we collect data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL (the website previously visited), IP address and the requesting provider.
For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of seven days and then deleted. Data whose further storage is required for evidential purposes are excluded from deletion until the respective incident has been finally clarified.
Advertising and Analytical technologies
Our website uses the below technologies for advertising and analytical purposes. Those are modern, advanced methods and tools to understand users’ habits on our website. This information helps us improve our products and services and provide relevant services and information. In principle, we use only anonymized data that does not allow us to identify the user.
Below we describe the analysis services and technology that we use for such purposes. Additionally, we show how you can prevent these services from analysis of your use of our website.
Below is a list of cookies we are using and asking your consent for when you visit our website for the first time or after you have cleared your cookies and cache in your browser history. We use the following:
Cookie (Google Analytics): _gat; _gid; _ga;
Google will use this information on our behalf in order to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services associated with the use of this website and the internet. In doing so, pseudonymous user profiles of the users can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; users can also prevent the collection of data generated by the cookie and relating to their use of the online offer to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
You can find further information on data use by Google, setting and objection options on the websites of Google: https://policies.google.com/technologies/partner-sites (“Data use by Google when you use the websites or apps of our partners”), https://policies.google.com/technologies/ads (“Data use for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show you advertising”).
With the following information we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter “newsletter”) only with the consent of the recipients or a legal permission. If the contents of the Newsletter are specifically described in the context of a registration, they are decisive for the consent of the users. Apart from that, our newsletters contain information about our products, offers, promotions and our company.
Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.
Insofar as we use a mailing service provider, the mailing service provider may, according to its own information, use this data in pseudonymous form, i.e. without attribution to a user, to optimise or improve its own services, e.g. for the technical optimisation of the mailing and the presentation of the newsletter or for statistical purposes to determine from which countries the recipients come. However, the dispatch service provider does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.
Registration data: To register for the newsletter, it is sufficient to enter your e-mail address. Optionally, we ask you to enter a name so that we can address you personally in the newsletter.
Performance measurement – The newsletters contain a so-called “web beacon”, i.e. a pixel-sized file which is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. Within the scope of this retrieval, technical information such as information on the browser and your system, as well as your IP address and the time of the retrieval are initially collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our intention nor, if used, that of the dispatch service provider to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
This Policy and our commitment to protecting the privacy of your personal data can result in changes to this Policy. Please regularly review this Policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us using the following contact details.
Plants To Your Door
Woodgate House, Games Road, Barnet, United Kingdom, EN4 9HN
If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the ICO.