Privacy Policy & Cookies

Duty to Inform (Privacy Policy)

Welcome to Plantalytix! This privacy policy describes the practices of microgreenbox gmbh (Plantalytix) regarding the collection, use, and disclosure of information (including personal data, as defined below) through our website www.plantalytix.com. We process your data exclusively based on the legal regulations (GDPR, TKG 2003). This privacy information informs you about the most important aspects of data processing on our website.

Contacting Us

If you contact us via the contact form on the website or by email, the data you provide will be stored by us for the purpose of processing the inquiry and for the duration of the business relationship.

Support Ticket Request

If you contact us via the support ticket on the website, the data you provide will be stored by us for the purpose of processing the inquiry and for the duration of the business relationship.

Newsletter

If you sign up for our newsletter, we will use your email address to send you regular information about our products, offers, and promotions. Registration is done through the double opt-in process: after signing up, you will receive an email asking you to confirm your subscription. Only after this confirmation will your email address be added to our distribution list.

The legal basis for processing your data is your consent according to Art. 6(1)(a) GDPR. You can revoke this consent at any time with effect for the future, for example via the unsubscribe link in the newsletter or by notifying us.

Your data will be used exclusively for sending the newsletter and will not be passed on to third parties.

Collection of Personal Data When Visiting Our Website

We only collect personal data that your browser transmits to our server when you visit our website. If you wish to view our website, we collect the following data, which is technically necessary for us to display the website to you:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Requested page
  • Amount of data transferred
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

Cookies

Our website uses so-called cookies. These are small text files that are stored on your device using the browser. They do no harm and help us make our website more user-friendly. Some cookies remain stored on your device until you delete them manually. Cookies allow us to recognize your browser on your next visit.

If you do not want cookies to be stored on your device, you can set your browser to notify you before cookies are set, allowing you to accept or refuse them in individual cases. Please note that disabling cookies may limit the functionality of our website.

A detailed description of the cookies used on our website can be found on our "Privacy & Cookies" subpage.

Javascript & CSS

For optimal display of our website (e.g., flexible adjustment to different screen sizes, menu effects, sliders, input validation on contact forms), we use technologies such as Javascript and CSS (Cascading Style Sheets). You can disable these technologies directly in your browser settings. However, this may result in limited functionality of our website.

JTL Online Shop

We use JTL-Shop, an online shop system, to operate our online store. In the course of the ordering process and contract fulfillment, personal data is collected and processed, including:

  • Customer data: name, address, email address, telephone number
  • Payment data: payment method, bank details, credit card information (if applicable)
  • Connection data: IP address, browser information

This data is required to process your order, carry out payment, and deliver goods. The legal basis for processing this data is Art. 6(1)(b) GDPR (contract fulfillment).

JTL-Shop also uses cookies to manage the shopping cart and enable the ordering process. These cookies are technically necessary and set based on Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in providing a functioning online shop.

Payment Processing

Depending on the payment method selected, your payment data may be transmitted to the respective payment service provider. This is based on Art. 6(1)(b) GDPR (contract fulfillment). We only work with payment service providers that ensure an adequate level of data protection.

Disclosure of Data to Third Parties

To fulfill the contract, your data may be passed on to the following third parties:

  • Payment service providers: to process payments

Disclosure is based on Art. 6(1)(b) GDPR (contract fulfillment) or Art. 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in the efficient handling of your order and ensuring smooth operation of our online shop.

Retention Period

Your data will be stored as long as necessary for contract fulfillment and to meet legal retention requirements. Afterwards, your data will be deleted.

Social Media

We provide links to social media platforms (e.g., Facebook, Instagram, WhatsApp, etc.) on various parts of our website. These platforms are identified by their respective logos. Initially, no personal data is transferred to the social media platforms when you use our website. Only by clicking on these icons will you be redirected to the respective social media site and transmit personal data to the provider. At that point, you leave our website, and we have no control over the data collected or processed by those providers.

Information collected may include data listed in the "Collection of Personal Data" section above. This occurs regardless of whether you have an account with the social media provider. If logged in, data is directly associated with your account and used for advertising, market research, and website customization.

You may object to this profiling directly with the respective social media provider. Further information can be found in their respective privacy policies.

Use of Google Tag Manager

Our website uses Google Tag Manager, a tool that allows marketers to manage website tags through an interface. The Tag Manager itself (which implements the tags) is a cookie-less domain and does not collect personal data. It may trigger other tags, which in turn may collect data. Google Tag Manager does not access this data. Any deactivation made on the domain or cookie level remains for all tracking tags implemented with Google Tag Manager.

Use of Tags

Through Google Tag Manager, we integrate various third-party tags that may collect personal data such as IP addresses and may use cookies.

  • Google Analytics: We use Google Analytics, a web analytics service by Google Inc. (“Google”). Google Analytics uses cookies to analyze how you use the website.
  • Other third-party tags: Additional tags may be used to collect various data.

Your Rights

You have the right to access, rectification, erasure, restriction, data portability, withdrawal, and objection. If you believe that your data is being processed in violation of data protection law or your rights are being otherwise violated, you may lodge a complaint with the supervisory authority. In Austria, this is the Data Protection Authority.

Principles of Processing Personal Data

Lawfulness and Transparency

Data is processed lawfully and transparently. Individuals are informed of the purpose and nature of the data processing at the time of collection.

Purpose Limitation

Data is collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

Data Minimization

Only the data necessary for the specified purposes is collected and processed. If possible and reasonable, data is anonymized.

Storage Limitation and Deletion

Personal data is deleted once the original purpose no longer applies, unless retention is required by law. In specific cases, data may be retained if there is a legitimate interest, which must be legally clarified.

Data Security

Personal data is treated confidentially and protected by appropriate technical and organizational measures against unauthorized access, manipulation, loss, or destruction.

Accuracy

Personal data must be accurate, complete, and kept up to date. Outdated or incorrect data is corrected as necessary.

Confidentiality Obligation

All employees are contractually bound to confidentiality and trained in the secure handling of personal and sensitive data.

Rights of Data Subjects

Data subjects can assert their rights at any time. To exercise these rights, please contact us via our contact form in writing.

  • Access: Learn what personal data is being processed and for what purposes.
  • Correction: Request correction of inaccurate data.
  • Restriction: Request restriction of processing in certain circumstances.
  • Objection: Object to data processing at any time.
  • Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Deletion: Request deletion of data where legally permissible.

To protect your rights, these requests can only be fulfilled after unambiguous identification of the data subject. You also have the right to file a complaint with the data protection authority at any time.

Data Transfer

Transfer of personal data to external parties or to third countries outside the EU is done only in compliance with legal requirements and with the highest confidentiality and data security. We work with various data processors, all of whom are contract