- The Registrar and its contact details
- What information can be collected about me?
- What is my personal information used for?
- How is my information stored and protected?
- Who processes my personal information?
- How long will my data be kept?
- What rights do I have?
- How do I get information about myself stored in the system?
- How can I influence the use of my information?
- Will my personal information be disclosed to third parties?
- Are cookies used on the shop pages and what are they?
- Can this data protection policy be changed?
- Who can I contact?
Plantui Oy is committed to protecting the privacy of its customers.
With this data protection policy, we inform our customers about the processing of their personal information.
The customer must accept the terms of this data protection policy in order to use the services of Plantui Oy.
The data we collect is divided into the information supplied by the user, the data we have observed through the use of online services, as well as the data derived from analytics.
We use the data for the following purposes:
- To provide an easy-to-use and secure service
- To provide a good customer experience
- To improve product recommendations and marketing
- For the development of customer service and e-commerce
The Registrar and its contact details
The registrar in control of the personal data processed is:
Plantui Oy (Business ID: 2489457-1)
You can inquire more about data protection and the processing of personal data by e-mail to: email@example.com
What information can be collected about me?
- User-provided or personally identifiable information
- Identification information, such as name
- Personal identification number to identify the customer when concluding the credit agreement
- Passport information or equivalent information required by Customs when ordering tax-free products or services from outside Finland
- Contact information such as address, email, and phone number
- Payment information, including credit agreements and other billing information
- Customer approved location information used to estimate delivery time
- Email address and certificate used for Paypal login
- Identification information, such as name
- Data observed through the use of the services and derived from analytics
- Purchase history e.g. ordered products and their price information
- Delivery information, such as the selected delivery method and delivery address
- E-commerce usage and browsing information as well as terminal identification information
- Product recommendations and other data and tags used for targeted content
Providing identification, contact, and payment information are mandatory when making online purchases from Plantui Oy.
The main source of information is the user themselves, in addition to receiving information from our partners, such as a credit service provider. Any data on personal information we receive from third parties will be disclosed, in accordance with the provisions of the Data Protection Regulation, at
the moment of first contact with the customer or within one month from the receipt of the personal information.
What is my personal information used for?
Personal information is used in the following ways:
- For customer service
- For delivery, processing, and archiving of orders
- To develop Plantui Oy’s operations and services
- To improve the customer experience
- For analytical and statistical purposes
- To produce more personalised and targeted content and marketing
- To prevent abuse
- To provide better customer service
The processing of information between the customer and Plantui Oy occurs during the customer relationship, in the agreement, on the website, with the express consent of the customer, or based on legal obligations.
How is my information stored and protected?
All personal information is protected against unauthorised and accidental access or illegal activity, destruction, alteration, disclosure, transfer, or other prohibited forms of data processing.
Plantui Oy stores customer data in Finland. Data centres and trading systems, as well as the security of processes, are maintained to a very high level. The servers are protected from hacking and Denial of Service attacks.
We follow good data protection practices in the processing of personal data and technical solutions, which include data consolidation, minimisation, pseudonymisation, anonymisation, and encryption.
The applicable EU Data Protection Regulation, as of 25 May 2018, has been taken into account in the processing of personal data requirements.
All access to personal data is controlled in accordance with good practice.
Who processes my personal information?
Only Plantui Oy’s own employees have access to customer data and our staff are trained to use information safely and ethically. Each of our staff only sees customer information to the extent necessary for the performance of each task.
We use trusted contractors to transfer information to a third party. Agreements with all partners have taken into account the EU Data Protection Regulation and other legal requirements.
The company responsible for data processing is:
Plantui Oy (Business ID: 2489457-1)
How long will my data be kept?
We only retain your personal information for the time necessary to complete the functions described in the policy document herein. In addition, some data may be retained longer to the extent necessary for statutory obligations, such as accounting and consumer trade responsibilities and to demonstrate their proper implementation.
At the customer’s request, any of their personal data may be deleted or anonymised from the Plantui Oy systems. The removal and anonymisation process is irreversible and we cannot restore customer accounts once deleted.
For some information, legislation imposes an obligation to store information for a longer period of time, e.g. for the following purposes:
- The Accounting Act requires longer retention periods for information, whether or not it contains matters of personal information
- Fulfilling responsibilities for consumer trade
- System log information is collected and stored as required by law to provide legal and secure online trade for our customers
- Adequate backups of trade databases and systems to secure data, error correction, and ensure information security and continuity
What rights do I have?
As a customer, you have the right to:
- Gain access to personal information about you, including the right to receive a copy of your personal information that is being held
- Request the correction or deletion of any of your personal information
- Under certain conditions, request a restriction on processing or object to the processing of personal data
In addition, if the processing is based on separate consent, you have the right to cancel your consent at any time. Please note that this does not affect the lawfulness of data processing carried out prior to the withdrawal of consent.
You can request the exercise of your rights by contacting our customer service. The request must be sufficiently personal for our customer service to verify your identity. We will notify you if we are unable to comply with your requests in any respect, such as deleting all information that we have a
legal obligation (e.g. credit information) or right to retain.
If you find that the processing is flawed or illegal, you have the right to make a complaint to the Data Protection Ombudsman.
How do I get information about myself stored in the system?
You can request information stored in Plantui Oy’s systems by contacting us via e-mail: firstname.lastname@example.org
How can I influence the use of my information?
Plantui Oy is committed to providing its customers with opportunities to influence their information processing.
You can decide for yourself about targeted marketing, value-added services, and choose whether or not to receive various marketing communications. In all our direct marketing you have the opportunity to remove yourself from the relevant list or remove yourself completely from all our lists. We are constantly developing our services, so features can be added, changed, or removed.
The customer can also terminate their customer account at any time and ask Plantui Oy to delete their own information by contacting our customer service via email: email@example.com
NB! In some cases, not all information can be deleted and the company may be required by law to retain some of the information related to the customer.
Will my personal information be disclosed to third parties?
We may disclose some necessary information to third parties to ensure delivery as well as for marketing. Your information will also be transferred in connection with any credit decision to the creditor party.
We also use customer data with third parties for analytics and for personalisation purposes. Together with our partners, we take advantage of customer buying behaviour and browsing information so we can better provide customers with products and offers of interest. Analytics and the information used for personalisation purposes are always anonymised or pseudonymised where possible. Only we can combine the pseudonymised information used for your name.
If necessary, we also provide information to the authorities. We also always inform the customer about information requests, when permitted by law.
We provide information to the following third parties:
- For analytics and statistics partners
- For product recommendation and personalisation partners
- For email marketing partners, if the customer has authorised a newsletter and/or client communication email, communications based on browsing history, or customer satisfaction surveys
- For an SMS partner when sending text messages is permitted
- For a transport company, if the selected delivery method is to a pick-up point, to the nearest office of the transport company, or to the final destination
- When paying with a payment card to a payment intermediary
- To the creditor, when the customer chooses the credit company’s invoice or installment as the method of payment
- For the invoice operator, when Plantui Oy’s own invoice is selected as the payment method
- For customs, when purchasing products tax-free
- To the collection company, when invoices pass their due date and are sent for collection
Plantui Oy ensures a high level of data security and protection when transferring and processing data in accordance with the EU Data Protection Regulation. The level of third-party data processing safeguards are the European Commission approved model contract clauses, group Binding Corporate Rules (BCR), or other methods approved under the Data Protection Regulation.
Are cookies used on the shop pages and what are they?
Functional cookies and local storage are used for e.g. customer identification, login maintenance, delivery time estimates, and shopping cart functions. For these functions the use and acceptance of cookies and local storage is mandatory. The functional cookies and local storage variables set by the server are preserved in the browser for anything from 15 minutes to 24 months unless they are removed from the browser settings. Upon visiting the site, cookies and local storage variables can be reset if your browser allows.
The partners and technologies we use for analytics and targeted marketing, such as pixel tags and cookies, help us better understand our customers’ behaviour and tell us which products, functions and services are of interest to our customers. The information used is anonymised whenever possible. Otherwise, we treat the information as personal insofar as the identifier contains customer targeting information, such as their IP address. Tags that can be associated with the customer in some way are also processed as personal information. The validity of the tags is anything from 30 seconds to 24 months.
We use Google Analytics, Google Tag Manager, Google AdWords, Google Display Network, Facebook business manager and Facebook Ads Manager for our site, in analytics and with your consent related to popular products, trends, and sales also in targeted marketing. The information you send to Google is anonymised. Read more here about Google Analytics data processing and Facebook’s data policy.
In addition to the privacy features of account management, the tags used for targeted marketing´can be denied by enabling the browser’s Do Not Track feature and setting browser to reject third- party cookies. When logged in to the customer account, the account manager’s privacy settings
override the browser’s Do Not Track feature.
Can this data protection policy be changed?
Due to the development of services and changes in legislation, we reserve the right to change the data protection policy. Registered customers will be notified of significant changes to the data protection policy when terms have been updated.
Who can I contact?