Privacy Policy

Last updated: December 2024

Introduction

GreenThumb Gardens ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (the "Site") or use our services. By accessing or using our Site, you agree to the collection and use of information in accordance with this policy.

This Privacy Policy complies with the General Data Protection Regulation (GDPR) and other applicable data protection laws. We are committed to transparency and giving you control over your personal data.

Data We Collect

Personal Information You Provide

We collect information you voluntarily provide to us, including:

  • Contact Information: Name, email address, postal address, and phone number when you subscribe to our newsletter, contact us, or participate in community features.
  • Account Information: Username, password, and profile information if you create an account (planned for future implementation).
  • Communication Data: Messages, feedback, questions, and other information you send to us through contact forms or email.
  • User-Generated Content: Photos, plant care tips, gardening experiences, and other content you share in our community sections.

Information We Collect Automatically

When you visit our Site, we automatically collect certain information about your device and usage:

  • Log Data: IP address, browser type, browser version, pages visited, time and date of visit, time spent on pages, and other diagnostic data.
  • Device Information: Device type, operating system, unique device identifiers, and mobile network information.
  • Usage Data: How you interact with our Site, including pages viewed, links clicked, and features used.
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see our Cookie Policy for details).

Information from Third Parties

We may receive information about you from third-party sources, including:

  • Social media platforms if you connect your account
  • Analytics providers
  • Marketing partners

How We Use Your Data

We use the collected data for various purposes in accordance with GDPR principles:

Providing and Maintaining Our Services

  • To operate and maintain our website
  • To provide gardening information, guides, and resources
  • To respond to your inquiries and provide customer support
  • To process newsletter subscriptions and send gardening tips

Improving Our Services

  • To analyze usage patterns and improve site functionality
  • To develop new features and content
  • To personalize your experience with relevant gardening recommendations
  • To conduct research and statistical analysis

Communication

  • To send newsletters, updates, and gardening tips (with your consent)
  • To respond to your questions and feedback
  • To notify you about changes to our services or policies
  • To send administrative information

Legal and Security Purposes

  • To comply with legal obligations
  • To protect our rights and prevent fraud
  • To enforce our Terms of Service
  • To investigate security incidents

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

  • Consent: When you explicitly agree to specific processing activities (e.g., newsletter subscription)
  • Contract: To perform our obligations under any agreement with you
  • Legitimate Interest: To pursue our legitimate business interests, provided your rights are not overridden
  • Legal Obligation: To comply with applicable laws and regulations
  • Vital Interest: To protect your vital interests or those of others

Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

With Your Consent

We share information when you explicitly consent to such sharing.

Service Providers

We employ third-party companies and individuals to facilitate our services:

  • Web hosting and content delivery networks
  • Email service providers (e.g., for newsletter delivery)
  • Analytics services
  • Customer support platforms

These providers have access to your personal information only to perform tasks on our behalf and are obligated to protect your data.

Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, such as subpoenas or court orders.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

Community Features

Information you voluntarily share in community sections (e.g., plant photos, gardening tips) may be visible to other users.

International Data Transfers

Your information may be transferred to and processed in countries other than Germany. We ensure appropriate safeguards are in place:

  • Adequacy decisions by the European Commission
  • Standard contractual clauses
  • Binding corporate rules
  • Your explicit consent

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • SSL/TLS encryption for data transmission
  • Secure data storage with access controls
  • Regular security audits and updates
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy:

  • Newsletter subscribers: Until you unsubscribe
  • Contact form submissions: 2 years after resolution
  • Usage data: 26 months for analytics
  • Legal compliance: As required by applicable laws

You can request deletion of your data at any time (see Your Rights section below).

Your Rights (GDPR Compliance)

As a data subject under GDPR, you have the following rights:

Right to Access

You can request a copy of the personal information we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal information.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal information in certain circumstances.

Right to Restriction of Processing

You can request limitation of how we process your personal information.

Right to Data Portability

You can request your personal information in a structured, machine-readable format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

You can withdraw consent at any time where processing is based on consent.

How to Exercise Your Rights

To exercise any of these rights, please contact us using the information provided below. We will respond within 30 days of receipt of your request. Some requests may require identity verification for security purposes.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. For detailed information, please see our Cookie Policy.

Children's Privacy

Our services are not intended for children under 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@greenthumbgardens.com
  • Address: GreenThumb Gardens, Berlin, Germany
  • Data Protection Officer: dpo@greenthumbgardens.com

Complaints

If you believe we have not complied with applicable data protection laws, you have the right to lodge a complaint with a supervisory authority. In Germany, this is the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

This Privacy Policy is designed to comply with GDPR and other applicable privacy laws. By using our services, you acknowledge that you have read and understood this policy.