Privacy Policy
As of November 2025
Introduction
Plantclub GmbH (βweβ or βusβ) is the controller for your personal data.
You can contact us via post, email, or phone β our details are listed under Contact below.
This privacy policy explains what types of personal data (βdataβ) we process, for what purposes, and to what extent.
It applies to all processing of personal data carried out by us, whether provided directly by you or indirectly on your behalf.
The terms used are not gender-specific.
1. General
1.1 What is personal data?
Personal data is information that reveals or can reveal your identity.
We adhere to the principle of data minimisation β collecting only what is necessary to provide our services.
1.2 Handling of personal data
We process personal data you provide directly in the following cases:
- You visit our website and consent to our use of cookies
- You complete our contact form or book a consultation
- You apply for a job with us
- You subscribe to our newsletter
- You participate in an event hosted by us
- You represent your organisation in communications with us
We process your data primarily to enter into or perform a contract (Art. 6 I S. 1 b GDPR).
Data may also be processed with your consent (Art. 6 I S. 1 a GDPR) or for our legitimate interests (Art. 6 I S. 1 f GDPR), where such interests are not overridden by your rights.
You may withdraw consent at any time. Withdrawal does not affect the lawfulness of prior processing.
We may use external processors but do not share personal data with third parties for marketing.
Payment data may be shared with the relevant financial institution or payment provider.
Your data is processed exclusively within the EU, unless otherwise stated.
1.3 Usage data
When visiting our website/web app, general technical information is collected (e.g. IP address, visit time, browser type, referring website).
This data is stored in log files for statistical and technical purposes and is not linked to your personal data.
1.4 Duration of storage
We store personal data as long as required by law β up to seven years for tax or financial purposes in Germany.
1.5 Automated decision-making
We do not use personal data for automated decision-making producing legal or significant effects (Article 22 GDPR).
2. Your rights
Depending on our reason for processing, you have the following rights:
- Access β Request confirmation and a copy of your data
- Rectification β Correct inaccurate or incomplete data
- Erasure β Request deletion in certain circumstances
- Restriction β Ask us to limit how we process your data
- Data Portability β Receive your data in a structured, machine-readable format or have it transferred to another controller
- Objection β Object to processing based on legitimate interests or consent
- Complaint β Lodge a complaint with a supervisory authority
Supervisory authority:
Berlin Data Protection Authority
Alt-Moabit 59β61
10555 Berlin
π§ mailbox@datenschutz-berlin.de
The exercise of your rights is free of charge. We aim to respond within one calendar month.
3. Data Security
3.1 Protection of data
All website data is protected against loss, destruction, unauthorised access, modification, and distribution using appropriate technical and organisational measures.
3.2 Sessions and cookies
We use cookies and server-side sessions to operate our website.
A cookie banner lets you manage consent for optional cookies.
We only use:
- Essential cookies (for site functionality such as forms or basket)
- Optional cookies (analytics, ads, personalisation) only with your consent
Some providers (e.g. Google LLC) may process data outside the EU. We ensure protection through Standard Contractual Clauses and data-protection frameworks.
You may object at any time.
Analytics Cookies β Google Analytics - Domain:
_gaβ 2 years β Distinguishes unique users_gidβ 1 day β Distinguishes unique users_gatβ 1 minute β Throttles request rate
Analytics Cookies β Hotjar - Domain:
_hjidβ 1 year β Hotjar user identifier_hjFirstSeenβ 30 minutes β Identifies first session_hjIncludedInPageviewSampleβ 2 minutes β Determines page view sampling_hjAbsoluteSessionInProgressβ 30 minutes β Detects active session
Infrastructure & Security
- Cloudflare CDN β Security, performance optimisation, and content delivery
Platform Cookies
- Squarespace β Session management, analytics, performance optimisation
Service provider policies:
Google
LinkedIn
Pinterest
Cloudflare
4. Third-party Services
We use external processors for specific functions.
They act under our instruction, hold your data securely, and do not share it further.
Transfers outside the EU are compliant with Chapter V GDPR.
4.1 Google Analytics
Provided by Google Ireland Limited. Collects pseudonymised usage data to improve our website.
Opt-out via browser plugin.
More info: Google Privacy Policy
4.2 Hotjar
Used to understand user behaviour and improve site experience.
Collects anonymised session data (device, screen size, country).
More info: Hotjar Privacy Policy
4.3 CookieYes (Consent Management Platform)
Collects consent metadata (timestamp, preferences, device/browser info) to manage cookie consent.
CookieYes Cookies:
cookieyes-consentβ 1 year β Stores user consent preferencescookieyes-analyticsβ Session β Tracks consent for analytics cookiescookieyes-functionalβ Session β Tracks consent for functional cookiescookieyes-advertisementβ Session β Tracks consent for advertising cookies
More info: CookieYes Privacy Policy
4.4 Stripe
Used for secure payment processing.
Data shared: name, address, account details, transaction info.
More info: Stripe Privacy Policy
4.5 Notion
Used as a web-based CRM for project-related data.
Data stored on Notionβs EU servers.
More info: Notion Privacy Policy
4.6 Google Web Fonts
Used for consistent font display; stored in browser cache.
More info: Google Fonts FAQ
4.7 Squarespace
Hosting provider for our website/web app. Automatically collects:
- IP address
- Date/time of access
- Requested file name or URL
- Referring website
- Browser and operating system
Processed for performance and security under Art. 6 I S. 1 f GDPR.
More info: Squarespace Privacy Policy
4.8 Calendly
Used for booking appointments and consultations.
Data collected: name, email, appointment details.
More info: Calendly Privacy Policy
5. Contact
Plantclub GmbH
Markgrafenstr. 67
10969 Berlin
π§ hello@plantclub.io
π +49 176 47055111