1. Purpose of our Policy
- PLANA.EARTH GMBH of Torstrasse 107, 10119 Berlin, Germany (PLANA.EARTH, we, us or our) provides the services offered on the website www.plana.earth (PLANA.EARTH).
- For the purposes of the Data Protection Act 1998 (Act) in the United Kingdom and other similar applicable laws, we are the data controller.
- Providing the PLANA.EARTH website and services we offer; and
- The normal day-to- day operations of our business.
2. Who and what this policy applies to
- We handle data in our own right and for and on behalf of the listed Charities and our users.
- If, at any time, an individual provides data or other information about someone other than himself or herself, the individual warrants that they have that person's consent to provide such information for the purpose specified.
3. The information we collect
- In the course of business it is necessary for us to collect data. This information allows us to identify who an individual is for the purposes of our business, share data when asked of us, contact the individual in the ordinary course of business and transact with the individual. Without limitation, the type of information we may collect is:
- Personal Information. We may collect personal details such as an individual’s name, location, date of birth, nationality, family details and other information that allows us to identify who the individual is;
- Contact Information. We may collect information such as an individual’s email address, telephone number, third-party usernames, residential, business and postal address and other information that allows us to contact the individual;
- Financial Information. We may collect financial information related to an individual such as any bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
- Device Information. We collect device-specific information, such as the hardware model, operating system version, advertising identifier, unique application identifiers, unique device identifiers, browser type, language, wireless network, and mobile network information (including the mobile phone number); and
- Information an individual sends us. We may collect any personal correspondence that an individual sends us, or that is sent to us by others about the individual’s activities, including activities with our partners (such as Facebook or Twitter).
- Anonymised company data collection. As part of using Plan A’s services, the user will submit data about their company in order to calculate their environmental footprint. This data, such as business transport types used and energy consumption, is collected and stored by Plan A in an anonymous manner.
- We may also collect non-data about an individual such as information regarding their computer, network and browser. This may include their IP address.
4. How information is collected
- Most information will be collected in association with an individual’s use of our website and services, an enquiry about PLANA.EARTH or generally dealing with us. However, we may also receive data from other sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners (such as Facebook or Twitter). In particular, information is likely to be collected as follows:
- Registration /Subscriptions/Purchases. When an individual registers, subscribes and/or purchases a service, list, account, connection or other process whereby they enter data details or grant access to information in order to receive or access something, including a transaction or services;
- Accounts/Memberships. When an individual submits their details to open an account and/or become a member with us;
- Partners. When an individual grants us access to their accounts with our business partners (such as Facebook or Twitter);
- Supply/Contact. When an individual supplies us with goods or services or contacts us in any way. Pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
- On this website we use the ‘pixels’ of Facebook and Linkedin (called ‘Linkedin Insight Tag’). These pixels connect to Facebook and Linkedin servers when you visit our website. These pixels can transmit data such as the IP address, browser type/ version, operating system, page previously visited, host name of accessing device and the time of the request. This makes it possible for Facebook and Linkedin to identify the users of our website, and to display the targeted advertising to those users interested in our website. We can use the pixels to assess the effectiveness of our advertisements.
- If data is processed outside the EEA, where no data protection level according to the European standard exists, the EU-US Privacy Shield shall apply: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO
- You can object to the collection by the Facebook pixel and use of your data here: https://www.facebook.com/settings?tab=ads.
- You can disable Linkedin Insight Tag from you account by going to ‘Settings & Privacy’ > ‘Ads’ > ‘Interactions with Businesses’ and selecting ‘No’: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest
- As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of when their data is being collected.
- We may also collect anonymous data such as traffic, IP addresses and transaction statistics, which may be used and shared on an aggregated and anonymous basis.
- You hereby grant your express consent that we may collect the data according to this clause 4.
5. Google Analytics
- If you have given your consent, Google Analytics, a web analysis service of Google Ireland Limited ("Google") is used on this website. The use includes the "Universal Analytics" operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices.
- Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
- Purpose of the Processing: On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.
- Legal Basis: The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a: https://gdpr-info.eu/art-6-gdpr/
- Recipients or Categories of Recipients: The recipient of the collected data is Google.
- Transfer to Third Countries: Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission’s adequacy decision. You can download the certificate at: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI
- Duration of Data Storage: The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
- Rights of the Persons Affected: You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent.
- You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser add-on at: https://tools.google.com/dlpage/gaoptout?hl=en
6. Google Ads
- Google Ads Conversion
- We periodically use the Google Ads service to reach new audiences on external websites. As part of the service we receive data that can indicate the degree to which an ad/ a ‘Google Ad’ is successful for Plan A. A key goal in this process is to show advertisements that are relevant and interesting to people.
- The Google Ads we release are sent via ‘Ad Servers’, and we use ad server cookies that can help us measure success (for example, by registering the clicks of users). If you reach our website by clicking on a Google Ad, the system stores a cookie on the device you are using. This cookie typically expires after 30 days. The cookies are not intended to identify you personally.
- These cookies allow Google to identify your internet browser. If you visit certain pages of our website and the cookie has not yet expired, we can see that you have visited the website and have been directed to it via a Google Ad. Throughout this process, we do not collect any personal data - we receive just statistical information from Google. These evaluations indicate to us which advertising strategies are more effective.
- Google Ads Remarketing
- The remarketing function of Google Ads enables us to direct advertisements to our users that are based on their interests on other websites that are included within the advertising network of Google. To do this, Google stores a cookie (in this case a number) in the browsers of users who visit websites, or use services, within Google Display Network. This cookie records the number of user visits to these locations. The visits are identified only as visits from a web browser on a device, so no personal data is collected.
- If you would like to be removed from this process, there are a number of ways to do so. For example:
- By changing the settings in your browser to suppress third-party cookies;
- By deactivating cookies used for conversion tracking. To do this, set your browser so that cookies are blocked by the domain, https://adssettings.google.com/authenticated.
- Google is part of the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
- Customer.io is a marketing and analytics service that allows us to customise behavioural and transactional campaigns in order to create personalised triggered messages in compliance with GDPR. This helps us create a more tailored experience for individual users.
- Customer.io has committed to self-certification with the US Department of Commerce to uphold the principles of the EU-US PRivacy Shield: https://www.privacyshield.gov/
8. Google Optimize
- Google Optimize is used to keep track of your involvement in website experiments. In this context, an experiment could mean an A/B test, which shows two different versions of the website to two groups of people in order to determine which website version performs better. Optimize utilizes Analytics cookies to target content variants to a user and a content experiment cookie to determine a user's participation in an experiment.
- For more information about Google Optimize, you can find the terms of service here: https://support.google.com/optimize/answer/6230273?hl=en
- Cookiebot is a cookie and online tracking consent service that complies with the requirements of EU ePrivacy Directive 2009/136/EC and the General Data Protection Regulation (GDPR). Cookiebot is a self-serve cloud service provided by the ePrivacy company Cybot.
- More information about Cookiebot can be found here: https://www.cookiebot.com/en/privacy-policy/
- We use Hubspot’s CRM tool to track and organise sign-ups/accounts created on our website. The purpose of this is to keep track of what companies have signed up, and who the point of contact is. We then use this information to keep a record of the company’s position in a sales pipeline, also organised in Hubspot. HubSport is a software company from the USA with branch office in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Telephone: +353 1 5187500.
- We use Hubspot Chatflow on the website, which is a chatbot that allows website users to message our team with queries and comments. If you consent to and use this feature, then the following data are transferred to the HubSpot servers:
- - Content of chat messages sent and received;
- - Context information (such as the page on which the chat was used);
- - Optional: Email address of the user (if it is provided by the user via the chat feature).
- HubSpot is certified under the conditions of the EU-US Privacy Shield Framework.
- You can disable Hotjar at: https://www.hotjar.com/legal/compliance/opt-out
- Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe). tel.: +1 (855) 464-6788
12. How data is stored
- The data that we collect from you may be transferred to, and stored at a destination outside the European Economic Area (EEA) and with third parties. It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
- By submitting your personal data, you agree to this transfer, storing or processing according to this clause 5, provided always that we shall safeguard compliance with the respective applicable data protection laws.
13. When data is used
- In general, the primary principle is that we will not use any data other than for the purpose for which it was collected other than with the individual’s permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
- Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
- The provision of services between an individual and us;
- Verifying an individual’s identity;
- Communicating with an individual about:
- Their relationship with us;
- Our goods and services;
- Our own marketing and promotions to customers and prospects;
- Competitions, surveys and questionnaires;
- Information from or regarding Charities, Causes and Campaigns.
- Newsletters and other mailings – you may opt out of the future receipt of this mail at any time by clicking on the corresponding link at the end of the email.
- Investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity; and/or
- As required or permitted by any law (including the Act and other similar applicable laws).
- If you publicly post about PLANA.EARTH, or communicate directly with us on social media, we may collect and process the data contained in such posts or in your public profile for the purpose of addressing any customer service requests you may have and to monitor and influence public opinion PLANA.EARTH.
- Anonymised company data (see 3.1.6) is stored by Plan A and may be used for:
- Internal analysis. We may use this anonymous data to gather insights on the environmental performance of different industries in relation to variables such as their location, size and energy consumption.
- Product development. We may use this anonymous data to understand how companies interact with the tool and its features and use these insights to help inform product development.
- Marketing. We may use this anonymous data, collectively, to produce statistics that we can use in marketing and other content. For example, insights about how different industries are performing in environmental terms.
14. When data is disclosed
- It may be necessary for us to disclose an individual’s data to third parties in a manner compliant with the Act and other similar applicable laws in the course of our business, such as for processing activities like website hosting.
- We will not disclose or sell an individual’s data to unrelated third parties under any circumstances, except for Charities and where we employ other companies to perform tasks on our behalf and we need to share your information with them to provide services to you.
- There are some circumstances in which we must disclose an individual’s information:
- Where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
- As required by any law (including the Act and other similar applicable laws) including court orders; and/or
- In order to sell our business (as we may transfer data to a new owner).
- We may partner with or utilise third-party service providers (such as Gmail from Google, Inc) to communicate with an individual and to store contact details about an individual. These service providers may be located outside the EEA, including the United States of America.
- If the Company gets involved in a merger, asset sale, financing, liquidation or bankruptcy, or acquisition of all or some portion of the business to another company, we may share information with that company before and after the transaction closes.
- You hereby grant your express consent that we may disclose the data according to this clause 7.
15. Third Party Services, websites and accounts
- We may share an individual’s information with third parties for the processing and storage of certain personal information. For example:
- all information may be processed and stored with cloud service providers (such as Amazon Web Services);
- all payment information shall be provided to and processed by a payment gateway (such as Stripe).
- We recommend that you read the privacy policies of third party service providers so you can understand the manner in which your personal information will be handled by these providers.
- In particular, remember that certain service providers may be located in or have facilities that are in a different jurisdiction (including outside the EEA). So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
- As an example, if you are located in the United Kingdom and your transaction is by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation (including the USA Patriot Act).
- We may link your account with a third party (such as Facebook, LinkedIn, Twitter or Google+) to our services to enable certain functionality, or you access or register to the website via such third party account, which respectively allows us to obtain information from those accounts (including your profile picture, friends or contacts).
- The information we may obtain from those services often depends on your settings or their privacy policies. We recommend that you read any third party privacy policies before entering any personal information.
- When you click on the links on our website, they may direct you to third party websites. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
- You hereby grant your express consent that we may share and obtain the data according to this clause 8.
- A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your device if you agree. Cookies contain information that is transferred to your device’s hard drive. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
17. Consent to collection of data
- An individual may opt to not have us collect their data and communicate with them. This may prevent us from offering them some or all of our services and may terminate their access to some or all of the services they access with or through us. They will be aware of this when:
- Opt In. Where relevant, the individual will have the right to choose to have information collected and/or receive information from us; or
- Opt Out. Where relevant, the individual will have the right to choose to exclude himself or herself from some or all collection of information and/or receiving information from us.
- If an individual believes that they have received information from us that they did not opt in or out to receive, they should contact us on the details below.
18. The safety and security of data
- We will take all reasonable precautions to protect an individual’s data from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
- The security of online transactions and the security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, data where the security of information is not within our control.
- We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s data in accordance with this policy or any applicable laws). The collection and use of an individual’s information by such third parties may be subject to separate privacy and security policies.
- If an individual suspects any misuse or loss of, or unauthorised access to, their data, they should let us know immediately.
- We are not liable for any loss, damage or claim arising out of another person’s use of the data where we were authorised to provide that person with the data.
19. How to access and/or update information
- The Act, and other similar applicable laws, gives you the right to request from us the data that we have collected about you. If you would like information about what data about you has been stored, please contact our Data Controller via the details below.
- If an individual cannot update his or her own information, we will correct any errors in the data we hold about an individual within 7 days of receiving notice from them about those errors.
- It is an individual’s responsibility to provide us with accurate and truthful data. We cannot be liable for any information that is provided to us that is incorrect.
20. Complains & Disputes
- If an individual has a complaint about our handling of their data, they should address their complaint to the details below in clause 16.
- If we have a dispute regarding an individual’s data, we both must first attempt to resolve the issue directly between us.
- If we become aware of any unauthorised access to an individual’s data we will inform them at the earliest practical opportunity once we have established what was accessed and how it was accessed.
21. Deletion of accounts and data / right to withdraw
- At any time, you can request your account to be deleted, by contacting our Data Controller via the details below.
- If you request that your account shall be deleted, your data will be deleted, unless other retention times with respect to deletion are provided for by the Act or other similar applicable laws, or retention is required in order to conclude contractual performance, complete relevant services, or for other compliance, accounting and settlement purposes.
- Your activity and communications on our website (including with any Campaigns) will continue to be stored, provided that we would then anonymise your name upon request.
- If our use of your personal data and information is based on consent which you have granted, you may withdraw such consent at any time for the future by sending us a notice to our Data Controller via the details below.
22. Additions to this policy
The Data Controller
The Data Controller