2. About the data processing
The following describes how we process your data, where we store these data (or have them stored), which security technologies we use and who can view the data.
2.1. Website software
Our website has been developed using Simplex Interactive software. Personal data that you give to us for our services, are shared with this party. Simplex Interactive has access to your data to enable it to provide us with (technical) support; Simplex Interactive will never use your data for any other purpose. Based on the contract that we have entered into with them, Simplex Interactive is obliged to take appropriate security measures. Simplex Interactive collects technical information related to your use of the software; no personal data are collected and/or retained.
2.2. SSL and TLS encryption
In order to protect the transfer of confidential content, such as orders or requests that you submit to us as the website operator, SSL or TLS encryption is used on this website. An encrypted connection is recognisable because the address in the address bar of the browser starts with "https: //" instead of "http://", with the padlock icon in front of that. When the SSL or TLS encryption is activated, data that you send to us cannot be viewed by third parties.
2.3. Web hosting
We use the web hosting and email services of Veldmaat ICT. Veldmaat ICT processes personal data on our behalf and never uses your data for its own purposes. This party may, however, collect meta data about the use of the services. These are not personal data. Veldmaat ICT has taken appropriate technical and organisational measures to prevent the loss and unauthorised use of your personal data. Under the agreement, Veldmaat ICT is obliged to maintain confidentiality.
2.4. Email and mailing lists
When you subscribe to our newsletter through our website, we require your email address and information with which we can verify that you are the owner of the email address you have provided, and you must confirm whether you agree to receiving the newsletter. No other data is collected or is only collected when provided voluntarily. We process these data exclusively for the purpose of providing the requested information and these data are not passed on to third parties.
The information that you provide when subscribing to the newsletter is only processed with your consent (article 6, paragraph 1, under A of the General Data Protection Regulation (GDPR)). The consent given for the retention of the data, the email address and the use thereof in order to send the newsletter, can be withdrawn at any time, for example, using the "Unsubscribe" link in the newsletter. However, this does not affect the lawfulness of the data processing that has taken place up to that point.
We retain any data that you provide when you subscribe to the newsletter until you unsubscribe, and these data are then deleted. This does not apply to data that we retain for other purposes (such as email addresses used to log in).
2.4.2. Microsoft Exchange
For our regular business email traffic, we use Microsoft’s services. This party has taken appropriate technical and organisational measures to prevent (as far as possible) misuse, loss and corruption of your data and our data. Microsoft has no access to our mailbox and we treat all of our email traffic confidentially.
2.5. Shipping and logistics
If you place an order with us, it is our job to arrange for your order to be shipped to you. We utilise the services of GLS, DHL or PostNL to carry out the deliveries. To this end, we have to share your name, address and place of residence to GLS, DHL or PostNL. GLS, DHL or PostNL use these data solely for the purpose of executing the agreement. Should GLS, DHL or PostNL engage the services of subcontractors, GLS, DHL or PostNL will also pass on your data to these parties.
2.6. Invoicing and accounts
We use the services of SnelStart to handle our administrative records and accounts. We share your name, address and place of residence, plus details relating to your order. These data are used to manage sales invoices. Your personal data are protected before being sent and stored. SnelStart is obliged to maintain confidentiality and will treat your data confidentially. SnelStart does not use your personal data for purposes other than those described above.
2.7. Contact form
When you send questions to us using the contact form, the information you provide on the form, including the contact details, will be retained so that we can process your request and for any further communication. These data will not be shared without your consent.
We will only process the data you have provided on the contact form with your consent (article 6, paragraph 1, under a of the GDPR). You can withdraw this consent at any time; you do this by sending us a simple message by email. However, this does not affect the lawfulness of the data processing that has taken place up to that point
The data provided through the contact form remain in our possession until you ask us to delete these data, withdraw your consent in this regard, or if it is no longer necessary to retain these data (e.g. once your request has been processed). The compulsory legal provisions, specifically those concerning the retention periods, are not affected.
2.8. Special and/or sensitive personal data that we process
We do not process any special personal data, such as data about health, a criminal record, ethnic data or data concerning race.
Our website, products and/or services are not meant to collect data about website visitors under the age of 16 years. We cannot, however, check whether a visitor is under 16 years of age. We therefore advise parents or guardians to be involved in their children’s online activities, to ensure that no data are gathered about children without parental consent. If you believe that we have collected personal data about a minor child without the aforementioned parental consent, please contact us by email and we will delete this data.
3. Purpose of the data processing
3.1. General purpose of the processing
We only use your personal data for the services we provide. In other words, that the purpose of the data processing is always directly related to the assignment that you give. We do not use your data for (targeted) marketing. If you share data with us and we use these data – other than at your request – to contact you at a later date, we will ask for your explicit consent for this.
Your data shall not be shared with third parties, other than to fulfil accounting and other administrative obligations. These third parties are all obliged to maintain confidentiality under the agreement between them and us, or an oath, or legal obligation.
3.2. Data collected automatically
Data collected automatically by our website with the purpose of further improving our services. These data (for example, your IP address, web browser and operating system) are not personal data.
3.3. Cooperation in tax and criminal investigations
Where applicable, based on a legal obligation, PlantoSys may be required to share your data officially, in relation to a tax or criminal investigation. In this case, we are obliged to share your data, but we will oppose this within the limits of what is legally possible.
3.4. Retention periods
We will retain your data whilst you are our customer. This means that we will retain your customer profile until you inform us that you no longer wish to utilise our services. When you inform us of this, we will also consider this as a request to be forgotten.
Based on applicable administrative obligations, we have to retain invoices containing your (personal) data. We will therefore retain these data for the duration of the applicable period. However, employees no longer have access to your customer profile and documents that we have produced further to your assignment.
4. Your rights
Pursuant to the applicable Dutch and European legislation, as an involved party, you have certain rights with regard to the personal data processed by us or on our behalf. Below we explain which rights these are and how you can invoke these rights. In principle, to prevent misuse, we only send extracts or copies of your data to the email address that we already hold for you. If you wish to receive the data at a different email address or, for example, by post, we will ask you to prove your identity. We keep records of requests that we have dealt with; in the event of a request to be forgotten, we process anonymised data. You will receive all extracts and copies of data in the
machine readable data format that we use in our systems. You have the right to lodge a complaint at any time with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you suspect that we are misusing your personal data.
4.1. The right of access
You always have the right to access the data that we process or that is processed on our behalf pertaining to you, or that can be traced back to you. You can submit a request to that end to our contact person for all matters relating to privacy. You will receive a response to your request within 30 days. If your request is granted, we will send you a copy of all data to the email address that we hold for you, along with a list of the data processors in possession of these data, stating the category under which we have retained these data.
4.2. The right to rectification
You always have the right to request that the data that we process or that is processed on our behalf pertaining to you, or that can be traced back to you, is rectified. You can submit a request to that end to us. You will receive a response to your request within 30 days. If your request is granted, we will send a confirmation to the email address that we hold for you, stating that the data have been rectified.
4.3. The right to restrict processing
You always have the right to restrict the data that we process or that is processed on our behalf pertaining to you, or that can be traced back to you. You can submit a request to that end to us. You will receive a response to your request within 30 days. If your request is granted, we will send a confirmation to the email address that we hold for you, stating that the data will no longer be processed until you lift the restriction.
4.4. The right to data portability
You always have the right to have the data that we process or that is processed on our behalf pertaining to you, or that can be traced back to you, to be processed by a different party. You can submit a request to that end to us. You will receive a response to your request within 30 days. If your request is granted, we will send, to the email address that we hold for you, extracts or copies of all data that we have processed about you, or that has been processed by other processers or third parties at our instruction. In all likelihood, in such a case, we will no longer be able to continue the service as we would no longer be able to guarantee the secure coupling of databases.
4.5. The right to object and other rights
In some cases, you have the right to object to the processing of your personal data by or on behalf of PlantoSys. If you object, we will immediately discontinue the data processing, pending the handling of your objection. If your objection is justified, we will provide you with extracts and/or copies of data that we process or that is processed on our behalf and will then discontinue processing on a permanent basis. In addition, you have the right not to be subjected to automated individual decision-making or profiling. We do not process your data in such a way that this right applies. If you are of the opinion that this is the case, please contact us.
4.6. The right to submit a complaint to the supervisory authority
If you suspect that your personal data are processed in a way that contravenes the Privacy Act, you can submit a privacy-related complaint to the supervisory authority. You can submit this complaint through this link: https://www.autoriteitpersoonsgegevens.nl/en
In a number of cases, cookies are used on the website. Cookies do not harm your computer and do not contain viruses. Cookies are used to make our website more user-friendly, more effective and safer. Cookies are small text files that are stored on your computer and in your internet browser.
In most cases, these are session cookies; these are deleted automatically after your visit. Other cookies are stored on your device, until you delete these. These cookies mean your device will be recognised the next time you visit.
5.1. Google Analytics
The anonymous information generated by the cookie about your use of the website is transferred to and stored by Google on servers in the United States. Google uses this information to monitor how this website is used, to produce reports about the website activity for the owner of this website and to offer other services relating to website activity and internet use.
Google may only supply this information to third parties if it is legally obliged to do so, or insofar as these third parties process the information on behalf of Google. Google will not combine your IP address with other data held by Google.
7. Contact details
The controller of this website is:
PlantoSys Nederland b.v.
7241 MB Lochem
"PlantoSys' down-to-earth approach takes us further."
Stef Scholte | plant grower (The Netherlands)
"Naturally we will continue with PlantoSys."
De Wijnmakers | The Netherlands