Privacy policy

Edit Privacy Options

Last updated: March, 2026

This Privacy Policy describes how PlantsPicker ("we", "us", or "our") collects, uses, stores, and protects your personal data when you visit plantspicker.com (the "Website"). It is issued in compliance with the EU General Data Protection Regulation (EU) 2016/679 ("GDPR") and, where applicable, the EU AI Act (EU) 2024/1689.

1. Data Controller

The data controller responsible for your personal data is PlantsPicker. For any privacy-related enquiries, you may contact us via the contact page.

2. What Personal Data We Collect

We collect only the minimum data necessary to provide our services. Depending on how you interact with the Website, this may include:

We do not sell, rent, or trade your personal data to third parties.

3. Lawful Basis for Processing

We rely on the following legal bases under Article 6 GDPR:

Processing activity Lawful basis
Account creation and management Performance of a contract (Art. 6(1)(b))
Sending transactional emails (e.g. price alerts, account notifications) Performance of a contract (Art. 6(1)(b))
Website analytics and performance monitoring Legitimate interests (Art. 6(1)(f)) — improving and securing the Website
Personalised advertising and marketing cookies Consent (Art. 6(1)(a))
Compliance with legal obligations Legal obligation (Art. 6(1)(c))

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of prior processing. Use the "Edit Privacy Options" button above to manage your consent choices.

4. Cookies and Tracking Technologies

We use cookies and similar technologies for essential functionality, analytics, and — only with your consent — advertising personalisation. Full details of every cookie set on this Website, including its purpose, provider, and retention period, are available in our Cookie Policy.

5. How We Use Your Data

6. Data Retention

We retain your personal data only for as long as necessary for the purposes set out in this Policy:

7. Third-Party Processors and International Transfers

We share data with trusted third-party service providers who process data on our behalf under Data Processing Agreements that satisfy GDPR Article 28 requirements. These include hosting providers, analytics services, and email delivery platforms.

Some of our processors are located outside the European Economic Area (EEA). Where data is transferred to a third country, we rely on one of the following safeguards:

You may request a copy of the relevant safeguards by contacting us via the contact page.

8. Third-Party Links and Affiliate Products

Our Website contains links to third-party retailers and affiliate partners (e.g. Amazon). When you follow such a link, you leave our Website and the third party's own privacy policy applies. We have no responsibility for the content or privacy practices of those sites. We encourage you to review their policies before providing any personal data.

9. Automated Decision-Making and Profiling

We do not make decisions about you that produce legal or similarly significant effects based solely on automated processing, including profiling, as defined in Article 22 GDPR. Where algorithmic features are used to personalise product recommendations, a human review process remains available and you may object at any time (see Your Rights below).

In accordance with the EU AI Act (Regulation (EU) 2024/1689), we do not deploy high-risk AI systems in the context of your personal data processing on this Website.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These include encrypted storage, TLS-encrypted data transmission, access controls, and regular security reviews.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR.

11. Children's Privacy

Our Website is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it without delay.

12. Your Rights

Under the GDPR you have the following rights in relation to your personal data:

To exercise any of these rights, contact us via the contact page. You can also permanently delete your account and all associated data from the account deletion page. We will respond within 30 days. Please note that exercising certain rights (e.g. erasure) may affect your ability to use our services.

13. Right to Lodge a Complaint

If you believe we have processed your personal data in breach of the GDPR, you have the right to lodge a complaint with the supervisory authority in your country of residence or the lead supervisory authority in the EU. A full list of EU supervisory authorities is available at edpb.europa.eu.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes we will provide a more prominent notice (e.g. an in-app notification or email). We encourage you to review this Policy periodically.

15. Contact Us

If you have any questions, requests, or concerns regarding this Privacy Policy or our data practices, please contact us via the contact page.

favorite