Privacy Policy

1. Purpose and Scope of the Policy

1.1 The purpose of this privacy policy (hereinafter referred to as the "Policy") is to define the rules for data protection, data processing, and data management that apply to users (hereinafter referred to as "Customer" or "Customers") of the plantlibry.com website, and the Data Controller undertakes and acknowledges the compliance with these rules.

1.2 When defining this Policy and processing personal data, the Data Controller acts in accordance with the provisions of the EU Regulation 2016/679 (hereinafter "GDPR") on the protection of natural persons concerning the processing of personal data and the free movement of such data, and the repeal of Directive 95/46/EC. Hungarian law governs this Policy and the data processing by the Data Controller.

1.3 Unless otherwise specified, this Policy does not cover services and data processing related to promotions, contests, services, campaigns, and content provided by third parties other than the website operators referred to below in this Policy.

Likewise, unless otherwise specified, this Policy does not apply to websites and services provided by third parties to which links on the websites covered by this Policy lead.

For such services, the provisions of the third-party data processing policy apply, and the Data Controller assumes no responsibility for such data processing.

2. Definitions

2.1 Data Processing: Any operation or set of operations performed on Personal Data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction of Personal Data.

2.2 Data Controller: The entity that independently or jointly determines the purposes and means of data processing.

For the Services referred to in this Policy, the owner of the plantlibry.com website is considered the Data Controller.

In addition, in the case of many Services, the Service operator also carries out independent data processing activities, in which case the Service operator is considered the data controller. The provisions of the data processing policy made available by the respective Service operator on the Service's website apply to the data processing activities performed by the individual Service operators.

2.3 Personal Data or Data: Any information that makes a natural person User - directly or indirectly - identifiable.

2.4 Data Processor: A service provider who processes personal data on behalf of the Data Controller.

For the Services referred to in this Policy, there are currently no data processors.

2.5 Service(s): Services operated by the Data Controller and provided by the Data Controller, available on the Website.

2.6 Website: An internet page accessible through the plantlibry.com domain.

2.7 User: A natural person who registers for the Services and provides the data listed in section 3 in the process.

2.8 Customer: Someone who orders the publication of advertisements on the surfaces of the Services and provides the data referred to in section 3.4 in connection with this order.

2.9 External Service Provider: Third-party service providers, partners, whether used directly or indirectly by the Data Controller or the Service operator in connection with the provision of individual Services, to whom Personal Data is or may be transmitted for the purpose of providing their services, or who may transmit Personal Data to the Data Controller.

External service providers also include service providers who do not collaborate with either the Data Controller or the operators of the Services, but by accessing the websites of the Services, they collect data about Users, which, either independently or in conjunction with other data, may be suitable for identifying Users. Furthermore, in the context of providing hosting services, the Data Controller considers the User an external service provider from the perspective of data processing activities carried out on the storage space used by the User.

2.10 Information: The data processing information provided by the Data Controller.

3. Scope of Processed Data

3.1 When the User visits any of the Service interfaces, the Data Controller's system automatically records the User's IP address.

3.2 Depending on the User's decision, the Data Controller may process the following data related to using the Services: name, email address.

3.3 If the User sends an email (e.g., a message, a quote request) to any part of the Services, the Data Controller records the User's name and email address, and processes them to the extent and duration necessary for providing the service.

3.4 Depending on the Customer's decision, the Data Controller may process the following data related to using the Services: company name, representative's name, contact person's name, registered office, phone number, fax, email, billing address, tax number, trade registry number, bank account number.

3.5 Regardless of the above, it may occur that a service provider, technically related to operating the Services, conducts data processing on one of the websites without notifying the Data Controller.

This activity does not qualify as data processing by the Data Controller. The Data Controller takes all necessary measures to prevent and filter such data processing activities.

4. Purpose and Legal Basis of Data Processing

4.1 The purposes of data processing carried out by the Data Controller may include:

a) Identifying the User and maintaining contact with the User.

b) Identifying the Client and maintaining contact with the Client.

c) Identifying User rights (services available to the User).

d) Customizing the User's use of the Services and advertisements, as well as using convenience features.

e) Managing and processing unique user requests.

f) Generating statistics and analyses.

g) Direct marketing and business outreach (e.g., newsletters, EDM, etc.).

h) Providing storage for content generated by Users (e.g., comments, chat, blog, forum, etc.) for publication.

i) Enabling User identification within community services (forums, certain blogs) for User-to-User communication.

j) Organizing and conducting contests, notifying winners, and providing prizes when necessary.

k) Creating, defining, modifying, monitoring, delivering ordered products, or utilizing ordered services in the case of webshop services. This includes invoicing the purchase price and documenting compliance.

l) Technically developing the information system.

m) Protecting the rights of Users.

n) Asserting the legitimate interests of the Data Controller.

4.2 The Data Controllers for the plantlibry.com website may process Personal Data for purposes a), b), d), e), m), and n) among the data processing purposes mentioned above.

4.3 Data Controllers do not use Personal Data for purposes other than those mentioned in this section.

4.4 Data processing is carried out based on the voluntary, informed statement of the Users. The statement contains the express consent of Users to use their provided Personal Data or the Personal Data generated about them. Users have the right to withdraw their consent at any time without affecting the lawfulness of the processing that occurred before the withdrawal.

The Data Controller records the IP address of the Users upon accessing the websites, primarily for the legitimate interests of the Data Controller, ensuring the lawful provision of Services (e.g., preventing unlawful use or content filtering). This is done without separate consent from the Users.

When the legal basis for data processing is the legitimate interest of the Data Controller, the Data Controller has carried out, and will continue to conduct, an interest-balancing test in accordance with the relevant provisions of the GDPR. This test substantiates that the legitimate interests of the Data Controller for the specific data processing outweigh the rights and freedoms of the data subject concerning data processing. At the request of the interested party, the Data Controller will provide information regarding this matter according to the procedures described in this Notice.

4.5 Data can be transferred to Data Processors without the separate consent of Users. The disclosure of Personal Data to third parties or authorities, unless otherwise required by law, is only possible based on a legally binding authority order or with the prior, express consent of Users.

4.6 Users warrant that, when using the Services, the consent of the relevant natural persons for the processing of their Personal Data has been lawfully obtained (e.g., publication of User-generated content, etc.). All responsibility for User-uploaded or shared content lies with the User.

4.7 By providing their email address and the data entered during registration (e.g., username, identifier, password, etc.), Users take full responsibility for the fact that only they will use the service. In this regard, the responsibility for any actions related to login with the specified email address and/or data rests solely with the User who registered the email address and provided the data.

5. Principles and Duration of Data Processing

5.1 The Data Controller processes Personal Data in accordance with the principles of good faith, fairness, transparency, and the applicable legal regulations, as well as the provisions of this Notice.

5.2 The Data Controller processes essential Personal Data for the use of the Services only with the consent of the respective User and solely for the purpose intended.

5.3 The Data Controller processes Personal Data only for the purposes specified in this Notice and the relevant legal regulations. The scope of processed Personal Data is proportionate to the purpose of data processing and may not exceed that purpose.

If the Data Controller intends to use the Personal Data for a purpose other than the original data collection, the User will be informed, and the Data Controller will obtain prior, explicit consent for such use or provide an opportunity for the User to prohibit it.

5.4 The Data Controller does not verify the accuracy of the Personal Data provided. The person who provides the Personal Data is solely responsible for its accuracy.

5.5 Personal data of individuals under the age of 16 may be processed only with the consent of a legal guardian exercising parental authority over them. The Data Controller is not able to verify the authority or content of the consenting person's declaration. Therefore, the User or the legal guardian exercising parental authority is responsible for ensuring that the consent complies with legal requirements.

In the absence of a consenting declaration, the Data Controller will not collect Personal Data related to individuals under the age of 16, except for the IP address used during the use of the Services due to the nature of online services, which is recorded automatically.

5.6 The Data Controller does not transfer Personal Data to third parties, except for the Data Processors specified in this section and, in some cases referred to in this Notice, External Service Providers.

This provision does not apply to the use of data in an aggregated statistical form, which does not contain any information that would allow the identification of the User. This is not considered Data Processing or data transfer.

In certain cases, such as official requests from courts or law enforcement agencies, legal proceedings related to copyright, intellectual property, or other rights violations, or to protect the interests of the Data Controller or ensure the provision of the Services, the Data Controller may provide accessible Personal data of the User to third parties.

5.7 The Data Controller's system may collect data on the activities of Users that cannot be associated with the other data provided by Users during registration or with data generated during the use of other websites or services.

5.8 The Data Controller informs the User about the correction, restriction, or deletion of Personal Data and notifies anyone to whom the Personal Data has previously been transferred for data processing purposes once the specific User request has been addressed. The notification may be omitted if it does not affect the legitimate interest of the data subject, considering the purpose of data processing.

5.9 The Data Controller ensures the security of Personal Data and takes technical and organizational measures to establish procedures that protect the collected, stored, and processed data from accidental loss, unlawful destruction, unauthorized access, use, alteration, or distribution. The Data Controller invites all third parties to whom Personal Data is transmitted to comply with this obligation.

5.10 In compliance with the GDPR provisions, the Data Controller is not obliged to appoint a data protection officer.

5.11 IP addresses automatically recorded by the Data Controller are stored for a maximum of 7 days from the time of recording.

5.12 In the case of emails sent by the User, the Data Controller retains the email address mentioned in the request for as long as necessary after the closure of the case. The email address is retained until the User requests its deletion.

5.13 Personal Data provided by the User remains in processing until the User unsubscribes from the Services under the respective user name or requests the deletion of Personal Data. In this case, the Personal Data is deleted from the Data Controller's systems.

Even if the User does not unsubscribe from the Services and only eliminates the login option by deleting their registration, and the comments and content uploaded in the Services remain, the Data Controller may process the User's Personal Data until the User explicitly requests the cessation of data processing in writing.

Requesting the termination of data processing without unsubscribing from the Services will not affect the User's rights to access the Services. However, the User may not be able to use some Services without providing Personal Data.

5.14 In the case of illegal or deceptive use of Personal Data or a criminal offense committed by the User or an attack against the system, the Data Controller is entitled to immediately delete the Personal Data upon the termination of the User's registration. However, in the case of suspected criminal activity or civil liability, the Data Controller may retain the Personal Data for the duration of the pending legal process.

5.15 Data automatically recorded during the operation of the system is stored in the system for the period justified by the operation of the system, and it cannot be linked to other Personal Data provided by Users during registration or data generated when using other websites or services, except where mandatory by law.

If the User withdraws their consent for the processing of Personal Data or unsubscribes from the Services, their personal information—except for authorities and their experts—will no longer be identifiable based on this technical data.

5.16 If a court or authority orders the deletion of Personal Data by a legally binding decision, the Data Controller shall execute the deletion. Instead of deleting, the Data Controller, along with informing the User, may limit the use of Personal Data upon the User's request or if available information suggests that deletion would harm the legitimate interests of the User. The Data Controller will not delete the Personal Data as long as the data processing purpose preventing deletion persists.

6. User Rights

6.1 The User may request that the Data Controller inform them whether they process the User's personal data and, if so, provide access to the Personal Data they manage.

The Personal data provided by the User related to a particular Service can be viewed in the access system settings of the Services or on the profile pages of individual Services.

Nevertheless, the User can request information about the processing of Personal Data at any time in writing through the contact page. The Data Controller considers a request sent by mail credible only if the User can be clearly identified based on the submitted application.

A request for information sent by email is only considered credible by the Data Controller if it is sent from the User's registered email address. However, this does not exclude the Data Controller from identifying the User in other ways before providing the information.

The information request can include information on the Personal Data processed by the Data Controller, their source, purpose, legal basis, duration, the names and addresses of potential Data Processors, activities related to Data Processing, and who received or will receive the User's data and for what purpose, in case of data transmission.

6.2 The User may request the correction or modification of Personal Data processed by the Data Controller. Considering the purpose of data processing, the User may request the supplementation of incomplete Personal Data.

The Personal data provided by the User related to a particular Service can be modified in the access system settings of the Services or on the profile pages of individual Services. After fulfilling the request for the modification of Personal Data, the previous (deleted) data cannot be restored.

6.3 The User may request the deletion of Personal Data processed by the Data Controller.

Deletion may be refused (i) to exercise the right to freedom of expression and information, or (ii) if the processing of Personal Data is authorized by law, or (iii) to file, enforce, or defend legal claims.

In all cases, the Data Controller informs the User of the reason for refusing deletion. After fulfilling the request for deleting Personal Data, the previous (deleted) data cannot be restored.

The Data Controller's newsletters can be unsubscribed from through the unsubscribe link in them. Upon unsubscribing, the Data Controller deletes the User's Personal Data from the newsletter database.

6.4 The User may request that the Data Controller restrict the processing of their Personal Data if the User disputes the accuracy of the processed Personal Data. In this case, the restriction applies for a period allowing the Data Controller to verify the accuracy of Personal Data.

The Data Controller marks the Personal Data it manages if the User disputes its accuracy, but the inaccuracy or inaccuracy of the disputed Personal Data cannot be clearly established.

The User may also request the restriction of the processing of their Personal Data by the Data Controller if the processing is unlawful, but the User opposes the deletion of the Personal Data and instead requests the restriction of their use.

Furthermore, the User may request the restriction of the processing of their Personal Data by the Data Controller if the processing purpose has been achieved, but the User requests the processing of the data for the presentation, enforcement, or protection of legal claims.

6.5 The User may request that the Data Controller provides the Personal Data processed by the Data Controller and provided by the User in a structured, widely used, machine-readable format and transmit this data to another data controller.

6.6 The User may object to the processing of their Personal Data (i) if the processing of Personal Data is solely necessary for the fulfillment of a legal obligation of the Data Controller or for the assertion of the legitimate interests of the Data Controller, the operator of a Service, or a third party; (ii) if the purpose of Data Processing is direct marketing, public opinion research, or scientific research; or (iii) if Data Processing is carried out for the performance of a task carried out in the public interest.

The Data Controller examines the lawfulness of the User's objection, and if the validity of the objection is established, the Data Processing is terminated, the processed Personal Data is locked, and anyone to whom the Personal Data affected by the objection was previously transmitted will be notified of the objection and the measures taken based on it.

7. Data Processing

7.1 To carry out its activities, the Data Controller utilizes the Data Processors named above in this Notice.

7.2 Data Processors do not make independent decisions; they are authorized to act solely in accordance with the contracts concluded with the Data Controller and the instructions received. Data Processors, following May 25, 2018, record, manage, and process Personal Data transmitted to them by the Data Controllers and processed by them, in compliance with the provisions of the GDPR, and provide a declaration to the Data Controllers regarding this.

7.3 The Data Controller monitors the work of Data Processors.

7.4 Data Processors are only authorized to use other data processors with the consent of the Data Controller.

8. External Service Providers

8.1 The Service operators or the Data Controller frequently engage external service providers in connection with providing the Services, with whom the Data Controller cooperates.

Regarding the Personal data managed in the systems of external service providers, the guidelines in the external service providers' own privacy policies apply. The Data Controller does everything in its power to ensure that external service providers handle the Personal data transmitted to them in compliance with legal regulations and use them solely for the purpose defined by the User or as set forth in this Notice.

After May 25, 2018, external service providers record, manage, and process Personal data transmitted to them by the Data Controllers and processed by them in compliance with the provisions of the GDPR, and they provide a declaration to the Data Controllers regarding this.

The Data Controller informs Users about data transfer to external service providers within the framework of this Notice.

8.2 External Service Providers Facilitating Registration or Login

The Service operators and/or the Data Controller collaborate with external service providers that offer applications facilitating registration and login for Users. Within the scope of this cooperation, certain Personal data (e.g., IP address, email, registration name) may be transmitted by these external service providers to the Data Controller and/or the Data Processor. These external service providers collect, manage, and transmit the Personal data in accordance with their own data protection policies.

External Service Providers Facilitating Registration or Login in cooperation with the Data Controller: No such external providers.

8.3 Web Analytics and Ad Serving External Service Providers

In connection with the pages of the Services, the Service operators and/or the Data Controller collaborate with web analytics and ad serving external service providers.

These external service providers may access the User's IP address and, in many cases, they facilitate the personalization or analysis of the Services, as well as the creation of statistics, using cookies, web beacons, clicktags, or other click measurement tools.

The cookies placed by these external service providers can be deleted from the User's device at any time, and the use of cookies can usually be declined by selecting the appropriate settings in the browser(s). The identification of cookies placed by external service providers is based on the domain associated with each respective cookie. There is no option to reject web beacons, clicktags, and other click measurement tools.

These external service providers handle the Personal data transmitted to them in accordance with their own privacy policies.

Web Analytics and Ad Serving External Service Providers collaborating with the Data Controller: Google LLC.

8.4 Providing Hosting Services

For the purpose of providing the Services, the Data Controller considers Users who use the storage provided by the Data Controller as external service providers. Users can upload Personal data to the storage provided by the Data Controller at their own discretion, or they can use services that allow them to collect, record, and manage Personal data on the storage space.

In all cases where the Data Controller provides hosting services as a service provider, no data processing activities are carried out concerning the Personal data stored on the hosting. The Users using the hosting service bear all responsibility for the compliant handling of the data.

8.5 Other External Service Providers

There are external service providers with whom neither the Service operators nor the Data Controller have contractual relations or intentionally cooperate with regard to data processing. Nevertheless, these providers can access the Services' websites – with or without User involvement (e.g., by linking their individual accounts to the Services) – and collect data about Users or user activities on the Services' websites. These data can sometimes be used for User identification, either independently or combined with data collected by these external service providers.

Such external service providers include, but are not limited to: Meta Platforms Ireland Ltd., Google LLC, Pinterest Europe Ltd., YouTube LLC, etc.

These external service providers handle the Personal data transmitted to them in accordance with their own data protection policies.

9. Scope of Additional Data Processed by the Data Controller (Cookie Management)

9.1 To provide customized services, the Data Controller places a small data packet (so-called "cookie") on the User's computer. The purpose of the cookie is to ensure the highest possible quality of the page's operation, provide personalized services, and enhance the user experience. Users can delete cookies from their own computers and can configure their browsers to block the use of cookies. By disabling cookies, Users acknowledge that the operation of the respective page may not be fully functional without cookies.

We display advertisements on our website using Google cookies, analyze traffic, and require cookies for the proper functioning of social media features.

9.2 Based on Their Validity Period and Origin, Different Types of Cookies Can Be Distinguished:

9.2.1 Temporary or Session Cookies

The validity period of session cookies is limited to the user's current session only. Their purpose is to prevent data loss (e.g., when filling out a lengthy form). Once the session ends or the browser is closed, this type of cookie is automatically deleted from the visitor's computer.

9.2.2 Permanent or Saved Cookies

The validity period of permanent cookies is determined in days, weeks, months, or years. These saved cookies are stored on the user's computer's hard drive for the predetermined duration, but users can delete them before this timeframe expires.

9.2.3 Internal and External Cookies

If the visited website's web server installs cookies on the user's computer, we refer to them as internal cookies. If the source of the cookie is code embedded in the respective website by an external provider, then these are external cookies.

9.3 Cookie Approval

When you visit our website from your computer, mobile phone, or tablet, we request your approval for placing cookies in a pop-up message.

If you do not want us to place cookies on your device, please configure your browser settings to block cookies. In this case, some website features may not work properly (e.g., embedded videos from social media – Facebook, YouTube –, social sharing buttons, Facebook Page Plugin, statistics, ads, etc.).

9.4 Managing Cookie Settings

If you previously consented to the use of cookies but no longer wish to, you can disable cookies in your browser settings and delete previously authorized and placed cookies. In this case, certain website features may not work properly.

9.5 What Cookies Can We Use?

9.5.1 The following cookies are used by third parties:

Google Analytics – analytics

Google Adsense – advertisements

Facebook Social Plugins – Facebook box, embedded videos, embedded posts, like and share buttons

YouTube.com – Embedded videos

9.5.2 Google Analytics Cookie

Our website uses Google Inc.'s ( "Google" ) Google Analytics system to analyze its traffic. The Google Analytics system stores "cookies" - simple, short, small text files - on your computer device and, using these, it analyzes the website's traffic, helping improve our website for an enhanced user experience.

Data concerning website visits (together with the time of visit and your IP address) stored in the "cookie" are transmitted to and stored on Google's servers in the USA. Google uses this data to evaluate your website visitation habits, compile reports for us, and provide other services related to the website and Internet usage.

Users who do not want Google Analytics to generate reports of their visits can install the Google Analytics Opt-out Browser Add-on. This extension instructs Google Analytics JavaScript scripts (ga.js, analytics.js, and dc.js) not to send visitation information to Google. Users who have installed the opt-out browser add-on will not participate in content experiments.

To disable Analytics web activity, visit the Google Analytics Opt-out Page and install the add-on for your browser. For information on installing and removing this extension, consult the help resources for your specific browser.

9.5.3 Google Adsense Cookie

On the https://plantlibry.com website, we display advertisements provided by the Google Adsense advertising system. Google Adsense displays advertisements most relevant to users based on their data, and it collects data about visitors who click on the ads.

9.5.4 Facebook Cookie

On our website, we use Social Plugins operated by META, which are available at facebook.com. You can recognize the Facebook plugin on our site by the Facebook logo or the "Like" button.

When you visit our site, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives information about the IP address from which our site was accessed. If you click the Facebook "Like" button while logged into your Facebook account, you can link the content on our site to your Facebook profile. This allows Facebook to associate visits to our pages with your user account.

Please note that as the provider of our sites, we do not have knowledge of the content of the transmitted data or how Facebook uses it. For more information on this, please refer to Facebook's privacy policy.

If you don't want Facebook to associate your visit to our website with your Facebook account, please log out of your Facebook account.

9.5.5 YouTube Cookie

On our website, we can display videos embedded in posts from the YouTube video-sharing website, which is operated by YouTube.

10. Affiliate Links

The website, as well as some posts, may contain affiliate links. This means that if you purchase a paid product or service after clicking on the link, we receive a commission from the seller or the service provider after your purchase This does not increase the price of the product or service for you. It's important to know that we would not recommend a product or service that we don't consider to be of sufficient quality.

11. Possibility of Data Transmission

11.1 The Data Controller is authorized and obliged to transmit any Personal data available and properly stored to the competent authorities, as required by law or by enforceable official obligations. The Data Controller cannot be held responsible for such Data Transmission or the consequences arising from it.

11.2 In the event that, due to the succession of rights by the Data Controller or within the scope of services provided by the Data Controller, data processed by the Data Controller is partially or completely transferred to a third party, the Data Controller may transfer the data in question to the successor third party for further processing without the separate consent of the Client. The Client shall be informed of this. This Data Transmission shall not put the Client in a less favorable position than the data processing rules set out in this Information notice.

12. Amendment of the Data Processing Information

12.1. The Data Controller reserves the right to unilaterally modify this Data Processing Information at any time.

13. Legal Remedies

13.1. The Client may enforce their rights under the GDPR and Act V of 2013 on the Civil Code in court and may also turn to the Hungarian National Authority for Data Protection and Freedom of Information with any questions related to personal data.

13.2. The Data Controller can also be contacted with any questions or observations regarding data processing through the contact information provided above or in other ways. This Data Protection Information entered into force on October 17, 2023.