GDPR and Privacy Policy – Green Monstera

Data Protection & Privacy Policy for Green Monstera

1. Who I Am (The Data Controller)

• My Name/Business Name: Green Monstera

• My Role: I, as the sole operator, determine the purpose and means of processing your personal data.

• Contact for Data Protection Issues: hello@greenmonstera.com

2. The Personal Data I Collect

I only collect data that is necessary for operating the shop, fulfilling orders, and communicating with you. This data typically falls under the following categories:

3. How I Use Your Data (The 7 Principles)

I process your personal data in line with the GDPR principles, ensuring:

• Lawfulness, Fairness, & Transparency: I only use your data for the reasons stated above and will be clear about how I do so.

• Purpose Limitation: I only use data for the specific purposes it was collected.

• Data Minimization: I only collect the minimum amount of data required to fulfill your order or service.

• Accuracy: I strive to keep your data accurate and up-to-date.

• Storage Limitation: I only keep your data for as long as necessary.

• For general customer data, this is until the order is complete, or until you ask for it to be deleted (subject to accounting laws).

• Crucially, as an Authorized Professional Operator issuing Plant Passports, I am legally required under plant health regulations to retain all records of Plant Passports I issue or receive, including associated customer contact and traceability data, for a minimum period of three years. This legal obligation takes precedence over the general right to erasure for this specific set of data.

• Integrity and Confidentiality: Your data is kept secure, using appropriate technical and organizational measures.

4. Sharing Your Personal Data (Third Parties)

I do not sell your data. I only share it with trusted third-party providers essential for running the shop:

• Payment Processors: To securely handle transactions (e.g., Stripe, PayPal).

• Shipping/Delivery Partners: To provide them with your name and address to deliver your order.

• Email Marketing Platform: If you explicitly sign up for my newsletter.

5. Your Data Protection Rights (Data Subject Rights)

Under GDPR, you have the following rights regarding the personal data I hold about you:

1. The Right to Be Informed: To be told how your data is used (covered by this policy).

2. The Right of Access: To request a copy of the data I hold about you.

3. The Right to Rectification: To ask me to correct any inaccurate data.

4. The Right to Erasure (The “Right to be Forgotten”): To request that I delete your personal data (subject to legal retention requirements, such as tax law or plant passport regulations).

5. The Right to Restrict Processing: To limit how I use your data.

6. The Right to Data Portability: To request your data be transferred to you or another provider.

7. The Right to Object: To object to the processing of your data.

6. How to Exercise Your Rights or Make a Complaint

If you wish to exercise any of these rights, please contact me directly at hello@greenmonstera.com. You also have the right to lodge a complaint with your local Data Protection Supervisory Authority.