The following terms, among others, are used in this privacy policy.
Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Cookies are small text files or similar technologies that are stored in your browser by the websites you have visited and can be read by these and other websites. They are used to optimise the usability of websites or to provide the operator with certain information about the website, e.g. to tailor advertising to your interests. Cookies may contain personal data, such as a personal ID.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
An authorisation to process personal data for specific purposes.
Recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed.
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Web hosting refers to the provision of web space and the hosting of websites on the web server of an Internet service provider.
Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
All countries outside the European Union.
Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
In the following, we would like to inform you in accordance with the General Data Protection Regulation (GDPR) and other data protection regulations. In particular, we hereby clarify which personal data we collect for which purposes when you use our websites and communicate with us electronically, how we use this data, to whom we pass it on and what rights you have in relation to your personal data.
The person responsible for data processing is
plant values GbR (Toni Kiel, Steve Grundig, Franziska Kramer, Michael Jenkner, Matthias Damert)
c/o Impact Hub Dresden
Bayrische Str. 8
01069 Dresden
Germany
E-mail: datenschutz@plant-values.de
If you have any questions about data protection, you can also contact our Data Protection Officer turn:
Data Protection Officer
c/o plant values GbR (Kramer, Kiel, Jenkner, Grundig, Damert)
c/o Impact Hub Dresden
Bayrische Str. 8
01069 Dresden
Germany
E-mail: datenschutz@plant-values.de
You have the following rights vis-à-vis all of the above-mentioned controllers with regard to your personal data:
You can inform us about the exercise of your rights at: datenschutz@plant-values.de.
You have the right to object to the processing (Art. 21 GDPR) if it is based on our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR). You have the right to object on grounds relating to your particular situation. You have no right to object if we or our service providers can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. You also have no right to object if the processing serves the assertion and exercise of or defence against legal claims (Art. 21 para. 1 GDPR). In the event of your objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling legitimate grounds on the basis of which we will continue the processing.
Information on the existence of a right of objection or cancellation for the respective data processing can be found below.
Below you will find the legal information on data categories, purposes, legal bases, deletion periods, recipients, third country transfers, profiling, cancellation and objection rights for each processing activity.
The following data is automatically sent to us by your computer when you access the website:
This data is technically necessary for us to display our website to you (e.g. establishing a connection to the website) and to ensure stability and security (e.g. tracking attacks on the website and load distribution). Without it, you will not be able to access the website, which means that you are theoretically obliged to provide the data.
This data is stored for a period of 14 days. Longer processing is possible in individual cases, e.g. for as long as and insofar as this is necessary to block abusive use of the website. The data may be stored for up to five years.
This data is technically processed by our hosting service provider allinkl and stored and further processed on our behalf for the above-mentioned purposes.
The automatic collection of data takes place on the basis of Section 25 (2) No. 2 TDDDG. The storage and further processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, as the purposes of the processing reflect our legitimate interests.
You can object to the storage and further processing at any time. Please note the above information on your right to object. You can declare your objection to the processing of the data to us using the contact details above.
We use the web analysis service Matomo, which we operate ourselves on our own servers.
The following data is collected and processed:
The above-mentioned data is processed for statistical analysis of website usage for optimisation and marketing purposes. A pseudonymised user profile about you is created and evaluated from this data for the same purpose. The information generated in the pseudonymised user profile is not used to personally identify the visitor to the website and is not combined with personal data about the bearer of the pseudonym.
The IP address is stored in anonymised form. This means that the last two digits of the IP address are deleted. Example 192.168.xxx.xxx. Non-anonymised IP addresses are only used for the processing of website visits, i.e. the creation of aggregated statistics. However, we cannot see these.
The legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, i.e. our legitimate interests in analysing website usage.
If you do not agree to the storage and analysis of this data from your visit, you can object to its storage and use at any time by clicking below. In this case, a so-called opt-out cookie will be stored in your browser, which means that we will not collect any session data with the help of the Matomo software. Please note that the complete deletion of your cookies means that the opt-out cookie will also be deleted and may have to be reactivated by you. If you have activated the do-not-track function in your browser, we will automatically take this setting into account so that no data is collected.
We delete the raw data two years after your visit to the website.
The opt-out cookie is stored for the duration of your website visit and is deleted when you close the website. You can also delete the cookie yourself at any time via the settings in your browser.
This data is technically processed by our hosting service provider allinkl and stored and further processed on our behalf for the above-mentioned purposes.
When you contact us, e.g. by e-mail or telephone, the personal data you provide will be processed by us in order to respond to your enquiry.
We process the following data in particular: Your name and, if applicable, function, e-mail address, telephone number, date and time of contact (collected automatically), content of messages, subject of e-mails, if applicable.
We use the data to receive and respond to your enquiry and, if necessary, to acquire new customers. Only the content of the message and the e-mail address are mandatory. All other information is voluntary or is collected automatically.
Your data will be processed during the contractual negotiations or during the contractual relationship if your enquiry leads to the conclusion of a contract with us and/or the processing is necessary for the establishment, performance or termination of a contract. Otherwise, we delete your data after processing is no longer required to process and respond to your enquiry, or we store it in a restricted and separate form for the duration of the legally mandatory retention periods, which can be a maximum of 10 years.
The information from your enquiry by e-mail in our electronic mailbox. The e-mails are processed on the Microsoft server (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA).
The legal basis for processing in the context of a contract or the initiation of a contract is Art. 6 para. 1 sentence 1 lit. b GDPR. If no contractual relationship exists and is not intended, the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR, i.e. our predominantly legitimate interests in the provision and use of an opportunity to make contact for other purposes. The legal basis for this storage of data in the event of statutory retention obligations is Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with § 147 AO, § 257 HGB.
You can object to the storage and further processing at any time on the basis of our legitimate interests. Please note the above information on your right to object. You can declare your objection to the processing of the data to us using the contact details above.
The Microsoft servers that we use are located in the European Union. However, it cannot be ruled out that your data may be transferred to the USA by Microsoft. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without any legal recourse.
The data transfer takes place on the basis of the adequacy decision of the European Commission pursuant to Art. 45 GDPR in relation to the agreement between the USA and the EU called "Trans-Atlantic Data Protection Framework". The adequacy decision can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en can be called up.
Should the adequacy decision no longer apply, the adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by us and the respective service provider to protect the data. The standard data protection clauses are available here https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE retrievable.
The following device data is processed when you participate in a video call with us:
This data is technically necessary to provide you with the services (e.g. invitation, connection setup, image and sound transmission), to enable the organisation of digital events and to ensure stability and security (e.g. tracking attacks on the services and load balancing). Without them, you cannot access the services, so that there is a theoretical obligation to provide the data.
The automatic collection of data takes place on the basis of Section 25 (2) No. 2 TDDDG. Further processing is carried out on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR in the case of an existing contractual relationship or a contract initiation and otherwise on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR, as the purposes of the processing reflect our legitimate interests.
You can object at any time to the processing of data that takes place on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. Please note the above information on your right to object. You can declare your objection to the processing of the data to us.
The data will only be processed for the duration of your participation in the video call.
Your data will be processed by Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) on our behalf.
The Microsoft servers that we use are located in the European Union. However, it cannot be ruled out that your data will be transferred to the USA by Microsoft. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal recourse.
The data transfer takes place on the basis of the adequacy decision of the European Commission pursuant to Art. 45 GDPR in relation to the agreement between the USA and the EU called "Trans-Atlantic Data Protection Framework". The adequacy decision can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en can be called up.
Should the adequacy decision no longer apply, the adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by us and the respective service provider to protect the data. The standard data protection clauses are available here https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE retrievable.
Use of Eventbrite
Data categories
As part of the use of the service Eventbrite we process the following personal data in particular:
Purpose of the processing
Data processing is carried out for the organisation, implementation and handling of events. This includes in particular
Storage duration
The data is stored for as long as it is required to fulfil the aforementioned purposes. The data will then be deleted, provided that there are no statutory retention obligations (e.g. under commercial or tax law) to the contrary.
Receptionsnger
The processing is carried out by the service provider Eventbrite, Inc. (155 5th Street, San Francisco, CA 94103, USA; branch: Eventbrite DE GmbH, Berlin). Other recipients may be payment service providers if a chargeable booking is made. Data will not be passed on to uninvolved third parties.
Please note that Eventbrite also processes certain data for its own purposes and that we have no influence over this. You can find out more about data processing by Eventbrite at https://www.eventbrite.de/help/de/articles/460838/eventbrite-privacy-policy/ and under https://www.eventbrite.de/help/de/articles/363929/f-a-fragen-und-antworten-zum-eu-datenschutz-von-eventbrite/ inform.
By registering, you consent to your email address being processed for the purpose of subscribing to and regularly sending the newsletter with sustainability information and to your click and opening behaviour in relation to the respective newsletter as well as information about the devices used (e.g. operating system, manufacturer) and the region being processed by plant values GbR (Kramer, Grundig, Kiel, Jenkner, Damert) with the help of a pixel and similar technologies for the purpose of measuring success. You can revoke your consent at any time with effect for the future, e.g. via the "Unsubscribe" link in the newsletter. The lawfulness of the processing of your data that took place before the revocation is not affected by the revocation.
We send our customers and interested parties information on the topic of sustainability. The following data is processed. Email address, time of registration, information about receipt and your interactions with our newsletters, e.g. delivered, opened, unsubscribed, clicked link, bounce, not delivered.
We process the data to enable you to order and send the newsletter and to unsubscribe and, if necessary, to record your consent. We also use the data to measure whether and, if so, which content is of interest to the newsletter recipients and which interactions are triggered.
We will delete the data if you withdraw your consent, object to direct marketing or if we stop sending it for any other reason. We will delete your consent three years after cancellation or discontinuation of mailing.
The processing of the data is based either on Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG, i.e. our legitimate interest in sending direct advertising to our existing customers, or on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, Section 25 para. 1 TDDDG.
The logging of consent is based on Art. 6 para. 1 sentence 1 lit. c, Art. 7 GDPR, i.e. our legal obligation to prove the existence of consent.
You can object to the storage and further processing, which is based on our legitimate interests, at any time. Please refer to the above information on your right to object and the contact details.
Your data is processed by Brevo processed on our behalf.
We offer you the opportunity to apply to us by e-mail or post.
We would like to point out that data transmission on the Internet can have security gaps when communicating by e-mail. We therefore recommend that you do not send any sensitive data, such as certificates, CVs, etc. unencrypted by e-mail.
If you wish to send your application by e-mail, please encrypt the attachments in accordance with the latest technical standards and send us the password separately.
Below we inform you about the scope, purpose and use of your personal data collected as part of the application process.
If you send us an application or take part in an (online) job interview, we process the associated personal data that you transmit to us insofar as this is necessary to decide on the establishment of an employment relationship and to conduct the (online) job interview.
This may involve the following personal data:
The legal basis is § 26 BDSG-new (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time with effect for the future.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG-new and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.
There is no legal or contractual obligation to provide personal data in the application process. However, we would like to point out that we may not be able to consider you if you do not provide any or sufficient personal data and we are therefore unable to assess your suitability for the advertised position.
Your personal data will be passed on within our company to persons who are involved in processing your application.
Furthermore, the data is routed via the servers of our provider for e-mail, cloud and video telephony Microsoft (Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA) and processed there.
The Microsoft servers that we use are located in the European Union. However, it cannot be ruled out that your data will be transferred to the USA by Microsoft. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for control and monitoring purposes, possibly without any legal recourse.
The data transfer takes place on the basis of the adequacy decision of the European Commission pursuant to Art. 45 GDPR in relation to the agreement between the USA and the EU called "Trans-Atlantic Data Protection Framework". The adequacy decision can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en can be called up.
Should the adequacy decision no longer apply, the adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by us and the respective service provider to protect the data. The standard data protection clauses are available here https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE retrievable.
We recommend that you only participate in video calls using the Microsoft Teams application, which you can download from the corresponding Microsoft website, as end-to-end encryption of your data is not possible when participating via the browser.
If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our predominantly legitimate interests (Art. 6 para. 1 lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies.
You can object to the storage of your personal data, which is based on our predominantly legitimate interests, at any time. Please refer to the above information on your right to object in this privacy policy.
Data may also be stored for longer if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if statutory retention obligations prevent deletion.
If we do not make you a job offer, you may have the opportunity to be included in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that you can be contacted in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). Giving your consent is voluntary and is not related to the current application process. You can revoke your consent at any time with effect for the future. The lawfulness of the processing carried out before the cancellation remains unaffected by the cancellation. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.
Otherwise, the data will be irrevocably deleted from the applicant pool at the latest at the end of the second year after consent has been granted.
We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.
We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights.
Furthermore, user data within social networks is generally processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the resulting interests of users. The user profiles can in turn be used, for example, to place adverts inside and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users' computers, in which the usage behaviour and interests of the users are stored. Furthermore, data may also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed description of the respective forms of processing and the opt-out options, please refer to the data protection declarations and information provided by the operators of the respective networks.
In the case of requests for information and the assertion of data subject rights, we would also like to point out that these can be asserted most effectively with the providers. Only the providers have access to the users' data and can take appropriate measures and provide information directly. If you still need help, you can contact us.
Contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in content, access times); meta/communication data (e.g. device information, IP addresses).
We use social networks for contact requests and communication, collecting feedback as well as marketing and measuring campaigns in social networks, e.g. the reaction of users to our posts.
Your data is processed on the basis of Art. 6 para. 1 sentence 1 lit. f. GDPR, whereby accessibility via social networks reflects our legitimate interests.
LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://legal.linkedin.com/dpa; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out; Data processing agreement: https://legal.linkedin.com/dpa.
Twitter: Social network; service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).
Facebook pages: Profiles within the Facebook social network - We are jointly responsible with Meta Platforms Ireland Limited for the collection (but not the further processing) of data from visitors to our Facebook page (known as a "fan page"). This data includes information about the types of content users view or interact with, or the actions they take (see under "Things you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy), as well as information about the devices used by users (e.g. IP addresses, operating system, browser type, language settings, cookie data; see under "Device information" in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How do we use this information?", Facebook also collects and uses information to provide analytics services, known as "Page Insights", for page operators so that they can gain insights into how people interact with their pages and the content associated with them. We have concluded a special agreement with Facebook ("Information on Page Insights", https://www.facebook.com/legal/terms/page_controller_addendum ), which regulates in particular which security measures Facebook must observe and in which Facebook has agreed to fulfil the rights of data subjects (i.e. users can, for example, send information or deletion requests directly to Facebook). The rights of users (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information on Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data ); service provider: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy ; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum ; Further information: Agreement on joint controllership: https://www.facebook.com/legal/terms/information_about_page_insights_data .
Your data is processed in the USA. The USA is considered by the European Court of Justice to be a country with an inadequate level of data protection by EU standards. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes, possibly without any legal recourse.
The data transfer takes place on the basis of the adequacy decision of the European Commission pursuant to Art. 45 GDPR in relation to the agreement between the USA and the EU called "Trans-Atlantic Data Protection Framework". The adequacy decision can be found at https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en can be called up.
Should the adequacy decision no longer apply, the adequate level of data protection for the transfer to the USA is generally guaranteed by the conclusion of so-called standard data protection clauses in accordance with Art. 46 para. 2 lit. c GDPR and the additional measures taken by us and the respective service provider to protect the data. The standard data protection clauses are available here https://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32021D0914&from=DE retrievable.
This data protection information may be amended from time to time (e.g. when new services are used). The last update was made on 11/07/2025.
