Tomappo Privacy Policy and Cookies Policy

Introduction

The web and mobile application Tomappo (“Application”), our websites, and other services are brought to you by PROVENTUS d.o.o. (“PROVENTUS”), a company with a primary business address of Gradišče 20, 5270 Ajdovščina, Slovenia, EU.

This Privacy Policy contains information about the collection of personal data, its processing and usage. We receive your personal information through a variety of means including our mobile app Tomappo and our websites (www.tomappo.com, www.tomappo.it, www.tomappo.de, and www.posadi.si) with all their subdomains (collectively “Services”).

In case you do not agree with the data practices described in this Privacy Policy or Cookies Policy, you should not use our Services. We intend only to process personal data fairly and transparently as required by data protection law including the General Data Protection Regulation (GDPR).

What Data We Collect and How We Collect It

User Provided Information

Through the Mobile Application Tomappo we collect the information you provide when you download and register the Application. Registration is optional, but you may not be able to use some of the features (such as weather forecast, gardening forum, secure storage of gardening notes in the Cloud, etc.) unless you register. Through our Web Application Garden Planner (PRO), we collect the information you provide after registration. You cannot use the Garden Planner (PRO) without registering.

When you register with us and use the Application, you generally provide:

• (a) Your name, email address, password and other registration information.
• (b) Transaction-related information, such as when you make purchases, respond to offers, or download/use applications from us.
• (c) Information you enter into our system when using the Application, such as the design of your garden and your gardening notes.
• (d) Your location – only when you provide it. For the app to know your location you will be asked for consent when joining and from time to time during use. Knowing your location helps us improve Services, including offering location-specific plant tasks, weather information, planting recommendations, and plants for sale in our price comparison. We may also share an aggregated and anonymised approximation of your location with our partners.
• (e) Information provided when you log in to the Application via Facebook (name, public profile, email) or any other social media site (you should review the privacy policy of the social media site you choose to use).
• (f) Your address and/or phone number – only when you provide it for purchase or seed-exchange purposes.
• (g) Images you send when using the pest and disease recognition feature of the application.

Legal basis for data processing: Contract.
Retention period: Until the purpose of the contract is fulfilled or up to 6 years after the termination of the contract.

Purchase of Goods and Services in the Online Store

The company processes personal data in online business within the online store when an individual submits an online form, registers (creates a user account), or makes a purchase (successfully places an order) via the online store as an unregistered user.

When the user purchases a product without registering, the company processes personal data strictly necessary for carrying out the order, business communication, and enforcing the rights and obligations under the concluded contract:

• Name and surname
• Delivery address
• Email address
• Telephone number
• Information about the ordered product and payment

When an individual registers a user account or makes a purchase as a registered user, they conclude a contract with the company on the provision of services to registered users. The types of personal data processed when registering a user account include:

• Name and surname
• Delivery addresses
• Email address
• Phone number
• Data on ordered/purchased products
• Data on popular products
• Data on payments
• Data on obtained discounts or other information that the user provides in their profile

This data is also processed for the purpose of:

• Automated filling of data for order execution
• Display of purchase history
• Evaluating the offer and improving services
• Increasing customer satisfaction
• Studying user habits and creating special offers and benefits for registered users

Legal basis for data processing: Contract.
Retention period: Until the purpose of the contract is fulfilled or up to 6 years after the termination of the contract.

Notifying Individuals by Email (e.g., E-newsletters)

Based on the performance of legal activities, the company can inform customers, buyers, and users of its services about its services, events, trainings, offers, and other content by sending emails to their address. You can request the termination of this type of communication and processing of personal data at any time by using the unsubscribe link in the received message or by sending a request via email or regular mail to the company’s address.

Legal basis for data processing: Legitimate interest and consent.
Retention period: Until the receipt of messages is canceled or consent is withdrawn or until the purpose of the processing is fulfilled. Revocation of consent does not affect the lawfulness of processing based on consent prior to its revocation.

Automatically Collected Information

The Application collects certain information automatically, including (but not limited to) the type of mobile device you use, your mobile device’s unique device ID, the IP address of your mobile device, your mobile operating system, and the type of Internet browsers you use. We also use standard Internet technology, such as web beacons, cookies, and other similar technologies, to track your use of our Services.

This allows us to assess how you use our Services and helps us analyze how we can optimize them in the future. If you do not allow us to collect information, it may prevent you from using certain features, including purchasing products or services and participating in contests, promotions, surveys, or sweepstakes.

For further information about our use of these technologies and how you can opt out of cookies, please see our Cookies Policy below.

How We Use Your Data

We gather data to:

• Provide and deliver the products and services on your request, process transactions, and send related information.
• Provide weather forecast for your garden and location-specific offers.
• Develop and improve products and services.
• Provide customer support and communicate with you by email, postal mail, display media, and/or mobile devices about products or services that may interest you, either from us or our business partners.
• Send you updates, technical notices, security alerts, and marketing communications on behalf of us or other companies.
• Monitor and analyze trends and usage.
• Perform scientific research on anonymised data regarding gardening, nutrition, and lifestyle.

When our company processes your order, it may send your data to, and also use the resulting information from, credit reference agencies to prevent fraudulent purchases.

How We Share Information

Except as otherwise stated in this Privacy Policy, we do not disclose or share your personal information with third parties unless you ask or authorize us to do so. We may disclose User Provided and Automatically Collected Information:

• To comply with any law, regulation, or governmental request, or to comply with judicial process.
• To protect and defend the rights or property of us, the users of our Services, or third parties.
• With our trusted service providers that perform certain services on our behalf such as email services, billing and payment processing, and services supporting contests, sweepstakes, and surveys.
• To research institutions and aggregators of research data in anonymised form for purposes of scientific research related to gardening, nutrition, and lifestyle.
• In the event PROVENTUS goes through a business transition such as a merger, acquisition, or sale of all or a portion of its assets, your Personal Information will likely be among the assets transferred.
• To advertisers, third-party advertising networks, and analytics companies as described in the next section.

Data Analytics and Advertising

We may work with analytics companies to help us understand how our Services are being used. We may work with advertisers and third-party advertising networks who need to know how you interact with advertising provided in the Application, which helps us keep the cost of the Application low. Advertisers and advertising networks use some of the information collected by the Application (including unique device identifiers, device manufacturer and operating system, IP address, browser type, pages viewed, session start/stop time, links clicked, and conversion information).

You can stop all collection of information by the Application easily by uninstalling the Application. We may send you information about products and services we think you might like. You may always opt out by unsubscribing from mailing lists. To unsubscribe from our emails and services, you can use the settings menu within the Application.

Privacy Policies of Third-Party Websites

Our Privacy Policy applies only to our Services. There may be places in our Services where you can click on a link to access other websites that do not operate under this Privacy Policy. For example, if you click on an advertisement, you may be taken to a website that we do not control. These third-party websites may independently solicit and collect information from you and, in some instances, provide us with information about your activities on those websites. We recommend you consult the privacy policy of all third-party websites you visit.

Legal Grounds

To process your personal data, we rely on certain legal grounds, depending on how you interact with our Sites and Applications (our Services).

• When you purchase products from our Sites, we need your personal data to fulfill our contract with you. For example, we need your payment and contact details to deliver your order.
• When you use our Applications, we rely on your consent for processing and for certain limited purposes to fulfill our contract with you.
• We also rely on other legal grounds, such as our legitimate interests as a business, to comply with a legal obligation, or to protect your vital interests.

Data Processing Agreements and Data Export

The company can entrust individual processing of personal data to a processor on the basis of a data processing agreement. Processors can process data exclusively on behalf of the controller, within the limits of authority, which is outlined in a written contract or other legal act and in accordance with the purposes defined in this privacy policy.

The contract processors with which the company cooperates are mainly:

• Accounting services and other providers of legal and business advice.
• Maintainers of information systems.
• Email service providers and software providers (cloud services, e.g., Microsoft, Google).
• Providers of social networks and online advertising (Google, Facebook, Instagram, etc.).
• Partners on research projects.

Under no circumstances will the company provide personal data of an individual to unauthorized third parties. Contract processors may only process personal data within the framework of the company's instructions and may not use personal data for any other purposes.

As a controller, the company and its employees do not export personal data to third countries (outside the member states of the European Economic Area) or to international organizations, except in the USA, where relations with contractual processors from the USA are regulated on the basis of standard contractual clauses and/or binding business rules.

Your Rights

Depending on your location, you may have some or all of the following rights regarding how we use your information:

1. The right to access – You may ask what kind of personal data is being processed and receive copies of it.
2. The right to data portability – You may request a structured record of the data we have on you and the right to transfer that record to another organization.
3. The right to rectification – You may request modifications if personal data is not up to date, accurate, or complete.
4. The right to object to, limit, or restrict the use of your information – You may ask us to stop using all or some of your information or to limit our use of it.
5. The right to erasure – In certain circumstances, you can request to be forgotten and have your information deleted, unless we have to retain it to comply with a legal obligation or if we have an overriding interest in retaining it.
6. Consent withdrawal – Where we rely on consent to process your information, you may withdraw previously given consent at any time.

If you wish to exercise any of these rights or object to our use of your information, please write to us at info@tomappo.com.

Should you believe that your rights related to the processing of your personal data have been infringed, you may lodge a complaint with the Information Commissioner’s office (Zaloška 59, 1000 Ljubljana, gp.ip@ip-rs.si). In any event, in order to resolve any privacy issue as quickly and conveniently as possible, it is advisable that you send any complaints or inquiries to PROVENTUS at the above email address prior to addressing the authorities.

Security

We are concerned about safeguarding the confidentiality of your information. We provide physical, electronic, and procedural safeguards to protect information we process and maintain. Sensitive information such as credit card details are not stored on our own servers but passed directly to our secure payment provider. The servers that store personally identifiable information are in a secure environment.

The collected data is stored on a virtual server within the EU. The security of the infrastructure is guaranteed by the established cloud provider while the system itself complies with current security best practices (encryption of passwords, secure communication, etc.).

Information we collect or permit third parties to collect may be transferred to, stored, and processed outside your country of residence in any country or territory where one or more of our affiliated group companies, third-party service providers, or advertising companies or advertising networks are located or maintain facilities, including but not limited to Slovenia.

Data Retention Policy, Managing Your Information

We will retain User Provided Data for as long as you use the Application and for a reasonable time thereafter. We will retain Automatically Collected Information for up to 24 months and thereafter may store it in aggregate. If you would like us to delete User Provided Data that you have provided via the Application, please contact us at info@tomappo.com.

Changes to Our Privacy Policy

We reserve the right to modify this statement at any time, therefore we ask you to review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page.

Contact Us

If you have any questions or suggestions regarding our Privacy Policy, please contact us by sending an email to info@tomappo.com.

Cookies Policy

About Cookies

This cookie policy explains what cookies are, why and how we use them, as well as your rights to control our use of them. Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third party to recognize you and make your next visit easier, and the Service more useful to you.

Cookies can be “persistent” or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

If you continue to use our Services, you agree to the use of cookies as described here.

How We Use Cookies

We use cookies to store and collect information about the usage of our website Services. On the webpage, we cannot tie any information directly to you. We see the number and flow of users on the pages, we see what browser and operating systems (e.g., Windows or Mac OS) they use, what platform they came from, and their location (city). If you register for the newsletter, we see your email address, and whether you opened the link or which links in the email you clicked. All of this helps us improve our Services.

Cookies That We Use

We use cookies for the following purposes:

1. Authentication – We use cookies to identify you when you visit our website and as you navigate our website. Cookies used for this purpose include authdata, connect.sid, userSession.
2. Analysis – We use cookies to help us analyze the use and performance of our website and services. Cookies used for this purpose include _ga, _gid, _gat, _hjid, _hjIncludedInSample, _gat_gtag_[ID], tk_or, tk_r3d, tk_lr, _fbp, fr.
3. Wish list – We use cookies to maintain the state of your wish list as you navigate our website. Cookies used for this purpose include yith_wcwl_session_.

Managing Cookies

If you do not wish to accept cookies in connection with our website Services, you will need to delete and block or disable cookies via your browser settings. For details, refer to your browser’s help menu. If you choose to reject cookies, you may still use our website, though your access to some functionality and areas of our website may be restricted.

Contact Us

If you have any questions about our cookies or this cookies policy, please contact us by email at info@tomappo.com.