Educational content only. Plantbio is not a healthcare provider. Information on this site is general in nature and does not constitute medical, psychological, or therapeutic advice.

Privacy Policy

This Privacy Policy describes how Plantbio collects, uses, stores, and protects your personal information when you visit our website or use our services.

Last updated:

1. Data Controller Information

The data controller responsible for your personal data is Plantbio, located at 225 W 57th St, New York, NY 10019, United States. For any privacy-related inquiries, you may contact us at admin@plantbio.world or by phone at +1 212-295-2000.

As the data controller, we determine the purposes and means of processing your personal data in connection with our website at plantbio.world and the educational services we provide related to mindfulness and stress management.

2. Personal Data We Collect

We collect personal data that you voluntarily provide to us, as well as certain data collected automatically when you interact with our website. The categories of personal data we may collect include:

2.1 Information You Provide Directly

  • Contact Information: When you submit our contact form, we collect your name, email address, and message content. This information is used solely to respond to your inquiry.
  • Consent Records: We record your consent preferences regarding data processing and cookie usage, including the date and time of consent and the specific categories you have accepted or rejected.
  • Communication Records: If you correspond with us via email or phone, we may retain records of those communications for quality assurance and legal compliance purposes.

2.2 Information Collected Automatically

  • Technical Data: Your IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Usage Data: Pages visited, time spent on pages, click patterns, referral sources, and navigation paths through our website.
  • Cookie Data: Information stored through cookies and similar technologies as described in our Cookie Policy.

2.3 Information We Do Not Collect

We do not intentionally collect sensitive personal data such as health records, medical diagnoses, financial account numbers, or government identification numbers through our website. Our services are educational in nature and do not require such information.

Under the General Data Protection Regulation (GDPR) and applicable international privacy laws, we process your personal data based on the following legal grounds:

  • Consent (Article 6(1)(a) GDPR): When you submit our contact form, accept cookies, or opt in to marketing communications, we process your data based on your freely given, specific, informed, and unambiguous consent.
  • Legitimate Interests (Article 6(1)(f) GDPR): We process certain technical and usage data to maintain website security, prevent fraud, analyze site performance, and improve our educational content. We balance these interests against your rights and freedoms.
  • Contractual Necessity (Article 6(1)(b) GDPR): When you purchase our educational products or enroll in programs, we process data necessary to fulfill our contractual obligations to you.
  • Legal Obligation (Article 6(1)(c) GDPR): We may process and retain data as required by applicable laws, regulations, or legal proceedings.

4. Purpose of Data Usage

We use your personal data exclusively for the following purposes:

  • Responding to your inquiries submitted through our contact form or email
  • Providing educational consulting services, programs, and products you have requested
  • Managing your account and enrollment in our structured programs
  • Processing payments and issuing refunds in accordance with our Refund Policy
  • Improving our website functionality, content, and user experience through analytics
  • Delivering relevant educational content and service updates you have opted to receive
  • Complying with legal obligations and protecting our legal rights
  • Detecting and preventing unauthorized access, fraud, or abuse of our services

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. We do not sell your personal data to third parties.

5. Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law.

  • Contact Form Submissions: Retained for 24 months from the date of submission, after which they are securely deleted unless an ongoing business relationship exists.
  • Customer and Program Records: Retained for the duration of your enrollment plus 36 months for reference and legal compliance purposes.
  • Consent Records: Retained for 5 years from the date of consent or withdrawal, as required by GDPR documentation standards.
  • Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely. Individual-level analytics data is retained for 14 months.
  • Financial Records: Transaction records are retained for 7 years in accordance with applicable tax and accounting regulations.
  • Communication Records: Email and phone correspondence is retained for 3 years from the date of the last communication.

When retention periods expire, personal data is securely deleted or anonymized so that it can no longer be associated with you.

6. Data Sharing and Third Parties

We may share your personal data with the following categories of recipients, always under appropriate data protection safeguards:

  • Service Providers: Third-party companies that assist us with website hosting, email delivery, payment processing, and analytics. These providers process data only on our instructions and are bound by confidentiality agreements.
  • Legal Authorities: When required by law, court order, or governmental regulation, we may disclose data to competent authorities.
  • Professional Advisors: Lawyers, accountants, and auditors who require access to data for the provision of professional services to us.

We do not share your personal data with third parties for their own marketing purposes. Any international transfer of data outside the European Economic Area is conducted with appropriate safeguards, including Standard Contractual Clauses approved by the European Commission.

7. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our servers
  • Secure server infrastructure with regular security updates and patches
  • Access controls limiting personal data access to authorized personnel only
  • Regular security assessments and vulnerability testing
  • Employee training on data protection practices and confidentiality obligations
  • Incident response procedures for detecting, reporting, and addressing data breaches
  • Encrypted storage for sensitive data at rest where applicable

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We encourage you to use strong passwords and protect your account credentials.

8. Your Rights Under GDPR

If you are located in the European Economic Area or United Kingdom, you have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to Restrict Processing: Request limitation of processing under certain circumstances.
  • Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at admin@plantbio.world. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

9. International Data Transfers

Plantbio is based in the United States. If you access our website from outside the United States, your personal data may be transferred to and processed in the United States or other countries where our service providers operate. These countries may have different data protection laws than your country of residence.

When transferring personal data from the EEA or UK to countries without an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses, binding corporate rules, or other mechanisms recognized under applicable data protection law.

10. Children's Privacy

Our website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information promptly. If you believe we have collected data from a child, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you via email or a prominent notice on our website. We encourage you to review this policy periodically.

12. Contact Information

For questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact:

Plantbio
225 W 57th St, New York, NY 10019, United States
Email: admin@plantbio.world
Phone: +1 212-295-2000