PLENN VA
DE Back to home
Home  ›  Privacy Policy

Privacy Policy

Information on the handling of your personal data in accordance with the GDPR.

1) Introduction and contact details of the controller

1.1 We are pleased about your visit to our website and your interest in our company. Below we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Plennova GmbH, Heinrich-Hertz-Straße 26, 25336 Elmshorn, Germany, telephone: +49 4120 2081606, email: tchibo@plennova.de. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website

2.1 When you use our website for purely informational purposes, i.e. when you do not register or otherwise transmit information to us, we only collect data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Website visited
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Browser used
  • Operating system used
  • IP address used (where applicable in anonymised form)

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data is not passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognise an encrypted connection by the string "https://" and the lock symbol in your browser bar.

3) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies — small text files that are stored on your end device. Some of these cookies are automatically deleted again after the browser is closed (so-called "session cookies"), some of these cookies remain on your end device for longer and enable the storage of page settings (so-called "persistent cookies").

If personal data is also processed by individual cookies that we use, the processing is carried out in accordance with Art. 6 (1) lit. b GDPR either for the performance of the contract, in accordance with Art. 6 (1) lit. a GDPR in the case of consent given, or in accordance with Art. 6 (1) lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

You can configure your browser to inform you about the setting of cookies and to decide individually about their acceptance, or to exclude the acceptance of cookies for certain cases or generally. If cookies are not accepted, the functionality of our website may be limited.

4) Contacting us

4.1 Trusted Shops: Within the framework of the Trusted Shops membership, we use the services of Trusted Shops SE, Subbelrather Str. 15c, 50823 Cologne, to obtain reviews. If you consent to receiving review reminders, your email address will be transmitted once to Trusted Shops for the purpose of a review reminder by email from Trusted Shops. The transmission is based on Art. 6 (1) lit. a GDPR. This consent can be revoked at any time by sending a message to the controller described above or to Trusted Shops.

4.2 Personal data is collected when you contact us (e.g. via the contact form or email). The data collected when using a contact form is shown in the respective form. This data is stored and used exclusively for the purpose of responding to your request or for contacting you and the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR. Your data will be deleted after final processing of your request. This is the case when it can be inferred from the circumstances that the matter in question has been finally clarified and provided that no statutory retention obligations preclude this.

5) Data processing when opening a customer account

In accordance with Art. 6 (1) lit. b GDPR, personal data continues to be collected and processed to the extent required if you provide it to us when opening a customer account. The required data can be found in the input mask of the form on our website. Deletion of your customer account is possible at any time and can be done by sending a message to the controller. After deletion of your customer account, your data will be deleted, provided that all completed contracts have been fully processed, no statutory retention periods preclude this and there is no other legitimate interest on our part in continued storage.

6) Use of customer data for direct advertising

Newsletter: If you sign up for our newsletter, we use the data required for this or separately provided by you to send you our email newsletter regularly. You can unsubscribe from the newsletter at any time via a link in the newsletter or a message to us. Processing is based on Art. 6 (1) lit. a GDPR with your consent.

Existing customers: If you are already a customer with us and have provided us with your email address as part of a purchase, we reserve the right to send you regular offers for similar products by email on the basis of § 7 (3) UWG (German Act Against Unfair Competition). You can object to this use at any time. Processing is based on Art. 6 (1) lit. f GDPR.

MailChimp: Our email newsletters are sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. The email addresses of our newsletter recipients and their other data are stored on MailChimp's servers in the USA. Processing is based on Art. 6 (1) lit. f GDPR. MailChimp uses this information to send and statistically evaluate the newsletters. MailChimp is certified under the EU-US Data Privacy Framework.

7) Data processing for order fulfilment

To process your order, we work with various service providers. Your personal data will be passed on to the respective shipping service provider and payment provider as part of the contract processing. Processing is based on Art. 6 (1) lit. b GDPR.

Shipping service providers: We use the following shipping service providers: Deutsche Post, DHL, DHL Express, DHL Freight, DPD, GLS, Hermes, UPS. Name and delivery address are passed on for the purpose of delivering goods.

Payment methods: We use the payment services of Mollie B.V. (Keizersgracht 313, 1016 EE Amsterdam, Netherlands). Your payment data is transmitted to Mollie on the basis of Art. 6 (1) lit. b GDPR.

8) Web analytics services

Google Analytics 4: This website uses the web analytics service Google Analytics 4 of Google Ireland Limited (Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland). Processing is based on Art. 6 (1) lit. a GDPR with your express consent. You can revoke your consent at any time via the cookie consent tool. A data processing agreement is in place. Google is certified under the EU-US Data Privacy Framework.

Cloudflare Web Analytics: This website uses the analytics service of Cloudflare, Inc. (101 Townsend St., San Francisco, CA 94107, USA). Processing is based on Art. 6 (1) lit. a GDPR. Cloudflare is certified under the EU-US Data Privacy Framework.

Google Tag Manager: This website uses Google Tag Manager from Google Ireland Limited. Processing is based on Art. 6 (1) lit. a GDPR. Google is certified under the EU-US Data Privacy Framework.

Hotjar: This website uses the analytics service of Hotjar Ltd (Level 2, St Julians Business Centre, 3 Elia Zammit Street, St Julians STJ 1000, Malta). Pseudonymised data including IP addresses and browser information are collected. Heatmaps show user interaction patterns. Processing is based on Art. 6 (1) lit. a GDPR.

9) Retargeting / remarketing and conversion tracking

Facebook Pixel: This website uses the Facebook Pixel of Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland). Processing is based on Art. 6 (1) lit. a GDPR with your express consent via the cookie consent tool. Meta is certified under the EU-US Data Privacy Framework.

Google Ads conversion tracking: This website uses Google Ads conversion tracking from Google Ireland Limited. Processing is based on Art. 6 (1) lit. a GDPR. Cookies have a runtime of approximately 30 days. Google is certified under the EU-US Data Privacy Framework.

10) Page functionalities

Facebook plugins: This website uses social plugins from Meta Platforms Ireland Ltd. We use a "2-click" solution in which plugins are initially deactivated. Activation only takes place after express consent in accordance with Art. 6 (1) lit. a GDPR.

Instagram plugins: Similar to Facebook, Instagram plugins from Meta Platforms Ireland Ltd. are initially deactivated. Processing is based on Art. 6 (1) lit. a GDPR.

Vimeo: This website uses plugins from Vimeo, LLC (555 West 18th Street, New York, NY 10011, USA). Processing is based on Art. 6 (1) lit. a GDPR. Vimeo uses EU standard contractual clauses for data transfers to the USA.

11) Rights of the data subject

The applicable data protection law grants you comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

  • Right of access pursuant to Art. 15 GDPR
  • Right to rectification pursuant to Art. 16 GDPR
  • Right to erasure pursuant to Art. 17 GDPR
  • Right to restriction of processing pursuant to Art. 18 GDPR
  • Right to notification pursuant to Art. 19 GDPR
  • Right to data portability pursuant to Art. 20 GDPR
  • Right to revoke consent given pursuant to Art. 7 (3) GDPR
  • Right to lodge a complaint pursuant to Art. 77 GDPR

Right to object: You have the right to object at any time to the processing of your personal data. The objection can be addressed informally to the contact details given above.

As of: 30 April 2026