Who Are We?
When we refer to ‘we’ (or ‘our’ or ‘us’), that means Earth Grown Foods Ltd. Earth Grown
Foods is our legal company name but we are trading as The Plant-It Food Co. To keep things
simple, we will use our trading name 'The Plant-It Food Co' throughout this Privacy Notice.
The Plant-It Food Co. is based in Ireland.

Privacy Notice Overview
This Privacy Notice describes how and why we, as Data Controller, might obtain, store and
process your personal data when you use our services ('the services').
‘Personal data’ means any information relating to an identified or identifiable natural person.
An identifiable natural person is one who can be identified, directly or indirectly, in particular
by reference to an identifier such as a name, an identification number, location data, an online
identifier or to one or more factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of that natural person.
We commit to processing your personal data fairly, lawfully, and transparently. Please do not
hesitate to contact us if you have questions in addition to the information provided in this
Privacy Notice at info@plantit.com.
The Personal Data We Collect
Depending on the type and level of engagement you have with us, we may collect the
following categories of personal data:
 Identifying and Demographic Information: such as your full name, date of birth, email
address and phone number (if provided)
 Communications: such as a records of our interactions with you using one or multiple
of the following; direct messages, emails, posts, phone conversations
 User Feedback: while using our services, occasionally you may be asked to provide
feedback. Providing this feedback is entirely optional.
When you visit our website, we collect technical data such as:
 Usage data: (if permitted) we collect certain information related to your device. This
can include your computer or mobile device operating system type and version
number, manufacturer and model, browser type, screen resolution, IP address, the
website you visited before browsing our site, what pages your device visited, the time
that your device visited our website, how long you spent on a page or screen,
navigation paths between pages or screens, information about your activity on a page
or screen, and general location information such as city, state or geographic area (for

more information please see the 'Our Use of Analytics' and 'Our Use of Cookies'
sections later in this policy)
Children
While our services are designed for a general audience, we will not knowingly collect any
data from children under the age of 16 or sell products to children, without the consent of a
parental guardian to do so. If you are under the age of 16 and we do have the consent of a
parental guardian, you are not permitted to use or submit your data to the website.
How We Collect Your Data

We may collect your personal data in one of the following ways:
 When you provide information directly into our products and services
 When you visit our website
 When you express an interest to use our services
 When you contact us for service related queries
 When you engage with us on social media
 When you review our services
 When you interact with our website (see our Cookies Policy for more details)
 When you subscribe to our newsletter
We may also receive data about you from various third parties, including:
 Technical data from analytics providers. Please see further information in the section
entitled ‘Our Use of Analytics'
 Technical data from our website and cookies providers. Please see further information
in the section entitled ‘Our Use of Cookies'
 Contact and/or transactional data from our trusted third-party providers. Please see
further information in the section entitled ‘How We Share Your Data'
How We Use Your Personal Data

We will only collect and process your personal data where we have a legal basis to do so. As
a data controller, the legal basis for our collection and use of your personal data varies
depending on the manner and purpose for which we collected it. We will only collect
personal data from you when:
 We have your consent to do so, or
 We need your personal data to perform a contract with you, or
 We are pursuing our legitimate interests in a way that you might reasonably expect to
be a part of running our business and that does not significantly impact your interests,
rights, and freedoms. For example, communicating with you if we have a sufficient
legal ground based on the e-marketing laws in your country
 We have a legal obligation to collect or disclose personal data from you (for example,
in suspected instances of fraud we may need to give personal data to relevant
government bodies).

Why We Process Your Personal Data

We process your personal data in order to fulfill any of the activities below:
 Providing, operating, and maintaining our services (Legal basis: Performance of a
contract)
 Providing marketing communications to existing customers or subscribed users
(Legal basis: Consent or Legitimate Interest)
 Processing and completing transactions, and sending related information, including
transaction confirmations and invoices (Legal basis: Performance of a contract)
 Managing our customers’ use of our services, responding to enquiries and comments,
and providing customer service and support (Legal basis: Performance of a contract or
Legitimate Interest)
 Sending customers technical alerts, updates, security notifications, and administrative
communications (Legal basis: Performance of a contract)
 Analytics to improve our website, products, services, and features for a better user
experience. (Legal basis: Legitimate Interest or Consent – see the "Our Use of
Analytics" section for more information)
 Investigating and preventing fraudulent activities, unauthorised access to our services,
and other illegal activities (Legal basis: Legal Obligation)
 Email marketing (if applicable): Where we have a legal basis, we may send emails
about new products, and other updates (Legal basis: Legitimate Interest or Consent –
see our “Marketing Preferences” section for more information).
How We Share Your Data

We sometimes share your personal data with our trusted categories of third parties we use to
conduct our business. Our trusted categories of third parties include:
 Website provider
 Cloud service (SaaS) providers
 Professional services providers (e.g., our lawyers, accountants, and insurance
providers)
 E-marketing providers
 Advertising providers
A full List of our Data Sub-Processors can be found in our Privacy Center on our website.
As part of fraud monitoring and prevention, we may be legally required to share your
personal data with government bodies and law enforcement. Please note that these bodies
may retain a record of the information that we provide to them for this purpose.
Sale or Merger
We may share your personal information as part of a merger or acquisition. If The Plant-It
Food Co. is involved in a merger, financing, transaction or proceeding involving sale,
transfer, divestiture, or disclosure of all or a portion of our business or assets, or in the event
of a liquidation, insolvency, bankruptcy, or receivership, we may share your information with

that company before and after the transaction closes. In such a case, unless otherwise directed
by applicable law, your information would remain subject to the terms of the applicable
privacy policy in effect at the time of such transfer. You will be notified of any such changes
in advance.
Marketing Preferences

We may send you direct marketing communications, product information and promotional
offers:
 If you have consented to receiving such communications from us
 If we have an existing business relationship with you and can rely on your implied
consent
 If you are from a country where the laws permit us to send you such communications
based on our legitimate interests, if you have bought a product or service from us, and
have not opted out of receiving communications from us (for example the EEA or
UK)
 If you are from a country where the laws permit us to send you such communications
 The marketing communications we send will be in relation to our own products or
services, your personal data will not be used for third-party direct marketing unless
separate explicit consent has been collected for that or you are from a country where
the laws permit such processing.
You will always have full control of your marketing preferences. If you do not wish to
continue receiving marketing information from us at any time:
You can unsubscribe by using the unsubscribe directions or link included in marketing
communication from us; or
You may withdraw your consent by contacting us by e-mail at info@theplantitfoodco.com
Customers located in certain regions, such as the EEA and UK, also have the right to object
to their personal data being processed for direct marketing purposes at any time. If you would
like to object you can contact us by e-mail at info@plantit.com
We will process all requests as soon as possible, but please note that due to the nature of our
IT systems and servers it may take a few days for any opt-out request to be implemented.
Our Use of Cookies

Our website uses cookies. They help us to provide you with the very best experience when
you browse our website and to make improvements to our website. You can accept or reject
cookies by clicking on the cookie consent banner on our website or by navigating to the
‘Cookies Preferences’ Area in our Privacy Center on our website.
For detailed information on the cookies we use and the reasons why we use them, please refer
to our Cookie Policy and Cookie Declaration in our Privacy Center on our website.

Our Use of Analytics

We use analytics to continuously enhance our website, products, services, and features,
ensuring an improved user experience. To achieve this, we rely on third-party tools and
services that provide valuable insights and analysis of user behavior.
If you would like any further information about the data collected by these third parties or the
way in which the data is used, please have a look at our List of Sub-processors or contact us
on info@plantit.com.

Our Use of Targeted Advertising

We use targeted advertising tools to advertise our services, including (but not limited to):
 Google Analytics
 Youtube
We use these tools to deliver relevant content to you in marketing communications (where
applicable), and to measure the effectiveness of the advertising provided.
If you would like any further information about the data collected by these third parties or
would like to opt-out of targeted advertising, please contact us on info@plantit.com.
Links to Other Websites and Third Parties

Our website may include links to social media platforms and other websites. If you follow a
link to any of these platforms or websites, please note that their own privacy policies will
apply and that we do not accept any responsibility or liability for these policies. Please check
these policies before you submit any personal data to their platforms or websites.

Securing Your Data

The communication between your browser and our website uses a secure encrypted
connection wherever your personal data is involved.
We have put in place physical, electronic, and managerial security procedures in the storage
and disclosure of your personal data to protect it against accidental loss, destruction or
damage. Nevertheless, any data transmission over the internet or by any other means can
never be fully secure, such is the character of the internet, and provision of personal data by
you to us is at your own risk. We take all reasonable measures to protect your personal data
by putting appropriate technical and operational security measures in place.

When we disclose your personal data to trusted third parties (for the purposes set out in this
Privacy Notice and our List of Data Sub-Processors), we require all third parties to have
appropriate technical and operational security measures in place to protect your personal data,
and we work with them to ensure that your data privacy rights are respected. Where your
personal data is shared with a third party, it must only be used for the purposes for which it
was supplied.
In the unfortunate event of a personal data breach, we will notify you and any applicable data
protection authority when we are legally required to do so.
Retaining Your Data

We will not keep your personal data for longer than is necessary and when we no longer need
to keep it, we will securely destroy, delete or anonymise it in line with our Data Retention
policy.
Having obtained your consent (or other legal basis) to contact you, we will retain your
personal data for marketing and analysis purposes until you withdraw your consent or
unsubscribe. If you choose to withdraw your consent or unsubscribe from marketing, we will
delete your personal data from our systems, unless we have another legal basis to retain it,
which may include performance of our contract with you or to maintain your contact details
on an 'unsubscribed list' to ensure we do not send you further communications.
We may need to retain your personal data to satisfy our legal obligations, to deal with
complaints and queries, in order to resolve, litigate or defend a dispute and to prevent fraud
and abuse.

Data Transfers

For Users from the European Economic Area ("EEA"), your personal data may be processed
outside the EEA by staff who work for us or by one of our Data Sub-processors. When we
transfer your information outside of the European Economic Area, we ensure it benefits from
an adequate level of data protection by:
• relying on an adequacy decisions by the European Commission made under Article 45 of
the GDPR, finding that the third country to which the information is being transferred offers
an adequate level of data protection; or
• if there is no adequacy decision, using standard contractual clauses approved or permitted
under Article 46 of the GDPR.
We will take all steps necessary to ensure that your data is treated securely and in accordance
with this privacy notice. Please contact us if you want further information on the countries to

which we may transfer personal data and the specific mechanism used by us when
transferring your personal data outside the EEA – info@plantit.com
Your Rights & Our Commitment to You

You have rights under data privacy laws and The Plant-It Food Co. is committed to you being
able to freely exercise your Rights. Where possible, we have incorporated automated tools on
our website that enable you to facilitate your rights in real-time. Use the Data Access
Gateway in our Privacy Centre to access and manage the personal data that we process and
submit any access requests in line with your rights below. Alternatively you can also send us
an email at info@theplantitfoodco.com to exercise your rights. You are not required to pay
any charge for exercising your rights.
EEA and UK General Data Protection Regulation (EU GDPR and UK GDPR)
Your rights include, under certain circumstances, the right to:
Be informed: you have the right to be informed if and how your personal data is being
processed.
Access, rectification, or erasure: you have the right of access to personal data we hold about
you in our records. You are also entitled to have your personal data corrected if it is
inaccurate, or to have it erased if we do not have a legitimate reason for retaining your data.
To request data portability: you have the right to obtain a digital copy of your personal data,
request the transfer of your personal data to another company or request to move your data
from one IT system to another in a safe and secure way. This right only applies to personal
data you provide to us, and we process it with your consent or in order to fulfill our contract
with you by automated means. It also only applies to the extent that it does not affect the
rights and freedoms of others.
To request restriction of processing: you have the right to restrict the processing of your
personal data where you are contesting the accuracy of that information, you have objected to
processing (as described below), or where the processing is unlawful. Where processing is
restricted, we may need to retain sufficient information about you to ensure that the
restriction is respected in future.
To object to processing: you have the right to object to the processing of your personal
information in certain circumstances such as where your personal data is being processed
based on our legitimate interests or the legitimate interests of a third party.
To object to automated decision-making including profiling: you have the right not to be the
subject of any automated decision-making or profiling by us.
To withdraw consent: in cases where we are relying on your consent for the processing of
your personal data, you have the right to withdraw your consent at any time. In respect of the
e-marketing we conduct, an unsubscribe option is included with every e-marketing
communication we send.

To complain to the relevant supervisory authority: should you have any concerns or
complaints regarding the way in which we process your data, you also have the right to make
a complaint to the relevant European Supervisory Authority. We would, however, appreciate
the chance to deal with your concerns before you approach a Supervisory Authority, so please
do contact us in the first instance info@plantit.com. The contact details of European
Supervisory Authorities can be found here: https://edpb.europa.eu/about-edpb/about-
edpb/members_en
Cookie Preferences: you can accept or reject cookies by navigating to the ‘Cookie
Preferences’ Area in our Privacy Center on our website. You can also do so by adjusting your
web browser controls. Please consult our Cookie Policy for more information about our use
of cookies on the website and how to accept and reject them.
California Consumer Privacy Act (“CCPA”)
In this section we use the terms “personal information”, "sensitive personal information",
“sale” and "sharing" as defined in the California Consumer Privacy Act (“CCPA”).
“Personal information” is defined as information that identifies, relates to, describes, is
capable of being associated with, or could reasonably be linked, directly or indirectly, with a
particular consumer or household.
"Sensitive Personal Information (SPI)" is personal information that reveals a consumer’s:
 Social Security, driver’s license, state identification card, or passport number
 Account login, financial account, debit card, or credit card number in combination
with any required security or access code, password, or credentials allowing access to
an account
 Precise geolocation
 Racial or ethnic origin, religious or philosophical beliefs, or union membership
 Mail, email, and text message content, unless the Business is the intended recipient of
the communication
 Genetic data.
“Sale” is defined broadly as the selling, renting, releasing, disclosing, disseminating, making
available, transferring, or otherwise communicating orally, in writing, or by electronic or
other means, a consumer’s personal information by us to another business or a third party in
exchange for monetary or other valuable consideration.
"Sharing" is defined as sharing, renting, releasing, disclosing, disseminating, making
available, transferring, or otherwise communicating … a consumer’s personal information by
the business to a third party for cross‐context behavioural advertising, whether or not for
monetary or other valuable consideration”. This also includes “transactions between a
business and a third party for cross-context behavioural advertising for the benefit of a
business in which no money is exchanged.” Cross-context behavioural advertising (CCBA) is
defined as targeting advertising at a consumer based on the personal information collected
from their activity across businesses, websites, applications, or services with which the
consumer did not intentionally interact.

The California Consumer Privacy Act (“CCPA”) provides consumers with specific rights
regarding their personal data.
Right of access: You have the right to request that we disclose certain information to you
about our collection and use of your personal data over the past 12 months. This information
will include the categories and sources of the personal information that we collect about you,
the purposes for which we use your information and with whom such information is shared.
If your personal information has been sold or disclosed for business purposes over the past 12
months, you have the right to know the categories of personal information that were sold or
disclosed and to which category of recipient they were sold or disclosed to. To exercise this
right, you can go to the Privacy Centre on our website and use the Data Access Gateway to
access your personal information that we process. You can also submit a custom request in
the Data Access Gateway.
Right to opt out of the sale or sharing of personal information: If we sell or share personal
information, you have the right to opt out of the sale or sharing of your personal information.
This means that whenever you request us to stop selling or sharing your data, we will abide
by your request. Such requests can be made freely, at any time, by clicking the “Do not sell or
share my data” link in cookie banner on our website. You can access the cookie banner at any
time by clicking “Cookie Preferences” in the Privacy Centre on our website.
Right to correct: you have the right to request that we correct any inaccurate personal
information we have about you.
Right to limit the use and disclosure of Sensitive Personal Information (SPI): You have the
right to limit the use of your sensitive personal information. You can request that we only use
your SPI as necessary to provide the goods or services (as reasonably expected by an average
consumer who requests such goods and services) and as authorised by further regulations.
Right to delete: You have the right to request the deletion of your personal information,
subject to certain exceptions. Once we receive and confirm your request, we will delete (and
direct our Service Providers to delete) your personal information from our records, unless an
exception applies. To exercise this right, you can go to the Privacy Centre on our website and
use the Data Access Gateway to manage your personal information that we process. You can
also submit a custom request in the Data Access Gateway.
Right not to be discriminated against: A business cannot discriminate against you for
exercising a CCPA right. if you choose to exercise your applicable CCPA rights, we will not
charge you different prices or provide you a different quality of services.
If you would like to know more, or exercise any of your rights you can also contact us at
info@plantit.com
List of Data Sub-Processors

The Plant-It Food Co. uses a number of data sub-processors to perform our Services to
customers. All sub-processors acting on our behalf only process your data in accordance with
instructions from us and comply fully with this privacy notice, the data protection laws and

any other appropriate confidentiality and security measures. A list of these sub-processors is
outlined below:
 Google Analytics
 Google Tag Manager
 Youtube

Google Analytics
Google Analytics is a web analytics service offered by American multinational company,
Google LLC. It tracks and reports website traffic, currently as a platform inside the Google
Marketing Platform brand.
For more information about Google Analytics, please visit:
https://analytics. google.com/
or to learn how Google uses data when you use their partners' sites or apps please visit
https://policies.google.com/technologies/partner-sites

Google Tag Manager
Google Tag Manager is a tag management system (TMS) offered by American multinational
company, Google LLC. It allows us to quickly and easily update measurement codes and
related code fragments collectively known as tags on our website or mobile app. Once the
small segment of Tag Manager code has been added to our projects, we can safely and easily
deploy analytics and measurement tag configurations from a web-based user interface.
For more information about Google Tag Manager, please visit their website at
www.tagmanager.google.com
Youtube
YouTube is an American online video sharing and social media platform headquartered in
San Bruno, California. It is currently owned by Google, and is the second most visited
website, after Google Search. We use YouTube to introduce our services, provide
instructions, and reach more users.
For more information about YouTube, please visit their website at
www.youtube.com