Plentayo LLC is committed to protecting the privacy and security of your personal data. While Plentayo LLC is based in the United States and primarily serves customers within the US, we recognize the importance of robust data protection practices and aim to comply with the principles of the General Data Protection Regulation (GDPR) for all individuals whose data we process, particularly those in the European Economic Area (EEA) and the UK, should their data be collected through their interaction with our website.

This statement outlines our commitment to data protection and how we handle personal data in alignment with GDPR principles.

1. Who We Are

Plentayo LLC operates the website https://plentayo.com/. Our contact details are:

2. Personal Data We Collect

When you visit our website, make a purchase, or interact with us, we may collect the following types of personal data:

  • Identity Data: Name, title.
  • Contact Data: Billing address, shipping address, email address, telephone numbers.
  • Financial Data: Payment card details (processed securely by third-party payment processors like Stripe and PayPal; we do not store full payment card details ourselves).
  • Transaction Data: Details about products you have purchased from us.
  • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data: Information about how you use our website, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.

3. How We Use Your Personal Data

We use your personal data for various purposes, primarily to operate our e-commerce store and provide you with our services, including:

  • To process and fulfill your orders for apparel & accessories, specifically jewelry and watches.
  • To manage our relationship with you, including customer service, support, and responding to your inquiries.
  • To enable you to participate in promotions or surveys.
  • To improve our website, products, and services.
  • To send you marketing communications, where you have opted in.
  • To comply with legal obligations and protect our legitimate business interests.

4. Legal Basis for Processing Personal Data

Under GDPR, we must have a lawful basis to process your personal data. We rely on the following legal bases:

  • Performance of a Contract: To fulfill orders you place and provide services you request (e.g., shipping products).
  • Legitimate Interests: For our business operations, such as improving our website, preventing fraud, and conducting analytics, provided these do not override your rights and interests.
  • Consent: Where you have explicitly given us permission to process your data for a specific purpose, such as sending marketing emails. You can withdraw your consent at any time.
  • Legal Obligation: To comply with applicable laws and regulations.

5. Data Security

We have implemented appropriate technical and organizational security measures to protect your personal data from accidental loss, unauthorized access, alteration, disclosure, or destruction. We use secure servers, encryption, and firewalls. All payment transactions are processed through secure gateways (Stripe, PayPal) and are not stored or processed directly on our servers.

6. Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements. Typically, we retain transaction data for a period required by tax and accounting laws. Non-transactional data, such as marketing consent, is kept until you withdraw your consent or request erasure.

7. Sharing Your Personal Data

We do not sell your personal data. We may share your data with trusted third parties who provide services essential for our business operations, such as:

  • Payment Processors: To securely process your payments (e.g., Stripe, PayPal).
  • Shipping Providers: To deliver your orders.
  • IT and System Administration Services: To maintain our website and IT infrastructure.
  • Professional Advisers: Lawyers, bankers, auditors, and insurers who provide professional services.
  • Law Enforcement or Regulatory Authorities: When legally required to do so.

All third parties are required to respect the security of your personal data and treat it in accordance with the law. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

8. Your Data Protection Rights (GDPR Rights)

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you.
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purpose it was collected).
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions (e.g., if you contest the accuracy of the data).
  • Right to Object to Processing: You have the right to object to the processing of your personal data for direct marketing purposes or where our processing is based on legitimate interests.
  • Right to Data Portability: You have the right to request that we transfer your data to another organization or directly to you, in a structured, commonly used, machine-readable format.
  • Right to Withdraw Consent: Where we rely on your consent to process your data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of these rights, please contact us at support@plentayo.com. We may need to verify your identity before processing your request.

9. International Data Transfers

Plentayo LLC is based in the United States. As we do not ship internationally, the direct transfer of data to fulfill international orders is not applicable. However, any personal data collected from individuals in the EEA or UK will be processed in the United States, which is recognized by the European Commission as providing an adequate level of data protection under certain frameworks or in accordance with standard contractual clauses where applicable. We ensure that any such transfers comply with GDPR requirements.

10. Children's Privacy

Our website is not intended for children under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without verifiable parental consent, we will take steps to remove that information from our servers.

11. Changes to This GDPR Compliance Statement

We may update this statement from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. The "Last Updated" date at the top of this statement indicates when it was last revised. We encourage you to review this statement periodically.

12. Contact Us

If you have any questions about this GDPR Compliance Statement, our data protection practices, or wish to exercise your data protection rights, please contact us:

Email: support@plentayo.com 

Phone: +1 (210) 493-7789 

Address: Plentayo LLC, 1874 N Loop 1604 W, San Antonio, TX 78248, US