Privacy Policy

1. Introduction and Overview

Welcome to Flora Flicks ("we," "our," or "us"). At Flora Flicks, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website floraflicks.com (the "Site") or use our services.

We operate in accordance with the European Union's General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG). By accessing or using our Site, you agree to the terms of this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Site.

2. Information Collection

We collect several types of information from and about users of our Site, including:

2.1. Personal Data

We may collect personally identifiable information, such as:

• Name
• Postal address
• Email address
• Telephone number
• Payment information
• Delivery preferences and instructions
• Special occasion dates and reminders
• Gift recipient information (when provided by you)

2.2. Non-Personal Data

We may automatically collect certain information when you visit, use, or navigate the Site, including:

• IP address
• Browser type and version
• Device type
• Operating system
• Time zone setting
• Pages visited
• Time spent on pages
• Referral source
• Clickstream data

3. Use of Information

We use your information for various purposes, including to:

• Process and fulfill your orders
• Create and manage your account
• Provide customer service and respond to inquiries
• Send order confirmations and delivery updates
• Send marketing communications (with your consent)
• Improve our website, products, and services
• Process payments
• Prevent fraudulent transactions
• Comply with legal obligations
• Send occasion reminders (if you opt in)
• Personalize your shopping experience

The legal bases for processing your information include:

• Performance of a contract (when you place an order)
• Your consent (for marketing communications)
• Our legitimate interests (to improve our services)
• Compliance with legal obligations

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Site and hold certain information. Cookies are files with small amount of data which may include an anonymous unique identifier.

4.1. Types of Cookies We Use

• Essential Cookies: Necessary for the operation of our website.
• Analytical/Performance Cookies: Allow us to recognize and count visitors and see how visitors move around our website.
• Functionality Cookies: Used to recognize you when you return to our website.
• Targeting Cookies: Record your visit to our website, the pages you visit, and the links you follow.

4.2. Your Cookie Choices

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site. You can learn more about cookies and how to manage them in your browser settings.

4.3. Do Not Track

We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

5. Third-party Sharing

We may share your personal information with:

• Service Providers: We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf, such as payment processors, delivery services, and email service providers.
• Business Partners: We may share your information with our business partners to offer you certain products, services, or promotions.
• Legal Requirements: We may disclose your information where required to do so by law or subpoena.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes without your explicit consent.

6. Data Storage and Security

We implement appropriate technical and organizational measures to maintain the safety of your personal information. However, no Internet or email transmission is ever fully secure or error-free.

6.1. Data Retention

We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our policies.

6.2. Security Measures

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

7. User Rights

Under the GDPR and German data protection laws, you have certain rights regarding your personal data:

• Right to Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
• Right to Withdraw Consent: If we are relying on your consent to process your personal data, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

8. Children's Privacy

Our Site is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.

9. International Data Transfers

We primarily process and store your information in the European Union. However, some of our service providers may be based outside of the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

10. Changes to Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

11. Contact Information

If you have any questions about this Privacy Policy, please contact us:

Data Protection Officer

You can also contact our Data Protection Officer at [email protected] with "Attention: Data Protection Officer" in the subject line.

Supervisory Authority

If you are located in the European Union, you have the right to make a complaint at any time to the relevant data protection supervisory authority in your country. In Germany, this is the Federal Commissioner for Data Protection and Freedom of Information (BfDI) or your local state data protection authority.