Thank you for visiting our website and our online shop. We take the protection of the data of users of our website and our online shop very seriously and are committed to protecting the information that users provide to us in connection with the use of our website and our online shop. We are further committed to protecting and using your data in accordance with applicable law.

This Privacy Policy explains our practices regarding the collection, use and disclosure of your information through the use of our digital assets (the “Services”) when you access the Services through your devices.

Please read the Privacy Policy carefully and make sure you fully understand our practices regarding your information before using our Services. If you have read this policy, fully understand it and do not agree with our practices, you must stop using our digital assets and services. By using our Services, you accept the terms of this Privacy Policy. Continued use of the Services constitutes your acceptance of this Privacy Policy and any changes thereto.

In this privacy policy you will learn:

 

• How we collect data

• What data we collect

• Why we collect this data

• Who we share the data with

• Where the data is stored

• How long the data is retained

• How we protect the data

• How we deal with minors

• Updates or changes to the Privacy Policy

 

Personal data is basically all data with which you can be personally identified (e.g. name, address, email address…).

The person responsible for processing data on our website and in our online shop within the meaning of the General Data Protection Regulation (GDPR) is:

Christoph Handschuh Bahnhofstrasse 5

37235 Hessisch Lichtenau Germany

Email: info@floraedulis.de

What data do we collect?

Below is an overview of the data we may collect:

• De-identified and non-identifiable information that you provide during the registration process or that is collected through the use of our Services (“Non-Personal Information”). Non-personal data does not allow any conclusions to be drawn as to who collected it. Non-personal information that we collect consists primarily of technical and aggregate usage information.

• Individually identifiable information, i.e. h. all those through which you can be identified or could reasonably be identified (“personal data”). The personal information we collect through our Services may include information requested from time to time, such as names, email addresses, addresses, phone numbers, IP addresses and more. If we combine personal information with non-personal information, we will treat it as personal information as long as it is in combination.

Additionally we process

• Contract data (e.g., subject of the contract, term, customer category)

• Payment data (e.g., bank details, payment history

from our customers, interested parties and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

How do we collect data?

The legal basis for processing the data, if the user has given their consent, is Article 6 Paragraph 1 Letter a) GDPR.

The legal basis for processing the data transmitted when sending an email is Article 6 Paragraph 1 Letter f) GDPR.

The additional legal basis for concluding a contract through an email conversation is Article 6 Paragraph 1 Letter b) GDPR.

Below are the main methods we use to collect data:

• We collect information when you use our Services. So when you visit our Digital Assets and use Services, we may collect, record and collect usage, sessions and related information save.

• We collect your personal data when you order in our online shop. To conclude a contract, it is necessary that you provide your personal data so that we can process your order.

• We collect your data when you open a customer account with us. Personal data is collected and processed in accordance with Article 6 Paragraph 1 Letter b GDPR. The scope of the data collected can be seen from the input mask that you fill out to open a customer account with us. The data you enter there will be saved and used by us for future contract processing. You can delete your customer account at any time. To do this, write a message to the address of the responsible person specified above in accordance with the GDPR or select the corresponding button in the customer account. We will then block your data with regard to tax and commercial law retention periods. After these periods have expired, your data will be deleted. The only thing that prevents deletion is your consent to the permanent storage of your data or our further use of your data as permitted by law.

• We collect data that you provide to us, for example when you contact us directly via a communication channel (e.g. an email with a comment, contact via the chat function or feedback, etc.). If you contact us using our contact form, the data entered in the form will be transmitted to us and stored. It is always clear which data is necessary to contact you and which data is optional (e.g. for personal salutation). When you contact us via email, only the data you enter will be transmitted. The data you transmit will be used by us exclusively to process the conversation and your request to us. The data will be deleted when the purpose of the conversation has been achieved and provided there are no legal retention obligations to the contrary. The personal data from the contact form, chat and emails will be deleted when the conversation has ended. The conversation is ended when it can be seen that the relevant issue or request has been finally clarified. The user can object to the processing of personal data at any time. The conversation cannot then be continued. Users can also object to the storage of personal data when contacting us via email. Even then, the conversation cannot continue.

• We may collect information from third-party sources as described below.

• We collect information that you provide to us when you register through a Third parties such as Facebook or Google log into our services.

Why do we collect this data?

We may use your data for the following purposes:

• to provide and operate our services;

• to develop, customize and improve our Services;

• to respond to your feedback, inquiries and requests and to offer assistance;

• to analyze demand and usage patterns;

• for other internal, statistical and research purposes;

• to improve our data security and fraud prevention capabilities;

• to investigate violations and enforce our terms and policies and to comply with applicable law, regulation or governmental request;

• To provide you with updates, news, promotional materials and other information related to our Services. For promotional emails, you can decide for yourself whether you would like to continue to receive them. If not, simply click on the unsubscribe link in these emails.

• Newsletter: You can subscribe to a free newsletter on our website. When you register for this newsletter, the personal data that you enter in the registration form will be sent to us. Mandatory information (here: your email address) is marked separately. The legal basis for processing your data after registering for the newsletter is Article 6 (1) (a) GDPR if the user has given their consent. After registering for our newsletter, you will receive an email with a confirmation link. By clicking on this confirmation link, you give us your consent to process your data for the purpose of sending the newsletter and your consent to receive the newsletter. We save your IP address, date and time when you send your registration for the newsletter in order to be able to track possible misuse of your email address. We use the data collected when registering exclusively in the process of sending the newsletter. You can cancel your newsletter subscription at any time without giving reasons. There is a corresponding unsubscribe link at the end of each newsletter. By clicking on this, you can also revoke the storage of the personal data we collected when registering for the newsletter.

• Advertising by post: If you have provided us with your first and last name and your address during an ordering process, we reserve the right (to protect our legitimate interest in personalized direct advertising in accordance with Art. 6 Para. 1 lit. f GDPR) to save this data and possibly send you offers by post. You can object to the storage and use of your personal data for the purpose of advertising by post at any time without giving reasons by notifying the person responsible in accordance with the GDPR.

Who do we share this data with?

The legal basis for passing on your data is Article 6 Paragraph 1 Letter b GDPR.

• We may share your information with our service providers to operate our services (e.g. storing data through third party hosting services, providing technical support, etc.).

• We sometimes work with external service providers to process your order in our online shop. To do this, we must pass on the necessary personal data from you to the service providers.

• We commission various transport companies to deliver the ordered goods. We pass on the data required for delivery to the transport company.

• Passing on your personal data to the shipping service provider DHL: If the goods are delivered to you by the shipping service provider DHL (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we only pass on the name of the recipient and the delivery address to DHL for the purpose of delivery and to the extent necessary in accordance with Article 6 (1) (b) GDPR. We will only pass on your email address to DHL to coordinate a delivery date or delivery notification if you have given your express consent to this in the ordering process in accordance with Article 6 Paragraph 1 Letter a of the GDPR. Your consent can be revoked at any time with future effect from the person responsible above or from the shipping service provider DHL.

• Passing on your personal data to the shipping service provider DPD: If the goods are delivered to you by the shipping service provider DPD (DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg), we will only pass on the name of the recipient and the delivery address to DPD for the purpose of delivery and to the extent necessary in accordance with Art. 6 Para. 1 lit. b GDPR. We will only pass on your email address to DPD to coordinate a delivery date or delivery notification if you have given your express consent to this in the ordering process in accordance with Article 6 Paragraph 1 Letter a of the GDPR. Your consent can be given at any time with effect for the future compared to the above The person responsible or the shipping service provider DPD can be revoked.

• Passing on your personal data to the shipping service provider Deutsche Post AG: If the goods are delivered to you by the shipping service provider Deutsche Post AG (Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn), we will only pass on the name of the recipient and the delivery address to Deutsche Post AG for the purpose of delivery and to the extent necessary in accordance with Art. 6 Paragraph 1 lit. b GDPR. We will only pass on your email address to Deutsche Post AG to coordinate a delivery date or delivery notification if you have given your express consent to this in the ordering process in accordance with Article 6 Paragraph 1 Letter a GDPR. Your consent can be revoked at any time with future effect from the person responsible above or from the shipping service provider Deutsche Post AG.

• We may also disclose your information in the following circumstances: (i) to investigate, detect, prevent or take action against unlawful activities or other wrongdoing; (ii) to establish or exercise our rights of defense; (iii) to protect our rights, property or personal safety, or the safety of our users or the public; (iv) in the event of a change of control of us or one of our affiliates (by way of a merger, acquisition or purchase of (substantially) all of the assets, among other things); (v) to collect, maintain and/or manage your information through authorized third parties (e.g. cloud service providers) as appropriate for business purposes; (vi) to work with third parties to improve your user experience. To avoid any misunderstandings, we would like to point out that we may transmit, pass on or otherwise use non-personal data to third parties at our own discretion.

Please note that our Services enable social interactions (e.g. publicly posting content, information and comments). Please be aware that any content or data you provide in these areas may be read, collected and used by other people. We advise against posting or sharing information that you do not wish to be made public. If you upload content to our Digital Assets or otherwise make it available as part of using a Service, you do so at your own risk. We cannot control the actions of other users or members of the public who have access to your data or content. You acknowledge and hereby acknowledge that copies of your data may remain accessible on cached and archived pages even after they have been deleted or after a copy/storage of your content has been created by a third party. Cookies and similar technologies

When you visit or access our Services, we authorize third parties to use web beacons, cookies, pixel tags, scripts and other technologies and analytics services (“Tracking Technologies”). These tracking technologies may allow third parties to automatically collect your data to improve the navigation experience on our digital assets, optimize their performance and ensure a tailored user experience, as well as for security and fraud prevention purposes. For the purposes mentioned above, our legitimate interest also lies in the processing of personal data in accordance with Article 6 Paragraph 1 Letter f) GDPR.

As a user, you have full control over the use of cookies on our website and in our online shop. By changing the settings in your internet browser, you can deactivate, restrict or delete the transmission of cookies. If you deactivate cookies for our website and our online shop, you may no longer be able to use all functions of the website and the online shop without restrictions.

To find out more, please read our Cookie Policy.

We will not share your email address or other personal information with advertising companies or advertising networks without your consent.

 

Where do we store the data?

Non-Personal Information

Please note that our companies and our trusted partners and service providers are located around the world. For the purposes explained in this Privacy Policy, we store and process any non-personal data that we collect in different jurisdictions.

Personal Data

Personal data may be maintained, processed and stored in the United States, Ireland, South Korea, Taiwan, Israel and to the extent required for the proper provision of our Services and/or by law (as further explained below) in other jurisdictions.

How long is the data retained?

Please note that we retain the information we collect for as long as necessary to provide our services, comply with our legal and contractual obligations to you, resolve disputes and Enforcement of our agreements is necessary. After expiry, the data is routinely deleted if it is no longer required to fulfill the contract and/or we have no legitimate interest in continuing to store it.

We may correct, supplement or delete inaccurate or incomplete data at any time at our sole discretion.

 

How do we protect the data?

The hosting service for our digital assets provides us with the online platform through which we can offer our services to you. Your data may be stored through our hosting provider's data storage, databases and general applications. It stores your data on secure servers behind a firewall and it offers secure HTTPS access to most areas of its services.

 

All payment options offered by us and our hosting provider for our digital assets comply with the PCI-DSS (credit card industry data security standard) regulations of the PCI Security Standards Council. This involves collaboration between brands such as Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information (including physical, electronic and procedural measures) by our store and service providers.

Regardless of the measures and efforts taken by us and our hosting provider, we cannot and do not guarantee absolute protection or security of the data that you upload, post or otherwise share with us or others.

For this reason, we ask that you set strong passwords and, if possible, not provide us or others with any confidential information that you believe, if disclosed, could cause you significant or lasting harm. Additionally, because email and instant messaging are not considered secure forms of communication, we ask that you do not share any confidential information through any of these communication channels.

How do we deal with minors?

The Services are not intended for users who have not yet reached the legal age of majority. We will not knowingly collect data from children. If you are under the age of majority, you should not download or use the Services or provide any information to us.

We reserve the right to request proof of age at any time so that we can check whether minors are using our services. In case we If we become aware that a minor is using our Services, we may prohibit such users from accessing or blocking our Services, and we may delete any data we hold about those users. If you have reason to believe that a minor has disclosed information to us, please contact us as explained below.

We will only use your personal data for the purposes set out in the Privacy Policy and only if we are satisfied that:

• the use of your personal data is necessary to perform or enter into a contract (e.g. to provide you with the Services themselves or customer service or technical support);

• the use of your personal data is necessary to comply with relevant legal or regulatory obligations, or

• the use of your personal information is necessary to support our legitimate business interests (provided that at all times this is done in a manner that is proportionate and respects your data protection rights).

As an EU resident you can:

• request confirmation as to whether or not personal data concerning you is being processed and request access to your stored personal data as well as certain additional information (pursuant to Article 15 GDPR);

• request to receive personal data that you have provided to us in a structured, common and machine-readable format (according to Art. 20 GDPR);

• request the correction of your personal data stored by us (according to Art. 16 GDPR);

• request the deletion of your personal data (according to Art. 17 GDPR) if the requirements of Art. 17 Paragraph 1 GDPR are met;

• Object to the processing of your personal data by us (according to Art. 7 Para. 3 GDPR);

• request the restriction of the processing of your personal data (according to Art. 18 GDPR); or

• submit a complaint to a supervisory authority (according to Art. 77 GDPR).

Please note, however, that these rights are not absolute and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the information we collect If you have personal information and how we use it, please contact us as provided below.

In the course of providing the Services, we may transfer data across borders to affiliates or other third parties and from your country/jurisdiction to other countries/jurisdictions worldwide. By using the Services, you consent to the transfer of your data outside the EEA.

If you are based in the EEA, your personal data will only be transferred to locations outside the EEA if we are satisfied that an adequate or comparable level of protection of personal data exists. We will take appropriate steps to ensure that we have appropriate contractual arrangements in place with our third parties to ensure that appropriate safeguards are in place so that the risk of unlawful use, alteration, deletion, loss or theft of your personal data is minimized and that such third parties act at all times in accordance with applicable laws.

We do not sell users' personal information for the purposes of the CCPA.

Right to object

You have the right to object to the processing of your data at any time with future effect (according to Art. 7 GDPR). If you make use of this right to object, we will stop processing your data unless it can be proven that there are overriding compelling reasons worthy of protection that prevent the termination or if further processing serves to exercise or defend legal claims.

 

Updates or Changes to the Privacy Policy

We may revise this Privacy Policy from time to time in our sole discretion, the version posted on the Site will always be current (see “As of” statement). We encourage you to periodically review this Privacy Policy for any changes. If there are any significant changes, we will post a notice on our website. Your continued use of the Services following notice of changes on our website will constitute your acknowledgment and agreement to the changes to the Privacy Policy and your agreement to be bound by the terms and conditions of such changes.

Contact

If you have general questions about the Services or the information we collect about you and how we use it, please contact us at:

Name: Christoph Handschuh Address: Bahnhofstraße 5, 37235 Hessisch Lichtenau, Germany

Email address: info@floraedulis.de

DISCLAIMER

The information contained herein is not a substitute for legal advice and you should not rely solely on it. Specific requirements regarding legal terms and guidelines may vary from state to state and/or from jurisdiction to jurisdiction. As set out in our Terms of Use, you are responsible for ensuring that your Services are permitted by, and comply with, the law applicable to you.

To ensure that you fully comply with your legal obligations, we strongly recommend that you seek professional advice to better understand which requirements apply specifically to you.

 

(as of March 8, 2025)