data protection

DATA PROTECTION STATEMENT OF blumenliebe.ch GmbH being founded

As of November 1, 2023

With this data protection declaration we inform you about which personal data (data that directly or indirectly identifies you) we collect and process in connection with our activities. It applies to all processing activities related to personal data.

We process the data received and collected responsibly, in accordance with the applicable legal provisions and in accordance with this data protection declaration. Our processing is fundamentally subject to the Swiss Data Protection Act (DSG). However, this data protection declaration is also designed to meet the requirements of the EU General Data Protection Regulation (GDPR). However, whether and to what extent these laws are applicable depends on the individual case.

Responsible person

We are blumenliebe.ch GmbH, founded (Grabenstrasse 3, 8952 Schlieren, Switzerland) and are responsible for processing your personal data, which we describe here (unless otherwise stated in individual cases). References to “blumenliebe.ch”, “we” or “us” used in this data protection declaration are references to blumenliebe.ch GmbH in the process of being founded.

If you have a data protection concern, you can contact our data protection advisor/us: info@blumenliebe.ch.ch.

1. Collection and processing of personal data 

We primarily process the personal data that we receive from these and other people involved in our business relationship with our customers and other business partners or that we collect from users when operating our website and other applications. We collect and process the following personal data from you in particular:

• Inventory data, such as name, address, email address, telephone number, gender, date of birth, social media profiles, photos, videos, relationship information (customer, service provider, etc.), history, official information (e.g. commercial register extracts, permits, etc. ), information about subscribed newsletters or other advertising (including consent);
• Communication data, such as contact details, method of communication (telephone, email, text messages, video messages, etc.) as well as location, date, time and content of communication;
• Content data such as username, password, email address, photographs, videos;
• Financial data, such as payment details, creditworthiness details;
• Contract data, data that arise in connection with the conclusion of the contract or the execution of the contract, such as information on the conclusion of the contract, acquired claims and demands, information on customer satisfaction, purchasing information (e.g. purchase date, place, time, history as well as quantity, type and value of goods/services);
• Technical data such as IP address, operating system, date, time, geographical indication;
• Behavioral data, such as duration and frequency of visits to our website, date and time of a visit or opening of a message (newsletter, email, etc.), location of your device, interaction with our online presence on social networks or other third-party platforms;
• Preference data, such as user settings, data from the analysis of the data collected (especially behavioral data);
• Other information you provide to us about yourself.

As a rule, the provision of personal data is voluntary, which means that in most cases you are not obliged to provide us with personal data. However, we must collect and process the personal data that is necessary or required by law to process a contractual relationship and fulfill the associated obligations. Otherwise we cannot conclude or continue the respective contract.

If you provide us with data about other people (e.g. family members, recipients), we will assume that you are authorized to do so and that this data is correct. Please ensure that these other people are aware of this privacy policy.

Purpose of processing

We process your personal data primarily to conclude and process our contracts with you, our customers and our business partners. In particular, we also process your personal data for the following purposes:

• to communicate with you;
• to provide you and our customers with our services (including the website) and to improve them;
• to manage the business relationship with you and our customers;
• to conduct advertising, marketing, market research and product development;
• to ensure your and our security and to prevent misuse (e.g. for IT security, theft, fraud and abuse prevention and for evidentiary purposes)
• to comply with legal and regulatory obligations;
• to enforce our claims and defend ourselves against claims of others;
• to prepare and carry out the sale or purchase of business areas, companies or parts of companies and other corporate transactions, as well as the associated transfer of personal data;
• for business management and to optimize internal processes.

When processing personal data for the purposes described in this statement, we rely, among other things, on our legitimate interest in maintaining, developing and managing the business relationship and communication with you as a customer about our products and services.

For certain purposes, you can give us consent to process your personal data. Unless we have another legal basis, we process your personal data within the framework and based on this consent. You can revoke your consent at any time. A revocation has no effect on edits that have already taken place.

Safety measures

Taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure that risk to ensure an appropriate level of protection.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, securing availability and its separation. We have also set up procedures to ensure the exercise of the rights of those affected, the deletion of data and the response to threats to data. Furthermore, we take the protection of personal data into account when developing or selecting hardware, software and processes, in accordance with the principle of data protection through technology design and through data protection-friendly default settings.

1. Data transfer and data transfer abroad

We may disclose your personal information to trusted third parties where necessary or appropriate to provide our services or fulfill the purposes defined in this Privacy Policy.

This particularly concerns the following recipients:

• Our service providers (such as payment service providers, banks, insurance companies, tax advisors or auditors), including order processors (such as IT providers);
• dealers, suppliers, subcontractors and other business partners;
• Customers;
• domestic and foreign authorities, offices or courts;
• Media;
• the public, including visitors to websites and social media;
• Competitors, industry organizations, associations, organizations and other committees;
• Acquirers or interested parties in acquiring business areas, companies or other parts of us;
• other parties in potential or actual legal proceedings;

If, as part of our processing, we disclose data to other people and companies (processors or third parties), transfer it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission, you have consented, a legal obligation provides for this or based on our legitimate interests (e.g. when using agents, web hosts, etc.).

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs as part of the use of third-party services or disclosure or transmission of data to third parties, this will only occur if it is done to fulfill our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if there are special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual requirements Obligations (so-called “standard contractual clauses”).

Profiling

“Profiling” refers to the automated processing of personal data so that personal aspects can be analyzed or predictions can be made (e.g. analysis of personal interests and habits). As a rule, preference data is derived through profiling. We use profiling in particular for the automatic processing of master, contract, behavioral and preference data when using and purchasing our offers and services, but also in connection with our website, events, competitions and competitions. We use profiling in particular to improve our offers, to present these and our content in line with your needs, to only provide you with advertising and offers that are likely to be relevant to you and to decide which payment options are available to you based on a credit check. We can also link personal data from different sources as a basis for profiling in order to improve the quality of our analyzes and forecasts.

Rights of data subjects

As a potentially affected person, you can assert various claims against us in accordance with the applicable national and international regulations. If necessary, we will process your personal data again to fulfill your requirements.

You have the following rights in relation to your personal data:

• Right to information: You have the right to receive information about what personal data we have about you and how we process it;
• Right to data release or transfer: You have the right to have a copy of your personal data released or transferred in a common electronic format, provided that it is processed automatically and the data is processed with your consent or in direct connection with the conclusion or execution of a contract between you and processed by us;
• Right to rectification: You have the right to have your personal data rectified if it is inaccurate;
• Right to deletion: You have the right to have your personal data deleted;
• Right to object: You have the right to object to the processing of your personal data (particularly when data is processed for direct marketing purposes).

Please note that conditions and exceptions apply to these rights. We may limit or deny your request to exercise these rights to the extent permitted by law. We reserve the right to black out copies or only provide extracts for data protection reasons or reasons of confidentiality.

If you want to exercise your rights against us or do not agree with our handling of your rights or data protection, please contact us; Our contact details can be found in section 1. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID, if necessary). Every data subject also has the right to enforce their claims in court or to file a complaint with the responsible data protection authority. The responsible data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).

1. Duration of retention of personal data 

We process and store your personal data for as long as it is necessary to fulfill our contractual and legal obligations or for other purposes pursued by the processing, i.e. for example for the duration of the entire business relationship (from initiation, processing to termination of a contract) as well as in accordance with the legal retention and documentation obligations. It is possible that personal data will be retained for the period in which claims can be asserted against our company and to the extent that we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidentiary and documentation purposes). As soon as your personal data is no longer required for the purposes mentioned above, it will generally be deleted or anonymized as far as possible. Shorter retention periods generally apply to operational data (e.g. system logs, logs).

Newsletter

We offer you the opportunity to subscribe to our newsletter, in which we will inform you about news at regular intervals. In order for us to send you the newsletter by email, you must give us your consent in a so-called double opt-in procedure, which means we will only send you a newsletter if you have expressly confirmed this to us beforehand. You can unsubscribe from the newsletter at any time, for example using the link at the end of each newsletter or you can inform us of your wish to unsubscribe by email.

We use the Omnisend service from Omnisend, Soundest Limited, 22 Mare Street, London, E8 4RT, Great Britain ( https://www.omnisend.com ) to send newsletters .

When you register for the newsletter, we collect your email address as well as your first and last name. Any further information is provided voluntarily. We process certain data so that we can determine whether a newsletter email was opened and which links were clicked. Furthermore, technical information (e.g. time of access, IP address, browser type and operating system) is recorded. We process all data for the purpose of sending the newsletter and analyzing the newsletter campaign. We keep your data until you unsubscribe from the newsletter. Data stored for other purposes remains unaffected.

For more information regarding the data collected, please see Omnisend's privacy policy at: https://www.omnisend.com/privacy/ .

Cookies and tracking

We typically use “cookies” and similar technologies on our website that can identify your browser or device. “Cookies” are small files that are stored on users’ computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online offering. Temporary cookies, or “session cookies” or “transient cookies,” are cookies that are deleted after a user leaves an online offering and closes their browser. Such a cookie can, for example, store the contents of a shopping cart in an online shop or a login status. Cookies that remain stored even after the browser is closed are referred to as “permanent” or “persistent”. For example, the login status can be saved if users visit it after several days. The interests of users can also be stored in such a cookie, which is used for range measurement or marketing purposes. “Third-party cookies” are cookies that are offered by providers other than the person responsible for operating the online offering (otherwise, if they are only their cookies, they are referred to as “first-party cookies”).

We can use temporary and permanent cookies and explain this in the context of this data protection declaration. Below we will inform you about the cookies/comparable technologies we use. If you do not want cookies to be stored on your computer, you will be asked to deactivate the corresponding option in the system settings of your browser. Saved cookies can be deleted in the browser's system settings. The exclusion of cookies can lead to functional restrictions of this online offer.

A general objection to the use of cookies used for online marketing purposes can be made for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/ can be explained. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that not all functions of this online offer may then be able to be used.

1. Google Tag Manager

Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus, for example, integrate Google Analytics and other Google marketing services into our online offering). The Tag Manager itself (which implements the tags) does not process any personal data of users. With regard to the processing of users' personal data, reference is made to the following information on Google services. Usage guidelines:https://www.google.com/intl/de/tagmanager/use-policy.html .

1. Google Analytics

On our website we use Google Analytics, a web analysis service from Google LLC (“Google”). Google uses cookies. The information generated by the cookie about users' use of the online offering is usually transferred to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement and thereby offers a guarantee that it will comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).

Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on the activities within this online offering and to provide us with other services related to the use of this online offering and internet usage. Pseudonymous user profiles can be created from the processed data.

We only use Google Analytics with IP anonymization activated. This means that the user's IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offering and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http:// tools .google.com/dlpage/gaoptout?hl=de .

Further information on data usage by Google, settings and objection options can be found in Google's data protection declaration ( https://policies.google.com/technologies/ads ) and in the settings for the display of advertising by Google (https:// adssettings.google.com/authenticated ).

Users' personal data will be deleted or anonymized after 14 months.

1. Google Universal Analytics

We use Google Analytics in the form of “ Universal Analytics ”. “Universal Analytics” refers to a process from Google Analytics in which user analysis is carried out on the basis of a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of various devices (so-called “cross-device tracking”). .

1. Target group formation with Google Analytics

We use Google Analytics to show the advertisements placed within the advertising services of Google and its partners only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products) based on the information they visit websites) that we transmit to Google (so-called “remarketing” or “Google Analytics audiences”). With the help of remarketing audiences, we also want to ensure that our ads match the potential interest of users.

1. Google Adsense with personalized ads

We use the services of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”). Google is certified under the Privacy Shield Agreement and thereby offers a guarantee that it will comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active ).

We use the AdSense service, with which ads are displayed on our website and we receive compensation for their display or other use. For these purposes, usage data, such as the click on an ad and the user's IP address, is processed, whereby the IP address is shortened by the last two digits. Therefore, the processing of user data is carried out pseudonymously.

We use Adsense with personalized ads. Google draws conclusions about their interests based on the websites visited or apps used by users and the user profiles created in this way. Advertisers use this information to target their campaigns to these interests, which is beneficial for users and advertisers alike. For Google, ads are personalized when collected or known data determines or influences ad selection. This includes, but is not limited to, previous searches, activity, website visits, app usage, demographic and location information. Specifically, this includes: demographic targeting, interest category targeting, remarketing, and targeting of customer match lists and audience lists uploaded to DoubleClick Bid Manager or Campaign Manager.

Further information on data usage by Google, settings and objection options can be found in Google's data protection declaration ( https://policies.google.com/technologies/ads ) and in the settings for the display of advertising by Google (https:// adssettings.google.com/authenticated ).

1. Google Adsense with non-personalized ads

We use the services of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”). Google is certified under the Privacy Shield Agreement and thereby offers a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the AdSense service, with which ads are displayed on our website and we receive compensation for their display or other use. For these purposes, usage data, such as the click on an ad and the user's IP address, is processed, whereby the IP address is shortened by the last two digits. Therefore, the processing of user data is carried out pseudonymously.

We use Adsense with non-personalized ads. The ads are not displayed based on user profiles. Non-personalized ads are not based on past user behavior. Targeting uses contextual information, including coarse (e.g., location-level) geographic targeting based on current location, content on the current website or app, and current search terms. Google prevents any personalized targeting, including demographic targeting and targeting based on user lists. Further information on data usage by Google, settings and objection options can be found in Google's data protection declaration ( https://policies.google.com/technologies/ads ) and in the settings for the display of advertising by Google (https:// adssettings.google.com/authenticated ).

1. Google AdWords and conversion measurement

We use the services of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, (“Google”). Google is certified under the Privacy Shield Agreement and thereby offers a guarantee that it will comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the online marketing process Google "AdWords" to place advertisements in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who have a presumed interest in the advertisements. This allows us to display advertisements for and within our online offering in a more targeted manner in order to only present users with advertisements that potentially match their interests. For example, if a user is shown ads for products that they were interested in on other online offerings, this is referred to as “remarketing”. For these purposes, when you visit our and other websites on which the Google advertising network is active, Google directly executes a code from Google and so-called (re)marketing tags (invisible graphics or code, also known as " “Web beacons”) are integrated into the website. With their help, an individual cookie, ie a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, what content the user is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, visiting time and other information about the use of the online offer. We also receive an individual “conversion cookie”. The information collected using the cookie is used by Google to create conversion statistics for us. However, we only know the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users. User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process the user's name or email address, for example, but rather processes the relevant cookie-related data within pseudonymous user profiles. This means that from Google's perspective, the advertisements are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who the cookie holder is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google's servers in the USA. Further information on data usage by Google, settings and objection options can be found in Google's data protection declaration ( https://policies.google.com/technologies/ads ) and in the settings for the display of advertising by Google (https:// adssettings.google.com/authenticated ).

1. Facebook Pixel, Custom Audiences and Facebook Conversion

Within our online offering, the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd. , 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"). Facebook is certified under the Privacy Shield Agreement and thereby offers a guarantee that it will comply with European data protection law ( https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active ).

With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offering as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use the Facebook pixel to only show the Facebook ads we place to those Facebook users who have shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products) based on the information they visit websites) that we transmit to Facebook (so-called “Custom Audiences”). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the users and do not appear annoying. With the help of the Facebook pixel, we can also understand the effectiveness of Facebook advertisements for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called “conversion”). The processing of data by Facebook takes place within the framework of Facebook's data usage policy. Accordingly, general information on the display of Facebook ads can be found in Facebook's data usage policy: https://www.facebook.com/policy.php . Specific information and details about the Facebook Pixel and how it works can be found in the Facebook Help section: https://www.facebook.com/business/help/651294705016616 .

You can object to the collection by the Facebook pixel and the use of your data to display Facebook ads. To set which types of advertisements are shown to you within Facebook, you can visit the page set up by Facebook and follow the instructions there on the settings for usage-based advertising: https://www.facebook.com/settings?tab=ads . The settings are platform-independent, meaning they are applied to all devices, such as desktop computers or mobile devices.

You can also use cookies to measure reach and for advertising purposes via the deactivation page of the Network Advertising Initiative ( http://optout.networkadvertising.org/ ) and also the US website ( http://www.aboutads.info/ choices ) or the European website ( http://www.youronlinechoices.com/uk/your-ad-choices/ ).

Social media

We can operate pages and other online presences on social networks and other platforms operated by third parties (e.g. fan pages, channels, profiles) and collect data about you (in particular contact and profile data) that you or the social networks give us and edit. We receive the data when you come into contact with us via our online presence (e.g. viewing and commenting on posts). We receive aggregated or otherwise sufficiently anonymized data from the platforms for evaluation so that we can further develop the contributions and services we offer. We process the data in particular for communication, marketing purposes (including advertising on these platforms) and market research. We may redistribute content you post yourself, or delete or restrict content from or about you in accordance with the Acceptable Use Guidelines. Personal data can also be processed outside of Switzerland and the European Economic Area (EEA).

Furthermore, the platforms evaluate your use of our online presence and link this data with other data about you known to the platforms. They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalize advertising) and to control their platforms (e.g. what content they show you).

When using the platforms, in addition to the corresponding data protection declarations, other legal documents also apply (e.g. general terms and conditions and terms of use).

We currently use the following platforms:

• Facebook including the so-called page insights from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We are jointly responsible for this with Meta Platforms Ireland Limited and have concluded the so-called “Addition for Controllers” (https://www.facebook.com/legal/controller_addendum). You can find more information regarding data processing in Facebook's privacy policy: https://www.facebook.com/privacy/policy

• Pinterest: For the purposes of the GDPR, Pinterest Europe Ltd. and Pinterest, Inc. are jointly responsible for processing your personal data. Pinterest Europe Ltd. is an Irish company based at Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Pinterest, Inc. is an American company with its registered office at 651 Brannan St., San Francisco, CA 94107, USA. You can find more information regarding data processing in Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy

• Instagram incl. Insights from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbout, Dublin 2, Ireland. You can find more information regarding data processing in Instagram's privacy policy: https://privacycenter.instagram.com/policy

Changes

We may amend this privacy policy at any time without prior notice. The current version published on our website applies. To the extent that the Privacy Policy is part of an agreement with you, if we update it, we will inform you of the change by email or other appropriate means.