Privacy policy

Flora Studio operates this shop and this website, including all related information, content, features, tools, products, and services, to provide you with a personalised shopping experience as a customer (the "Services"). Flora is built on Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use, or disclose personal data when you visit, use, or make a purchase or other transaction using the Services, or otherwise communicate with us. If there is any conflict between our terms and conditions and this Privacy Policy, this Privacy Policy shall prevail with respect to the collection, processing, and disclosure of your personal data.

Please read this Privacy Policy carefully. By using and accessing any of the Services, you confirm that you have read this Privacy Policy and agree to the collection, use, and disclosure of your data as described in this Privacy Policy.

What personal data do we collect or process?

When we use the term "personal data", we refer to information that identifies you or another person or can be directly linked to you. Personal data does not include information that is collected anonymously or that has been anonymised so that identification or attribution to your person is no longer possible. Depending on how you interact with the Services, where you live, and as permitted or required by applicable law, we may collect or process the following categories of personal data, including inferences drawn from such personal data:

• Contact details including name, postal address, billing address, shipping address, telephone number, and email address.
• Financial data including credit, debit card, and financial account numbers, payment card information, financial account information, transaction details, payment method, payment confirmation, and other payment details.
• Account information including username, password, security questions, settings, and preferences.
• Transaction information including the items you view, add to your shopping basket, add to your wishlist, or purchase, return, exchange, or cancel, as well as your past transactions.
• Communications with us including information you provide when you communicate with us, for example when you send an enquiry to customer support.
• Device information including information about your device, browser, or network connection, IP address, and other unique identifiers.
• Usage information including information about your interaction with the Services, including how and when you interact with or browse the Services.

Sources of personal data

We may collect personal data from the following sources:

• Directly from you We collect the data, among other things, when you create an account, access or use the Services, communicate with us, or otherwise provide us with your personal data.
• Automatically through the Services We collect the data, among other things, from your device or when you use our products or Services or visit our website, as well as through the use of cookies and similar technologies.
• From our service providers We collect the data, among other things, when we engage service providers to enable certain technologies and when they collect or process your personal data on our behalf.
• From our partners and other third-party providers

How do we use your personal data?

Depending on how you interact with us or which of the Services you use, we may use personal data for the following purposes:

• Providing, customising, and improving the Services. We use your personal data to provide the Services to you. This includes, among other things, fulfilling our contract with you, processing your payments, fulfilling your orders, storing your settings and the items you are interested in, sending notifications related to your account, creating, maintaining, and otherwise managing your account, arranging shipping, facilitating returns and exchanges, enabling you to leave reviews, and creating a personalised shopping experience for you, for example by recommending products based on your purchases. This may also include using your personal data to better tailor and improve the Services.
• Marketing and advertising. We use your personal data for marketing and advertising purposes, for example to send marketing and advertising communications by email, SMS, or post and to show you online advertising for products or services relating to the Services or other websites, including on the basis of items you have previously purchased or added to your shopping basket, as well as other activities related to the Services.
• Security and fraud prevention. We use your personal data to authenticate your account, provide a secure payment and shopping experience, detect, investigate, or take action against possible fraudulent, unlawful, unsafe, or malicious activity, protect public safety, and ensure the security of our Services. If you choose to use the Services and register an account, you are responsible for protecting your account login details. We strongly recommend that you do not share your username, password, or other access data with anyone else.
• Communicating with you. We use your personal data to provide customer support and effective Services to you, respond promptly to your enquiries, and maintain our business relationship with you.
• Legal reasons. We use your personal data to comply with applicable law or respond to lawful process, including requests from law enforcement or regulatory authorities, to investigate or participate in civil investigations, potential or actual legal disputes, or other adversarial proceedings, and to investigate potential breaches of our terms or policies or enforce our terms and policies.

How do we disclose personal data?

In certain circumstances, we may disclose your personal data to third parties for legitimate purposes in accordance with this Privacy Policy. Such circumstances may include:

• On Shopify, these are providers and other third parties that perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfilment, and shipping).
• We disclose personal data to business and marketing partners who provide marketing services to you and show you advertising. For example, we use Shopify to support personalised advertising with third-party services based on your online activity across different merchants and websites. Our business and marketing partners use your data in accordance with their own privacy policies. Depending on where you live, you may have the right to instruct us not to disclose information about you in order to show you targeted advertising and marketing based on your online activity across different merchants and websites.
• If you ask us to, or otherwise consent to, sharing certain information with third parties, for example to deliver products to you, or if you use social media widgets or login integrations.
• We disclose personal data to our affiliates or otherwise within our corporate group.
• In connection with a business transaction such as a merger or insolvency, to comply with applicable legal obligations (including responding to subpoenas, search warrants, and similar requests), to enforce applicable service terms or policies, and to protect or defend the Services, our rights, and the rights of our users or others.

Relationship with Shopify

The Services are hosted by Shopify, and Shopify collects and processes personal data about your access to and use of the Services in order to provide and improve the Services to you. Data you submit through the Services is shared with Shopify and with third parties who may be located in countries other than your country of residence in order to provide and improve the Services for you. To protect, expand, and improve our business, we also use certain advanced Shopify features that involve data and information from your interactions with our shop, with other merchants, and with Shopify. To provide these advanced features, Shopify may use personal data collected through your interactions with our shop, other merchants, and Shopify. In these circumstances, Shopify is responsible for processing your personal data, including responding to your requests to exercise your rights regarding the use of your personal data for these purposes. For more information about how Shopify uses your personal data and what rights you have, please refer to the Shopify Consumer Privacy Policy. Depending on where you live, you may exercise certain rights in relation to your personal data listed here Link to the Shopify Privacy Portal.

Third-party websites and links

The Services may provide links to websites or other online platforms operated by third parties. If you follow links to websites that are not affiliate websites or are not controlled by us, you should review their privacy and security policies as well as any other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such websites, including the accuracy, completeness, or reliability of the information on those websites. Information you provide in public or semi-public places, including information you share on third-party social networking platforms, may also be viewed by other users of the Services and/or users of those third-party platforms, without restriction as to its use by us or by a third party. The inclusion of such links by us does not imply that we endorse the content of these platforms or their owners or operators, unless explicitly stated in the Services.

Children's data

The Services are not intended for use by children, and we knowingly do not collect personal data from children who have not yet reached the age of majority in your country. If you are the parent or guardian of a child who has provided us with their personal data, you can contact us using the contact details provided below to request deletion of this data. At the time this Privacy Policy takes effect, we have no knowledge that we "share" or "sell" personal data of persons under 16 years of age (as defined in applicable law).

Security and retention of your data

Please note that no security measures are perfect or impenetrable, and therefore we cannot guarantee "perfect security". In addition, information you send to us may also be exposed to risks during transmission. We recommend that you do not use insecure channels when transmitting sensitive or confidential information to us.

How long we retain your personal data depends on various factors. These include, for example, whether we need the data to manage your account, provide Services to you, comply with legal obligations, resolve disputes, or enforce other applicable contracts and policies.

Your rights and options

Depending on where you live, you may have some or all of the rights listed below in relation to your personal data. However, these rights are not absolute, may only apply in certain circumstances, and in certain cases we may refuse your request to the extent permitted by law.

• Right of access/information. You may have the right to request access to the personal data we hold about you.
• Right to erasure. You may have the right to request that we erase the personal data we hold about you.
• Right to rectification. You may have the right to request that we correct inaccurate personal data we hold about you.
• Right to data portability. You may have the right to receive a copy of the personal data we hold about you and to request that we transfer it to a third party in certain circumstances and with certain exceptions.
• Managing communication preferences. We may send you promotional emails. You can opt out of receiving these emails at any time by using the unsubscribe option included in our emails to you. If you opt out, we may still send you non-promotional emails, for example about your account or about orders you have placed.

You can exercise these rights where indicated in the Services or by contacting us using the contact details provided below. More information about how Shopify uses your personal data and what rights you have, including rights in relation to data processed by Shopify, can be found at https://privacy.shopify.com/en.

Exercising these rights will not disadvantage you in any way. Where permitted or required by applicable law, we may need to verify your identity before we can process your requests. In accordance with applicable laws, you may appoint an authorised representative to submit requests on your behalf to exercise your rights. Before we accept such a request from a representative, we require evidence that you have authorised them to act on your behalf. It may be necessary for you to confirm your identity directly to us. We will respond to your request promptly under applicable law.

Complaints

If you have complaints about how we process your personal data, please contact us using the contact details provided below. Depending on where you live, you have the right to appeal our decision by contacting us using the contact details provided below or by lodging your complaint with the competent data protection authority. For the European Economic Area, there is a list of the competent data protection supervisory authorities. If you wish to access it, you can do so here.

International transfers

Please note that we may transfer, store, and process your personal data outside the country in which you reside.

If we transfer your personal data outside the European Economic Area or the United Kingdom, we rely on recognised transfer mechanisms such as the European Commission's Standard Contractual Clauses or equivalent contracts issued by the relevant competent authority in the United Kingdom, unless the data transfer is to a country that demonstrably provides an adequate level of protection.

Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect changes in our practices, or for other operational, legal, or regulatory reasons. We will publish the revised Privacy Policy on this website, adjust the "Last version" date accordingly, and provide the notice required by applicable law.

Contact

If you have any questions about our privacy practices or this Privacy Policy, or if you wish to exercise any of your rights, please contact us by telephone at , by email at support@studiosflora.de