Data protection

Your trust is very important to us.

Information on data protection:

In accordance with Article 13 of the Swiss Federal Constitution and the federal data protection regulations (Data Protection Act/DSG), the Telecommunications Act (FMG) and the General Data Protection Regulation of the European Union (GDPR), every person is entitled to the protection of their privacy and protection against misuse of their personal data. We, Männerpflanze or Fleurop-Interflora (Schweiz) AG, are particularly committed to protecting your personal data and treat your data confidentially in accordance with the data protection laws DSG and GDPR. In cooperation with our hosting providers, we strive to protect the databases as much as possible from third-party access, loss, misuse or falsification.

What we do and what rights you have — our data protection summarized in short words:

• We primarily process your personal data confidentially, responsibly and in accordance with the applicable data protection law. We receive your personal data when you visit our website.
• We only store and use data from you that we need or that you have expressly consented to process.
• As soon as we no longer need your data, it will be automatically deleted, in accordance with the legal retention periods. However, if further storage is required, for example for tax reasons, the data will be blocked. “Blocking” means that the data is technically protected to ensure that it can neither be changed nor processed further.
• Your data is secure - we regularly check our measures.

If you want to know whether and what data we have about you, when we will delete this data, or if you would like to object to specific data processing, call us (044 751 82 82) or write to us. If you would like to withdraw your consent to store your data, you can do so via a setting in the cookie banner or contact us by post or by email datenschutz@fleurop.ch.

If you are dissatisfied with the way we handle your data, the competent supervisory authority, the Federal Data Protection and Information Commissioner (FDPÖB), is also available to you, whom you can contact by telephone or in writing. Of course, we hope that this is not necessary and that you contact us in advance so that we can find a solution together.

Would you like to know more details? These can be found in the following sections:

Fleurop-Interflora (Schweiz) AG is the operator of the Männerpflanze.ch website. We are therefore responsible for the collection, processing and use of your personal data via these websites and for the compatibility of data processing with applicable data protection laws. Below you will find all information about this, e.g. about data processing when you visit our website. Personal data is any data relating to an identified or identifiable natural person: name, address, email address, IP address of your computer, etc.

1. Who is responsible for data processing?

   Responsible in accordance with Art. 5 DSG/Art. 4 para. 7 DSGVO:
   
   Fleurop-Interflora (Switzerland) AG
   Förliwiesenstrasse 4, 8602 Wangen
   Phone: +41 44 751 82 82
   email: datenschutz@fleurop.ch
   websites: fleurop.ch / b2b.fleurop.ch / fleurop-home.ch /männerpflanze.ch

2. Website hosting

   Männerpflanze.ch is hosted by Webflow.
   
   Where does Webflow store personal data?
   
   Webflow stores the data of its customers and their clients' end users in the United States, where Webflow is based. Webflow also uses a number of contract processors based in the United States to provide its services (“sub-processors”).
   
   How does Webflow lawfully process and transfer data out of Europe for its European customers?
   
   Webflow uses the European Union's standard contractual clauses as a transfer mechanism for exporting data from Europe. Webflow's data processing agreement (DPA) contains the standard contractual clauses and all other contractual requirements imposed on data processors under the General Data Protection Regulation.
   
   In addition, Webflow remains self-certified under the EU-US Privacy Shield and the Swiss-US Privacy Shield. Webflow remains committed to complying with the Privacy Shield Principles even though the Privacy Shield was declared invalid by the Court of Justice of the European Union in July 2020. Webflow continues to monitor all developments regarding international data transfers and is committed to protecting the privacy of its customers and their end users. Webflow now offers an updated GDPR that includes the new standard contractual clauses approved by the European Commission in June 2021.
   
   How does Webflow protect the personal data that it transmits to sub-processors?
   
   Webflow reviews new sub-processors who access personal data before they are hired to ensure that the necessary security and privacy controls are in place.
   
   How does Webflow secure the stored data?
   
   Webflow strives to ensure a secure, redundant, and reliable infrastructure and encrypts data in transit and at rest. Webflow is SOC 2 certified and strives to continuously validate its security program.

3. Which data do we collect and store for which purposes?

   1. a. Usage data
      
      When you visit our website, you transmit data to our web server via your Internet browser (for technical reasons). The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

      • The so-called referrer URL (the website from which you accessed our offer)
      • Date and time of request; Greenwich Mean Time (GMT) time zone difference
      • Web browser and operating system used
      • Access status/ (file transferred, file not found, etc.)
      • Full IP address of the requesting computer with volume of data transferred by transmission protocol
      • Content of the request (page visited)
      • log files

      For reasons of technical security, in particular to prevent attempts to attack our web server, we store this data for a short time. Based on this data, it is not possible for us to draw conclusions about individual persons. The data is later anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a connection to the individual user. In anonymized form, the data is also processed for statistical purposes; there is no comparison with other data sets or transfer to third parties, even in extracts.

   2. b. Contact form on the website
      
      You can contact us via the email address provided or the contact form. In this case, the data you provide (your email address, name, telephone number and other information provided by you) will be stored in order to process and answer your request. We delete the data generated in this context. You can revoke the processing of your data at any time. This has no adverse consequences for you.
   3. c. Newsletter delivery
      
      We will keep you informed about our interesting offers as part of our newsletter subscription. However, the delivery of electronic advertising emails is only permitted if either the data subject has given consent or if Männerpflanze or Fleurop is in a client relationship with the data subject and has received the e-mail address from the data subject. The advertised goods and services are specified in the declaration of consent. Your data entered when subscribing to the newsletter will only be stored by us until you unsubscribe from our newsletter using the unsubscribe button. You can therefore withdraw your subscription at any time via the link provided for this purpose in the newsletter or by sending us a corresponding message. Your email address will then be removed from the mailing list. As part of the onboarding process, first-time customers receive a newsletter, which can be unsubscribed at any time. The legal basis is Art. 31 DSG/Art. 6 para. 1 p. 1 lit. a GDPR.
   4. d. YouTube (Google)/Google Fonts (Web Fonts)
      
      Google YouTube is provided exclusively in the interest of a uniform, appealing presentation and illustration for the sale of our products, offers and services. When you call YouTube, Google automatically provides and loads the Web Fonts font to display the YouTube player.
      
      YouTube is part of Google. Google LLC based in California, USA. It cannot be ruled out that US authorities may access the data stored by Google. From a data protection perspective, the USA is also a third country that does not have an equivalent level of data protection as Europe. For this reason, your voluntary consent is required under data protection law when you access YouTube, which you can give us via the cookie banner. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website and from processing and storing this data by Google by
      
      ‍a. Does not give your consent to the setting of cookies, or
      b. download and install the browser add-on to disable Google Analytics.
      
      ‍If you have given your consent, when using YouTube videos, personal data, such as name, email address, location data and IP address, are automatically stored on our website when using the function. If the reader accesses the video display on our website, we have no influence on this functionality. When you call up a page, your browser loads the required web fonts into your browser cache to correctly display texts and fonts. For this purpose, the browser you use must connect to Google's servers. As a result, Google becomes aware that our website has been accessed via your IP address. If the browser used by the user does not support the proprietary Google Fonts font, only a standard font is used by that computer.
      
      The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data is only stored for a short time; it is automatically deleted after the session.
      
      The legal basis and revocation option for processing the entered data is your consent, which is based on Art. 32 DSG/Art. 6 para. 1 lit. a DSGVO. You can also withdraw your consent at any time with effect for the future. You can find more information about the privacy policy and terms of use of Google and Google Web Fonts at marketingplatform.google.com and under policies.google.com/ and under developers.google.com as well as in Google's privacy policy: policies.google.com.
   5. f. Google Analytics and Google Signals
      
      This website uses Google Analytics 4, a web analysis service provided by Google LLC. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
      
      ‍Nature and purpose of processing
      
      ‍Google Analytics uses cookies, which enable an analysis of how you use our websites. The information collected using cookies about your use of this website is usually transmitted to a Google server in the USA and stored there.
      
      We use the user ID function. Using the user ID, we can assign a unique, persistent ID to one or more sessions (and the activities within those sessions) and analyze user behavior across devices.
      
      We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data) and can be delivered to these users in cross-device remarketing campaigns.
      
      Google Analytics 4 enables the anonymization of IP addresses by default. As a result of IP anonymization, your IP address is abbreviated by Google within member states of the European Union, Switzerland or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
      
      ‍Purposes of processing
      
      ‍‍‍On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.
      
      ‍transceivers
      
      ‍‍‍Recipients of the data are/may be:
      
      Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor in accordance with Article 28 GDPR) Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USAAlphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
      
      ‍Third country transfer‍‍
      
      ‍For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified according to the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely ruled out, we also have the EU standard contractual clauses completed.
      
      ‍Storage period
      
      ‍‍‍The data sent by us and linked to cookies is automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose storage period has been reached is automatically deleted once a month.
      
      ‍legal basis‍‍
      
      ‍The legal basis for this data processing is your consent in accordance with Art.31 NdSG/Art.6 Paragraph 1 S.1 lit.a GDPR.
      
      ‍revocation‍‍
      
      ‍You can withdraw your consent at any time with effect for the future by going to the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of consent up to the withdrawal remains unaffected.
      
      g. Dropbox
      
      On our website, we use embedded videos that are provided via the Dropbox service. When you play these videos, you connect to Dropbox's servers. Your IP address is transmitted to Dropbox and cookies can be stored on your device. These cookies allow Dropbox to collect information about your usage behavior. Dropbox, Inc. is based in the USA and may therefore be subject to different data protection laws. However, Dropbox is certified under the EU-US and the Swiss-US Privacy Shield, which means they have committed to complying with Swiss and EU data protection standards. For more information about Dropbox's privacy policy, see Dropbox's privacy policy at https://www.dropbox.com/privacy.

4. How long do we store your data and when do we delete it?

   1. Fleurop-Interflora (Schweiz) AG individually complies with the deletion deadlines set by law. If this privacy policy does not specify specific deletion periods for each case, we will generally delete your personal data as soon as the purpose of storage no longer applies. However, we must continue to store your data if we are required to do so by national legislation or by European legislators in EU regulations, laws or other regulations. For example, in accordance with Art. 957 OR, companies have a general storage obligation for business documents of 10 years.
      
      Insofar as we obtain consent from the data subject for processing personal data, Art. 31 of the Swiss Data Protection Act (DSG) or Art. 6 para. 1 lit. a of the (EU) General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary to fulfill a contract to which the data subject is a party, Art. 31 DSG and Art. 6 para. 1 lit. b GDPR serve as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 31 DSG or Art. 6 para. 1 lit. c GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 31 DSG or Art. 6 para. 1 lit. f GDPR serve as the legal basis for processing.

5. What rights do you have as a data subject?

   1. a. Information
      
      In accordance with Art. 25 DSG/Art.15 GDPR, you can request information from us about the personal data we process at any time. In particular, if you request this, we will provide you with information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or must be disclosed, and the planned storage period.
      
      b. Correction
      
      In accordance with Art. 32 DSG/Art.16 GDPR, you have the right to immediately request the correction of incorrect or completed personal data stored by us.
      
      c. Deletion
      
      In accordance with Art. 32 DSG lit 2c/Art.17 DSGVO, you have the right to request the deletion of your personal data stored by us.
      
      d. Restriction of processing
      
      In accordance with Art. 6 DSG/Art.18 GDPR, you can request that the processing of your personal data be restricted.
      
      e. Data portability
      
      In accordance with Art. 28 DSG/Art.20 GDPR, you can require us to provide you with the personal data that you have provided to us in a structured, common and machine-readable format or to transfer it to another person responsible named by you.
      
      f. Withdrawal of consent
      
      You can withdraw your consent to us at any time in accordance with Art. 6, 31, 37 DSG/ Art. 6 GDPR. As a result, we may no longer continue data processing based on this consent in the future.g. Objection to data collection in special cases and against direct marketing. In accordance with Art. 32 DSG/Art.21 GDPR, you can object to the processing of your personal data, provided that there are reasons for this arising from your particular situation or if the objection is directed against direct marketing. In the latter case, you have a general right of objection, which will be implemented by us without specifying a particular situation. You can communicate your objection informally by telephone, email or to our postal address listed at the beginning of this privacy policy. If you would like to exercise one or more of your rights or need more information about this, please feel free to contact us using the contact details provided above.

6. When do we share your information?

   1. We only transfer your data to third parties if:
      
      You have given your express consent in accordance with Art. 6 (6) DSG /Art.6 lit. a and Art. 7 (1) f. GDPR;
      
      the transfer in accordance with Art. 28, 29 DSG/Art. 20 GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data;
      
      in the event that there is a legal obligation to transfer in accordance with Art. 28 DSG, Art. 20 DSV/ Art.6 Paragraph 1 S.1 lit.c GDPR, as permitted by law and in accordance with Art.6 DSG/Art.6 Paragraph 1 S.1 lit;
      
      GDPR is required to process contractual relationships with you. If we use contracted service providers for individual functions of our offer or would like to use your data for commercial purposes, we will always carefully select and monitor these service providers.

7. Right to lodge a complaint with the supervisory authority

   1. You have the right to complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or our company headquarters: Federal Data Protection and Information Commissioner EDÖB.

8. Collection and use of data from your devices (cookies and tracking)

   1. Many websites use technical tools for various functions, in particular cookies, which can be stored on your device. Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using, so that certain information can flow to the location that sets the cookie. Our cookies cannot run programs or transfer viruses to your computer, but are primarily used to make the website faster and more user-friendly.

9. Using external links

   1. Our websites may contain links to websites of third parties not affiliated with us, which in turn use cookies. After clicking on the link, we no longer have any influence on the collection, storage and processing of any data transmitted directly to the third party by clicking on the link, as the conduct of third parties is naturally beyond our control. We assume no responsibility for the processing of such data by third parties. Please refer to the privacy policies of the respective third party about the purpose and scope of data collection, processing and use of data, and settings options to protect your privacy.

10. Status and update of this privacy policy

    1. We reserve the right to change this privacy policy at any time with effect for the future. The latest version is available on the website. Please visit our website regularly and find out about the applicable data protection regulations.
       
       As of April 2024