Privacy policy
PRIVACY POLICY OF PANAMY FLOWERS GMBH
Status 1 November 2023
With this data protection declaration, we inform you about which personal data (data that directly or indirectly identifies you) we collect and process in connection with our activities. It applies to all processing activities in connection with personal data.
We process the data received and collected responsibly, in compliance with the applicable legal provisions and in accordance with this privacy policy. Our processing is generally subject to the Swiss Data Protection Act (DSG). However, this privacy policy is also designed to meet the requirements of the EU General Data Protection Regulation (GDPR). Whether and to what extent these laws are applicable depends on the individual case.
- Person responsible
We are PANAMY Flowers GmbH (Grabenstrasse 3, 8952 Schlieren, Switzerland) and are responsible for the processing of your personal data that we describe here (unless otherwise stated in individual cases). References in this Privacy Policy to "PANAMY", "we" or "us" are references to PANAMY Flowers GmbH.
If you have a data protection concern, you can contact our data protection advisor/us: info@panamy.ch.
- Collection and processing of personal data
We primarily process the personal data that we receive from our customers and other business partners as part of our business relationship with them and other persons involved or that we collect from users when operating our website and other applications. In particular, we collect and process the following personal data from you:
- Inventory data, such as name, address, email address, telephone number, gender, date of birth, social media profiles, photos, videos, relationship details (customer, service provider, etc.), history, official details (e.g. commercial register extracts, authorisations, etc.), details of subscribed newsletters or other advertising (including consent);
- Communication data, such as contact details, type and manner of communication (telephone, e-mail, text messages, video messages, etc.) as well as place, date, time and content of the communication;
- Content data, e.g. user name, password, e-mail address, photographs, videos;
- Financial data, e.g. payment details, creditworthiness details;
- Contract data, data arising in connection with the conclusion or fulfilment of the contract, such as information on the conclusion of the contract, acquired claims and receivables, information on customer satisfaction, purchasing information (e.g. date, place, time and history of purchase, as well as quantity, type and value of goods/services);
- Technical data, e.g. IP address, operating system, date, time, geographical information;
- Behavioural data, such as duration and frequency of visits to our website, date and time of a visit or opening of a message (newsletter, email, etc.), location of your end device, interaction with our online presence on social networks or other third-party platforms;
- Preference data, such as user settings, data from the analysis of the collected data (in particular behavioural data);
- Other data that you make available to us about yourself.
As a rule, the provision of personal data is voluntary, i.e. in most cases you are not obliged to disclose personal data to us. However, we must collect and process the personal data that is necessary or legally required for the processing of a contractual relationship and the fulfilment of the associated obligations. Otherwise, we will not be able to conclude or continue the respective contract.
If you transmit data about other persons (e.g. family members, recipients) to us, we assume that you are authorised to do so and that this data is correct. Please ensure that these other persons are aware of this privacy policy.
- Purpose of the processing
We process your personal data primarily in order to conclude and process our contracts with you, our customers and our business partners. In particular, we also process your personal data for the following purposes:
- to communicate with you;
- to provide you and our customers with our services (including our website) and to improve them;
- to manage the business relationship with you and our customers;
- for advertising, marketing, market research and product development;
- to ensure your and our security and to prevent misuse (e.g. for IT security, theft, fraud and abuse prevention and for evidence purposes)
- to fulfil legal and regulatory obligations;
- to assert our claims and defend ourselves against the claims of others;
- to prepare and execute the sale or purchase of business divisions, companies or parts of companies and other transactions under company law and the associated transfer of personal data;
- for business management and to optimise internal processes.
When processing personal data for the purposes described in this statement, we rely, among other things, on our legitimate interest in maintaining, expanding and managing the business relationship and communicating with you as a customer about our products and services.
For certain purposes, you can give us your consent to process your personal data. Unless we have another legal basis, we will process your personal data within the scope of and based on this consent. You can withdraw your consent at any time. Withdrawal has no effect on processing that has already taken place.
- Security measures
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transfer, safeguarding of availability and its separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data and the response to data threats. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings.
- Data transfer and data transmission abroad
We may disclose your personal data to trusted third parties where necessary or appropriate for the provision of our services or the fulfilment of the purposes defined in this privacy policy.
This relates in particular to the following recipients:
- Service providers of ours (such as payment service providers, banks, insurance companies, tax consultants or auditors), including contract processors (such as IT providers);
- Dealers, suppliers, subcontractors and other business partners;
- Customers;
- domestic and foreign authorities, official bodies or courts;
- Media;
- The public, including visitors to websites and social media;
- Competitors, industry organisations, associations, organisations and other bodies;
- Acquirers or parties interested in acquiring business divisions, companies or other parts of us;
- other parties in potential or actual legal proceedings;
If we disclose data to other persons and companies (processors or third parties) as part of our processing, transfer it to them or otherwise grant them access to the data, this is only done on the basis of legal permission, you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this will only take place if it is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if special guarantees are in place, such as the officially recognised determination of a level of data protection corresponding to the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
- Profiling
Profiling" refers to the automated processing of personal data in order to analyse personal aspects or make predictions (e.g. analysis of personal interests and habits). As a rule, profiling is used to derive preference data. We use profiling in particular for the automatic processing of master data, contract data, behavioural data and preference data when using and purchasing our offers and services, but also in connection with our website, events, competitions and prize draws. We use profiling in particular to improve our offers, to present them and our content in line with your needs, to provide you only with advertising and offers that are likely to be relevant to you and to decide which payment options are available to you based on a credit check. We may also link personal data from different sources as a basis for profiling in order to improve the quality of our analyses and forecasts.
- Rights of the data subjects
As a data subject, you may assert various claims against us in accordance with the applicable national and international provisions. We may process your personal data again to fulfil your claims.
You have the following rights in relation to your personal data:
- Right to information: You have the right to receive information about what personal data we have about you and how we process it;
- Right to data disclosure or transfer: You have the right to receive or transfer a copy of your personal data in a commonly used electronic format, provided that it is processed automatically and the data is processed with your consent or in direct connection with the conclusion or fulfilment of a contract between you and us;
- Right to rectification: You have the right to have your personal data rectified if it is incorrect;
- Right to erasure: You have the right to have your personal data erased;
- Right to object: You have the right to object to the processing of your personal data (particularly in the case of data processing for the purpose of direct marketing).
Please note that conditions and exceptions apply to these rights. We may restrict or refuse your request to exercise these rights where permitted by law. We reserve the right to redact copies for reasons of data protection or confidentiality or to supply only extracts.
If you wish to exercise your rights against us or do not agree with our handling of your rights or data protection, please contact us; our contact details can be found in section 1. In order for us to rule out misuse, we must identify you (e.g. with a copy of your ID, if necessary). Every data subject also has the right to enforce their claims in court or to lodge a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (http://www.edoeb.admin.ch).
- Duration of storage of personal data
We process and store your personal data for as long as is necessary for the fulfilment of our contractual and legal obligations or otherwise for the purposes pursued with the processing, i.e. for example for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond that in accordance with the statutory retention and documentation obligations. It is possible that personal data may be stored for the period in which claims can be asserted against our company and insofar as we are otherwise legally obliged to do so or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymised as far as possible. Shorter retention periods generally apply to operational data (e.g. system protocols, logs).
- Newsletter
We provide you with the opportunity to subscribe to our newsletter, in which we inform you about news at regular intervals. In order for us to send you the newsletter by e-mail, you must give us your consent in a so-called double opt-in procedure, i.e. we will only send you a newsletter if you have expressly confirmed this to us beforehand. You can unsubscribe from the newsletter at any time, e.g. by clicking on the link at the end of each newsletter or by sending us your unsubscribe request by e-mail.
We use the Omnisend service from Omnisend, Soundest Limited, 22 Mare Street, London, E8 4RT, United Kingdom (https://www.omnisend.com) to send newsletters.
When you register for the newsletter, we collect your e-mail address, first name and surname. Any further information is provided voluntarily. We process certain data so that we can determine whether a newsletter e-mail has been opened and which links have been clicked on. Technical information (e.g. time of access, IP address, browser type and operating system) is also collected. We process all data for the purpose of sending the newsletter and analysing the newsletter campaign. We store your data until you unsubscribe from the newsletter. Data stored for other purposes remains unaffected by this.
You can find more information about the data collected in Omnisend's privacy policy at: https://www.omnisend.com/privacy/.
- Cookies and tracking
We typically use "cookies" and similar technologies on our website to identify your browser or device. Cookies" are small files that are stored on users' computers. Different information can be stored within the cookies. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after their visit to an online service. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online service and closes their browser. The content of a shopping basket in an online shop or a login status, for example, can be stored in such a cookie. "Permanent" or "persistent" cookies are cookies that remain stored even after the browser is closed. For example, the login status can be saved if the user visits the website after several days. The interests of users can also be stored in such a cookie and used for reach measurement or marketing purposes. "Third-party cookies" are cookies that are offered by providers other than the controller who operates the online service (otherwise, if they are only the controller's cookies, they are referred to as "first-party cookies").
We may use temporary and permanent cookies and clarify this in the context of this privacy policy. Below we inform you about the cookies / comparable technologies we use. If you do not want cookies to be stored on your computer, you will be asked to deactivate the corresponding option in the system settings of your browser. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer.
A general objection to the use of cookies used for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in the browser settings. Please note that you may then not be able to use all the functions of this website.
- Google Tag Manager
Google Tag Manager is a solution with which we can manage so-called website tags via an interface (and thus integrate Google Analytics and other Google marketing services into our online offering, for example). The Tag Manager itself (which implements the tags) does not process any personal user data. With regard to the processing of users' personal data, please refer to the following information on Google services. Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html.
- Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC ("Google"), on our website. Google uses cookies. The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to analyse the use of our online offer by users, to compile reports on the activities within this online offer and to provide us with further services associated with the use of this online offer and the use of the Internet. Pseudonymised user profiles can be created from the processed data.
We only use Google Analytics with activated IP anonymisation. This means that the IP address of users is truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of adverts by Google (https://adssettings.google.com/authenticated
Users' personal data is deleted or anonymised after 14 months.
- Google Universal Analytics
We use Google Analytics in the form of "Universal Analytics". "Universal Analytics" refers to a Google Analytics process in which the user is analysed on the basis of a pseudonymous user ID and thus a pseudonymous profile of the user is created with information from the use of various devices (so-called "cross-device tracking").
- Target group formation with Google Analytics
We use Google Analytics to display adverts placed by Google and its partners within advertising services only to those users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Google (so-called "remarketing" or "Google Analytics audiences"). With the help of remarketing audiences, we also want to ensure that our adverts correspond to the potential interest of users.
- Google Adsense with personalised ads
We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
We use the AdSense service, with the help of which adverts are displayed on our website and we receive payment for their display or other use. For these purposes, usage data such as the click on an advert and the IP address of the user are processed, whereby the IP address is shortened by the last two digits. User data is therefore processed in pseudonymised form.
We use Adsense with personalised ads. Google draws conclusions about the interests of users based on the websites they visit or apps they use and the user profiles created in this way. Advertisers use this information to tailor their campaigns to these interests, which is beneficial for users and advertisers alike. For Google, ads are personalised when collected or known data determines or influences the ad selection. This includes previous search queries, activities, website visits, the use of apps, demographic and location information. Specifically, this includes: demographic targeting, targeting on interest categories, remarketing and targeting on customer matching lists and target group lists uploaded to DoubleClick Bid Manager or Campaign Manager.
Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of adverts by Google (https://adssettings.google.com/authenticated).
- Google Adsense with non-personalised ads
We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the AdSense service, with the help of which adverts are displayed on our website and we receive payment for their display or other use. For these purposes, usage data such as the click on an advert and the IP address of the user are processed, whereby the IP address is shortened by the last two digits. User data is therefore processed in pseudonymised form.
We use Adsense with non-personalised ads. The adverts are not displayed on the basis of user profiles. Non-personalised ads are not based on previous user behaviour. Contextual information is used for targeting, including rough (e.g. at location level) geographical targeting based on the current location, the content on the current website or app and current search terms. Google prohibits all personalised targeting, including demographic targeting and targeting based on user lists. Further information on the use of data by Google, setting and objection options can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of adverts by Google (https://adssettings.google.com/authenticated).
- Google AdWords and conversion measurement
We use the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, ("Google"). Google is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the online marketing process Google "AdWords" to place adverts in the Google advertising network (e.g. in search results, in videos, on websites, etc.) so that they are displayed to users who are likely to be interested in the adverts. This allows us to display adverts for and within our online offering in a more targeted manner in order to present users only with adverts that potentially match their interests. If, for example, a user is shown adverts for products that they were interested in on other online offers, this is referred to as "remarketing". For these purposes, when our and other websites on which the Google advertising network is active are accessed, a code from Google is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (comparable technologies can also be used instead of cookies). This file records which websites the user has visited, which content they are interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, visiting time and other information about the use of the online offer. We also receive an individual "conversion cookie". The information collected with the help of the cookie is used by Google to create conversion statistics for us. However, we only receive the anonymous total number of users who clicked on our advert and were redirected to a page with a conversion tracking tag. However, we do not receive any information with which users can be personally identified. User data is processed pseudonymously within the Google advertising network. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data in relation to cookies within pseudonymised user profiles. This means that, from Google's perspective, the adverts are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who this cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymisation. The information collected about users is transmitted to Google and stored on Google's servers in the USA. Further information on the use of data by Google, setting and objection options, can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of adverts by Google (https://adssettings.google.com/authenticated).
- Facebook pixel, custom audiences and Facebook conversion
Within our online offer, the so-called "Facebook pixel" of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are based in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook"), is used. Facebook is certified under the Privacy Shield Agreement and thus offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
With the help of the Facebook pixel, Facebook is able to determine the visitors to our online offering as a target group for the display of adverts (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads placed by us only to those Facebook users who have also shown an interest in our online offering or who have certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) that we transmit to Facebook (so-called "custom audiences"). With the help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also track the effectiveness of Facebook adverts for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advert (so-called "conversion"). Facebook processes the data in accordance with Facebook's data usage policy. Accordingly, general information on the display of Facebook ads can be found in Facebook'shttps://www.facebook.com/policy.php. Specific information and details about the Facebook pixel and how it works can be found in Facebook's help section: https://www.facebook.com/business/help/651294705016616.
You can object to the collection by the Facebook pixel and use of your data to display Facebook ads. To set which types of adverts are displayed to you within Facebook, you can go to the page set up by Facebook and follow the instructions there on the settings for usage-based advertising:https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.
You can alsoobject to the use of cookies for reach measurement and advertising purposes via the deactivation page of the network advertising initiative (http://optout.networkadvertising.org/) and also the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
- Social Media
We may operate pages and other online presences on social networks and other platforms operated by third parties (e.g. fan pages, channels, profiles) and collect and process data about you (in particular contact and profile data) that you or the social networks provide to us. We receive the data when you come into contact with us via our online presence (e.g. accessing and commenting on posts). We receive aggregated or otherwise sufficiently anonymised data from the platforms for evaluation purposes so that we can further develop the contributions and services we offer. We process the data in particular for communication, marketing purposes (including advertising on these platforms) and market research. We may redistribute content published by you or delete or restrict content from or about you in accordance with the usage guidelines. Personal data may also be processed outside Switzerland and the European Economic Area (EEA).
Furthermore, the platforms analyse your use of our online presences and link this data with other data about you known to the platforms. They also process this data for their own purposes under their own responsibility, in particular for marketing and market research purposes (e.g. to personalise advertising) and to control their platforms (e.g. which content they display to you).
When using the platforms, other legal documents (e.g. general terms and conditions and terms of use) apply in addition to the corresponding data protection declarations.
We currently use the following platforms:
- Facebook including the so-called Page Insights of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. We are jointly responsible with Meta Platforms Ireland Limited and have concluded the "Controller Addendum" (https://www.facebook.com/legal/controller_addendum). You can find more information on data processing in Facebook's privacy policy: https://www.facebook.com/privacy/policy
- Pinterest: For the purposes of the GDPR, Pinterest Europe Ltd. and Pinterest, Inc. are jointly responsible for the processing of your personal data. Pinterest Europe Ltd. is an Irish company based in Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Pinterest, Inc. is a US company with its registered office at 651 Brannan St., San Francisco, CA 94107, USA. You can find more information on data processing in Pinterest's privacy policy :https://policy.pinterest.com/de/privacy-policy
- Instagram incl. Insights from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbout, Dublin 2, Ireland. You can find more information on data processing in Instagram's privacy policy: https://privacycenter.instagram.com/policy
- Changes
We may amend this privacy policy at any time without prior notice. The current version published on our website shall apply. If the privacy policy is part of an agreement with you, we will inform you of the change by e-mail or other suitable means in the event of an update.