Your trust is very important to us.
Information on data protection:

In accordance with Article 13 of the Swiss Federal Constitution and the data protection provisions of the Swiss Confederation (Data Protection Act / FADP), the Telecommunications Act (TCA) and the European General Data Protection Regulation (GDPR), every person is entitled to the protection of their privacy and protection against misuse of their personal data. We, Fleurop-Interflora (Schweiz) AG, are particularly committed to protecting your personal data and treat your data confidentially in accordance with the Data Protection Act FADP and the GDPR. In cooperation with our hosting providers, we endeavor to protect the databases as well as possible against unauthorized access, loss, misuse, or falsification.

Would you like to know what happens to your data and who you can contact if you need information? You can find out here:

• First and foremost, we process your data confidentially, responsibly and in accordance with the applicable data protection law. We receive your personal data when you place an order or visit our website.
• We only store and use data from you that we require or for the processing of which you have expressly consented.
• Third parties will only receive your data after prior consultation with you, in cases where we cannot perform the necessary tasks ourselves on site. Of course, we have concluded contracts with our service providers to ensure that your data is processed carefully.
• As soon as we no longer need your data, it is automatically deleted in accordance with the statutory retention periods. However, if further storage is required, for example for tax reasons, the data will be blocked. That means that the data is technically protected to ensure that it cannot be changed or processed further.
• Your data is protected - we check our measures regularly!
• If you want to know whether and what data we have about you, when we will delete this data or if you wish to object to certain data processing, please call us (044 751 82 82) or write to us. If you wish to revoke your consent to the storage of your data, you can do so via a setting in the cookie banner or contact us by post or e-mail [email protected] / [email protected]
• If you are dissatisfied with the way we handle your data, you can also contact the competent supervisory authority, the Federal Data Protection and Information Commissioner (FDPIC), by telephone or in writing. Of course, we hope that this will not be necessary and that you will contact us in advance so that we can find a solution together.

Would you like more details? You will find them in the following sections:

Fleurop-Interflora (Schweiz) AG is the operator of the websites www.fleurop.ch, b2b.fleurop.ch and www.fleurop-home.ch. We are therefore responsible for the collection, processing, and use of your personal data via these websites and for the compliance of data processing with the applicable data protection laws. Below you will find all the relevant information, e.g., about data processing when you visit our website. Personal data is all data that relates to an identified or identifiable natural person: name, address, e-mail address, IP address of your computer, credit cards, etc.

Responsible according to Art. 5 FADP / Art. 4 para. 7 GDPR:

Fleurop-Interflora (Schweiz) AG
Förliwiesenstrasse 4, 8602 Wangen
Tel: ‭+41 44 751 82 82‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬‬
E-mail: [email protected] / [email protected]
Websites: www.fleurop.ch / b2b.fleurop.ch / fleurop-home.ch

Our web servers are hosted by Fleurop-Interflora (Schweiz) AG and are located in Switzerland. To protect us against cyber-attacks, a web application firewall (WAF) is installed upstream, which monitors all network traffic. This service is provided by

Cloudflare, Inc.
101 Townsend St,
San Francisco, CA 94107
USA

to ensure the functionality of the website. If you want to know more about the data protection conditions, you can find further details in the privacy policy: www.cloudflare.com/privacypolicy/

Our interest is a reliable and appealing presentation of our website; data collection and storage are carried out in accordance with Art. 31 FADP / Art. 6 para. 1 lit. f GDPR. Your IP address will only be stored by Cloudflare for as long as is necessary for the purpose described.

a.Usage data
When you visit our website, you transmit data to our web server via your Internet browser (for technical reasons). The following data is recorded during an ongoing connection for communication between your Internet browser and our web server:

• the so-called referrer URL (the website from which you accessed our website)
• date and time of the request; time zone difference Greenwich Mean Time (GMT)
• web browser and operating system used
• access status/ (file transferred, file not found, etc.)
• complete IP address of the requesting computer with transmission protocol
• amount of data transferred
• content of the request (page visited)
• log files

For reasons of technical security, in particular to defend against attempted attacks on our web server, this data is stored by us for a short time. It is not possible for us to identify individual persons from this data. The data is later anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. The data is also processed in anonymized form for statistical purposes; it is not compared with other databases or passed on to third parties, even in excerpts.

b.Contact form on the website / Online store registration
You can contact us via the e-mail address provided or the contact form. In this case, the data you provide (your e-mail address, your name and telephone number and other information you provide) will be stored to process and respond to your request. We will delete the data collected in this context. You can revoke the processing of your data at any time. This has no negative consequences for you.

c.Newsletter mailing
We inform you about our current interesting offers as part of our newsletter subscription. However, the sending of electronic advertising emails is only permitted if either the data subject has given their consent or if Fleurop is in a client relationship with the data subject and has received the email address from them. The advertised goods and services are named in the declaration of consent.

The data you enter when registering for the newsletter will only be stored by us until you unsubscribe from our newsletter using the unsubscribe button. You can therefore cancel your registration at any time via the link provided in the newsletter or by sending us a corresponding message. Your e-mail address will then be deleted from the mailing list. First-time customers receive a newsletter as part of the onboarding process, which they can unsubscribe from at any time. The legal basis is Art. 31 FADP / Art. 6 para. 1 sentence 1 lit. a GDPR.

d.YouTube (Google) / Google Fonts (Web Fonts)
The provision of Google YouTube is exclusively in the interest of a uniform, appealing presentation, and illustration for the sale of our products, offers and services. When YouTube is accessed, Google automatically provides and loads the Web Fonts font to display the YouTube player.

YouTube belongs to Google. Google LLC is based in California, USA. It cannot be excluded that US authorities may access the data stored by Google. From a data protection perspective, the USA is also a third country that does not have the same level of data protection as Europe. For this reason, your voluntary consent is required under data protection law when you access YouTube, which you can give us via the cookie banner. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing and storing this data by Google by

a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to deactivate Google Analytics HERE

If you have given your consent, personal data such as your name, e-mail address, location data and IP address are automatically stored on our website when you use YouTube videos. If the reader accesses the video display on our website, we have no influence on this functionality. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. If the browser used by the user does not support the proprietary Google Fonts font, only a standard font will be used by this computer.

The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The data is only stored for a short time; it is automatically deleted after the session.

The legal basis and revocation option for the processing of the data entered is your consent, which is given based on Art. 32 FADP / Art. 6 para. 1 lit. a GDPR. You can also withdraw your consent at any time with effect for the future. Further information on Google's privacy policy and terms of use and Google Web Fonts can be found at marketingplatform.google.com and at policies.google.com and at developers.google.com as well as in Google's privacy policy: policies.google.com.

e.Google Maps
Google Maps is web mapping platform provided by the US company Google LLC. The earth's surface can be viewed as street maps, aerial photography, or satellite imagery, whereby the locations of institutions or known objects are also displayed. The use of the «Application Programming Interface» API of the Google Maps map service, a programming interface, is in the interest of an appealing presentation of our online offers and easy findability of the places we have indicated on the website. Google Maps also automatically loads Google Web Fonts when it is called up.
The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. To use the functions of Google Maps, it is necessary to save the IP address of your computer. This information is usually transmitted to a Google server in the USA and stored there. The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. We have no influence on this data transfer, which is why your consent is required to comply with data protection law. You can find more information on the handling of user data in Google's privacy policy: policies.google.com .

f.Google Analytics and Google Signals
This website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Nature and purpose of processing
Google Analytics uses cookies that enable us to analyze your use of our website. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.

We use the user ID function. With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyze user behavior across devices.

We use Google Signals. This allows Google Analytics to collect additional information about users who have activated personalized ads (interests and demographic data) and can be delivered to these users in cross-device remarketing campaigns.

In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union, Switzerland or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Purposes of the processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

Recipients
Recipients of the data are/may be:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Third country transfer
For the USA, the European Commission adopted its adequacy decision on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example to Singapore) cannot be completely excluded, we have also concluded the EU standard contractual clauses with the provider.

Storage duration
The data sent by us and linked to cookies is automatically deleted after 14 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

Legal basis
The legal basis for this data processing is your consent in accordance with Art. 31 nFADP / Art. 6 para. 1 sentence 1 lit. a GDPR.

Revocation
You can withdraw your consent at any time with effect for the future by accessing the cookie settings HERE and changing your selection there. This does not affect the lawfulness of the processing carried out based on the consent until revocation.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may limit the functionality of this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by

a. not giving your consent to the setting of the cookie or

b. downloading and installing the browser add-on to deactivate Google Analytics HERE

You can find more information on the terms of use of Google Analytics and on data protection at Google at marketingplatform.google.com and at policies.google.com.

g.Emarsys

We use Emarsys for personalization, analysis, automation, and email campaigns (sending newsletters). Emarsys works with cookies and tracking pixels that help us to create newsletters and customized advertising. If you give your consent to receive our newsletter and have fully completed the double opt-in procedure to verify your email address (or have entered your email address on our website in connection with a purchase in our webshop), your personal data will be collected by Emarsys and combined into a (pseudonymized) user profile that can be assigned to your email address. When you visit our website, the data collected by Emarsys may also be merged into a (pseudonymized) user profile if you have given your consent to receive our newsletter in one of our partner stores. Your email address will be pseudonymized by us. If you have given your consent to receive our newsletter, we will process the following data about you: whether you opened our newsletter and what you clicked on, when and for how long you were on our website, which products and categories you looked at, what you bought when in our web shop from which category and at what price, and whether you completed the check-out process.

You can find the Emarsys privacy policy here: emarsys.com/privacy-policy.

This data processing (evaluation of the newsletter and performance measurement) is based on our legitimate interest - subject to your consent - in a secure and user-friendly process for our newsletter system and thus serves both our business interests and your expectations regarding the improvement of our website, products, and services.

If you no longer wish to receive the newsletter, you can unsubscribe at any time free of charge by clicking on the web link contained in each mailing or by sending an e-mail to [email protected].

h.Pixlee

We use Pixlee technology on our website to display user-generated content (UCG) from social media. The consent of the creators has been obtained in advance for the content and is only displayed if you have given us your consent for all cookies. The data is transmitted directly to your browser and integrated into the page. Your IP address is transmitted to a Pixlee server in the USA for this purpose. You can find further information on the privacy policy at www.pixlee.com/privacy-policy.

i.Cookies/plugins/external services

Our websites use technical aids for various functions, e.g., to maintain the web infrastructure, to display the images of the web store, to deliver orders, etc., which can be stored on your end device. These are text files or information in a database that are stored on your hard disk and can be assigned to the browser you are using so that certain information can flow to the location that sets the cookie or service. Our cookies cannot execute programs or transfer viruses to your computer but are primarily used to make the website faster and more user-friendly. You can also generally prevent the use of cookies by prohibiting the storage of cookies in your browser. You will find a list of all cookies and how to adjust your consent at the end of this document under the heading Cookies.

j.Video conferencing systems

We use Microsoft Teams 365 to conduct video conferences with our business partners. The standard data protection clauses specified by the European Commission for the protection of personal data and adaptation to the European level of data protection are integrated into our contract with Microsoft. In the event of unlawful data processing, the data subject will be informed. We store a small amount of personal data in our Azure Active Directory (AD) Cloud: company name, temporarily the e-mail address and first name and surname of participants. We use Microsoft's standards: diagnostic data for up to 13 months; call history, location for up to 90 days; messages, images, files, user profile for 7 years to improve our services. We would like to point out that one hundred percent protection of your own data cannot generally be expected with web-based applications, as data stored in a cloud is never 100% secure. The legal basis for our data processing is your consent in accordance with Art. 31 FADP / Art. 6 para. 1 lit. a GDPR, which you can revoke at any time without any disadvantages. Further information on Microsoft's privacy policy and terms of use can be found at privacy.microsoft.com.

k.Online-Shop

On our online store websites www.fleurop.ch, b2b.fleurop.ch and www.fleurop-home.ch we offer you a customized range of flowers according to your wishes for all occasions. Our online store stores your first name, surname, e-mail address and (if specified) company name. If an order is placed, the purchase is processed entirely online via Planet (Datatrans) as a cashless transaction. Planet, the new owner of the former Datatrans AG, offers you various payment options by credit card, debit card and mobile payment. The PCI DSS-certified payment platform guarantees simple and secure credit and debit card payment transactions over the Internet, both for the store operator and for the cardholder, through commercially appropriate physical, electronic, and procedural safeguards to protect personal data in accordance with legal data protection requirements. Further information on Planet's (Datatrans) privacy policy and terms of use can be found at www.datatrans.ch/en/privacy-policy/.

Fleurop-Interflora (Schweiz) AG complies with the individual deletion periods stipulated by law. If no specific deletion periods are specified in this data protection declaration for the respective case, we will generally delete your personal data as soon as the purpose of storage no longer applies. However, we must continue to store your data if we are obliged to do so by national legislation or by the European legislator in EU regulations, laws, or other provisions. For example, in accordance with Art. 957 of the Swiss Code of Obligations, companies have a general obligation to retain business records for 10 years.

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 31 of the Swiss Data Protection Act (FADP) or Art. 6 para. 1 lit. a of the (EU) General Data Protection Regulation (GDPR) serves as the legal basis. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 31 FADP or Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 31 FADP or Art. 6 para. 1 lit. c GDPR serves as the legal basis. If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 31 FADP or Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

a. Information
You can request information from us at any time about the personal data we process in accordance with Art. 25 FADP/Art. 15 GDPR. In particular, if you so request, we will provide you with information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or must be disclosed and the planned storage period.

b. Rectification
You have the right to demand the immediate rectification of incorrect or incomplete personal data stored by us in accordance with Art. 32 FADP / Art. 16 GDPR.

c. Deletion
You have the right to request the deletion of your personal data stored by us in accordance with Art. 32 FADP lit. 2c / Art. 17 GDPR.

d. Restriction of processing
You can request the restriction of the processing of your personal data in accordance with Art. 6 FADP / Art. 18 GDPR.

e. Data portability
In accordance with Art. 28 FADP / Art. 20 GDPR, you may request that we provide you with the personal data you have provided to us in a structured, commonly used, and machine-readable format or that we transmit it to another controller named by you.

f. Withdrawal of consent
You can revoke your consent to us at any time in accordance with Art. 6, 31, 37 FADP / Art. 6 GDPR. As a result, we may no longer continue the data processing that was based on this consent in the future.

g. Objection to the collection of data in special cases and to direct advertising
You may object to the processing of your personal data in accordance with Art. 32 FADP / Art. 21 GDPR if there are reasons for this arising from your particular situation or if the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation. You can inform us of your objection informally by telephone, e-mail or to our postal address listed at the beginning of this privacy policy.

If you would like to exercise one or more of your rights or require further information about this, please contact us using the contact details above.

We only transfer your data to third parties if:

• you have given your express consent in accordance with Art. 6 para. 6 FADP / Art. 6 lit. a and Art. 7 para. 1 f. GDPR for this purpose;
• the disclosure pursuant to Art. 28, 29 FADP / Art. 20 GDPR is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;
• if there is a legal obligation for disclosure pursuant to Art. 28 FADP, Art. 20 FODP / Art. 6 para. 1 sentence 1 lit. c GDPR, and
• this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 FADP / Art. 6 para. 1 sentence 1 lit. b GDPR.

If we use contracted service providers for individual functions of our offer or wish to use your data for commercial purposes, we will always carefully select and monitor these service providers.

You have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters:

Federal Data Protection and Information Commissioner FDPIC
Postal address
Feldeggweg 1
3003 Berne
Switzerland
Phone: +41 58 462 43 95‬
E-Mail: [email protected]

Many websites use technical aids for various functions, in particular cookies, which can be stored on your end device. Cookies are text files or information in a database that are stored on your hard disk and assigned to the browser you are using so that certain information can flow to the location that sets the cookie. Our cookies cannot execute programs or transfer viruses to your computer but are primarily used to make the website faster and more user-friendly.

Our websites may contain links to websites of third parties not affiliated with us, which in turn use cookies. After clicking on the link, we no longer have any influence on the collection, storage and processing of any data transmitted directly to the third party by clicking on the link, as the behavior of third parties is naturally beyond our control. We accept no responsibility for the processing of such data by third parties. Please refer to the data protection information of the respective third party for information on the purpose and scope of data collection, the processing and use of the data and setting options to protect your privacy.

Information that you transmit to us is stored on servers within the European Union and Switzerland. Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to our website via the Internet. However, we take technical and organizational measures to protect our website and other systems against loss, destruction, access, modification, or dissemination of your data by unauthorized persons. In particular, your personal data is transmitted to us in encrypted form. We use the coding system SSL (Secure Socket Layer) or TLS (Transport Layer Security).

We reserve the right to amend this privacy policy at any time with effect for the future. A current version is always available on the website. Please visit our website regularly and inform yourself about the applicable data protection regulations.

Status November 08, 2023