Smithers Oasis Germany has a firm commitment to protecting your data online.
Our goal at Smithers Oasis is to develop an online environment that is simple to operate and takes account of the rights and expectations of our customers and other visitors to the Smithers-Oasis website.
The responsible data controller for this website is
Smithers-Oasis Germany GmbH
Heinrich-Büssing-Strasse 5
67269 Grünstadt
Germany
Telephone: +49 6359 8004-0
E-mail: germanyinfo@oasisfloral.de
Website: www.oasisfloral.de
For general questions or suggestions with regard to data protection, please contact the Smithers Oasis external Data Protection Officer
K.Hartwig
PRIOLAN GmbH
Lise-Meitner-Str. 12
74074 Heilbronn
Phone: +49 176 458 154 35
E-Mail: k.hartwig@priolan.de
Web: www.priolan.de
Telephone: +49 6359 8804-0
E-Mail: datenschutz@smithersoasis.info
Website: www.oasisfloral.de
Table of contents:
III. Data transmission to third parties for the contract performance
- Data transmission to service providers for sending out newsletters
- Data transmission for the usage analysis
- Data transmission for advertising purposes
VII. Data transmission to social media services
VIII. Data transmission to improve the page functionality
I. General
1. Type and scope of data collection
Data are collected and processed when our website or a file stored on our website is accessed. As a matter of principle, this only takes place if necessary to provide an operable website along with its content and services.
Unless expressly indicated otherwise in the following sections, the legal basis for this processing of data is point (f) of Art. 6 (1) GDPR, i.e. they are processed on the basis of the legitimate interest of Smithers-Oasis Germany GmbH in offering you as the Internet user this website and the services offered on the website.
Furthermore, personal data are normally collected and used only if consent is duly granted. An exception applies in cases in which factual reasons make it impossible to obtain the consent in advance and the processing of data is permitted by statutory regulations.
a. Legal basis for the processing of personal data
Where the processing of personal data serves the performance of contracts concluded with us, the legal basis is point (b) of Art. 6 (1) GDPR. This also applies to processing that is required for the performance of precontractual measures.
Where we obtain the data subject’s consent to the processing of personal data, the legal basis is point (a) of Art. 6 (1) GDPR.
Where the processing of personal data serves the fulfilment of a legal obligation that our company is subject to, the legal basis is point (c) of Art. 6 (1) GDPR.
In case vital interests of the data subject or of another natural person requires the processing of personal data, the legal basis is point (d) of Art. 6 (1) GDPR.
If the processing is required for protecting a legitimate interest of our company and if the interests, fundamental rights and freedoms of the data subject do not override the said interest, the legal basis for the processing is point (f) of Art. 6 (1) GDPR.
b. Data erasure and storage duration
The erasure of the personal data collected by us will take place as soon as the purpose for the storage no longer applies.
The storage will take place if this is required by law, a regulation under EU law or other regulations.
Moreover, the erasure will take place when a storage period required by one of the said standards ends, unless the data need to continue to be stored for the conclusion or performance of a contract.
II. Data collection via the website
1. Log files
The following details are logged when our website is accessed:
- Browser type/version
- Operating system
- Referrer URL (of the previously accessed website) and the pages accessed on our website
- IP address
- Date and time of the server request
- Internet service provider
The storage in log files ensures the due operability of our website. Moreover, it serves the optimisation and security of our systems. In this connection, the data are not analysed for any marketing purposes.
2. Cookies
Our website uses cookies. Cookies are text files that are stored on the visitor’s computer system when our website is accessed. Cookies contain a character string that enables the identification of the visitor’s browser when our website is accessed again. We use technically necessary cookies in order to make our offering more user-friendly, effective and secure.
For example, the following data are stored in the cookies and transmitted:
- Items in the shopping cart
- Login data
- Language settings
We pseudonymise the extracted data. Therefore, the data cannot be associated with the visitor. Moreover, these data are not stored together with other personal data.
You can configure your browser in such a way that you are informed when cookies are set and permit them on a case-by-case basis or reject cookies in certain cases or categorically. If you do not accept cookies, the functionality of our website may be limited.
Furthermore, we use cookies that enable the analysis of the surfing behaviour of our website visitors (so-called analysis cookies).
For example, the following data are stored in the analysis cookies and transmitted:
- Page impressions
- Use of the website functions
- Language settings
Technically necessary cookies serve the purpose of facilitating the use of websites. Some functions of the website and of the online shop cannot be offered without using cookies. For these, it is necessary for the browser to be recognised even after going to other pages.
The user data collected by technically necessary cookies are not used for the creation of user profiles.
The use of analysis cookies serves the improvement and optimisation of our website and its contents.
Cookies are stored on and transmitted by the user’s computer. Therefore, users have full control over the use of cookies. You can deactivate or limit the transmission of cookies by changing the settings of your web browser. Previously stored cookies can be deleted whenever you wish. This can even take place automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.
3. Contact form and e-mail
We provide visitors to our website with a contact form by means of which they can easily contact us electronically. The data entered in the input screen will be transmitted to us and stored.
At the time of the transmission, the user’s IP address as well as the date and time of the transmission will also be stored.
Alternatively, visitors can contact us via the specified e-mail address. In this case, the user’s personal data that are transmitted with the e-mail will be stored.
The data will not be forwarded to any third parties. The data will be used exclusively for processing the request.
The personal data will be processed solely for the purpose of processing the contact. In the event of a contact by e-mail, this also represents the required legitimate interest in processing the data. If your e-mail contact aims at the conclusion of a contract, point (b) of Art. 6 (1) GDPR is an additional legal basis for the processing.
Your data will be erased as soon as they are no longer needed for the purpose for which they were collected. For the personal data from the input screen of the contact form and those sent by e-mail, this will be the case as soon as the respective conversation with the user ends. The conversation will be deemed ended as soon as the circumstances show that the respective matter has been dealt with conclusively.
The personal data collected additionally during the transmission procedure will be erased after a period of seven days, at the latest.
4. Comment function
We enable visitors to our website to submit comments. The data entered in the input screen will be transmitted to us and stored.
At the time of the transmission, the user’s IP address as well as the date and time of the transmission will also be stored.
The data will not be forwarded to any third parties. The data will be used exclusively for processing the request.
The data will be erased as soon as they are no longer needed for the purpose for which they were collected. This will be the case at the latest when the comment or the respective page is deleted.
5. Newsletter
On our website, users can subscribe to our newsletter. When subscribing to the newsletter, the data queried in the input screen will be transmitted to us.
Additionally, the following data are collected during the subscription:
- IP address of the subscriber’s computer
- Date and time of the registration
In the course of the subscription, the user’s consent is obtained via double opt-in to ensure processing with consent pursuant to point (a) of Art. 6 (1) GDPR.
If customers have purchased goods or services from us and have provided their e-mail address in this process, it may subsequently also be used for the delivery of a newsletter. In such a case, the newsletter will only contain direct advertising for similar goods or services of our company.
The legal basis for sending the newsletter due to the sale of goods or services is Section 7 (3) of the German Unfair Competition Act (UWG).
The data will be erased as soon as they are no longer needed for the purpose for which they were collected. Accordingly, the user’s e-mail address will be stored as long as the newsletter subscription is active.
The newsletter subscription can always be cancelled by the respective user. A link for this purpose is provided in every newsletter.
6. Newsletter tracking
The newsletters we send contain so-called tracking pixels. Tracking pixels are miniature images that are embedded in e-mails sent in HTML format in order to enable logging and log file analysis. The personal data collected in this way will not be forwarded to any third parties. In the course of the subscription, your consent is obtained via double opt-in.
The legal basis for the processing of the data after the subscription to the newsletter with the user’s consent is point (a) of Art. 6 (1) GDPR as well as point (f) of Art. 6 (1) GDPR.
The newsletter tracking serves the statistical analysis of the success or failure of online marketing campaigns. In this way, we can determine whether and when an e-mail is opened and which links in the e-mail are clicked. Furthermore, the newsletter tracking serves the improvement and optimisation of the newsletter.
Your data will be erased as soon as they are no longer needed for our business processes and this does not conflict with statutory retention obligations.
7. Registration
Users can register on our website.
During the registration, the data queried in the input screen will be transmitted to us and stored. The same applies to the input made for guest orders.
The personal data may be transmitted to third parties (e.g. parcel services) if this is necessary for the performance of the contract. They will use the forwarded data for internal purposes only, which are attributable to us. For details, please refer to section III. of this Privacy Policy.
If the registration serves the performance of a contract to which the user is a party or of precontractual measures, the legal basis is point (b) of Art. 6 (1) GDPR.
The user’s registration is necessary for the performance of contracts with users or for the performance of precontractual measures. The same applies to the input made for guest orders.
Furthermore, the user’s registration is required for the provision of certain contents and services on our website.
The data will be erased as soon as they are no longer needed for the purpose for which they were collected.
For the data collected in the course of the registration, this will be the case when the registration on our website is cancelled or modified.
For the data collected during the registration process or during the guest order process for the performance of a contract or precontractual measures, this will be the case as soon as the data are no longer needed for the performance of the contract. Even after the conclusion of the contract, it might be necessary to store personal data of the contracting partner in order to comply with contractual or statutory obligations.
III. Data transmission to third parties for the contract performance
1. General
During the order process, we will only collect and use your personal data insofar as this is necessary for the fulfilment and processing of your order and for processing your requests. If necessary for the performance of the contract or if approved by you, the data you enter during the order process will be forwarded to service partners whom we need for processing the contractual relationship or service providers to whom we outsource the processing.
Apart from the recipients mentioned in the respective clauses of this privacy policy, this includes recipients of the following categories:
Shipping service providers, payment service providers, ERP service providers, order processing service providers, web hosters, IT service providers and dropshipping resellers
The processing described above serves the performance of a contract to which the user is a party. The legal basis for the processing of the data is point (b) of Art. 6 (1) GDPR.
Your data will be erased as soon as they are no longer needed for the performance of the contract, provided that this does not conflict with contractual or statutory retention obligations.
2. PayPal (Plus)
If, in the course of the order process, the user opts for payment with “PayPal” or “PayPal Plus” (purchase on account / credit card / direct debit), the user’s data will automatically be transmitted to the payment service provider. By opting for PayPal as payment method, the user consents to the transmission of personal data that are required for processing the payment. The provider is PayPal (Europe) S.à.r.l. & Cie. S. C. A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg. The data that are required for processing the payment will be transmitted. This includes the first name, surname, address, e-mail address, IP address, telephone number, mobile phone number and order details. The privacy policy of PayPal can be accessed at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full.
If the use of the payment service provider serves the performance of a contract to which the user is a party, the legal basis for the processing of the data is point (b) of Art. 6 (1) GDPR.
The transmission takes place for the payment processing, the prevention of abuse and the verification of the identity and creditworthiness.
Your data will be erased as soon as they are no longer needed for our business processes and this does not conflict with statutory retention obligations. We do not have any influence on the provider’s storage of the data. You can contact the provider using the contact details specified above.
3. Data transmission for credit check
Within the scope of the payment processing, data to check the creditworthiness are transmitted in the cases permitted by law.
In this context, data may be transmitted to the following companies:
- Schufa, SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
https://www.schufa.de/en/data-privacy/ - Arvato Bertelsmann, Bertelsmann SE & Co. KGaA, Carl-Bertelsmann-Strasse 270, 33311 Gütersloh, Germany
https://finance.arvato.com/en-uk/privacy-policy/ - Infoscore Forderungsmanagement GmbH, Gütersloher Str. 123, 33415 Verl, Germany
https://www.inkassoportal.de/en/legal-information/privacy-policy - Creditreform, Verband der Vereine Creditreform e.V., Hellersbergstrasse 12, 41460 Neuss, Germany
https://www.creditreform.de/eu-dsgvo.html - Bürgel, CRIF Bürgel GmbH, Radlkoferstrasse 2, 81373 München, Germany
https://www.crifbuergel.de/sites/default/files/documents/informationsblatt_dsgvo.pdf
If the use of the payment service provider serves the performance of a contract to which the user is a party, the legal basis for the processing of the data is point (b) of Art. 6 (1) GDPR.
The transmission takes place for the payment processing, the prevention of abuse and the verification of the identity and creditworthiness.
Your data will be erased as soon as they are no longer needed for our business processes and this does not conflict with statutory retention obligations. We do not have any influence on the provider’s storage of the data. You can contact the provider using the contact details specified above.
IV. Data transmission to service providers for sending out newsletters
1. Newsletter2go
We use the services of Newsletter2Go for the transmission of the newsletter and for e-mail marketing. The provider is Newsletter2Go GmbH, Nürnberger Strasse 8, 10787 Berlin, Germany.
For example, the following data are stored and processed by the provider:
- IP address
- Page impressions and click behaviour
- Browser type and browser language
- Hardware used by the user
Moreover, the provider sets cookies on the users’ devices.
Further information is available at https://www.newsletter2go.co.uk/information-for-newsletter-recipients/.
The legal basis for the processing of the data after the user’s subscription to the newsletter with the user’s consent is Art. 6 (1) a GDPR.
Your data will be erased as soon as they are no longer needed for our business processes and this does not conflict with statutory retention obligations. We do not have any influence on the provider’s storage of the data. You can contact the provider using the contact details specified above.
Users can withdraw their consent to the processing of personal data at any time vis-à-vis the controller or the provider. For this, the user must contact the controller or the provider via the specified communication routes. Moreover, the user can request the erasure of the data at the provider.
V. Data transmission for the usage analysis
1. Google Analytics
This website uses the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Google Analytics uses analysis cookies. The information about your use of this website generated by the cookies is generally sent to a Google server in the USA and stored there. We supplement the Google Analytics code with the code “gat._anonymizeIp();”. This code causes the logged IP address to be truncated by Google in Member States of the European Union or other Contracting States to the Agreement on the European Economic Area before it is transmitted. A full IP address will be transmitted to a Google server in the USA and shortened there only in exceptional cases. By order of the operator of this website, Google will use this information to analyse your use of the website, to compile reports about the website activities, and to perform other services related to the use of the website and of the Internet in general for the website operator. The IP address transmitted by your browser in the context of the use of Google Analytics will not be combined with other Google data. Further information is available at https://www.google.com/analytics/terms/gb.html and https://policies.google.com/?hl=en.
The processing of the users’ personal data enables us to analyse our users’ surfing behaviour. Based on the analysis of the collected data, we are able to compile information on the use of the individual components of our website. This helps us to improve our website and its user-friendliness. This also represents our legitimate interest in processing the data pursuant to point (f) of Art. 6 (1) GDPR. Through the anonymisation of the IP address, the users’ interest in the protection of their personal data is adequately accommodated.
Your data will be erased as soon as they are no longer needed for our business processes and this does not conflict with statutory retention obligations. When we request Google to do so, the data are automatically erased after 14 months.
Cookies are stored on and transmitted by the user’s computer. Therefore, users have full control over the use of cookies. You can deactivate or limit the transmission of cookies by changing the settings of your web browser. Previously stored cookies can be deleted whenever you wish. This can even take place automatically. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.
Moreover, you can prevent the collection of data concerning your use of the website (including your IP address), which are generated by the cookie, and the processing of these data by Google by downloading and installing the browser plug-in from http://tools.google.com/dlpage/gaoptout?hl=en.
To opt out from Google Analytics when using mobile devices, this link must be clicked from every mobile device.
VI. Data transmission for advertising purposes
1. Google AdWords
We have integrated Google AdWords on our website. The provider is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The use of Google AdWords enables the advertising of our website by displaying interest-based advertising on the websites of other companies and in the Google search engine results as well as the display of third-party advertising on our website. When a user clicks a Google AdWords ad, a conversion cookie is set on the user’s computer. Conversion cookies do not serve the identification of the users. Conversion cookies allow us to determine which subpages were accessed on our website, whether turnover was generated or whether a transaction was cancelled. The personal data are stored by Google in the USA. Google may forward them to third parties.
Google AdWords enables the display of Internet advertising in the search engine results of Google and in the Google advertising network.
Your data will be erased as soon as they are no longer needed for our business processes and this does not conflict with statutory retention obligations. We do not have any influence on the provider’s storage of the data. You can contact the provider using the contact details specified above.
Further information and the applicable privacy policy of Google can be accessed at https://www.google.com/intl/gb/policies/privacy/.
2. Facebook Analytics
Our app uses the web analysis service Facebook Analytics. The provider is Facebook Inc., 7811 Menlo Park, 94043 California, USA.
The provider uses technologies that enable the collection of user data that provide information on how mobile websites and apps are used and to display individualised apps. Depending on the operating system used, a cookie is set (Android) or the so-called advertising identifier (iOS) is used.
Further information is available at https://www.facebook.com/about/privacy/.
The processing of the users’ personal data enables the analysis of our users’ surfing behaviour and the display of personalised advertising.
VII. Data transmission to social media services
1. Two-click solution for the integration of social media plugins
The website does not directly integrate social media plugins. Therefore, third parties cannot generate profiles.
To share our offers via Pinterest, Instagram, Facebook, Twitter or XING, we use the so-called two-click solution.
Data will only be transmitted to the operator of the respective social media service once you decide to share something by clicking the respective button.
For details on the purpose and scope of the collection of data and further processing and use of the data as well as your rights in this regard and configuration options to protect your privacy, we recommend reading the privacy policy of the respective social media service you want to use.
You can find these privacy policies here:
Facebook: https://www.facebook.com/about/privacy/
Instagram: https://www.instagram.com/about/legal/privacy/
Pinterest: https://about.pinterest.com/privacy-policy
After clicking the notice, the legal basis is point (a) of Art. 6 (1) GDPR.
2. Two-click solution for the integration of YouTube
We have integrated components of YouTube on our website. YouTube is an Internet video portal that allows video publishers to upload video clips free of charge and enables other users to view, rate and comment these videos free of charge. YouTube permits the publication of all types of videos. Thus, complete films and TV broadcasts as well as music videos, trailers and videos created by users can be accessed via the Internet portal.
The provider is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The website does not directly integrate YouTube videos. Therefore, third parties cannot generate profiles.
To view our videos, users need to click the thumbnail image. The video can only be confirmed after clicking the notice or after logging in. Data will only be transmitted from this moment.
Further information on this subject is available under https://www.youtube.com/yt/about/d and in the privacy policy published by YouTube, which can be accessed at https://www.google.com/intl/gb/policies/privacy/. These resources provide information on the collection, processing and use of personal data by YouTube and Google.
After clicking the notice, the legal basis is point (a) of Art. 6 (1) GDPR.
VIII. Data transmission to improve the page functionality
1. Rating by Trusted Shops
We use the rating tool of Trusted Shops. The provider is Trusted Shops GmbH, Subbelrather Str. 15c, 50823 Köln, Germany.
If the user clicks the checkbox “Rate later” during the order process, the provider will receive the user’s e-mail address. The user may receive e-mails from the provider that remind the user to provide a rating.
Further information on the duration of the storage is available at https://www.trustedshops.eu/imprint/.
The legal basis for the processing of the data after the user clicks the checkbox is point (a) of Art. 6 (1) GDPR.
The aforementioned data are collected for the purpose of getting ratings from the users. These serve the advertising of the goods and services offered.
2. Google Fonts
This website uses external fonts (Google Fonts). The provider is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
When the website is accessed, the font files are loaded from the servers of Google Inc. These servers may also be located in the USA. For example, the IP address of the user’s device and the information which pages the user accessed will be transmitted.
Further information is available at https://developers.google.com/fonts/faq?hl=en-GB&csw and https://policies.google.com/?hl=en.
The use of Google Fonts improves and optimizes the presentation and display of the website.
3. Google Maps
We have integrated maps of Google Maps on our website. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Due to the use of Google Maps, information on the use of the website (click behaviour including your IP address) may be transmitted to the provider. The data may be sent to a server of the provider in the USA and be stored there.
Detailed information on this subject is available at https://policies.google.com/privacy?hl=en.
We integrate the provider’s maps in order to display our location and make it easier to find.
IX. Retention periods
Smithers-Oasis stores personal data only as long as it is necessary for the purposes described herein, or as long as it is necessary to comply with statutory retention periods. Unless it is stated otherwise herein the data you have entered above will therefore not be retained for longer than the statutory retention period for business communication of six years. Unless it is stated otherwise herein, the automatically collected data will be deleted or anonymised after one week at the latest.
However, we have no influence on the storage of data by the provider. You can reach the provider under the contact details specified above.
X. Your rights
Upon request Smithers Oasis will inform you whether Smithers Oasis stores any data about you, and if yes which. Under the statutory conditions you may have the right to demand that Smithers Oasis rectifies, restricts processing of, or erases these data.
You also have the right to receive from Smithers Oasis the personal data concerning you which you have provided to Smithers Oasis, in a structured, commonly used and machine-readable format. You have the right to transmit (or have transmitted) those data to another controller.
You also have the right to lodge a complaint with the competent supervisory authority for data protection matters.