Privacy Policy

1. Controller

The controller responsible for data processing on this website is:

Lisa Sarejko
30161 Hannover
Germany

+49 (0) 171 234 22 11
hello (at) oooflowers.com


2. General information on data processing

The protection of your personal data is important to us. Personal data is all data with which you can be personally identified (e.g. name, email address, IP address).
We process personal data only to the extent necessary to provide a functional website and our content and services, or if you have given your consent.
The legal bases for data processing arise in particular from Art. 6(1)(a), (b) and (f) GDPR.


3. Hosting and server log files

We use the web hosting provider Netlify for our website. The service provider is the American company Netlify Inc., 2325 3rd Street, Suite 29, San Francisco, CA 94104, USA.

Netlify also processes your data, among other locations, in the USA. Netlify is an active participant in the EU-U.S. Data Privacy Framework, which regulates the proper and secure transfer of personal data of EU citizens to the USA. You can find more information at:
https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en

In addition, Netlify uses so-called standard contractual clauses (Art. 46(2) and (3) GDPR). Standard Contractual Clauses (SCCs) are model clauses provided by the European Commission and are intended to ensure that your data also complies with European data protection standards when it is transferred to and stored in third countries (such as the USA). Through the EU-U.S. Data Privacy Framework and the Standard Contractual Clauses, Netlify undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the European Commission. You can find the decision and the corresponding Standard Contractual Clauses, among other places, here:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

Netlify provides a data processing agreement pursuant to Art. 28 GDPR, which serves as the data protection basis for our customer relationship with Netlify. In terms of content, this refers to the EU Standard Contractual Clauses. You can find it here:
https://www.netlify.com/pdf/netlify-dpa.pdf

For more information about the data processed through the use of Netlify, please see the privacy policy at:
https://www.netlify.com/privacy

When you access this website, the hosting provider automatically collects data and stores it in so-called server log files. In particular, the following may be collected:

  • IP address of the requesting device

  • Date and time of access

  • Name and URL of the file accessed

  • Website from which the access takes place (referrer URL)

  • Browser and operating system used

The processing of this data is carried out in order to ensure the technical stability and security of the website (e.g. for error analysis, for defending against attacks).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a secure and stable operation of the website).

The log files are deleted as soon as they are no longer required for the purpose for which they were collected. You can obtain specific deletion periods from the hosting provider.

4. Contact by email or contact form

If you send us enquiries by email or via the contact form, the information you provide in the enquiry, including the contact details you enter there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions.

As a rule, the following data is processed:

  • Name

  • Email address

  • Content of the message

  • Any other information you provide voluntarily

Legal basis:

  • Art. 6(1)(b) GDPR, insofar as your enquiry is related to the initiation or performance of a contract.

  • Art. 6(1)(f) GDPR in all other cases (legitimate interest in processing enquiries).

We do not pass on this data without your consent.

The data you enter in the contact form will remain with us until the purpose for data storage no longer applies (e.g. once your enquiry has been fully processed), or until you request deletion, provided that there are no statutory retention obligations to the contrary.

5. Your rights as a data subject

With regard to your personal data, you have in particular the following rights under the GDPR:

  • Right of access (Art. 15 GDPR): You can request information as to whether we process personal data relating to you and, if so, which data.

  • Right to rectification (Art. 16 GDPR): You can request the correction of inaccurate data or completion of incomplete data.

  • Right to erasure (Art. 17 GDPR): You can request the deletion of your personal data, provided there are no statutory retention obligations.

  • Right to restriction of processing (Art. 18 GDPR).

  • Right to data portability (Art. 20 GDPR).

  • Right to object (Art. 21 GDPR): You may object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6(1)(f) GDPR.

  • Right to withdraw consent (Art. 7(3) GDPR): You can withdraw any consent you have given at any time with effect for the future.

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR): You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes data protection law.

6. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, such as enquiries sent via the contact form, this site uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser bar.

If SSL/TLS encryption is activated, the data you transmit to us cannot easily be read by third parties according to the current state of the art.

7. Duration of storage

Unless a more specific storage period is specified in this privacy policy, we store personal data only for as long as is necessary for the respective purposes or as required by statutory retention periods.

If the purpose of processing ceases to apply or a prescribed storage period expires, the personal data will be deleted or its processing will be restricted in accordance with the statutory provisions.

8. Version and amendments to this privacy policy

This privacy policy is currently valid and is as of november 2025.

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to reflect changes to our services in the privacy policy (e.g. when introducing new functions on the website). The current privacy policy applies to your next visit.