Privacy policy

Privacy policy for flora & farbe, represented by Elke Fiebig.
Thank you for your interest in flora & farbe.

The servers on which are operated are located in Germany. Your data will not be passed on or sold to uninvolved third parties without your consent - there are exceptions, for example, when it is necessary to pass on data to shipping service providers. You can use this website without providing any personal data. If a data subject wishes to make use of our company's services via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we always obtain the consent of the data subject.
The processing of personal data (e.g. name, address, e-mail address or telephone number of a data subject) is always carried out in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations that apply to us.

The following data protection declaration informs the public about the type, scope and purpose of the personal data we collect, use and process. This data protection declaration also informs data subjects about their rights.
We have implemented technical and organizational measures to ensure the most complete protection of personal data processed via our website. However, data transmissions over the Internet can generally contain security gaps. 100% protection cannot therefore be guaranteed. Therefore, every person concerned can of course also send us personal data alternatively, e.g. by telephone.

  1. Definition of terms

This data protection declaration is based on the definitions used by the European legislator for directives and regulations when the GDPR was adopted (Article 4 GDPR). This data protection declaration should be both easy to read and easy to understand for everyone. To ensure this, we would first like to explain the terminology used. The following definitions are used in this data protection declaration:

  • personal data“all information that relates to an identified or identifiable natural person (hereinafter "data subject"); A natural person is regarded as identifiable who can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical , physiological, genetic, psychological, economic, cultural or social identity of this natural person
  • data subject“any identified or identifiable natural person whose personal data is processed by the person responsible for processing
  • processing“any process or series of processes carried out with or without the help of automated processes in connection with personal data such as the collection, recording, organization, arrangement, storage, adaptation or modification, reading, querying, use, disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction
  • Restriction of processing“the marking of stored personal data with the aim of restricting their future processing
  • Profiling“ any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, interests to analyze or predict the reliability, behavior, whereabouts or change of location of this natural person
  • Responsible person“the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data; If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states
  • Recipient“a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. Authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients; The processing of this data by the named authorities takes place in accordance with the applicable data protection regulations in accordance with the purposes of the processingThird party“a natural or legal person, authority, agency or other body, apart from the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processorConsent“of the data subject: any voluntary, informed and unambiguous declaration of will in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they agree to the processing of the personal data concerning them for the specific case.

2. Remarks
a) name and contact details of those responsible for processing

These data protection notices apply to data processing by:Responsible:: flora & farbe, vertreten durch Elke Fiebig, E-Mail:

b) Externes Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster's servers. This may mainly involve IP addresses, contact requests, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. the use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).the hoster will only process data to the extent necessary to fulfill its performance obligations and follow instructions regarding this data.we use the following hoster: Webgo GmbH, Heidenkampsweg 81, 20097 Hamburg, Germany

Contract for data processing
In order to ensure data protection compliant processing, we have concluded an order processing contract with our hoster.

c) Storage period
Unless a more precise storage period is specified in this data protection declaration, personal data will be stored until the purpose for data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, the data will be deleted unless there are other legally permissible reasons for storing the personal data (e.g. tax or commercial retention periods); in this case, the deletion takes place after these reasons no longer apply.

d) Note on data transfer to the USA and other third countries
Among other things, tools from companies based in the USA or other third countries that are not secure under data protection law are integrated on this website. If these tools are active, your personal data may be transferred to these third countries and processed there. I would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries; for example, companies in the USA are obliged to hand over personal data to security authorities without those affected being able to take legal action against this. I therefore cannot rule out the possibility that US authorities may process, evaluate and permanently store your data on US servers for surveillance purposes. I have no influence over this.

e) Revocation of consent to data processing
Many data processing operations are only possible with your express consent. You can revoke your consent at any time. The legality of the data processing carried out before the revocation remains unaffected by the revocation.

3. Collection and storage of personal data as well as the type and purpose of their use
a) When visiting the website

This website can generally be used without disclosing your identity. When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:IP address of the requesting computer,date and time of access,name and URL of the file accessed,website from which access is made (referrer URL),browser used and, if applicable, the operating system of your computer and the name of your access provider. The aforementioned data is processed for the following purposes: ensuring a smooth connection to the website, ensuring convenient use of our website, evaluating system security and stability and for other administrative purposes; the legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally, and we also use cookies and analysis services when you visit the website. You will find more detailed explanations in sections 5 and 7 of this privacy policy.

b) When using our contact form
If you have any questions, you can contact us using the form provided on our website. It is necessary to provide a valid e-mail address so that we know who sent the request and can answer it. Further information can be provided voluntarily. You are free to decide whether you wish to enter this data in the contact form and the data processing for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily given consent.

c) When ordering via our website
You can either place orders as a guest via this website without registering, or register in our shop as a customer for future orders. Registration has the advantage that, in the event of a future order, you can log into the shop directly with your email address and password without having to re-enter your contact details.
Personal data is entered into an input mask and transmitted to us and stored. If you place an order via this website, we first collect the following data, both in the case of a guest order and in the case of registration in the store: Title, first name, surname, a valid e-mail address, address, telephone number (landline and/or mobile)

This data is collected in order to identify you as our customer; to process, fulfill and process the order; for correspondence; for invoicing; to process any existing liability claims, as well as the assertion of any claims; to ensure the technical administration of our website; to manage our customer data.

Consent to the processing of this data is obtained as part of the ordering process and the data processing is carried out in response to your order and/or registration and is necessary for the purposes mentioned for the appropriate processing of the order and for the mutual fulfillment of obligations arising from the purchase contract in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR. The personal data collected by us for the processing of your order will be stored until the expiry of the statutory retention obligation and then deleted, unless we are obliged to store it for a longer period of time in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or you have consented to further storage in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

4. Transfer of data

A transfer of personal data to third parties takes place exclusively to the service partners involved in the execution of the contract, such as the logistics company commissioned with the delivery and the credit institute commissioned with payment matters. In cases where personal data is passed on to third parties, the scope of the data transmitted is limited to the necessary minimum.

When paying via PayPal, credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal, we pass on the payment data to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter "PayPal"), as part of the payment processing. PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or "purchase on account" via PayPal. PayPal uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, address data is included in the calculation of the score values.

Further data protection information can be found in the PayPal Privacy Policy:

Your personal data will not be transferred to third parties for purposes other than those mentioned above. We also only pass on your personal data to third parties if:you have given your express consent to this in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,the disclosure is necessary in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,in the event that there is a legal obligation to disclose your data in accordance with Art. 6 para. 1 sentence 1 lit. c GDPR, as well as this is legally permissible and required for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR. As part of the ordering process, consent to the transfer of data to third parties is obtained.

5. Use of cookies

This site uses cookies. These are small files that the browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to the end device and do not contain any viruses, Trojans or other malware.
Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. On the one hand, the use of cookies serves to make the use of our website more pleasant for you. For example, we use so-called session cookies to recognize which individual pages of our website have already been visited. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on the end device for a specific period of time. If you visit this page again to use our services, it will automatically be recognized that you have already visited us and which entries and settings you have made so that you do not have to re-enter them.

On the other hand, we use cookies to statistically record the use of the website and to evaluate it for the purpose of optimizing our offer (see section 8). These cookies are automatically deleted after a defined period of time. The data processed by cookies is required for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

6. Links to Third Party Web Sites
The links published on our website have been researched and compiled by us with the greatest possible care. However, we have no influence on the current and future design and content of the linked pages. We are not responsible for the content of the linked pages and expressly do not adopt the content of these pages as our own.

The provider of the linked website is solely liable for illegal, incorrect or incomplete content and for damages resulting from the use or non-use of the information. The liability of the party who merely refers to the publication by means of a link is excluded. We are only responsible for external references if we have positive knowledge of them, i.e. also of any illegal or punishable content, and if it is technically possible and reasonable for us to prevent their use.

7. Newsletter
If you would like to register for my newsletter, which I send via Mailchimp, I need an email address, a name to address (but a single letter is sufficient for this, for example) as well as your information about which topics you would like to be informed about. This data is stored, as is your consent to data storage, which is necessary for registration. In addition, I do not pass this information on to third parties.

You can unsubscribe from the newsletter at any time by sending us an email using the reply function or by clicking on the "Unsubscribe" button; after unsubscribing from the newsletter, your email address may be stored by us/Mailchimp in a blacklist to prevent future mailings.

This data is only used for this purpose and is not merged with other data. This storage is not limited in time. You can object if your interests outweigh my legitimate interest.Mailchimp is based in the USA, The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USAWhat this means in detail can be found under point 2. d) An order processing contract has been concluded with Mailchimp and you can find Mailchimp's privacy policy here: I reserve the right to delete email addresses from the newsletter list at my own discretion if I have a legitimate interest (within the scope of Art. 6 para. 1 lit. f GDPR ).

8. Analysis and tracking tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned regulation, and the respective data processing purposes and data categories can be found in the corresponding tracking tools.

a) Matomo 

You have the option to prevent actions you take here from being analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and improving usability for you and other users.

You have the option to prevent actions you have taken here from being analyzed and linked. This will protect your privacy, but will also prevent the owner from learning from your actions and making it easier for you and other users to use.

9. Social media plugins and other tools und andere Tools

We use social plugins from social networks (e.g. Facebook, Instagram, Pinterest) on our website on the basis of Art. 6 Para. 1 S. 1 lit.f GDPR to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for the data protection-compliant operation is to be guaranteed by the respective provider. We integrate these plugins using the so-called two-click method in order to protect visitors to our website in the best possible way.

a) Facebook

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your related rights and setting options to protect your privacy can be found in the data protection information, in particular the Facebook data guideline, which you can view under the following link: https: //

b) Instagram

Functions of the Instagram service are integrated on this website. If you are logged in with an Instagram account, you can link the content of this website to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate your visit to this website with your user account. I have no knowledge of the content of the transmitted data and no influence on its use by Instagram.if personal data is collected on this website using this tool and forwarded to Facebook or Instagram, we and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR).

The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing carried out by Facebook or Instagram after forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in an agreement on joint processing:

According to this agreement, we are responsible for providing data protection information when using the Facebook or Instagram tool and for the secure implementation of the tool on our website in accordance with data protection law. Facebook is responsible for the data security of Facebook and Instagram products. You can assert data subject rights (e.g. requests for information) with regard to the data processed by Facebook or Instagram directly with Facebook; further information on this can be found in Instagram's privacy policy:

c) Pinterest

This website is linked to Pinterest, which is operated by Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. If you click on the Pinterest button on an image, your browser establishes a direct connection to the Pinterest servers. Log data is sent to the Pinterest server in the USA. This log data may contain the IP address, the address of the websites visited, which also contain Pinterest functions, the type and settings of the browser, the date and time of the request, your use of Pinterest and cookies.

The data is stored and analyzed on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in social media. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the consent can be revoked at any time Further information on the purpose, scope and further processing and use of the data by Pinterest as well as your rights in this regard and options for protecting your privacy can be found in Pinterest's data protection information:

d) Vimeo

This website uses tools from the video portal Vimeo for linking video content. The provider is Vimeo Inc, 555 West 18th Street, New York, New York 10011, USA. When you visit a page with a Vimeo video, a connection to the Vimeo servers is established. This tells the Vimeo server (in the USA) which page you have visited. Vimeo also receives your IP address. Even if you are not logged in to Vimeo, if you are logged in to Vimeo with an account, Vimeo can assign your behavior on the website to the account. If you want to prevent this, you must log out of Vimeo.vimeo uses cookies / comparable recognition technologies to recognize website visitors. The use of Vimeo is in the interest of an appealing presentation of my online offers. The data transfer to the USA is based on the standard contractual clauses of the EU Commission and, according to Vimeo, on "legitimate business interests." Vimeo's privacy policy and further information on how they handle user data can be found here:

10. Rights of data subjects

to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal to request the origin of your data, if they were not collected from me, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;

in accordance with Art. 16 GDPR to immediately request the correction of incorrect or incomplete personal data stored by us;

to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;

In accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the correctness of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert or exercise it or you need to defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;

in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible;

in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future and, in accordance with Art. 77 GDPR, you may lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.

11. Right to Object

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation; if you wish to exercise your right of revocation or objection, simply send an e-mail to hallo ( at)

12. Data security

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.we also use suitable technical and organizational security measures to protect data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

13. Date and changes to this data protection declaration

This privacy policy is currently valid and was last updated in January 2024. It may be necessary to amend this privacy policy as a result of the further development of our website and offers on it or due to changes in legal or official requirements. The current privacy policy can be accessed and printed out at any time on our website under the following link:

Source: Muster-Datenschutzerklärung erstellt durch Rechtsanwalt Andreas Gerstel