European Union Addendum to Privacy Policy
This Addendum to our Privacy Policy applies to you only if accessing the Services from within the confines of the European Union.
THIS ADDENDUM TO THE PRIVACY POLICY DOES NOT APPLY TO ANY PERSON LOCATED WITHIN THE UNITED STATES OF AMERICA OR ANY OF ITS TERRITORIES, OR ANY COUNTRY OUTSIDE THE EUROPEAN UNION.
Additional Information requirements pursuant to Art. 13 GDPR (EU General Data Protection Regulation).
This Privacy Policy addendum applies solely to our processing of the personal data of data subjects who are in the European Union, where they use, browse or interact with, our Services.
It is important that you read this Privacy Policy together with any other privacy policy, privacy notice or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.
The terms used in this Privacy Policy (e.g. “personal data”, “processing”, “pseudonym” or “anonymization”) are in line with the definitions included in the General Data Protection Regulation (“GDPR”).
The controller of the personal data is the Services operator:
Flooz Inc.
8605 Santa Monica Blvd
PMB 94419
90069 West Hollywood, California United States of America
Our Data Protection Officer is Fabian Schönhaus, located in Arnsberg, Germany. You can reach our Data Protection Officer at any time writing to privacy@flooz.xyz.
Data Processing
The type, scope and purpose of the processing of personal data depend on which Services are used. We will process specific personal data required for each particular Service and depending on the respective group of data subjects (e.g. customers, website visitors).
The data subjects with regards to the Platform are all Platform visitors/users.
Provision of the Platform
In order to make the Services available, to enable basic functions and trouble-free operation, it is technically necessary to process personal data. Although these are basically device data, it may possible to link such data to the user. For example, the IP addresses of the used terminals, identifiers of the used terminals, the operating systems and the browser are processed solely in order to establish a connection between the terminal and the server hosting the Platform or Platform, and to display the contents in the intended layout.
Provision of the Platform
| Processing | Purpose for processing |
|---|---|
| Purpose | Establishing the technical connection between the visitor's terminal device and our Services Maintaining and improving the functionality of the Services Maintaining and improving the information security or data security (confidentiality, availability and integrity) of the Services (data storage in log files) |
| Categories of data | IP address of the accessing system Type and browser used by the end device and version Date, time and type of the access |
| Categories of recipients | Services hosting 1) Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA |
| Third-country data transfer | Yes. Personal data will be transferred to the U.S. for hosting and processing. |
| Storage period or its criteria | Session: data deletion after the end of the respective session Log-files: data deletion after 7 days or anonymization |
| Legal basis | Art 6 para 1 b and f GDPR (contract performance and legitimate interest) |
Webfonts
When a page is requested, the visitor’s browser loads the required web font into the visitor’s browser cache to display the texts and fonts correctly. If your browser does not support web fonts, a default font will be used instead.
Webfonts
| Processing | webfonts |
|---|---|
| Purpose | Present our Services in a uniform and attractive form |
| Categories of data | IP address of the accessing system |
| Categories of recipients | Front hosting 1) Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789, USA |
| Third-country data transfer | Yes. Personal data will be transferred to the U.S. for hosting and processing. |
| Storage period or its criteria | - CSS cached for 1 year and revalidated when it changes - Front files cached for 1 day |
| Legal basis | Art 6 para 1 f GDPR (legitimate interest) |
Cookies and Tracking Technologies
The Services use cookies and other automated data collection technologies for various purposes. The cookies are transmitted either from us or from third-party servers to the visitor's browser.
As a result, a recognition of the used device is potentially possible.
These technologies are only set once you have given us your consent. To grant your consent, we will provide you with a communication field at the beginning of the visit to the Services. Any given consent can be revoked at any time with future effect in the cookie settings on our Services.
Cookies and Tracking Technologies
| Processing | Range measurement and optimization of our offer |
|---|---|
| Purpose | Range measurement Optimization of the offered services Online marketing Targeted advertising Collect, manage, document and revoke consent |
| Categories of data | IP address of the accessing system Type and browser used by the end device and version Date, time and type of the access More details can be found in the privacy policies of the cookie providers |
| Categories if recipients | Cookie providers: Google Analytics, Google Tag Manager, Google Firebase: Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, United States, “Google” Webflow Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103 Hotjar Hotjar Ltd, Dragonara Business Centre,5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141,Malta Sentry Functional Software, Inc. dba Sentry, with the registered seat: 132 Hawthorne Street, San Francisco, CA 94107 Facebook Pixel Facebook, Inc., Facebook Headquarters 1 Hacker Way Menlo Park, CA 94025 Statsig Statsig, Inc. 14725 SE 36th St #200, Bellevue, WA 98006, USA Cookie3.IO Cookie3 OÜm Harju maakond, Tallinn, Nõmme linnaosa, Rännaku pst 12, 10917 |
| Third-country data transfer | To the US to Google, Webflow, Sentry, Facebook, Statsig An agreement has been concluded based on the EU Standard Data Protection Clauses which ensure the transfer of data with appropriate safeguards in accordance with Art 46 GDPR |
| Storage period or its criteria | Depending on type: session: 90 days |
| Legal basis | Art 6 para 1 a GDPR (consent) |
Communications
The data subjects with regards to the mailing list are the Service users. The data subjects with regards to the communication services are all-natural persons contacting us or signing up to receive information from us.
Various contact forms available on the Services can be used to request further information or sign up for our mailing list. The mailing list is a separate, free information service that can be used independently of any existing customer relationship. By submitting the contact form, the subscriber consents to be contacted by us via e-mail.
You can unsubscribe from the mailing list and therefore withdraw the consent at any time. Each mailing contains information to unsubscribe from the mailing list with future effects. Alternatively, the request to unsubscribe can be sent via e-mail at any time.
For the distribution, management and statistics of the contact forms, as well as the mailing lists we use different service providers.
| Processing | Contact Form, Mailing List, and Customer Service |
|---|---|
| Purpose | Customer relationship management Answering customer requests Providing company and product related questions Management and administration of customers, prospects, leads and other requests |
| Categories of data | e-mail address Name Date, time and type of the contact IP address of the accessing system Type of browser used of the end device and version |
| Categories if recipients | Customer.io Peaberry Software Inc., 187 WOLF ROAD, SUITE 101, ALBANY, NY 12205 Dynamic.XYZ Dynamic Labs, Inc. (Palo Alto, California, USA) Chainalysis Chainalysis Inc., (114 5th Avenue, 18th Floor, New York, NY 10011) |
| Third-country data transfer | To the US to Customer.io, Dynamic.XYZ, Chainalysis An agreement has been concluded based on the EU Standard Data Protection Clauses which ensure the transfer of data with appropriate safeguards in accordance with Art 46 GDPR |
| Storage period or its criteria | Depending on the type of request and customer status: min 3 months after the ticket was closed/max 3 years after the end of the customer relationship |
| Legal basis | Art 6 para 1 a, b and f GDPR (contract performance or legitimate interest or consent) |
Right of Data Subjects
If your personal data is being processed and you are an EU resident and located in the EU when you access the Services, you are a data subject as defined by the GDPR. Consequently, you have the rights described in articles 15 to 21 GDPR in relation to the controller. In order to exercise your rights or to obtain further information about data protection at our company, please contact our data protection officer by sending an e-mail to privacy@flooz.xyz.
Right of Access
Pursuant to Art. 15 GDPR, you have the right to request confirmation from us as to whether we are processing personal data relating to you. You can request the following information from us: processing purposes; category of personal data being processed; recipients or categories of recipients to whom your data has been or will be disclosed; planned storage period or, if specific information on this is not possible, criteria for determining the storage period; existence of a right to rectification, erasure, restriction of processing or objection; existence of a right to lodge a complaint with a supervisory authority; origin of your data, if it has not been collected by us; existence of automated decision-making including "profiling" and, if applicable meaningful information on their details; transfer of the personal data to a third country or to an international organization; appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
Right of Rectification
In accordance with article 15 GDPR, you have the right to request the rectification for your personal data if it is either incorrect or incomplete.
Right to Restriction of Processing
Pursuant to Art. 18 GDPR, you have the right to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.
Right to Deletion
Pursuant to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims.
Right to Notification
If you have asserted the right to rectification, erasure or restriction of processing against the controller, we are obligated pursuant to Art. 19 GDPR to notify all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed about these recipients.
Right to Data Portability
In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller.
Right of Objection
According to Art. 21 GDPR, you have the right to revoke your consent at any time. We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to "profiling" insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Right to Revoke the Declaration of Consent
In accordance with Art. 7 para. 3 GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Changes to this Privacy Policy
We reserve the right to make changes to this Privacy Policy from time to time, to the extent permitted by applicable law.
Updated: October 2023