Current version: February 4, 2022
This Privacy Statement gives you an overview of how your personal data is processed when you surf the website available at timz.io, or timz.flowers (the “Website”), use the timz app (app.timz.flowers or other domains) or use the services offered within either of these offerings (collectively the “Services”). This Privacy Statement also informs you about your rights according to the EU General Data Protection Regulation (“GDPR”) and your options to manage your personal data and protect your privacy.
The data controller for the Website as well as for the Services is timz UG, Schwedterstraße 266, 10119 Berlin, (“we”, “us” or “timz”). If you have questions regarding the processing of your data, you can contact us by e-mail at [email protected]
You are neither legally nor contractually obliged to provide us with the personal data specified in this Privacy Statement. However, if you do not provide us with certain personal data, we may not be able to enter into a contract with you and you may not be able to use our Services, or only to a limited extent.
When we make our Website and Applications available, we process personal data from various sources. On the one hand, this is data that we automatically process for each visitor when they access the Website. On the other hand, we only process certain data if you decide to contact us or use certain functions of the Website.
Data that we collect automatically when you visit our Website:
When you visit the Website, you send technical information to our web servers, which we store in server log files. This happens regardless of whether you subsequently contact us (e.g. via the contact form). In any case we collect the following usage and web access data (which we call “usage data”):
We process the usage data to enable you to use the Website and to ensure the functionality of the Website. In addition, we process usage data to analyse the performance of the Website, to continuously improve the Website and correct errors or to personalise the content of the Website for you. We also process the usage data to ensure IT security and the operation of our systems and to prevent or detect misuse, especially fraud. These server log files are deleted after a maximum of 7 days. Our legal basis for processing this data is Art. 6 (1) lit. f) GDPR.
Data that you yourself transmit to us:
In addition to the data we process on all Website visitors, we also process other data when you use our contact form. You can see the details in the contact form. We process this data exclusively for the purpose of processing your request.
The legal basis in each case is Art. 6 (1) lit. a) GDPR (your consent).
Information we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information.
“Voluntarily provided” information refers to any information you knowingly and actively provide us when using our app and its associated services.
“Automatically collected” information refers to any information automatically sent by your device in the course of accessing our app and its associated services.
In addition, we only process further personal data if you use our Services. This is the case here:
We process this data to provide you with the Services and to enable you to communicate with other users of the Services. We also process this data in order to detect and correct errors, to improve the service (for example, by means of pseudonymous A/B tests to optimise the user interface) or, in individual cases, to prevent use in breach of the contract or the law.
Please note that we do not encrypt your content data when you use our Services.
The legal basis for the processing of usage data within the scope of our Services is Art. 6 (1) lit. b) GDPR with regard to the provision of Services, and Art. 6 (1) lit. f) GDPR with regard to other purposes.
When you access our servers via our app, we may automatically log the standard data provided by your device. It may include your device’s Internet Protocol (IP) address, your device type and version, your activity within the app, time and date, and other details about your usage.
Additionally, when you encounter certain errors while using the app, we automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Our app may access and collect data via your device’s in-built tools, such as:
When you install the app, use it in a webbrowser or use your device’s tools within the app, we request permission to access this information. The specific data we collect can depend on the individual settings of your device and the permissions you grant when you install and use the app.
We may ask for personal information — for example, when you submit content to us or when you contact us — which may include one or more of the following:
We consider “user-generated content” to be materials (text, image and/or video content) voluntarily supplied to us by our users for the purpose of publication on our platform, website or re-publishing on our social media channels. All user-generated content is associated with the account or email address used to submit the materials.
We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.
We may collect personal information from you when you do any of the following on our website:
Register for an account
Sign up to receive updates from us via email or social media channels
Use a mobile device or web browser to access our content
Contact us via email, social media, or on any similar technologies
When you mention us on social media
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
We may combine voluntarily provided and automatically collected personal information with general information or research data we receive from other trusted sources. For example, If you consent to us accessing your social media profiles, we may combine information sourced from those profiles with information received from you directly to provide you with an enhanced experience of our app and services.
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13. Our service is aimed at working people at least 18 years old or with full legal capacity.
We may disclose personal information to:
Third parties we currently use include:
The personal information we collect is stored and/or processed in , or where we or our partners, affiliates, and third-party providers maintain facilities.
We have already informed you above for which purposes we process your data in individual cases. Furthermore, we may also process your data for other purposes. These include, for example, the transfer of your personal data to third parties if we are legally obliged to do so, but also the assertion of legal claims on our part or the defence against legal disputes. In these cases, the legal basis is either a legal obligation (Art. 6 para. 1 lit. c) GDPR) or our legitimate interests.
Your personal data will only be disclosed to third parties if this is necessary for the provision of the Website or Services. Our Website is hosted on Hetzner.de (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany). Our Services run on DigitalOcean.com (101 Avenue of the Americas, New York, NY 10013, USA) cloud servers. All these data recipients have made strict contractual agreements with us to process data exclusively within the scope of our instructions (so-called order processing agreements).
The data recipients also include the third-party providers listed in our overview of cookies and analysis tools. Detailed information about the third-party providers we use in this context, e.g. to process customer inquiries or web analytics, can be found in the information about cookies, web analytics and other tracking technologies at the end of this Privacy Statement.
Please be informed: If you distribute a link (copy-link function) to a “Flower” or a “Petal”, the recipient of the link will be able to preview the “Flower” and all its contents, even if the recipient is not a user of the Platform or a member of your “Garden”. Make sure that you send these links only to trusted people and that they are not forwarded. At a later date, we may provide a selection option for hidden links where the “Flower” is not immediately viewable.
We do not transfer your personal data to countries outside the EEA without implementing appropriate safeguards.
We host your content-data on AWS (Amazon Web Services, Inc. 410 Terry Avenue North Seattle WA 98109, USA) powered by Cloudinary (Cloudinary Ltd., 38 Chancery Lane, The Cursitor Building, London WC2A 1EN, United Kingdom). Although AWS’s servers are located in Frankfurt, Germany, your content-data will still be transferred legally to the United States, a country outside the EEA (a so-called “Third Country”). However, we will ensure that an adequate level of data protection is maintained at all times. We will ensure that the content-data recipients are either certified according to the so-called “EU-US Privacy Shield” (as is currently the case with AWS) or that the so-called EU standard contractual clauses are included in our contracts with these providers in order to guarantee security of processing and an adequate level of data protection at all times.
We process and store your personal data as far as this is necessary to fulfil our contractual or legal obligations. Therefore, we store the data for the duration of the contractual relationship with you and after termination only to the extent and for as long as required by law. If the data is no longer required to fulfill legal obligations (e.g. under tax or commercial law), it will be deleted unless further processing is necessary to preserve evidence or to defend against legal claims against us.
Within the scope of the GDPR you can assert the following rights against us:
You further have the right to lodge a complaint with the competent data protection supervisory authority (Art. 77 GDPR).
In addition, you can also revoke a given consent at any time. However, this revocation is only valid for the future. Any processing that may have taken place before the revocation remains unaffected. If you wish to exercise your rights as a data subject, you can do so by e-mail to [email protected]
Information about your right of objection under Art. 21 GDPR
In addition to the rights already mentioned, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation, provided that such processing is carried out on the basis of Art. 6 (1) lit. f) GDPR (data processing based on a balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate that your interests, rights and freedoms outweigh the processing and therefore justify the processing.
You also have the right to object, at any time, to the processing of your personal data for the purpose of direct marketing (including the subscription to our newsletter), at no cost other than the transmission costs according to the basic tariffs; this also applies to the creation of a user profile (so-called “profiling”), insofar as this is connected with direct marketing. If you object to this, we will not process your personal data in the future.
Please note that if you do not provide us with certain data or if you object to the use of such data, you may not be able to use the Website or may only be able to use it to a limited extent.
The objection may be lodged informally and must be addressed to the competent authority: should be submitted to: [email protected]
Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.
Access: You may request details of the personal information that we hold about you.
Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example serving particular content to your device), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.
Downloading of Personal Information: We provide a means for you to download the personal information you have shared through our app. Please contact us for more information.
Notification of data breaches: We will comply with laws applicable to us in respect of any data breach.
Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
What are cookies? Cookies are small text files with information that are stored on your access device. They are usually used to associate a user with a particular action or preference on a Website, but without identifying the user as a person or revealing their identity.
Cookies are not automatically good or bad, but it is worth understanding what you can do about it and making your own decision about your data.
We use the following types of cookies, whose scope and functionality are explained below: Session cookies and persistent cookies.
Session cookies are automatically deleted when you close your browser. This applies in particular to session cookies. They store a so-called session ID with which various requests from your browser can be assigned to the shared session. This enables your computer to be recognised when you return to our Website. Session cookies are deleted when you log out or close your browser.
By default, the setting of cookies can be managed by the browser program of your browser, also in such a way that no cookies can be set at all or that cookies are deleted again. Your browser may also have a function for anonymous surfing. You can use these functions of your browser yourself at any time. However, if you have deactivated the setting of cookies in your browser by default, it is possible that our Website or our Services will not function properly.
In addition to cookies, we also use other technologies for tracking users. These include so-called pixel tags (also known as “web beacons”, “GIFs” or “bugs”). These pixel tags are transparent one-pixel images that are located on the Website. They track, for example, whether a certain area of the Website has been clicked on. When triggered, the pixel tag logs a user interaction and can read or set cookies. Because pixels often rely on cookies to function, turning off cookies may affect them. But even if you turn off cookies, Pixel can still recognize a Website visit.
We also use so-called Software Developer Kits (SDKs) for our Services. SDKs are pieces of code provided by our vendors (e.g., third-party advertising providers, ad networks and analytics providers) in our mobile applications to collect and analyze certain device and user data.
We also use so-called device IDs. These are user-resettable identifiers consisting of numbers and letters. They are uniquely assigned to a specific terminal device. They are stored directly on the device. These include Google’s Apple Advertiser ID (IDFA) and Android Ad ID (AAID). They are used to identify you and/or your device(s) to, from and across different apps and devices for marketing and advertising purposes.
The legal basis for the processing of personal data using cookies and other technologies is Art. 6 (1) lit. a) GDPR, unless otherwise stated below.
Comprehensive information about every single cookie we use is available in our Consent Manager.
The information generated by the cookie about your use of our Website (identification, browser type/version, operating system used, referrer URL, abbreviated IP address, time of server inquiry) is usually transferred to a Google server in the USA and stored there. However, in the member states of the European Union or in other signatory states to the Agreement on the European Economic Area, your IP address will first be shortened by Google on our Website. For this purpose, we have implemented the code “gat._anonymizeIp() ;” to ensure anonymous collection of IP addresses (so-called IP masking).
Only in exceptional cases will the complete IP address be transferred to a Google server in the USA and abbreviated there. If, in exceptional cases, personal data is transferred to the USA, Google’s certification under the so-called “Privacy Shield Agreement” between the EU and the USA (https://www.privacyshield.gov/participant?id=a2zt00000000001L5AAItatus=Active) guarantees a level of data protection that corresponds to the level of data protection in the EU.
Google will use the information about your use of the Website on our behalf in the context of Google Analytics to evaluate your use of the Website, to compile reports on Website activity and to provide other Services relating to Website activity and internet usage. The IP address transmitted by your browser within the framework of Google Analytics and Google Tag Manager is not combined by us with other data from Google.
In addition to the general deactivation of cookies, you can prevent Google from collecting and processing data about your use of our Website (including your abbreviated IP address) by downloading and installing the browser plugin under the following link: http://tools.google.com/dlpage/gaoptout.
Our Services use the analysis tool Mixpanel, a service of Mixpanel Inc. One Front Street, 28th Floor, San Francisco, CA 94111, USA. The Mixpanel service logs page views and page activity. To enable this, log data is transmitted to Mixpanel (and Mixpanel Inc.) using a cipher in an anonymous form. You can find more information about the use of your data on the privacy page of the Mixpanel service (http://mixpanel.com/privacy). If you do not wish to transmit log data from your activities on this website to Mixpanel (and Mixpanel Inc.), you can stop the recording of logs of your activity with the so-called “opt out cookie”, which you can activate at http://mixpanel.com/optout/. Please note, however, that this cookie, and thus the ban on recording, is deleted as soon as you delete your cookies in the settings of your browser.
Our Services may use Hotjar, a service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta, to gain insights into our customers’ needs and to optimize our Services continuously. Hotjar is a technology service that helps us to better understand our users’ experiences, for example, the time they spend in which areas of the Services or the links they click. We use Hotjar’s services including heat maps, visitor recordings, funnels and form analysis. Hotjar uses a tracking code and a cookie to receive Usage Data (as defined above). Hotjar saves all information in a pseudonymous user profile. Hotjar does not associate this information with individual identified persons. Instead, Hotjar shows the general, aggregated behaviour of users. Hotjar or timz will not use this information to identify individual users or match it with other data concerning individual users. For details, please go to Hotjar’s privacy statement available at https://www.hotjar.com/legal/policies/privacy. You can object to Hotjar’s creating a user profile, saving data concerning your use of this Website and using tracking cookies on other websites by clicking https://www.hotjar.com/legal/compliance/opt-out.
Our Services may use Hubspot, a service provided by Hubspot, 25 First Street, 2nd Floor, Cambridge, MA 02141, United States and 1 Sir John Rogerson’s Quay, Dublin 2, in order to support our online marketing efforts. Please go to Hubspot’s privacy statement available at: https://legal.hubspot.com/privacy-policy for details. Email communication will only be sent to those who have opted in for communication through this channel.
Our app may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.
In accordance with your right to non-discrimination, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels for the goods or services we provide.
Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information, and we will provide written terms that describe clearly the nature of such an offer. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:
Identifiers, such as name, email address, phone number account name, IP address, and an ID or number assigned to your account.
For more information on information we collect, including the sources we receive information from, review the “Information We Collect” section. We collect and use these categories of personal information for the business purposes described in the “Collection and Use of Information” section, including to provide and manage our Service.
If you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
If you are a California resident, in addition to the rights discussed above, you have the right to request information from us regarding the manner in which we share certain personal information as defined by California’s “Shine the Light” with third parties and affiliates for their own direct marketing purposes.