Privacy policy

1. Controller responsible for data processing

Boum AG
Gewerbestrasse 12
3002 Bern
Switzerland
hello@boum.garden

We are pleased about your interest in our online shop. The protection of your privacy is very important to us. Below, we inform you in detail about the handling of your data.

Data Protection Officer: Ludwig Auer

EU Representative:

Rickert Rechtsanwaltsgesellschaft mbH
Colmantstraße 15
53115 Bonn
Germany
Email: art-27-rep-boumag@rickert.law

2. Access Data and Hosting

You can visit our websites without providing any personal information. With each website access, the web server automatically stores a so-called server log file, which includes, for example, the name of the requested file, your IP address, date and time of access, the amount of data transferred, and the requesting provider (access data), and documents the access.

These access data are evaluated exclusively to ensure the trouble-free operation of the site and to improve our offer. This serves to protect our legitimate interests in a correct presentation of our offer according to Art. 6 para. 1 sentence 1 lit. f GDPR. All access data are deleted no later than seven days after the end of your visit.

3. Data Collection and Use for Contract Processing, Contacting, and Opening a Customer Account

We collect personal data when you voluntarily provide it to us as part of your order or when contacting us (e.g., via contact form or email). Mandatory fields are marked as such, as we require the data in these cases for contract processing or to process your contact and you cannot submit the order or contact us without providing it. The data collected can be seen from the respective input forms. We use the data provided by you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR to process contracts and your inquiries.

If you give your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR by choosing to open a customer account, we will use your data for this purpose.

After the complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after the tax and commercial retention periods, unless you have expressly consented to further use of your data or we reserve the right to further data usage as permitted by law and informed in this declaration. You may delete your customer account at any time by sending a message to the contact option described below or via a function provided for this in the customer account.

4. Data Sharing

To fulfill the contract pursuant to Art. 6 para. 1 sentence 1 lit. b GDPR, we share your data with the shipping company entrusted with the delivery, as far as this is necessary for the delivery of ordered goods. Depending on the payment service provider you select during the order process, we share the collected payment data with the bank commissioned with the payment and, if applicable, with the payment service provider commissioned by us or with the selected payment service. Some payment service providers also collect this data themselves if you create an account with them. In this case, you must log in with your access data during the ordering process. The privacy policy of the respective payment service provider applies.

If your data is transferred to a third country (e.g., the USA) due to the use of certain payment or shipping service providers, this only takes place if an adequate level of data protection in accordance with Art. 44 ff. GDPR is guaranteed (e.g., through an adequacy decision, standard contractual clauses, or your consent).

Data transfer to shipping service providers

If you have given us your express consent to this during or after your order pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR, we will pass on your email address and telephone number to the selected shipping service provider so that they can contact you before delivery for the purpose of delivery notification or coordination.

Consent may be revoked at any time by sending a message to the contact option described below or directly to the shipping service provider using the contact address listed below. After revocation, we will delete the data you provided for this purpose, unless you have expressly consented to further use of your data or we reserve the right to use the data beyond this, which is legally permitted and about which we inform you in this statement.

5. Email Newsletter

Email advertising with newsletter subscription

If you subscribe to our newsletter, we use the required or separately provided data to regularly send you our email newsletter based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. We use the double opt-in procedure during registration to be able to verify consent.

Unsubscribing from the newsletter is possible at any time and can be done either by a message to the contact option described below or via a link provided in the newsletter. After unsubscribing, we will delete your email address from the recipient list unless you have expressly consented to further use of your data or we reserve the right to use the data beyond this, which is legally permitted and about which we inform you in this statement.

Email advertising without newsletter subscription and your right to object

If we receive your email address in connection with the sale of a product or service and you have not objected, we reserve the right to regularly send you offers for similar products from our range by email based on § 7 para. 3 UWG (Art. 6 para. 1 lit. f GDPR). This serves our overriding legitimate interests in promotional communication with our customers.

You can object to this use of your email address at any time by sending a message to the contact option described below or via the link provided in the promotional email, without incurring any costs other than the transmission costs according to the base rates.

6. Cookies and Web Analysis

To make your visit to our website attractive, enable the use of certain functions, and for statistical analysis and marketing purposes, we use cookies and similar technologies on our website. We distinguish between essential cookies that are technically necessary for website operation and non-essential cookies such as analytics and marketing cookies. The use of non-essential cookies (e.g., Google Analytics) is based solely on your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You give this consent via the embedded cookie consent tool when you first visit our website. You can change your cookie settings at any time via the consent tool and withdraw or grant your consent again. We use a consent management tool to obtain and manage your consent, which is displayed upon your first visit. There, you can choose whether you agree to the use of certain categories of cookies (e.g., analytics, marketing).

Use of Google (Universal) Analytics for Web Analysis

If you have given your consent according to Art. 6 para. 1 sentence 1 lit. a GDPR, this website uses Google (Universal) Analytics for the purpose of website analysis. The web analytics service is provided by Google Ireland Limited, a company registered and operated under Irish law with its registered office at Gordon House, Barrow Street, Dublin 4, Ireland (www.google.de). Google (Universal) Analytics uses methods such as cookies to analyze your use of the website. The automatically collected information about your use of this website is usually transmitted to a Google server in the USA and stored there. By activating IP anonymization on this website, your IP address is shortened before transmission within the member states of the European Union or other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google. After the purpose ceases to apply and the use of Google Analytics ends, the data collected in this context will be deleted.

If information is transferred to and stored on Google servers in the USA, the American company Google LLC is certified under the EU-U.S. Data Privacy Framework. More information is available at: https://www.dataprivacyframework.gov/. Based on this agreement between the USA and the European Commission, the latter has determined that companies certified under the Privacy Shield have an adequate level of data protection.

You can revoke your consent at any time with future effect by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. This prevents the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google.

Newsletter data

If you would like to receive the newsletter offered on the website, we need your email address and information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively to send the requested information and do not share it with third parties.

The processing of the data entered in the newsletter registration form is based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to store the data, the email address, and its use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter. The legality of the data processing already carried out remains unaffected by the revocation.

We store the data you provide to receive the newsletter until you unsubscribe and delete it after you cancel your subscription. Data stored for other purposes remains unaffected.

9. Contact Options and Your Rights

As a data subject, you have the following rights:

In accordance with Art. 15 GDPR, the right to obtain information about your personal data processed by us;

In accordance with Art. 16 GDPR, the right to request immediate correction of incorrect or completion of your stored personal data;

In accordance with Art. 17 GDPR, the right to request deletion of your stored personal data, unless further processing is required

• to exercise the right of freedom of expression and information;
• to fulfill a legal obligation;
• for reasons of public interest or
• to assert, exercise or defend legal claims;

If we process personal data as explained above to safeguard our overriding legitimate interests within the framework of a balancing of interests, you may object to this processing with effect for the future. If the processing is for direct marketing purposes, you may exercise this right at any time as described above. If the processing is for other purposes, you are only entitled to a right to object on grounds arising from your particular situation.

After you exercise your right to object, we will no longer process your personal data for these purposes unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or if the processing serves the establishment, exercise or defense of legal claims.

This does not apply if the processing is for direct marketing purposes. In that case, we will no longer process your personal data for this purpose.