Privacy Policy
1) Introduction & Contact Information
1.1 Thank you for visiting our website. We appreciate your interest and would like to explain how we handle your personal data when you use our site. “Personal data” means any information by which you can be identified.
1.2 The controller responsible for processing personal data on this website under the General Data Protection Regulation (GDPR) is:
Jana Straif
Yaflora / Jana Straif
Obere Hirtengasse 12
72469 Obere Hirtengasse
Germany
Phone: +49 157 542 10 213
Email: yaflora.musica@gmail.com
The “controller” is the person who determines the purposes and means of processing personal data.
2) Data Collection When Visiting Our Website
2.1 For informational use of our website (e.g. reading pages, browsing), you are not required to register or provide personal data. We collect only basic data automatically from your browser (so-called “server log files”) which are essential for displaying the website:
The page visited
Date and time of access
Amount of data transmitted
Referrer URL (where you came from)
Browser and operating system used
Your IP address (possibly anonymized)
These data are processed under GDPR Article 6(1)(f) — our legitimate interest in maintaining website performance and stability. We do not share or use this data otherwise, unless there is evidence of unlawful use, in which case we reserve the right to review the log files.
2.2 The website uses SSL/TLS encryption for secure data transmission. You can see this in your browser’s address bar (“https://” and the lock icon).
3) Cookies
We use cookies—small text files stored on your device—to enhance website functionality. Some are deleted when you close the browser (“session cookies”), others remain longer (“persistent cookies”) to save settings. You can control cookies via your browser settings; note that disabling them may affect site performance.
If any cookies process personal data, this is done under one of the legal bases:
Article 6(1)(b) — for contract purposes
Article 6(1)(a) — with your consent
Article 6(1)(f) — to serve our legitimate interest of an optimal user experience
4) Contact & Inquiry Forms
If you contact us via email or form, we store the information you provide (e.g. name, email, message content) solely to respond to your inquiry and for related administrative purposes. This data is processed under:
Article 6(1)(f) — our legitimate interest in handling communications
Article 6(1)(b) — if your inquiry relates to a contract
We delete your data once the inquiry is resolved and no legal obligations require its retention.
5) Comments & Feedback
If you post a comment, we collect:
Your comment
Date and time
Your display name
Your IP address (for security)
Optionally your email (for notifications or legal verification)
These details are processed under Articles 6(1)(b) and 6(1)(f) GDPR. We may delete comments reported as unlawful.
6) Embedded Services & Plugins
6.1 YouTube
Embedded YouTube videos are provided by Google Ireland Limited. Viewing these may transmit your IP and cookies to Google. Cookies will only be set if you’ve consented via our cookie tool. Google adheres to the EU-US Data Privacy Framework.
6.2 Google Maps
If used, Google Maps may transmit location and IP data to Google servers, including in the USA. This is done under Article 6(1)(f) — Google’s interest in personalized services and advertising. To opt-out, disable cookies or log out from any Google account before use.
6.3 Google Web Fonts
We use Google Fonts for consistent typography. Your browser fetches fonts and sends minimal data to Google. These requests occur only after your consent. Google adheres to the EU-US Data Privacy Framework.
6.4 Google reCAPTCHA
This service protects forms from bots and transmits data like IP address and browser information to Google. Processing is justified under Article 6(1)(f) for security reasons. We have a data processing agreement with Google. Google adheres to the EU-US Data Privacy Framework.
6.5 Google Customer Reviews
If used, after purchases you may receive an invitation to provide feedback via Google. You may opt out at any time. Data transmission is based on Article 6(1)(a) — your consent. Google adheres to the EU-US Data Privacy Framework.
7) Job Applications
If you email applications, we collect basic personal and potentially special data (e.g. health). Processing is based on:
Article 6(1)(b) GDPR (employment contract interest)
Article 9(2)(b) or 9(1)(h) GDPR (if you provide health data)
We keep application data for up to six months if no employment results; otherwise, only as permitted by law.
Online form applications follow the same rules with encrypted transmission and GDPR Article 6(1)(b) in place.
8) Cookie Consent Tool
We use a consent management tool to collect user consent for non-essential cookies. The tool stores your preferences in a technically necessary cookie and does not process personal data, unless your IP address is recorded to manage preferences (Article 6(1)(f)). We have a processing agreement in place. You can view the provider’s details via the tool interface on our site.
9) Your Rights
Under GDPR, you have the right to:
Request access (Art. 15)
Request correction (Art. 16)
Request deletion (Art. 17)
Request restriction of processing (Art. 18)
Object to processing (Art. 21)
Lodge a complaint (Art. 77)
Withdraw consent at any time (Art. 7(3))
If we process data based on our legitimate interest, you may object at any time. If you object, we must stop processing unless we have compelling legitimate reasons. This also applies to data used for direct marketing.
10) Data Retention
We store data only as long as legally required or needed for its purpose:
Until consent withdrawal (Art. 6(1)(a))
Until legal retention periods end (Art. 6(1)(b))
Until objection is lodged (Art. 6(1)(f)), unless overriding reasons exist
- Deleted when no longer needed
Questions or requests? You can always contact us at [yaflora.musica@gmail.com].