Privacy Policy

Last updated:  January 2026


Eterna Flowers Jewels
Werner Str. 126, 71636 Ludwigsburg, Germany
Email:  eterna.flowers444@gmail.com

VAT-ID / German USt-IdNr.: We have applied for our VAT identification number and will update it here as soon as it is issued by the tax office.

For the purpose of applicable data protection laws, Eterna Flowers Jewels is the controller of your personal data.


1. Introduction / scope

Eterna Flowers Jewels operates this online store and website to provide you with product information and an online shopping experience (the “Services”). This Privacy Policy explains how we collect, use, disclose and protect personal information when you visit or use our Services, place orders, contact us or otherwise interact with us. Where the law requires specific information (e.g. cookies, international transfers, data subject rights), it is explained below.


2. Personal data we collect

We may collect and process the following categories of personal data (depending on how you use the Services):

  • Contact & identity data: name, billing & shipping address, email address, telephone number.
  • Account data: username, password (stored securely), preferences and settings.
  • Payment & transaction data: payment method, payment confirmation, partial payment details needed to process the payment (we do not store full card details on our servers if processed by a payment provider).
  • Order data: items ordered, order history, returns, exchanges.
  • Communications: messages you send us (support requests, reviews, etc.).
  • Device & technical data: IP address, device type, browser version, operating system, language, referrer and other log data.
  • Usage data: interactions with the Services (pages viewed, session times, products clicked), cookies and similar technologies.
  • Other: any other information you choose to provide (e.g. when you sign up for newsletters or surveys).


3. Sources of personal data

We collect personal data:

  • Directly from you (when you register, place an order, contact support, subscribe to newsletters, etc.).
  • Automatically when you use the website (cookies / server logs).
  • From third parties and service providers acting on our behalf (hosting, payment, shipping, analytics, marketing).
  • From publicly available sources, if applicable.


4. Legal bases for processing (GDPR Art. 6)

We rely on the following legal bases, depending on the purpose:

  • Performance of a contract (Art. 6(1)(b) GDPR): processing required to perform orders, process payments, deliver goods and manage your account.
  • Consent (Art. 6(1)(a) GDPR): where you have given consent (e.g. newsletter, certain cookies, targeted marketing where required). You may withdraw consent at any time (withdrawal does not affect prior lawful processing).
  • Legal obligation (Art. 6(1)(c) GDPR): compliance with statutory record-keeping obligations (tax law, commercial law).
  • Legitimate interests (Art. 6(1)(f) GDPR): where necessary for fraud prevention, to maintain the security of our Services, to improve and personalize the Services, and to enforce our Terms — provided these interests are not overridden by your rights and freedoms.


5. How we use personal data (purposes & examples)

We process personal data to:

  • Provide and fulfil orders: process orders, payments, shipping, returns, customer support, order confirmations. (legal basis: performance of contract)
  • Account management: create and manage your account, remember preferences. (contract / legitimate interest)
  • Customer communication: respond to inquiries, notify you about order status, product updates, security notices. (contract / legitimate interest)
  • Marketing & promotions: send newsletters or promotional messages if you consented or when lawful under applicable rules; show you personalized offers and product recommendations (consent or legitimate interest where lawful). You can opt out at any time.
  • Security & fraud prevention: detect and prevent fraud, spam and abuse; secure our systems. (legitimate interest)
  • Analytics & site improvement: measure site usage and performance to improve UX and Services (we use aggregated/ pseudonymized analytics where possible). (legitimate interest or consent where required)
  • Legal compliance: retain information for tax, accounting and legal obligations. (legal obligation)

We do not use automated decision-making (including profiling) that produces legal effects concerning you or similarly significantly affects you.


6. Cookies & similar technologies

We use cookies, local storage and similar technologies to operate the Services, remember preferences, analyse usage and (if you consent) for marketing/targeting. Categories include:

  • Strictly necessary cookies: required to operate the site (e.g., session, shopping cart).
  • Functional cookies: remember preferences (language, display).
  • Performance/analytics cookies: measure how the site is used (e.g., page visits).
  • Advertising/targeting cookies: used for personalized advertising and retargeting.

You can manage or revoke cookie consents via the cookie banner/settings on the site and in your browser settings. Disabling certain cookies may affect site functionality.


7. Recipients / categories of recipients (third-party processors)

We share personal data with the following service providers who process data on our behalf as processors, and with other recipients where necessary:

  • Hosting & E-Commerce Platform: Our online shop is hosted and operated using the website builder provided by domainfactory GmbH (Germany). They process all website and transactional data as our processor.
  • Payment Service Providers: We offer payments via PayPal (which also processes credit card payments for customers without a PayPal account) and direct bank transfer (Überweisung). When you choose to pay via PayPal, your payment data is processed directly by PayPal under their own privacy policy. We only receive a payment confirmation and the information necessary for order fulfilment (e.g., name, address, order amount). In case of a bank transfer, the payment transaction is handled directly between you and your bank.
  • Logistics & Shipping Partners: For the delivery of your orders, we transmit your name, delivery address, and optionally your telephone number (for delivery notifications) to our shipping partner Deutsche Post / DHL.
  • Email & Communication Provider: We use Google Workspace (Gmail) for our business email communication (eterna.flowers444@gmail.com). Emails you send to us are processed via Google's servers.
  • Analytics Provider: We use Google Analytics in a privacy-friendly configuration (with IP anonymization enabled) to analyze website usage and improve our service. The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) or your consent, obtained via the cookie banner. For any use of Google Analytics for advertising or cross-device tracking purposes, which we do not currently employ, we would obtain your prior consent via our cookie banner.
  • Legal & Tax Advisors: Where necessary to fulfil legal obligations (e.g., mandatory bookkeeping and tax reporting under German law), we may share relevant transaction data with our tax advisor.
  • Authorities: When required by law (e.g., upon formal request from tax authorities, German: "Finanzamt", or law enforcement agencies in the context of a legal proceeding).


8. International transfers outside the EEA / UK

Some of our service providers, in particular Google (for Analytics and Gmail) and Stripe, may process personal data in countries outside the European Economic Area (EEA), such as the United States. Where such transfers occur, we ensure an adequate level of data protection as required by law. This is achieved by the provider participating in the EU-U.S. Data Privacy Framework (where recognized) or by us agreeing to the European Commission's Standard Contractual Clauses (SCCs) with the provider.

If you would like more detailed information about the specific safeguards applied to the international transfer of your data, please contact us using the details provided in section 14.


9. Data retention

We retain personal data only as long as necessary for the purposes described and to comply with legal and tax obligations. Typical retention periods:

  • Order & billing records: retained for tax and accounting purposes (statutory retention periods in Germany — typically up to 10 years for tax-relevant records).
  • Account data: while your account exists and thereafter for as long as required for legal claims.
  • Marketing data: until you withdraw consent or unsubscribe.
  • Support communications: generally for as long as necessary to handle the request and for legal reasons.


10. Data security

We implement technical and organizational measures to protect personal data (e.g. TLS/HTTPS, restricted access, encrypted storage for sensitive fields). Nevertheless, no system is 100% secure; if you suspect misuse or a security incident, contact us immediately.


11. Your rights under the GDPR

To exercise any of these rights, please contact us at eterna.flowers444@gmail.com. For verification purposes, we may ask you to provide additional information to confirm your identity. We will respond to your request without undue delay and in any event within one month, as required by law.


12. Children

Our Services are not directed to children. We do not knowingly collect personal data of children under the age of 16. If you believe a child has provided us with personal data, contact us and we will take steps to delete that information.


13. Changes to this Privacy Policy

We may update this Policy from time to time. We will publish the updated policy on the website and update the “Last updated” date. For significant changes we will notify you (e.g., by email if you are a registered user).


14. Contact / Controller details

Eterna Flowers Jewels
Werner Str. 126, 71636 Ludwigsburg, Germany
Email: eterna.flowers444@gmail.com


If you have questions about data protection, or wish to exercise your rights, please contact the email above.