Privacy Policy of Core Botanica

Welcome to our website and thank you for your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with applicable personal data protection legislation, which may include the EU-GDPR in case you are an EU-data-subject or where we are having personal data processed by EU-data processors. Hereby, we inform you about the processing of your personal data by the Core Botanica LLC (Core Botanica) and your rights as a data subject under the EU-GDPR.

Personal data is any information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number, email address and IP address. Anonymous data is available if no personal reference to the individual/user can be made.

Responsible body and data protection officer

Core Botanica LLC
5549 Lone Pine Rd
Terrebonne, OREGON 97760

Company’s contact information
+1 877 680 51 81
smeiers@corebotanca.com

Contact info of the data protection officer
datenschutz@martin-bauer.com

Your rights as a data subject

Your rights as a data subject are set out in Articles 15 - 22 EU-GDPR, and include the right of access, to rectification, data portability objection against data processing, erasure / right to be forgotten, as well as the right of restriction of data processing.

To exercise these rights, please contact: datenschutz@martin.bauer.group.com The same applies if you have any questions regarding data processing in our company or when you withdraw your consent. You also have a right of appeal to the relevant data protection supervisory authority.

Purposes and legal bases of data processing
The processing of your personal data complies with the provisions of the EU-GDPR and all other applicable data protection regulations. Legal bases for data processing arise in particular from Art. 6 EU-GDPR.

We use your data to initiate business, to fulfil contractual and legal obligations, to conduct the contractual relationship, to offer products and services and to consolidate customer relationships.

Your consent also may constitute a legal basis for data processing. Whenever we should ask for your consent, we will inform you of the purposes of data processing and the right to withdraw your consent. If the consent also relates to the processing of special categories of personal data, we will explicitly notify you in the consent process.

Processing of special categories of personal data within the meaning of Art. 9 I EU-GDPR (that is data on racial and ethnical origin, political opinion, religious or philosophical belief, union membership, biometric and genetic data allowing to identify you as an individual person, as well as data on your health, sexuality or sexual orientation) may only take place where necessary on the grounds of legal regulations and there is no reason to assume that your legitimate interests should prevail to the exclusion of processing such data.

Data transfers / Disclosure to third parties
We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the competent supervisory authorities or law enforcement authorities).

Data recipients / categories of recipients
Within our organisation, we ensure that only individuals who are required to process the relevant data to fulfil their contractual and legal obligations are authorised to handle personal data. Within our corporate group your data can be transferred for service hosting purposes.
In certain cases, service providers assist our specialist departments to fulfil their tasks. The necessary data protection contracts have been concluded with all service providers.

Transfers of personal data to other countries
A transfer of data to other countries (outside the US) shall only take place if required by law or if you have provided your consent for such a transfer We transfer your personal data to service providers and corporate group companies located in Germany and therefore inside the European Union.

Period of data storage
We store your data for as long as such is required for the relevant processing purposes. Please note that numerous retention statutory periods require that data must be stored for a specific period of time. This relates in particular to retention obligations for commercial or fiscal purposes (e.g. commercial code, tax code, etc.). The data will be routinely deleted after use unless a further period of retention is required. We may also retain data if you have given us your permission to do so, or in the event of any legal disputes and we use the evidence within the statutory limitation period.

Secure transfer of data
We implement the appropriate technical and organisational security measures to ensure the optimum protection of your data against accidental or intentional manipulation, loss, destruction or access by unauthorised parties. The measures are continuously reviewed in cooperation with security experts and adapted to current security standards.

The data exchange to and from our website is encrypted. We provide https as a transfer protocol for our website and always use the current encryption. You may use alternative communication channels (e.g. surface mail).

Obligation to provide data
A range of personal data is required to establish, implement and terminate the obligation and the fulfilment of contractual and legal obligations. The same applies to the use of our website and the various functions it provides. In some cases, legal regulations require data to be collected or made available. Please note that it will not be possible to process your request or execute the underlying contractual obligation without the respectively required information.

Data categories, sources and origin of data
The data we process is defined by the relevant context: it depends on whether, for example, you are just surfing our website or enter a request into our contact form.

Please note that from time to time we may also provide information for specific processing situations separately where appropriate.

We collect and process the following data when you visit our website:

• Name of the Internet service provider
• Web browser and operating system used
• Information on the website from which you visited us
• The IP address by your allocated Internet service provider
• Files accessed, volume of data transferred, downloads/file export
• Information on websites accessed on our site, including date and time

For reasons of technical security (in particular concerning the prevention of attacks of our web server), this data is stored in accordance with Article 6 I 1 f EU-GDPR basing on our legitimate interest in operating our website technically safe and secure. Anonymization takes place no later than after seven days by abbreviating the IP address so that no reference is made to the user.

Concerning a contact request, we may process the following data:

• Name, surname, salutation
• Contact information,
• Your request
Contact form / Contact via email (Article 6 I 1 a, b EU-GDPR)
If you make use of our contact form, we will process the data you submit to reply to your request.

Here, we comply with the principle of data minimisation, as you only have to provide the information we require to contact you, which is your email address and the message itself. Your IP address will also be processed for technical and legal reasons. All possible further data may be provided on a voluntary basis.

If you contact us by email, we will process the personal information provided in the email solely for the purpose of processing your request.

Please keep in mind, that for handling your request, your personal data is processed byour corporate service provider in Germany.

Automated decisions in individual cases
We do not use fully automated processing to take decisions.

Cookies

Our website uses “cookies” for purposes of making it more user-friendly, effective and secure. Cookies are small text files that are placed on your device and stored by your browser (locally on your hard disk).

Depending on their individual nature, cookies may enable us to analyse how users use our websites so we can design the website content in accordance with the visitor’s needs or may allow us to measure the effectiveness of a particular ad and, for example, to place it based on the user's interests. The legal basis for our use of cookies to operate the website technically and secure is our legitimate interest herein, Art. 6 I 1 f EU-GDPR.

Most of the cookies we use are "session cookies", which will be automatically deleted after your visit. “Persistent cookies”, which are representing another category of cookies, are automatically deleted from your computer as soon as their individual period of validity has expired or upon deletion, which you may execute even beforehand of expiry.

Most web browsers automatically accept cookies. You may generally change your browser's settings to disable the automated accepting of cookie. Such, however, may influence the usability of our website I general or at least in regard of certain functions.

Google Analytics 4
If you grant us your consent, Art. 6 I 1 a EU-GDPR, Google Analytics 4, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), is used on this website. With this technology, we can analyze your use of our website.

When you visit our website, Google Analytics 4 places cookies on your device. This information also includes your IP address. However, we have implemented the "Anonymize-IP" procedure, so that your IP address is regularly shortened by the last four digits before it is transferred to the Google server. Therefore, the data usually is no longer personal.
However, in exceptional cases, your IP address may be shortened after it has been transferred to the Google server. Such servers can be located outside the EU, particularly in the USA at the parent company Google LLC.

We shall mention that there is currently no equivalent level of data protection in the USA and, in particular, access to data processed there or by US companies or their foreign companies worldwide may potentially be accessed by US authorities or such information may have to be disclosed to them. As a non-US citizen, you may also not be entitled to take action at all or at least my not be entitled take effective action against this. We have minimized this risk as far as possible by using suitable data protection instruments (EU standard contracts), but cannot mitigate the risk to zero, so that your consent to the use of Google Analytics also entails this risk.

Google uses the data collected on our behalf to enable an evaluation of how you use our website and to create reports on your interaction with our content. According to Google, the IP address transferred and shortened by your browser to Google in this context will not be merged with other data from Google or other data relating to you that is available at Google. The data collected as part of the use of Google Analytics 4 is stored for a maximum of 2 months and then deleted or anonymized.

In order to accompany the transfer of data to Google with a suitable instrument in terms of data protection law, we have concluded so-called EU standard contractual clauses on data protection with Google. In this way, we ensure that your data is protected as best as possible, even if it is transferred to the USA. Information on how Google handles your data in its sphere and additional information on Google Analytics 4 can be found at https://policies.google.com/privacy?hl=de&gl=de and at https://policies.google.com /technologies/partner-sites.

You can revoke your consent any time with effect for the future and without having to name reason and without requiring a specific form. In order to exercise your right of withdrawal, you can in particular make use of our cookie settings area.

You can also prevent the storage of cookies on your device by setting your browser software accordingly; however, we shall mention that in this case you may not be able to use all functions of this website in full. You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) being sent to Google and the processing of this data by Google by using the browser add-on available under the following link. The current link is http://tools.google.com/dlpage/gaoptout?hl=de.

Google Signals
As an extension to Google Analytics 4, and also basing on your consent, we may use Google Signals. Google Signals is used to create cross-device reports. This works as follows: If you have activated personalized ads and linked your devices to a Google account, Google can analyze your usage behavior across devices and create data models.

In this way, your user activities can be merged into a uniform image regardless of the device you are using to surf our site (so-called cross-device conversion) - without making you personally identifiable to us, because we only receive anonymous statistics from Google. According to the information available to us from Google, a prerequisite for this is, in addition to your consent to us, a corresponding consent that you have given to Google.

You can terminate the use of Google Signals and thus the cross-device evaluation at any time. To do this, deactivate the "Personalized advertising" function in the settings of your Google account, as described on the Google support pages: https://support.google.com/ads/answer/2662922?hl=de More information about Google Signals can be found at https://support.google.com/analytics/answer/7532985?hl=de.

Demographics
Google Analytics 4 uses the special function "demographic characteristics". This function is used to create statistics that allow statements about the age, gender and interests of site visitors. For this purpose, advertising and information from third-party providers are evaluated so that suitable target groups for marketing measures can be identified, defined and addressed. According to Google, however, this data cannot be assigned to a specific person and will be deleted in accordance with the information on Google Analytics 4.

Links to other providers
Our website may contain links to the Internet sites of other parties. We may, however, not influence such content and do not accept any liability for such third-party content. The content of these pages is always within the sole responsibility of the third party offering the service or content.
Any pages linked are checked for potential legal violations and identifiable infringements before being linked. We are executing whatsoever legally required checks of content we are linking and will immediately respond to any notification on infringements by taking down the respective link(s).