CCPA Privacy Policy

CCPA/CPRA PRIVACY NOTICE FOR CALIFORNIA RESIDENTS

Effective Date: December 2, 2025

This Privacy Notice applies to California residents under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

─────────────────────────────────────────────────────────────────

1. YOUR CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have the following rights regarding your personal information:

RIGHT TO KNOW
You have the right to request information about the categories and specific pieces of personal information we have collected, used, disclosed, or shared about you in the past 12 months.

RIGHT TO DELETE
You have the right to request deletion of your personal information, subject to certain legal exceptions (e.g., to complete transactions, detect security incidents, comply with legal obligations).

RIGHT TO CORRECT
You have the right to request correction of inaccurate personal information we maintain about you.

RIGHT TO OPT-OUT OF SALE OR SHARING
You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.

RIGHT TO LIMIT USE OF SENSITIVE PERSONAL INFORMATION
You have the right to limit our use and disclosure of your sensitive personal information to what is necessary to provide our services.

RIGHT TO NON-DISCRIMINATION
You have the right not to receive discriminatory treatment for exercising your CCPA/CPRA rights.

─────────────────────────────────────────────────────────────────

2. CATEGORIES OF PERSONAL INFORMATION WE COLLECT

We collect the following categories of personal information and use them for the business purposes described:

A. IDENTIFIERS

What we collect: Name, email address, postal address, phone number, IP address, unique device identifiers

Business/Commercial Purposes:
- Order fulfillment and delivery
- Customer service and support
- Account management
- Fraud prevention and security

Retention Period:
- Active customers: Duration of business relationship + 7 years (tax/legal requirements)
- Newsletter subscribers: Until unsubscribe + 30 days
- IP addresses (analytics): 26 months

B. COMMERCIAL INFORMATION

What we collect: Purchase history, shopping behavior, product interests, order details

Business/Commercial Purposes:
- Order processing and fulfillment
- Product recommendations
- Marketing and promotional communications
- Business analytics and reporting

Retention Period: 7 years (tax/legal requirements)

C. INTERNET OR NETWORK ACTIVITY

What we collect: Browsing history, search history, clicks, page views, interactions with our website, time spent on pages

Business/Commercial Purposes:
- Website optimization and performance
- Marketing analytics and campaign measurement
- User experience improvement
- Personalized advertising (with consent)

Retention Period:
- Google Analytics: 26 months
- Facebook Pixel: 180 days
- Server logs: 90 days

D. GEOLOCATION DATA

What we collect: Approximate location based on IP address, country/region

Business/Commercial Purposes:
- Shipping and delivery
- Regional pricing and currency
- Fraud prevention
- Compliance with regional laws

Retention Period: 26 months (analytics), 7 years (orders)

E. DEVICE INFORMATION

What we collect: Browser type and version, operating system, device type, screen resolution

Business/Commercial Purposes:
- Website functionality and compatibility
- Technical support
- Security and fraud prevention
- User experience optimization

Retention Period: 26 months (analytics)

F. INFERENCES

What we collect: Profiles reflecting preferences, interests, behavior patterns

Business/Commercial Purposes:
- Product recommendations
- Marketing personalization
- Service improvement

Retention Period: 26 months

─────────────────────────────────────────────────────────────────

3. SOURCES OF PERSONAL INFORMATION

We collect personal information from:

- Directly from you: When you place orders, sign up for newsletters, contact us, or use our chatbot
- Automatically: Through cookies, analytics tools, and tracking technologies when you visit our website
- Third-party platforms: Social media integrations (Facebook, Instagram, Google)

─────────────────────────────────────────────────────────────────

4. CATEGORIES OF THIRD PARTIES WE SHARE WITH

We share personal information with the following categories of third parties:

SERVICE PROVIDERS

- Shopify Inc. (Canada) - E-commerce platform, hosting, payment processing
- MailerLite (Lithuania, EU) - Email marketing and newsletters
- Anthropic Inc. (USA) - AI chatbot services

ANALYTICS PROVIDERS

- Google LLC (USA) - Website analytics, user behavior tracking
  Note: May constitute "sharing" for cross-context behavioral advertising

ADVERTISING PARTNERS (with your consent)

- Google Ads (USA) - Advertising and remarketing
- Meta Platforms (Facebook/Instagram) (Ireland/USA) - Advertising and remarketing
  Note: May constitute "sharing" for cross-context behavioral advertising

COOKIE MANAGEMENT

- Consentmo GDPR (Romania, EU) - Cookie consent management

WE DO NOT SELL PERSONAL INFORMATION IN EXCHANGE FOR MONETARY CONSIDERATION.

However, the use of cookies and pixels for advertising purposes may constitute "sharing" under CPRA. You can opt out using the methods described in Section 6.

─────────────────────────────────────────────────────────────────

5. SENSITIVE PERSONAL INFORMATION

We do not intentionally collect sensitive personal information as defined by CPRA (e.g., Social Security numbers, financial account information, precise geolocation, health data, racial/ethnic origin, religious beliefs).

Our chatbot does not collect or store identifying information. Chat content is processed by Anthropic Inc. and deleted after 30 days.

─────────────────────────────────────────────────────────────────

6. YOUR OPT-OUT RIGHTS

DO NOT SELL OR SHARE MY PERSONAL INFORMATION

You can opt out of the "sharing" of your personal information for cross-context behavioral advertising through:

A. GLOBAL PRIVACY CONTROL (GPC)
We honor the Global Privacy Control signal. If your browser is configured to send a GPC signal, we will treat it as a valid opt-out request.

B. COOKIE SETTINGS
Click the "Cookie Settings" link in our website footer to manage your preferences for advertising cookies.

C. DIRECT OPT-OUT
- Google Ads: https://adssettings.google.com
- Facebook Ads: https://www.facebook.com/settings?tab=ads

D. CONTACT US
Email: hello@flow-watches.de
Subject: "CCPA Opt-Out Request"

─────────────────────────────────────────────────────────────────

7. HOW TO EXERCISE YOUR RIGHTS

To exercise your CCPA/CPRA rights (Know, Delete, Correct), contact us using any of these methods:

EMAIL
hello@flow-watches.de
Subject line: "CCPA Privacy Rights Request"

PHONE
+49 (151) 627 429 54
(Monday-Friday, 9:00-17:00 CET)

ONLINE FORM
Visit: https://flow-watches.de/pages/kontakt
Select: "Privacy Rights Request"

MAIL
FLOW Watches - CCPA Requests
Florian Weixelbaumer
Bismarckstrasse 77
63065 Offenbach am Main
Germany

─────────────────────────────────────────────────────────────────

8. VERIFICATION PROCESS

To protect your privacy, we will verify your identity before processing requests. We may ask for:
- Email address used for orders or newsletter
- Order number or recent purchase details
- Government-issued ID (for sensitive requests only)

You may designate an authorized agent to make a request on your behalf by providing written authorization.

─────────────────────────────────────────────────────────────────

9. RESPONSE TIMELINE

We will respond to verifiable requests within:
- 45 days for standard requests
- Up to 90 days for complex requests (we will notify you of the extension)

─────────────────────────────────────────────────────────────────

10. NON-DISCRIMINATION

We will not discriminate against you for exercising your CCPA/CPRA rights. This means we will not:
- Deny goods or services
- Charge different prices or rates
- Provide different quality of goods or services
- Suggest you will receive different prices or quality

─────────────────────────────────────────────────────────────────

11. NOTICE AT COLLECTION

When you visit our website or make a purchase, we collect:
- Identifiers (name, email, address, IP)
- Commercial information (orders, purchases)
- Internet activity (browsing, clicks)
- Geolocation data (region/country)
- Device information (browser, OS)

We use this information for:
- Order fulfillment and customer service
- Website analytics and improvement
- Marketing communications (with consent)
- Fraud prevention and security

We share this with: Service providers, analytics platforms, and advertising partners (see Section 4)

Retention: See specific retention periods in Section 2

─────────────────────────────────────────────────────────────────

12. CCPA APPLICABILITY TO FLOW WATCHES

FLOW Watches is based in Germany but complies with CCPA when:
- We have California resident customers
- We process personal information of California residents
- We engage in advertising that may constitute "sharing"

Even if we don't meet CCPA thresholds (>100,000 CA residents or >$25M revenue), we voluntarily comply to protect your privacy rights.

─────────────────────────────────────────────────────────────────

13. CHANGES TO THIS NOTICE

We may update this CCPA/CPRA notice annually or when our practices change. Changes will be posted at this URL with the updated "Effective Date."

─────────────────────────────────────────────────────────────────

14. CONTACT INFORMATION

Data Protection Officer:
Florian Weixelbaumer
FLOW Watches
Bismarckstrasse 77
63065 Offenbach am Main
Germany

Email: hello@flow-watches.de
Phone: +49 (151) 627 429 54

For our complete Privacy Policy: https://flow-watches.de/policies/privacy-policy

Last Updated: December 2, 2025

─────────────────────────────────────────────────────────────────

QUICK REFERENCE: YOUR RIGHTS AT A GLANCE

Right to Know
- Request info about data collected
- Exercise via: Email/Phone/Form

Right to Delete
- Request deletion of your data
- Exercise via: Email/Phone/Form

Right to Correct
- Fix inaccurate information
- Exercise via: Email/Phone/Form

Right to Opt-Out
- Stop sharing for ads
- Exercise via: GPC / Cookie Settings / Direct opt-out

Right to Limit Sensitive Data
- Restrict use of sensitive data
- Status: Not applicable (we don't collect)

Right to Non-Discrimination
- No penalties for exercising rights
- Status: Automatic

─────────────────────────────────────────────────────────────────

GPC NOTICE

We honor Global Privacy Control (GPC) signals.

If your browser or plugin sends a GPC signal, we will treat it as a valid request to opt out of the sharing of your personal information for targeted advertising purposes.

Learn more: https://globalprivacycontrol.org/

Schreib uns

+49 (151) 627 429 54

Mo. - Sa. 10 Uhr - 18 Uhr

hello@flow-watches.de