Privacy Policy FlowerSynk.com

Last updated: 2 May 2026

1. Controller

The controller responsible for the processing of personal data in connection with the website flowersynk.com and the FlowerSynk platform is:

CarbonActive Services AG Sennweidstrasse 45 6312 Steinhausen Canton of Zug Switzerland

Phone: +41 41 711 11 75 Email: contact@carbonactive.ch Office hours: 08–12 and 13–17 (response time < 24 h)

For any questions about data protection or to exercise your rights, please contact the address above.

2. Scope and principles

This privacy policy informs you about which personal data we process when you use our website and the FlowerSynk platform, for which purposes we do so, and which rights you have.

We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and — where applicable — the EU General Data Protection Regulation (GDPR). Personal data is any information relating to an identified or identifiable natural person.

3. Personal data processed and purposes of processing

3.1 Visiting our website

Each time you visit our website, our hosting provider automatically records server log files transmitted by your browser:

  • IP address
  • Date and time of the request
  • Page / file accessed
  • Volume of data transferred
  • Browser type and version
  • Operating system
  • Referrer URL

These data are processed to ensure the technical operation, security, and stability of the website. The legal basis is our overriding legitimate interest in the reliable and secure operation of the website (Art. 31 para. 1 and 2 FADP; Art. 6(1)(f) GDPR).

3.2 Meeting booking form and contact requests (leads)

You can use our website to book appointments for online meetings (Microsoft Teams) with our team or send us a request through other channels. We process the following information:

  • First name (required)
  • Last name (required)
  • Email address (required)
  • Phone number (optional)
  • Company name (optional)
  • Email addresses of guests you add (up to 10), if provided
  • Date and time of the booked appointment
  • Time of the request

We process these data for the purpose of scheduling appointments, conducting the meeting, responding to your request, initiating business relationships, and maintaining existing and potential customer relationships.

These data are stored in our CRM system based on Microsoft 365 / Microsoft Bookings (EU hosting). The meeting itself is conducted via Microsoft Teams. Microsoft acts as data processor (see sections 5.2 and 6).

If you provide email addresses of additional guests, you are responsible for ensuring that those persons consent to the transfer of their data to us. We use guest email addresses solely to send them the meeting invitation.

The legal basis is the performance of pre-contractual measures at your request and our legitimate interest in maintaining customer relationships (Art. 31 para. 2 lit. a FADP; Art. 6(1)(b) and (f) GDPR).

3.3 Registration and use of the FlowerSynk platform

Registration is required to use the FlowerSynk platform. During registration and the course of use we process:

  • First and last name
  • Email address
  • Password (stored encrypted)
  • Company, location, role
  • Login and usage data (timestamp, IP address, actions in the platform)
  • Platform-specific content you create or upload during use (e.g. facility configurations, sensor data, settings)

These data are stored on servers operated by Amazon Web Services (AWS) in the Frankfurt region (eu-central-1). AWS acts as a data processor (see sections 5.2 and 6).

Processing serves the provision and operation of the platform, authentication, billing, and IT security. The legal basis is the performance of the user agreement (Art. 31 para. 2 lit. a FADP; Art. 6(1)(b) GDPR) and our legitimate interest in the secure and stable operation of the platform.

3.4 Cookies and similar technologies

On the website flowersynk.com we use no web tracking and no analytics or marketing cookies. We use only technically necessary cookies required for the operation of the website and the platform (e.g. session cookies for login).

In our Microsoft Bookings form embedded on the website, Microsoft may set its own cookies. These are activated only after your explicit consent via the opt-in present in the form. You can withdraw your consent at any time with effect for the future.

4. Newsletter

If you subscribe to our newsletter or consent to corresponding marketing communication during a request, we use your email address and any other information you provide (e.g. name, company) to send you information about our products, services, and news.

Newsletter subscription is performed via a double opt-in procedure: after subscribing, you receive a confirmation email and must confirm the subscription by clicking a link.

You can object to receiving the newsletter at any time. Every newsletter contains an unsubscribe link; alternatively, you can send us a notification via email at contact@carbonactive.ch or datenschutz@carbonactive.ch.

The newsletter is sent and managed via Microsoft 365 (see section 5.2). The legal basis is your consent (Art. 6(1)(a) GDPR) or our legitimate interest in direct marketing to existing customers within the framework of Swiss law (Art. 31 FADP in conjunction with the Swiss Unfair Competition Act).

5. Disclosure of personal data

5.1 Within the CarbonActive group

We share personal data within the CarbonActive group insofar as this is necessary for intra-group administrative purposes and for the provision of our services (e.g. support, technical services, contract handling).

5.2 Data processors

We engage carefully selected service providers who process personal data on our behalf and according to our instructions (data processors within the meaning of Art. 9 FADP). We have entered into corresponding agreements with all data processors that ensure an adequate level of data protection. We currently use in particular:

  • Microsoft Ireland Operations Ltd. / Microsoft Corporation — CRM (Microsoft 365 / Bookings / Outlook), contact form, newsletter delivery, meeting hosting (Teams). Processing location: EU hosting (main processing region EU/EEA; technical support access from other regions possible).
  • Amazon Web Services EMEA SARL — Hosting of the FlowerSynk platform. Processing location: Frankfurt, Germany (region eu-central-1) and Zurich, Switzerland.
  • Microsoft Ireland Operations Ltd. / Microsoft Corporation — Hosting of online meetings via Microsoft Teams.

5.3 No disclosure to other third parties

Your personal data is not disclosed to third parties outside the CarbonActive group and the data processors named above — except in cases where we are required to do so by law or by official order (e.g. to tax or law enforcement authorities).

6. International data transfers

In the course of the processing described above, personal data may be transferred to countries outside Switzerland, in particular:

  • to EU/EEA states, namely Germany (AWS Frankfurt) and Ireland (Microsoft).
  • In individual cases — e.g. for support or maintenance access by our processor (Microsoft) — processing may also take place in the United States or other third countries.

Where data is transferred to countries whose level of data protection is not deemed adequate by the Swiss Federal Data Protection and Information Commissioner (FDPIC) or the European Commission, we ensure the protection of the data through appropriate safeguards, in particular by entering into the Standard Contractual Clauses (SCC) recognised by Switzerland and the EU, supplemented by additional technical and organisational measures.

7. Retention period

We process and store personal data for as long as necessary for the respective purposes or as required by statutory retention obligations (in particular under commercial and tax law, generally 10 years).

The following principles apply:

  • Contact requests, meeting bookings, and lead data: We retain these data in our CRM as long as a legitimate interest in an existing or potential business relationship exists. Since our products and services are typically long-lived and business initiations may extend over longer periods, no blanket retention period is set. You can request deletion of your data at any time (see section 9); we will comply with such a request unless statutory retention obligations or overriding legitimate interests preclude it.
  • Platform user accounts: For the duration of the contractual relationship and until expiry of statutory retention periods.
  • Newsletter subscriptions: Until you withdraw consent or unsubscribe.
  • Server log files: As a rule 30 to 90 days, unless security incidents require longer retention.

8. Data security

We take appropriate technical and organisational measures to protect your personal data against loss, misuse, and unauthorised access. These include in particular encrypted data transmission (TLS), access restrictions, authentication mechanisms, regular security updates, and training of our staff.

9. Your rights

Under applicable data protection law, you have in particular the following rights:

  • Access to the personal data processed about you
  • Rectification of inaccurate data
  • Erasure or restriction of your data, where no statutory retention obligations apply
  • Objection to certain processing
  • Data portability in a common electronic format
  • Withdrawal of granted consents with effect for the future

To exercise your rights, an informal notification to contact@carbonactive.ch is sufficient. For identification purposes, we may need to ask you for suitable proof.

You also have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) (edoeb.admin.ch). Where the GDPR applies, you may also contact the competent supervisory authority in your country.

10. Automated decision-making / profiling

We currently do not use automated individual decisions with legal effect within the meaning of Art. 21 FADP or Art. 22 GDPR on the FlowerSynk platform or in our CRM. Should we introduce such procedures in the future, we will inform you separately.

11. Applicability of the GDPR

Since we offer our products and services to individuals and companies in the European Union, our processing falls within the scope of the GDPR. The legal basis for processing is — depending on the constellation — performance of the contract or pre-contractual measures (Art. 6(1)(b) GDPR), legal obligation (lit. c), consent (lit. a), or legitimate interest (lit. f).

CarbonActive Services AG is based in Switzerland and currently does not maintain an establishment in the EU; a representative pursuant to Art. 27 GDPR has not been appointed.

12. Changes to this privacy policy

We may update this privacy policy at any time to reflect changes in the legal or factual situation. The version published on our website applies.