Privacy Policy – Booking Engine

Last modified: November 18, 2025

1. Introduction

Flora Plus, LLC (“Flora Plus,” “we,” “us,” or “our”) provides a booking engine that enables independent tourism operators (“Operators”) to accept online reservations and payments from their customers (“Customer”, “you” or “Users”).

This Privacy Policy explains how Flora Plus collects, uses, discloses, and protects personal data processed through the Flora Plus booking engine (the “Booking Engine”). 

By submitting your personal information or completing a booking using the Booking Engine, you acknowledge that you have read and understood this Privacy Policy. Flora Plus processes personal data based on contractual necessity, legitimate interests, legal obligations, or your consent where applicable.

This Privacy Policy applies exclusively to personal data processed by Flora Plus through the Booking Engine. It does not apply to:

  • The Operator’s own website or systems.
  • The Operator’s use of your information beyond service fulfillment.
  • Third-party platforms or websites you may use before or after interacting with the Booking Engine.

For personal data processed through the Booking Engine, Flora Plus acts as an independent data controller. Operators act as independent controllers of Customer data for their own service delivery. Flora Plus is not responsible for the Operator’s privacy practices.

This Policy is designed to comply with the General Data Protection Regulation (EU 2016/679), the Swiss Federal Act on Data Protection, the California Consumer Privacy Act (CCPA/CPRA), and other local laws.

2. Information We Collect

We collect the following categories of personal data when you use the Booking Engine:

2.1 Information You Provide

  • Name.
  • Email address.
  • Phone number.
  • Language.
  • Booking details (date, time, number of participants, preferences).
  • Optional notes, comments, or special requirements.
  • Any information you submit when contacting the Operator regarding your booking.
  • Sensitive information (e.g. allergies) is only collected if requested by the operator and is never used by Flora Plus for profiling or marketing purposes.

2.2 Payment Information

Payment details are processed securely by our authorized payment partners.

Flora Plus does not collect, store, transmit, or access:

  • Full credit card numbers (PAN)
  • CVV/CVC codes.
  • Other sensitive authentication data.

We only receive limited transaction metadata necessary to confirm payment success or failure (e.g., status, amount, transaction ID).

2.3 Technical Information

When you interact with the Booking Engine, we automatically collect limited technical data such as:

  • IP address.
  • Device type.
  • Browser type.
  • Operating system.
  • Transaction timestamps.
  • System logs required for fraud prevention and security.

We do not directly use cookies for the Booking Engine. However, the Operator’s website may use cookies independently.

3. How We Use Your Information

We process your personal data for the following purposes:

3.1 To Process and Manage Your Booking

  • Sending booking confirmations, reminders, or updates.
  • Processing payments.
  • Facilitating cancellations or modifications.
  • Providing your booking information to the Operator. 
  • Sending automated notifications on behalf of the Operator (These communications may use standardized templates).

3.2 To Support the Operator’s Service Delivery

We share Customer information with the Operator so that they may:

  • Confirm reservations.
  • Deliver the purchased service.
  • Provide Customer support.
  • Respond to inquiries or operational issues.
  • Remind you to complete your booking (abandoned cart).
  • Offer relevant discounts related strictly to the booking process.

The Operator is an independent data controller and is solely responsible for how they use your personal data after receiving it. Flora Plus does not determine the purpose or means of the Operator’s own marketing, discounting, or promotional activities, and does not act as a joint controller with any Operator.

3.3 For Security and Fraud Prevention

Including:

  • Detecting fraudulent or abusive transactions.
  • Preventing misuse of the Booking Engine.
  • Logging and auditing payment events.
  • Responding to chargebacks or disputes.

3.4 For Legal, Compliance, and Risk Purposes

  • Complying with applicable laws and requests from public authorities.
  • Enforcing our Terms of Service.
  • Maintaining internal business records.
  • Managing chargebacks and refunds as required by law or payment network rules.

3.5 To Improve the Booking Engine

We may use aggregated or anonymized data to:

  • Improve system performance.
  • Develop features.
  • Enhance reliability and usability.

This aggregated data does not identify you individually.

3.6 Email Communications

Flora Plus may send you transactional and follow-up communications that are personalized based on your booking or reservation attempt. This includes messages about your confirmed reservation or reminders to complete a pending booking, which may include incentives or discounts. These communications are tailored to your specific interaction with our platform. 

3.7 Tracking Features

Our emails may include tracking features (e.g., open tracking pixels or tracked links) to improve our communication. Tracking pixels are standard technical features and do not allow Flora Plus to identify your online browsing behavior outside the Booking Engine. 

Tracking features are limited to confirming delivery and performance of service-related emails and are not used for marketing or profiling. These tracking features do not enable cross-site tracking or behavioral profiling.

4. How We Share Your Information

We share your information only as necessary for booking fulfillment and Platform operations:

4.1 With the Operator

We provide Operators with the Customer information required to deliver the purchased service. Flora Plus does not control how the Operator uses your information after receiving it. Flora Plus does not determine the purpose or means of the Operator’s own marketing, discounting, or promotional activities, and does not act as a joint controller with any Operator.

4.2 With Authorized Service Providers

We may share data with third-party vendors who support:

  • Secure payment processing.
  • System hosting and infrastructure.
  • Email delivery.
  • Fraud prevention.
  • Analytics or logging.
  • Security monitoring.

Service providers are contractually required to protect data and may not use it for their own purposes. We do not publicly list individual providers and we may change providers without updating this Policy.

4.3 For Legal and Compliance Reasons

We may disclose personal data when required to:

  • Comply with laws or legal processes.
  • Respond to governmental or regulatory requests.
  • Prevent harm, fraud, or illegal activity.
  • Protect Flora Plus, its Users, or the public.

4.4 Business Transfers

If Flora Plus undergoes a merger, acquisition, restructuring, or sale of assets, Customer data may be transferred as part of the transaction, subject to the same protections described in this Policy.

5. International Data Transfers

Flora Plus is based in the United States and may process your data in the United States or other jurisdictions.

When we transfer personal data from regions with data-protection requirements (e.g., European Union, United Kingdom, or certain Latin American countries), we rely on one or more of the following:

  • Standard Contractual Clauses (“SCCs”).
  • Adequacy decisions or equivalent frameworks.
  • Certifications under government-approved transfer mechanisms (e.g., Data Privacy Framework).
  • Other legally recognized safeguards.

6. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill your booking.
  • Comply with legal obligations (e.g., financial and accounting requirements).
  • Prevent fraud or resolve disputes.
  • Maintain internal business records.
  • Enforce our Terms of Service.

Retention periods may vary depending on the nature of the data and relevant legal requirements.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data.
  • Correct inaccurate Information.
  • Request deletion (right to be forgotten).
  • Restrict or object to processing.
  • Request portability of your data.
  • Withdraw consent (where applicable).
  • File a complaint with a supervisory authority.

To exercise your rights, contact us at: info@getfloraplus.com. We may request verification of your identity before responding. Requests relating to the Operator’s independent use of your data must be directed to the Operator.

8. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect personal data from unauthorized access, disclosure, alteration, and destruction. However, no online platform can guarantee 100% security. You use the Booking Engine at your own risk.

9. Children’s Privacy

The Booking Engine is not intended for use by children under the age applicable in their jurisdiction (typically 13–16). We do not knowingly collect personal information from children without parental consent. If we become aware of unauthorized data collection from a child, we will delete the information.

10. Legal Basis

We rely on: 

  • Contractual necessity for transactional communications 
  • Legitimate interest for abandoned cart reminders and related incentives 
  • Your consent for additional promotional communications 

Flora Plus relies on contractual necessity for booking confirmations and payment processing; legitimate interest for fraud prevention and abandoned-cart reminders. You may object to the use of your data under legitimate interest at any time.

11. Third-Party Websites

The Operator’s website or external sites linked before or after the Booking Engine may collect data independently.

Flora Plus is not responsible for the privacy practices of any third-party website or service.

12. Do Not Track

Flora Plus does not track user activity across websites and does not respond to Do Not Track (DNT) signals. The Booking Engine operates independently of the Operator’s website tracking technologies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Updated versions will be posted through the Booking Engine or other designated communication channels.

Material changes will be announced in a manner consistent with applicable law.

Your continued use of the Booking Engine after the effective date constitutes acceptance of the revised Policy.

14. Governing Law and Jurisdiction

These Privacy Policy is governed by the laws of the State of Delaware, USA. Any disputes shall be resolved in the state or federal courts located in Delaware.

15. Language and Prevailing Version

In the event of any conflict between different language versions of these Policy, the English version shall prevail.

16. Contact

For any concerns or data inquiries, contact:

Flora Plus, LLC

131 Continental Dr Suite 305

Newark, DE, 19713

United States

Email: info@getfloraplus.com

Appendix A – EU/UK Residents

EU and UK residents have the right to access, rectify, erase, restrict, object, and port their data under GDPR/UK GDPR. For data processed through the Booking Engine, Flora Plus is the independent controller. For data processed by the Operator outside the Booking Engine, the Operator is an independent controller. Transfers follow SCCs and the EU-US Data Privacy Framework. 

Appendix B – California Residents (CCPA/CPRA)

California residents may exercise rights to know, delete, correct, opt-out of sharing, and limit sensitive data use. Flora Plus does not sell personal data or share personal information for cross-context behavioral advertising.

Appendix C – Latin America

Flora Plus complies with regional data protection laws, including Brazilian Lei Geral de Proteção de Dados (LGPD), Habeas Data (Colombia), LGPDP (Mexico), and others, applying principles of legality, consent, purpose, and proportionality.