Privacy policy

Important note: The German version of the document will govern our relationship. This translated version is provided or convenience only and will not be interpreted to modify the German version. For the German version please see the German Datenschutzerklärung.

Privacy Policy

Unless otherwise stated below, the provision of your personal data is neither legally nor contractually required, nor necessary for the conclusion of a contract. You are not obliged to provide the data. Failure to provide it has no consequences. This applies only insofar as no other information is provided in the following processing operations.

"Personal data" means any information relating to an identified or identifiable natural person.

Server log files

You can visit our websites without providing any personal information.

Each time our website is accessed, usage data is transmitted to us or to our web host / IT service provider by your internet browser and stored in log data, known as server log files. This stored data includes, for example, the name of the page accessed, date and time of access, the IP address, the amount of data transferred, and the requesting provider.

The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the trouble-free operation of our website and improving our offering.

Your data may be transferred to and processed in third countries outside the EU, in particular Canada and the USA. An adequacy decision by the EU Commission exists for Canada. An adequacy decision by the EU Commission exists for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Shopify is not certified under the TADPF. This data transfer takes place on the basis of contractual obligations comparable to those of the EU Commission’s standard contractual clauses.

Contact

Controller

Please contact us if you wish. The controller responsible for data processing is: LuminoSana Ltd., Terra Santa 1, Office No.12, 6012 Larnaca Cyprus, +49 30-2239951608, support@luminosana.com

Customer-initiated contact by email

If you initiate business contact with us by email, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves the purpose of processing and responding to your contact request.

If the contact is made for the purpose of carrying out pre-contractual measures, for example advice regarding purchase interest or preparation of an offer, or concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

If the contact is made for other reasons, this data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in processing and responding to your request. In this case, you have the right, for reasons arising from your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6 para. 1 lit. f GDPR.

We use your email address only to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the contact form

When using the contact form, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves the purpose of contacting you.

We use your email address only to process your request. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Collection and processing when using the withdrawal button

If you have concluded a contract via our online presence, we provide you with a withdrawal function (withdrawal button) through which you can submit your withdrawal declaration directly.

When using the withdrawal function, we collect your personal data (name, email address, information to identify the contract or part of the contract you wish to withdraw from, and the time, date and time, of submission of the withdrawal declaration) only to the extent provided by you. The data processing serves the purpose of providing you with the legally required option to withdraw from your contract and properly processing your withdrawal.

If the contact concerns a contract already concluded between you and us, this data processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. Otherwise, the data processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR, as we are legally obliged to provide you with a withdrawal function on our online presence.

We use your email address only to process your withdrawal declaration. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

The processing of your personal data serves the purpose of legally fulfilling the statutory requirements for the design of the withdrawal function and is carried out on the basis of Art. 6 para. 1 lit. c GDPR. This data processing is also carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in being able to provide you with a user-friendly withdrawal option. In this case, you have the right, for reasons arising from your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6 para. 1 lit. f GDPR.

Collection and processing when using the cancellation button

If you terminate a subscription contract concluded via our online presence using the legally required cancellation button, we process the data you enter in the confirmation form. When using the cancellation button, we collect your personal data (name, email address, where applicable your telephone number, information to identify the contract you wish to terminate, and the time, date and time, of submission of the cancellation declaration) only to the extent provided by you. The data processing serves the purpose of providing you with the legally required option to terminate your continuing obligation and properly processing your cancellation.

We use your email address only to process your cancellation declaration. Your data will then be deleted in compliance with statutory retention periods, unless you have consented to further processing and use.

Use of address validation by Endereco

We use the address validation service of Endereco UG (haftungsbeschränkt) (Balthasar-Neumann-Str. 4b, 97236 Randersacker, Germany; “Endereco”) on our website.

The data processing serves the purpose of checking your entries in our address forms in real time for input and typing errors and, where applicable, supplementing missing data. If data is entered incorrectly, alternative suggestions for correcting the data are displayed.

Among other things, the following information may be transmitted to and processed by Endereco: postal addresses (country, city, postcode, street, house number), email address, telephone number.

The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in having a correct data basis for fulfilling our contractual obligations. You have the right, for reasons arising from your particular situation, to object at any time to this processing of personal data concerning you.

The data is processed separately by the provider and is not merged with other data. It is deleted by the provider as soon as the status of the entered data has been determined, but no later than after 30 days.

Further information on data protection at Endereco can be found at: https://www.endereco.de/datenschutzerklaerung/.

Use of address validation by Google Maps API

We use the address validation service of Google (Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland “Google”) on our website.

Among other things, the following information may be transmitted to and processed by Google: postal addresses (country, city, postcode, street, house number), email address, telephone number.

Your data may also be transferred to the USA. An adequacy decision by the EU Commission exists for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has thereby undertaken to comply with European data protection principles.

Further information on Google’s terms of use and data protection can be found at: https://cloud.google.com/maps-platform/terms and https://www.google.de/policies/privacy/.

Customer account / Orders

Customer account

When opening a customer account, we collect your personal data to the extent specified there. The data processing serves the purpose of improving your shopping experience and simplifying order processing. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You may withdraw your consent at any time by notifying us, without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal. Your customer account will then be deleted.

Collection, processing and disclosure of personal data for orders

When you place an order, we collect and process your personal data only insofar as this is necessary to fulfill and process your order and to process your inquiries. The provision of the data is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded. The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR and is necessary for the performance of a contract with you.

Your data is disclosed, for example, to shipping companies, dropshipping or fulfillment providers, payment service providers, service providers for order processing and IT service providers. In all cases, we strictly observe the legal requirements. The scope of data transmission is limited to a minimum.

Advertising

Use of the email address for sending newsletters

We use your email address to send information and offers by newsletter, provided you have expressly consented to this. The data processing serves exclusively the purpose of advertising communication. For this purpose, we process your email address and, where applicable, other data that you voluntarily provided when registering for our newsletter.

The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You may withdraw your consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

You can unsubscribe from the newsletter at any time by using the corresponding link in the newsletter or by notifying us. Your email address will then be removed from the distribution list. Despite removal from the distribution list, we may continue to store your email address in a so-called blacklist in order to prevent you from receiving newsletter emails from us in the future. This storage is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our and your legitimate interest in preventing the renewed use of your email address for sending our newsletter. You have the right, for reasons arising from your particular situation, to object at any time to this processing of personal data concerning you.

Use of the email address for sending direct advertising

We use your email address, which we received in connection with the sale of a product or service, for the electronic sending of advertising for our own goods or services that are similar to those you have already purchased from us, unless you have objected to this use. The provision of the email address is necessary for the conclusion of the contract. Failure to provide it will result in no contract being concluded. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in direct advertising. You may object to this use of your email address at any time by notifying us. The contact details for exercising the objection can be found in the legal notice. You may also use the link provided for this purpose in the advertising email. No costs other than transmission costs according to the basic rates will arise for this.

Use of the email address for availability notifications

We offer the service of product availability notification on our website. If an item is temporarily unavailable, you have the option to enter your email address for the respective item and be informed by us by email when it becomes available, provided you have consented to this. You will receive a one-time notification by email about the availability of the respective item when the goods are available. The processing is carried out on the basis of Art. 6 para. 1 lit. a GDPR with your consent. You may withdraw your consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal. You can unsubscribe from the availability notification at any time by notifying us. Your email address will then be removed from the distribution list.

Payment service providers

Use of the payment service provider Stripe

We use the Stripe payment service of Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, on our website. The data processing serves the purpose of being able to offer you payment via the payment service. By selecting and using Stripe, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

Stripe reserves the right, where applicable, to obtain credit information on the basis of mathematical-statistical procedures using credit agencies. For this purpose, Stripe transmits the personal data required for a credit check to a credit agency and uses the information received regarding the statistical probability of a payment default for a balanced decision on the establishment, implementation or termination of the contractual relationship. The credit information may include probability values, known as score values, which are calculated on the basis of scientifically recognized mathematical-statistical procedures and whose calculation includes, among other things, address data. Your legitimate interests are taken into account in accordance with statutory provisions. The data processing serves the purpose of credit assessment for the initiation of a contract. The processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in protection against payment default if Stripe makes advance payments.

You have the right, for reasons arising from your particular situation, to object at any time to this processing of personal data concerning you based on Art. 6 para. 1 lit. f GDPR by notifying Stripe. The provision of the data is necessary for the conclusion of the contract using the payment method requested by you. Failure to provide it will result in the contract not being concluded using the payment method selected by you.

All Stripe transactions are subject to Stripe’s privacy policy. You can find it at https://stripe.com/de/privacy

Use of the payment method Link

We use the Link payment service of Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland; “Stripe”) on our website.

The data processing serves the purpose of being able to offer you fast and simple payment via the payment service if you have a customer account with Link.

To integrate this payment service, it is necessary for Stripe to collect, store and analyze data when the website is accessed and when the payment service is used, for example IP address, device type, operating system, browser type, location of your device, language settings, date and time of page access. Cookies may also be used for this purpose, enabling your browser to be recognized.

The use of cookies or comparable technologies takes place with your consent on the basis of Section 25 para. 1 sentence 1 TDDDG in conjunction with Art. 6 para. 1 lit. a GDPR. The processing of your personal data takes place with your consent on the basis of Art. 6 para. 1 lit. a GDPR. You may withdraw your consent at any time, without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal.

By selecting and using Link, the data required for payment processing is transmitted to Stripe in order to fulfill the contract with you using the selected payment method. This processing is carried out for the performance of the contract concluded between you and us on the basis of Art. 6 para. 1 lit. b GDPR.

Further information on data processing when using the Link payment service can be found at https://link.co/de/privacy and https://link.co/de/privacy-center

Cookies

Our website uses cookies. Cookies are small text files that are stored in the internet browser or by the internet browser on a user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that enables the browser to be uniquely identified when the website is accessed again.

Cookies are stored on your computer. You therefore have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can be notified before cookies are set and decide individually whether to accept them, as well as prevent the storage of cookies and transmission of the data contained therein. Cookies that have already been stored can be deleted at any time. However, we point out that in this case you may not be able to use all functions of this website to their full extent.

Under the following links you can find information on how to manage, including deactivate, cookies in the most important browsers:

Chrome: https://support.google.com/accounts/answer/61416?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-lB6schen-63947406-40ac-c3b8-57b9-2a946a29ae09
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Technically necessary cookies

Unless otherwise stated below in this privacy policy, we use only these technically necessary cookies for the purpose of making our offering more user-friendly, effective and secure. Furthermore, cookies enable our systems to recognize your browser even after a page change and to offer you services. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized again even after a page change.

The use of cookies or comparable technologies takes place on the basis of Section 25 para. 2 TDDDG. The processing of your personal data is carried out on the basis of Art. 6 para. 1 lit. f GDPR due to our overriding legitimate interest in ensuring the optimal functionality of the website as well as a user-friendly and effective design of our offering.

You have the right, for reasons arising from your particular situation, to object at any time to this processing of personal data concerning you.

Use of the Shopify consent tool (Shopify Privacy & Compliance)

We use the consent tool “Shopify Privacy & Compliance” of Shopify International Ltd. (Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; "Shopify") on our website. Shopify is an affiliated company of Shopify Inc. (151 O’Connor Street, Ground Floor, Ottawa, Ontario, K2P 2L8, Canada).

The tool enables you to give consent to data processing via the website, in particular the setting of cookies, and to exercise your right to withdraw consent already given. The data processing serves the purpose of obtaining and documenting required consents to data processing and thereby complying with legal obligations. Cookies may be used for this purpose. User information, including your IP address, is collected and transmitted to Shopify.

The data processing is carried out to fulfill a legal obligation on the basis of Art. 6 para. 1 lit. c GDPR.

Further information on data protection at Shopify can be found at https://www.shopify.com/de/legal/datenschutz.

Communication

Use of the Crisp live chat system

We use the live chat system of Crisp IM SARL (2 Boulevard de Launay, 44100 Nantes, France; “Crisp”) on our website within the scope of order processing.

The data processing serves the purpose of direct and efficient communication between you and us as provider. To operate the live chat system, cookies are used that enable the browser to be recognized. Among other things, the following information may be processed and, where applicable, transmitted to Crisp: IP address and other personal data provided by you when using the chat system.

Further information on data processing by Crisp can be found at: https://crisp.chat/de/privacy/

Plug-ins and other services

Use of Google Maps

We use the function for embedding Google Maps maps of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland, "Google") on our website.

The function enables the visual display of geographical information and interactive maps. When pages in which Google Maps maps are embedded are accessed, Google also collects, processes and uses data from visitors to the websites.

Further information on the collection and use of data by Google can be found in Google’s privacy policy at https://www.google.com/privacypolicy.html. There, in the privacy center, you also have the option to change your settings so that you can manage and protect your data processed by Google.

Use of OpenStreetMap

We use the open-source mapping service of the OpenStreetMap Foundation (St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom; “OpenStreetMap”) on our website. The data processing serves the purpose of visually displaying geographical information and maps in order to show you our location.

Cookies may be used in this process. Among other things, the following information may be collected and processed: date and time of access, IP address, and information about the browser and device used by you. This information is assigned to your personal user account if you have a user account with OpenStreetMap and are logged in there when visiting the website. In this case, the following additional information, among other things, is collected and processed: user ID, email address associated with the user account, and content blocked by the user.

Your data may also be transferred outside the EU to the United Kingdom. An adequacy decision by the EU Commission exists for the United Kingdom.

Further information on data processing and data protection can be found at https://wiki.osmfoundation.org/wiki/Privacy_Policy?tid=331640695983.

Use of Google Fonts

We use Google Fonts of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; “Google”) on our website.

The data processing serves the purpose of uniformly displaying fonts on our website. To load the fonts, a connection to Google servers is established when the page is accessed. Cookies may be used in this process. Among other things, your IP address and information about the browser used by you are processed and transmitted to Google. This data is not linked to your Google account.

Your data may be transferred to the USA. An adequacy decision by the EU Commission exists for the USA, the Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself under the TADPF and has thereby undertaken to comply with European data protection principles.

Further information on data processing and data protection can be found at https://www.google.de/intl/de/policies/ and https://developers.google.com/fonts/faq.

Rights of data subjects and storage period

Storage period

After full completion of the contract, the data will initially be stored for the duration of the warranty period, then taking into account statutory retention periods, in particular tax and commercial law retention periods, and then deleted after expiry of the period, unless you have consented to further processing and use.

Rights of the data subject

If the legal requirements are met, you have the following rights under Art. 15 to 20 GDPR: right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability.

In addition, under Art. 21 para. 1 GDPR, you have the right to object to processing based on Art. 6 para. 1 lit. f GDPR, as well as to processing for the purpose of direct advertising.

Right to lodge a complaint with the supervisory authority

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data is not lawful.

Right to object

If the personal data processing listed here is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, for reasons arising from your particular situation, to object to this processing at any time with effect for the future.

After an objection has been made, the processing of the data concerned will be terminated unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims.

If personal data processing is carried out for the purposes of direct advertising, you may object to this processing at any time by notifying us. After an objection has been made, we will terminate the processing of the data concerned for the purpose of direct advertising.

Item added to your cart