PRIVACY POLICY
Because We Care
Date 25.01.2019
​
1. PRIVACY AT GLANCE
General information
The following notes give a clean overview of what happens to your personal information when you visit LUMA's website. Personal data is any data that personally identifies you. Detailed information on data protection can be found here in our Privacy Policy.
Personal data (usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.*
​
Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.*
​
The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimise our website and improve the user experience which may result in said third parties also processing data they collect and control.*
-
Data collection on our website.
-
Who is responsible for the data collection on this website?
-
The data processing on this website is carried out by the website operator. Its contact details can be found in the imprint of this website.
-
How do we collect your data?
Your data will be collected on the one hand, that you tell us. This may be e.g. to trade data that you enter in a contact form.
Other data is collected automatically when visiting the website through our IT systems. These are above all technical data (for example Internet browser, operating system or time of the page call). The collection of this information is automatic as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure a flawless provision of the website. Other data can be used to analyse your user behaviour.
What rights do you have regarding your data?
At any time you have the right to obtain free information about the origin, recipient and purpose of your stored personal data. You also have a right to request the correction, blocking or deletion of this data. For this purpose, as well as for further questions about data protection you can contact us at any time at the address given in the imprint. Furthermore, you have a right of appeal to the competent supervisory authority.
In addition, you have the right to request the restriction of the processing of your personal data in certain circumstances. Details can be found in the privacy policy under "Right to restriction of processing".
Analysis tools and third-party tools
When visiting our website, your surfing behaviour can be statistically evaluated. This happens with cookies and analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.
We will inform you about the possibilities of objection in this privacy policy.
Overview: The rights of users and data subjects:*
With regard to the data processing to be described in more detail below, users and data subjects have the right:
-
To confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);
-
To correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);
-
To the immediate deletion of data concerning them (cf. also Art. 17 GDPR), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;
-
To receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);
-
To file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).
​
2. GENERAL INFORMATION AND MANDATORY INFORMATION
Data protection:
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
If you use this website, various personal data will be collected, whereas personal information is information that personally identifies you. This Privacy Policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that data transmission over the Internet (for example, when communicating by e-mail) may have security vulnerabilities. A complete protection of the data from access by third parties is not possible.
Note to the responsible body:
The responsible data processing company on this website is:
LUMA, Marcus Lukic-Walther
Malmöer Str. 17
10439 Berlin
Telephone: 01741619252
E-Mail: hello@luma.style
Data Protection Officer at the provider is:
Marcus Lukic-Walther
Malmöer Str. 17
10437 Berlin
Telephone: 01741619252
E-Mail: hello@luma.style
Responsible entity is the natural or legal person who, alone or in partnership with others, decides on the purposes and means of processing personal data (such as names, e-mail addresses, etc.).
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can revoke an already given consent at any time. An informal message by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to object to data collection in special cases and direct email (Article 21 GDPR)
If the data processing on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right at any time to object to the processing of your personal data for reasons that arise from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which the processing is based can be found in this Privacy Policy. If you object, we will cease processing your personal data unless we can provide evidence of compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or processing for the purpose of enforcing, pursuing or defending legal claims (Objection according to Art. 21 para. (1) GDPR).
If your personal data is processed to operate direct email, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct email. If you object, your personal data will then no longer be used for the purpose of direct advertising (objection under Art. 21 (2) GDPR).
Right of appeal to the competent supervisory authority
In the case of violations of the GDPR, the persons concerned have a right of appeal to a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement. The right of appeal is without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to have data that we process on the basis of your consent or in fulfilment of a contract automatically, in itself or to a third party in a standard, machine-readable format. If you require the direct transfer of the data to another person in charge, this will only be done to the extent technically feasible.
Information, blocking, deletion and correction
Within the scope of the applicable legal provisions, you have the right at any time to provide free information about your stored personal data, their origin and recipient and the purpose of the data processing and, if necessary, a right to correct, block or delete this data. For further information on personal data, please contact us at any time at the address given in the imprint.
Right to restriction of processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the Imprint. The right to restrict processing exists in the following cases:
If you deny the accuracy of your personal information stored with us, we usually need time to verify this. For the duration of the audit you have the right to request the restriction of the processing of your personal data. If the processing of your personal data is unlawful, you may request the restriction of data processing instead of deletion.
If we no longer need your personal information, but you need it to accomplish, defend or apply legal claims, you have the right to request that your personal information be restricted instead of being deleted.
If you have filed an objection under Art. 21 (1) GDPR, a balance must be made between your interests and ours. As long as it is not clear whose interests prevail, you have the right to demand the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for important public interest the European Union or a Member State.
3. DATA COLLECTION ON LUMA WEBSITE
Cookies*
​
a) Session cookies
We use cookies on our website. Cookies are small text files or other storage technologies stored on your computer by your browser. These cookies process certain specific information about you, such as your browser, location data, or IP address. This processing makes our website more user-friendly, efficient, and secure, allowing us, for example, to display our website in different languages or to offer a shopping cart function. The legal basis for such processing is Art. 6 Para. 1 lit. b) GDPR, insofar as these cookies are used to collect data to initiate or process contractual relationships. If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is then Art. 6 Para. 1 lit. f) GDPR. When you close your browser, these session cookies are deleted.
​
b) Third-party cookies
If necessary, our website may also use cookies from companies with whom we cooperate for the purpose of advertising, analysing, or improving the features of our website. Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.
​
c) Disabling cookies
You can refuse the use of cookies by changing the settings on your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support. Browser settings cannot prevent so-called flash cookies from being set. Instead, you will need to change the setting of your Flash player. The steps and measures required for this also depend on the Flash player you are using. If you have any questions, please use the help function or consult the documentation for your Flash player or contact its maker for support. If you prevent or restrict the installation of cookies, not all of the functions on our site may be fully usable.
​
Server log files*
For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.
-
The data thus collected will be temporarily stored, but not in association with any other of your data
-
The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website
-
The data will be deleted within no more than seven days, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved
Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent.
The processing of the data entered into the contact form takes place exclusively on the basis of your consent (Art. 6 (1) lit. GDPR). You can revoke this consent at any time. An informal message by email to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
The information you provide in the contact form will remain with us until you ask us to delete it, revoke your consent to storage, or lose the data storage purpose (for example, after your request has been processed). Mandatory statutory provisions - especially retention periods - remain unaffected.
Inquiry by e-mail or telephone
If you contact us by e-+mail or telephone, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We will not share this information without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the performance of a contract or is required to carry out pre-contractual action. In all other cases, the processing is based on your consent (Article 6 (1) GDPR) and / or on our legitimate interests (Article 6 (1) lit. (f) GDPR), since we have a legitimate interest in the effective processing of requests addressed to us.
The data sent by you to us via contact requests remains with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage is omitted (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
4. SOCIAL MEDIA
Instagram plug-in
Functions of the service of Instagram are integrated on our sides. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, United States. If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit of our pages with your user account. We point out that we as the provider of the pages do not receive any knowledge of the content of the transmitted data and their use by Instagram.
The use of the Instagram plug-in is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in the social media. For more information, see the privacy policy of Instagram (LINK).
Pinterest plug-in
On our site, we use social plug-ins from the Pinterest social network operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA ("Pinterest"). When you visit a page that contains such a plug-in, your browser connects directly to the Pinterest servers. The plug-in transmits log data to the Pinterest server in the USA. This log data may include your IP address, the address of the websites visited, which also includes Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies. The use of the Pinterest plug-in is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the widest possible visibility in the social media. For more information on the purpose, scope and further processing and use of the data by Pinterest and your rights and ways to protect your privacy, see the privacy policy of Pinterest (LINK).
5. ANALYSIS TOOLS AND ADVERTISING
​
Google Analytics*
​
We use Google Analytics on our website. This is a web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). Through certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participantid=a2zt000000001L5AAI&status=Active. Google guarantees that it will follow the EU's data protection regulations when processing data in the United States. The Google Analytics service is used to analyse how our website is used. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimisation, and economic operation of our site. Usage and user-related information, such as IP address, place, time, or frequency of your visits to our website will be transmitted to a Google server in the United States and stored there. However, we use Google Analytics with the so-called anonymisation function, whereby Google truncates the IP address within the EU or the EEA before it is transmitted to the US. The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. This data can also be used to provide other services related to the use of our website and of the internet in general. Google states that it will not connect your IP address to other data. In addition, Google provides further information with regard to its data protection practices at https://www.google.com/intl/de/policies/privacy/partners, including options you can exercise to prevent such use of your data. In addition, Google offers an opt-out add-on at https://tools.google.com/dlpage/gaoptout?hl=en in addition with further information. This add-on can be installed on the most popular browsers and offers you further control over the data that Google collects when you visit our website. The add-on informs Google Analytics' JavaScript (ga.js) that no information about the website visit should be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services we may use as detailed herein.
Hotjar web analytics*
​
We use Hotjar on our website. This is a web analytics service provided by Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe, hereinafter referred to as "Hotjar". Hotjar is used to analyse how our website is used. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimisation, and economic operation of our site. Hotjar allows us to monitor your usage behaviour on our website, such as logging and evaluating your mouse movements or mouse clicks. However, your visit to our website will be anonymised. In addition, information about your operating system, your internet browser, incoming or outgoing links, the geographical origin of your access, and the type and resolution of the device you are using are evaluated by Hotjar and processed for statistical purposes. Hotjar can also obtain direct feedback from you. Hotjar offers further information about its data protection practices at https://www.hotjar.com/privacy. In addition, you have the option of terminating the analysis of your usage behaviour by opting out. By confirming the link https://www.hotjar.com/opt-out a cookie is stored on your device via your browser to prevent any further analysis. Please note, however, that you must click the above link again if you delete the cookies stored on your end device. Model Data Protection Statement for Anwaltskanzlei Weiß & Partner.
​
Google AdWords with Conversion Tracking*
​
Our website uses Google AdWords and conversion tracking. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 (hereinafter: Google). Through certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Google guarantees that it will follow the EU's data protection regulations when processing data in the United States. We use conversion tracking to provide targeted promotion of our site. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the analysis, optimisation, and economic operation of our site. If you click on an ad placed by Google, the conversion tracking we use stores a cookie on your device. These so-called conversion cookies expire after 30 days and do not otherwise identify you personally. If the cookie is still valid and you visit a specific page of our website, both we and Google can evaluate that you clicked on one of our ads placed on Google and that you were then forwarded to our website. The data collected in this way is in turn used by Google to provide us with an evaluation of visits to our website and what visitors do once there. In addition, we receive information about the number of users who clicked on our advertisement(s) as well as about the pages on our site that are subsequently visited. Neither we nor third parties who also use Google AdWords will be able to identify you from this conversion tracking. You can also prevent or restrict the installation of cookies by making the appropriate settings in your browser. Likewise, you can use the browser to delete cookies that have already been stored. However, the steps and measures required vary, depending on the browser you use. If you have any questions, please use the help function or consult the documentation for your browser or contact its maker for support.
In addition, Google provides further information with regard to its data protection practices at
in particular information on how you can prevent the use of your data.
6. PAYMENT PROVIDER
Payments are processed through the following payment service providers:
​
According to Art. 6 para. 1 lit. b GDPR, the communicated information of the user as well as information about the order are passed on to the selected payment service provider for the ordering process. This transmission of data is solely for the payment processing with the payment service. When using the payment services of third parties (PayPal or Stripe), the terms and conditions and the privacy notices of the respective third party providers apply, which are available within the respective websites or transaction applications. In addition, the privacy policy of the payment service providers are each directly linked or separately accessible via the LINKS above.
​
7. ORDER PROCESSING*
The data you submit when ordering goods and/or services from us will have to be processed in order to fulfil your order. Please note that orders cannot be processed without providing this data. The legal basis for this processing is Art. 6 Para. 1 lit. b) GDPR. After your order has been completed, your personal data will be deleted, but only after the retention periods required by tax and commercial law. In order to process your order, we will share your data with the shipping company responsible for delivery to the extent required to deliver your order and/or with the payment service provider to the extent required to process your payment. The legal basis for the transfer of this data is Art. 6 Para. 1 lit. b) GDPR.
​
8. NEWSLETTER*
​
Newsletter Data
​
If you register for our free newsletter, the data requested from you for this purpose, i.e. your email address and, optionally, your name and address, will be sent to us. We also store the IP address of your computer and the date and time of your registration. During the registration process, we will obtain your consent to receive this newsletter and the type of content it will offer, with reference made to this privacy policy. The data collected will be used exclusively to send the newsletter and will not be passed on to third parties. The legal basis for this is Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent or click on the unsubscribe link contained in each newsletter.
Newsletter via WhatsApp*
​
You can also receive our free newsletter via the instant messaging service WhatsApp. WhatsApp is a service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of WhatsApp Inc, 1601 Willow Road, Menlo Park, California 94025, USA, both hereinafter referred to as "WhatsApp". Some of the user data is processed on WhatsApp servers in the USA, which is certified according to the EU-US Privacy Shield. https://www.privacyshield.gov/participant?id=a2zt0000000TSnwAAG&status=Active WhatsApp guarantees that it will follow the EU's data protection regulations when processing data in the United States. In addition, WhatApp offers further information about its data protection practices at https://www.whatsapp.com/legal/#privacy-policy To receive our newsletter via WhatsApp, you need a WhatsApp account. Details of what information WhatsApp collects when you register can be found in WhatsApp's privacy policy. If you then subscribe to our WhatsApp newsletter, the mobile number you entered during the subscription process will be processed by WhatsApp. In addition, your IP address and the date and time of your registration will be saved. During the registration process, your consent to receive this newsletter will be obtained together with a concrete description of the type of content it will offer and reference made to this privacy policy. The legal basis for sending the newsletter and the analysis is Art. 6 Para. 1 lit. a) GDPR. You may revoke your prior consent to receive this newsletter under Art. 7 Para. 3 GDPR with future effect. All you have to do is inform us that you are revoking your consent. You can also block newsletter delivery by changing the settings in the WhatsApp software on your device.
​
Sources:
-
Paragraphs marked „*“: Model Data Protection Statement for Anwaltskanzlei Weiß & Partner