The following information is required under
European Union (EU) and national law.
We collect, use and store your personal data exclusively in the context of European and national data protection law. In the following, we will inform you about the nature, scope and purpose of the data collection and use in the context of our online offering.
Please refer to our legal notice in the top right-hand corner of this page.
Data protection officer
The contact details for our data protection officer can also be found in the legal notice in the top right-hand corner of this page.
Types of processed data
In order to conveniently make our online offering available to you, our customers, interested parties, suppliers, visitors and users, we process personal data. This includes, for example: Names, addresses, contact details (e-mail, phone numbers); entries made by you (texts, photographs, videos); the logging of websites visited; interests in content; access times; and device information, IP addresses, etc.
No special categories of data are processed as defined by Art. 9 (1) of the GDPR.
In accordance with Art. 13 of the GDPR, we explain the legal basis of our data processing here. Firstly, our online offering is based on contractual or pre-contractual measures as well as the answering of inquiries. In this case, the legal basis of Art. 6 (1) (b) of the GDPR is to be set aside. Insofar as we are forced to process data in the context of legal obligations, this is based on Art. 6 (1) (c) of the GDPR. With regard to the protection of our legitimate interests, data processing is based on Art. 6 (1) (f) of the GDPR. If none of the above-mentioned legal bases are relevant, we will carry out the processing if there is consent (Art. 6  [a] and Art. 7 of the GDPR).
In the networked world of today, unauthorized access to personal information is a reality that individuals and businesses face every day. Without question, this is a major challenge.
Since data privacy is a top priority for us, we invest in the security of our systems and constantly monitor them. Because when you use our online offering on firstname.lastname@example.org, you are trusting us with your personal information. The security of this information is important to us.
Therefore – taking into account the state of the art; the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of individuals – we have enacted technical and organizational measures that provide protection against attacks, the misuse, loss and incorrect changes of personal data, as well as exclude access by unauthorized third parties (Art. 32 of the GDPR). Among other things, these measures should be aimed at preserving the confidentiality, integrity and availability of data by controlling physical access and digital access, input, disclosure, securing of availability and data separation. In addition, our company has procedures in place to regulate data subject rights, deletion of data and reaction to the threats to data, etc. Ultimately, we will (as per Art. 25 of the GDPR) strive for the protection of personal data as early as during the development and/or acquisition phase of new hardware and software as well as during the introduction of new procedures, according to the principles of data protection by design of technology (Privacy by Design) and by privacy-friendly default settings (Privacy by Default).
These security measures include, for example, the encrypted transmission of data between your browser and our server. When you place an order, for example, your personal data will be transmitted to us. In order to prevent this data from falling into the wrong hands, we encrypt it with SSL. This is a proven and secure data transfer method on the Internet. Based on our legitimate interest (Art. 6  [f] of the GDPR), we use server log files to analyze and correct disruptions to the availability of our online shop. We also exclusively guarantee access to sensitive data to authorized persons for the above purposes.
Cooperation with contract processors and third parties
If we make use of other persons and companies (contract processors or third parties) during the processing of the data, there is also one of the above-mentioned legal bases for this procedure. The processing of data with these cooperative partners is based on what is known as an “order processing contract”; see Art. 28 of the GDPR.
Data transmission to “third” countries
If data is processed in a “third” country (i.e. outside the European Union [EU] or the European Economic Area [EEA]), this will only be done if it can be justified by one of the above-mentioned legal bases. The data is processed only within the framework of the provisions of Art. 44 et seq. of the GDPR. This means that processing will only be carried out on the basis of specific guarantees, such as an officially recognized level of EU-compliant data protection (e.g. through the « Privacy Shield” for the USA) or compliance with officially recognized special contractual obligations (what are known as « standard contractual clauses”).
Purpose of processing, collecting, processing and using data
Our intention is to make this online offering, content and features accessible to you. In addition, we would like to provide contractual and pre-contractual services as well as offer various services and maintain our contact with our business partners and prospects.
We answer your contact requests via our online offering and process our communications with you.
Last but not least, there is also data processing for marketing purposes, advertising and market research and as a security measure to protect our website. For internal statistical or system-related purposes, therefore, every instance of access to our website as well as every retrieval of a file made available on this website is logged (in what are known as “server log files”).
This record will include the name of the retrieved file, the date and time of the retrieval, the amount of data transferred, the successful retrieval message, web browser type/version, user’s operating system, referrer URL (previously visited page) and requesting domain, and the IP addresses of the requesting computer. Any further personal data will only be recorded if you voluntarily provide us with information on our website, for example when contacting us via our contact form or by e-mail, during registration, when concluding a contract, when making a request or when using the settings of your browser. The data will be used for any future warranty rights, for our services, for ensuring proper bookkeeping and for administrative purposes and for our own marketing purposes. For reasons of precaution, it will also be stored – for example – for the investigation of abuse or fraud for a maximum of seven days and then deleted. Further storage of the data for use as evidence remains unaffected.
When you contact us via contact form or e-mail, your concerns will be processed on the basis of Art. 6 (1) (b) of the GDPR. We reserve the right to store your data in our Customer Relationship Management System (« CRM System ») or a similar system.
If the requests have been processed and no further storage is required, they will be deleted. We check whether this is necessary every two years. For customers with customer accounts, we can also permanently save the data upon request. In the case of legal archiving obligations, the data is deleted after the legally prescribed retention periods.
We use Google Analytics on our websites. This is a service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA, 94043, USA (« Google »). We decided to use this service due to our legitimate interest in the analysis, improvement and economic operation of our Internet presence, based on Art. 6 (1) (f) of the GDPR.
However, in the case of the activation of IP anonymization on our websites, your IP address will be truncated beforehand by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
The full IP address may occasionally be transferred to a Google server in the United States and truncated there. Google uses this information on our behalf to evaluate your usage on our site, to report on activity on our website, and to provide other services related to website activity and Internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google information.
Again, you can prevent the storage of cookies by changing the appropriate settings of your browser software. In that case, however, you may not be able to fully use all features of our websites. With the installation of a browser plug-in that you can download at this link https://tools.google.com/dlpage/gaoptout?hl=en, you have the option of preventing the data created by the cookie related to your use of the website (including your IP address) from being processed by Google.
Links to other websites
Data subject rights
As a data subject, you are entitled to the right to information. Thereafter, you can request a confirmation as to whether and which data about you are processed by us (Art. 15 of the GDPR).
According to Art. 16 of the GDPR, you may request the completion of the data concerning you or the correction of any incorrect data concerning you.
You can demand the immediate deletion of your data under the conditions of Art. 17 of the GDPR. Alternatively (Art. 18 of the GDPR), it is possible to request the restrictionof the processing of the data.
The deletion takes place as soon as the data are no longer necessary for the intended purpose and no further statutory storage requirements contradict it. Otherwise, processing is restricted; in other words, the data is locked and not processed. Data that must be kept for commercial or tax reasons fall under this category.
There is a possibility that we provide you with your data on request in accordance with Art. 20 of the GDPR and/or transfer your data to another responsible party. Furthermore, you have (in accordance with Art. 77 of the GDPR) the right to file a complaint with the competent supervisory authority.
In accordance with Art. 7 (3) of the GDPR, you can withdraw consent previously given to us with effect for the future.
Right of objection
You can object to the future processing of data concerning you at any time in accordance with Art. 21 of the GDPR. The objection may, in particular, be made against processing for direct advertising purposes.
You are welcome to contact us using the contact details above regarding any of the above concerns.
Last updated: 04/2019
Integration of services and third-party content
GP Lux S.à r.l.
1, Chemin vert
Governmental authorization No. 122656
Phone: +352 27 48 23
Website edited by :
GP Lux S.à r.l.
1, Chemin vert