data protection

Privacy Policy

1) Introduction and contact details of the controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Hamzah B., Koloniestraße 12, 1210 Vienna, Austria, E-mail: support@lunexxa.com. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data collection when visiting our website

2.1 When using our website for informational purposes only, i.e., if you do not register or otherwise transmit information to us, we only collect data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time of access
Amount of data sent in bytes
Source/referrer from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

Processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on our legitimate interest in improving the stability and functionality of our website. Data will not be passed on or used in any other way. However, we reserve the right to retrospectively check the server log files if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

Shopify

We use the system of the following provider for hosting our website and displaying page content: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

When data is transferred to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for a longer period and allow storing page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the cookie settings overview of your web browser.

If personal data is processed by individual cookies used by us, the processing takes place either in accordance with Art. 6 para. 1 lit. b GDPR for the execution of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of a given consent, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or generally.

Please note that if cookies are not accepted, the functionality of our website may be limited.

5) Contacting us

When you contact us (e.g., via contact form or e-mail), personal data is processed - exclusively for the purpose of processing and responding to your request and only to the extent necessary for this purpose.

The legal basis for the processing of this data is our legitimate interest in responding to your request in accordance with Art. 6 Para. 1 lit. f GDPR. If your contact aims at concluding a contract, the additional legal basis for the processing is Art. 6 Para. 1 lit. b GDPR. Your data will be deleted when it can be inferred from the circumstances that the matter concerned has been conclusively clarified and provided that there are no legal retention obligations to the contrary.

6) Comment Function

As part of the comment function on this website, in addition to your comment, information about the time the comment was created and the commentator name you chose will be stored and published on this website. Furthermore, your IP address will be logged and stored. This storage of the IP address is for security reasons and in case the person concerned violates the rights of third parties or posts illegal content with a comment. We need your e-mail address to contact you if a third party complains about your published content as illegal.

Legal bases for storing your data are Art. 6 Para. 1 lit. b and f GDPR. We reserve the right to delete comments if they are complained about by third parties as illegal.

7) Use of customer data for direct marketing

7.1 Subscription to our e-mail newsletter

If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address. The provision of further data is voluntary and is used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you only receive the newsletter when you have expressly confirmed your consent to receive the newsletter by activating a verification link sent to the e-mail address provided.

By activating the confirmation link, you give us your consent to the use of your personal data in accordance with Art. 6 Para. 1 lit. a GDPR. In doing so, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace a possible misuse of your e-mail address at a later date. The data collected by us when subscribing to the newsletter will be used strictly for this purpose.

You can unsubscribe from the newsletter at any time via the designated link in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your e-mail address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this statement.

7.2 Klaviyo

Our e-mail newsletters are sent via the following provider: Klaviyo, Inc., 125 Summer St., Ste 600, Boston, MA 02110, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on your data provided during newsletter registration to this provider in accordance with Art. 6 Para. 1 lit. f GDPR, so that they can take over the newsletter dispatch on our behalf.

Subject to your express consent in accordance with Art. 6 Para. 1 lit. a GDPR, the provider also carries out a statistical success evaluation of newsletter campaigns using web beacons or tracking pixels in the sent e-mails, which can measure opening rates and specific interactions with the contents of the newsletter. Device information (e.g., time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider, which protects the data of our site visitors and prohibits disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection based on an adequacy decision of the European Commission.

8) Data processing for order fulfillment

8.1 Transmission of image files for order processing via upload function

On our website, we offer customers the option to commission the personalization of products by submitting image files via an upload function. The submitted image motif is then used as a template for the personalization of the selected product.

Via the upload form on the website, the customer can directly transmit one or more image files from the storage of the end device used to us via automated, encrypted data transmission. We then collect, store, and use the transmitted files exclusively for the production of the personalized product in accordance with the respective service description on our website. If the transmitted image files are passed on to special service providers for the production and processing of the order, you will be explicitly informed about this in the following paragraphs. No further disclosure takes place. If the transmitted files or the digital motifs contain personal data (in particular images of identifiable persons), all the aforementioned processing operations are carried out exclusively for the purpose of processing your online order in accordance with Art. 6 Para. 1 lit. b GDPR.

After the order has been finally processed, the transmitted image files are automatically and completely deleted.

8.2 Insofar as required for contract fulfillment for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6 Para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products based on a corresponding contract, we process the contact data you provided during the order (name, address, email address) to inform you personally about upcoming updates within the legally stipulated period in accordance with Art. 6 Para. 1 lit. c GDPR via a suitable communication channel (e.g., by post or email). Your contact data will be used strictly for communications about updates owed by us and will only be processed by us for this purpose to the extent necessary for the respective information.

To process your order, we also cooperate with the following service provider(s), who support us wholly or partly in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

8.3 To fulfill our contractual obligations to our customers, we work with external shipping partners. We pass on your name and delivery address and, if necessary for delivery, your telephone number, exclusively for the purpose of goods delivery in accordance with Art. 6 Para. 1 lit. b GDPR to a shipping partner selected by us.

8.4 Use of Payment Service Providers

- Amazon Pay

One or more online payment methods from the following provider are available on this website: Amazon Payments Europe s.c.a., 38 avenue J.F. Kennedy, L-1855 Luxembourg

If you select a payment method from the provider where you make an advance payment (e.g., credit card payment), your payment data communicated during the order process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be passed on to them in accordance with Art. 6 Para. 1 lit. b GDPR. The transfer of your data in this case is exclusively for the purpose of payment processing with the provider and only to the extent necessary for this.
- Google Pay

If you choose the "Google Pay" payment method from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing takes place via the "Google Pay" application on your mobile device running at least Android 4.4 ("KitKat") and equipped with an NFC function, by charging a payment card stored with Google Pay or a verified payment system there (e.g., PayPal). To authorize a payment via Google Pay exceeding €25, your mobile device must first be unlocked using the verification method set up (e.g., face recognition, password, fingerprint or pattern).

For the purpose of payment processing, the information you provided during the ordering process, along with information about your order, will be passed on to Google. Google will then transmit your payment information stored in Google Pay in the form of a unique transaction number to the originating website, which verifies a successful payment. This transaction number contains no information about the real payment data of your payment methods stored with Google Pay, but is created and transmitted as a uniquely valid numerical token. For all transactions via Google Pay, Google acts only as an intermediary for processing the payment. The transaction is carried out exclusively between the user and the originating website by debiting the payment method stored with Google Pay.

If personal data is processed during the described transfers, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 Para. 1 lit. b GDPR.

Google reserves the right to collect, store and evaluate certain transaction-specific information for every transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the purchased goods or services provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.

According to Google, this processing takes place exclusively in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data and the optimization and maintenance of the Google Pay service.

Google also reserves the right to merge the processed transaction data with other information collected and stored by Google when using other Google services.

The Google Pay terms of use can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=de
Further information on data protection at Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
- Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you select a payment method where the provider makes an advance payment (e.g., invoice or installment purchase or direct debit), you will also be asked to provide certain personal data (first and last name, street, house number, postcode, city, date of birth, e-mail address, telephone number, possibly data for an alternative payment method) during the ordering process.

To safeguard our legitimate interest in assessing the creditworthiness of our customers, we forward this data to the provider in accordance with Art. 6 Para. 1 lit. f GDPR for the purpose of a credit check. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experience), the provider checks whether the payment option you selected can be granted with regard to payment and/or default risks.

To make a decision within the scope of the application review, in addition to internal provider criteria, identity and creditworthiness information from the following credit agencies may be included in accordance with Art. 6 Para. 1 lit. f GDPR:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/de_de/credit_rating_agencies

The credit report may contain probability values (so-called score values). Insofar as score values are included in the credit report, they are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values includes, but is not limited to, address data.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for the contractual payment processing.
- Paypal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider where you pay in advance, your payment data (including name, address, bank and payment card information, currency, and transaction number) communicated during the ordering process, as well as information about the content of your order, will be transmitted to the provider in accordance with Art. 6 para. 1 lit. b GDPR. The transmission of your data in this case is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you choose a payment method where we make an advance payment, you will also be asked to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable, data for an alternative payment method) during the ordering process.

In such cases, to safeguard our legitimate interest in determining your creditworthiness, we transmit this data to the provider for a credit check in accordance with Art. 6 Para. 1 lit. f GDPR. Based on the personal data you provide and other data (such as shopping cart, invoice amount, order history, payment experiences), the provider checks whether the payment option you have selected can be granted in view of payment and/or default risks.

One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

If you select a payment method from the provider where you pay in advance (e.g., credit card payment), your payment data (including name, address, bank and payment card information, currency, and transaction number) provided during the ordering process, as well as information about the content of your order, will be transmitted to the provider in accordance with Art. 6 para. 1 lit. b GDPR. The transmission of your data in this case is solely for the purpose of payment processing with the provider and only to the extent necessary for this purpose.
- SOFORT

One or more online payment methods from the following provider are available on this website: SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany

9) Retargeting/Remarketing and Conversion Tracking

Google Ads Remarketing

This website uses retargeting technology from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

For this purpose, Google sets a cookie in the browser of your end device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit. Further data processing only takes place if you have agreed with Google that your internet and app browser history will be linked to your Google account and information from your Google account will be used to personalize advertisements that you view on the web. If you are logged in to Google during your visit to our website in this case, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked by Google with Google Analytics data to form target groups. In the context of using Google Ads Remarketing, personal data may also be transmitted to the servers of Google LLC in the USA.

All the processing described above, in particular the setting of cookies for reading out information on the end device used, will only be carried out if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR. Without this consent, retargeting technology will not be used during your visit to the site.

You can revoke your given consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service in the "Cookie Consent Tool" provided on the website.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which, based on an adequacy decision by the European Commission, ensures compliance with the European level of data protection.

Details on the processing initiated by Google and how Google handles data from websites can be found here: https://policies.google.com/technologies/partner-sites

Further information on Google's privacy policy can be found here: https://business.safety.google/intl/de/privacy/ and https://www.google.de/policies/privacy/

10) Page functionalities

Endereco

To enable real-time verification of certain inputs in the address form of our webshop's ordering process for input errors, we use the services of the following provider: Endereco UG, Balthasar-Neumann-Straße 4b, 97236 Randersacker, Germany

The provider validates the entered address, verifies the spelling, and adds any missing data. In the case of ambiguous addresses, correct alternative suggestions are displayed. For this purpose, the address data you entered is transmitted to the provider, stored and evaluated there.

This processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in the proper collection of the correct address data of the customer for the conscientious fulfillment of our contractual delivery obligations and to prevent problems with contract execution.

The provider processes the affected data separately and does not combine it with other data sets, and deletes it as soon as its status or correctness has been confirmed, but at the latest after 30 days.

11) Rights of the data subject

11.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) against the controller with regard to the processing of your personal data, whereby reference is made to the legal basis cited for the respective exercise requirements:

Right of access according to Art. 15 GDPR;
Right to rectification according to Art. 16 GDPR;
Right to erasure according to Art. 17 GDPR;
Right to restriction of processing according to Art. 18 GDPR;
Right to notification according to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
Right to withdraw given consents according to Art. 7 para. 3 GDPR;
Right to lodge a complaint according to Art. 77 GDPR.

11.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE YOUR RIGHT TO OBJECT AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

12) Duration of storage of personal data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing, and - if applicable - additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data on the basis of an explicit consent according to Art. 6 Para. 1 lit. a GDPR, the data concerned will be stored until you revoke your consent.

If there are statutory retention periods for data that are processed within the scope of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after the retention periods have expired, provided they are no longer necessary for the fulfillment or initiation of the contract and/or there is no legitimate interest on our part in continued storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, these data are stored until you exercise your right to object according to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

When personal data is processed for direct marketing purposes on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object pursuant to Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this declaration on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Your cart is empty

Cart• 0 items