Privacy Policy
1. Introduction
This Privacy Policy applies to Lupine Lighting Systems GmbH ("Lupine Lighting Systems",
"our", "us" or "we"). We take the processing of your personal data seriously and comply
with the applicable data protection legislation, in particular the General Data Protection
Regulation (Regulation EU 2016/679, "GDPR"), the German Federal Data Protection Act
(Bundesdatenschutzgesetz – BDSG), and the German Telecommunications and Telemedia
Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz – TTDSG).
This Privacy Policy provides information on the type, scope, and purpose of the collection
and use of personal data when visiting our websites https://www.lupine.de
and https://www.lupine-shop.com ("Web Presence").
"our", "us" or "we"). We take the processing of your personal data seriously and comply
with the applicable data protection legislation, in particular the General Data Protection
Regulation (Regulation EU 2016/679, "GDPR"), the German Federal Data Protection Act
(Bundesdatenschutzgesetz – BDSG), and the German Telecommunications and Telemedia
Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz – TTDSG).
This Privacy Policy provides information on the type, scope, and purpose of the collection
and use of personal data when visiting our websites https://www.lupine.de
and https://www.lupine-shop.com ("Web Presence").
2. Controller
Lupine Lighting Systems GmbH
Im Zwiesel 9
92318 Neumarkt
Germany
Email: info@lupine.de
Im Zwiesel 9
92318 Neumarkt
Germany
Email: info@lupine.de
3. Categories of Personal Data Processed
We may process the following categories of personal data when you use our Web
Presence:
Presence:
- IP address and device information
- Contact details (name, email address, postal address, phone number)
- Order and payment details (e.g. billing address, purchase history)
- Communication content (e.g. emails or contact form submissions)
- Consent preferences (e.g. cookie settings)
4. Purpose and Legal Basis of Processing
We process your data for the following purposes and based on the following legal bases:
- To provide and improve our services and website (Art. 6(1)(f) GDPR)
- To process orders and fulfill contracts (Art. 6(1)(b) GDPR)
- To respond to inquiries and communications (Art. 6(1)(a) or (f) GDPR)
- To comply with legal obligations (Art. 6(1)(c) GDPR)
- For marketing and analytics with your consent (Art. 6(1)(a) GDPR in conjunction with § 25 TTDSG)
5. Cookies and Tracking Technologies (TTDSG Compliance)
We use cookies and similar technologies in accordance with § 25 TTDSG.
We distinguish between:
- Technically necessary cookies, e.g. for session management and shopping cart
functionality (legal basis: Art. 6(1)(f) GDPR) - Cookies requiring consent, used for analytics, marketing, and personalisation
(legal basis: Art. 6(1)(a) GDPR in conjunction with § 25 TTDSG) - You may give or withdraw your consent at any time via our Cookie Consent Tool.
6. Third-Party Services
Vimeo
We embed videos hosted on Vimeo (Vimeo, Inc., 555 West 18th Street, New York, NY
10011, USA). Vimeo may process IP addresses and use Google Analytics. Privacy
Policy: https://vimeo.com/privacy; Google Privacy
Policy: https://www.google.com/policies/privacy; Google Analytics opt-
out: http://tools.google.com/dlpage/gaoptout?hl=de.
We embed videos hosted on Vimeo (Vimeo, Inc., 555 West 18th Street, New York, NY
10011, USA). Vimeo may process IP addresses and use Google Analytics. Privacy
Policy: https://vimeo.com/privacy; Google Privacy
Policy: https://www.google.com/policies/privacy; Google Analytics opt-
out: http://tools.google.com/dlpage/gaoptout?hl=de.
YouTube
We embed videos hosted on YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain
View, CA 94043, USA). Privacy Policy: https://www.google.com/policies/privacy/; Opt-
out: https://adssettings.google.com/authenticated.
View, CA 94043, USA). Privacy Policy: https://www.google.com/policies/privacy/; Opt-
out: https://adssettings.google.com/authenticated.
Google Maps
We use Google Maps (Google LLC). IP addresses and location data may be processed, with
user consent. Privacy Policy: https://www.google.com/policies/privacy/; Opt-
out: https://adssettings.google.com/authenticated.
user consent. Privacy Policy: https://www.google.com/policies/privacy/; Opt-
out: https://adssettings.google.com/authenticated.
Facebook Social Plug-ins
We use Facebook plug-ins based on legitimate interest (Art. 6(1)(f) GDPR). Provider:
Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Facebook may receive
your IP address or interaction data. We have entered into a Data Processing Agreement
and Standard Contractual Clauses (SCCs). Privacy Policy: https://www.facebook.com/about/privacy/.
Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Facebook may receive
your IP address or interaction data. We have entered into a Data Processing Agreement
and Standard Contractual Clauses (SCCs). Privacy Policy: https://www.facebook.com/about/privacy/.
7. Data Transfers to Third Countries
Where we transfer personal data to service providers outside the European Economic Area
(EEA), we ensure appropriate safeguards are in place, such as EU Standard Contractual
Clauses.
(EEA), we ensure appropriate safeguards are in place, such as EU Standard Contractual
Clauses.
8. Data Retention
We retain your personal data only for as long as is necessary to fulfill the purposes for
which it was collected, including to comply with legal, contractual, or regulatory
obligations.
which it was collected, including to comply with legal, contractual, or regulatory
obligations.
The specific retention periods are as follows:
- Order and transaction data (e.g. invoices, payment records): retained for 10 years
in accordance with commercial and tax law obligations (§ 147 AO, § 257 HGB). - Communication data (e.g. emails, contact form submissions): retained for 3 years
after the end of the communication or inquiry, unless a longer retention period is
required. - User account data: retained until you delete your account or request erasure, and
then for a transitional period of 3 months for potential legal disputes. - Marketing consent and withdrawal records: retained for 5 years as evidence of
compliance with data protection obligations. - Cookie consent records: retained for 6 months or as required by applicable
regulations.
When the retention period expires, we delete or anonymize your data, unless further
retention is necessary (e.g. for legal claims or accounting obligations).
retention is necessary (e.g. for legal claims or accounting obligations).
9. Your Rights
You have the following rights under the GDPR:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
- Right to object (Art. 21 GDPR)
- Right to withdraw consent (Art. 7(3) GDPR)
Please note that these rights may be subject to conditions and limitations.
10. Contact
To exercise your rights or for any questions about this Privacy Policy, you may contact us
at:
Lupine Lighting Systems GmbH
Im Zwiesel 9
92318 Neumarkt
Email: info@lupine.de
at:
Lupine Lighting Systems GmbH
Im Zwiesel 9
92318 Neumarkt
Email: info@lupine.de
11. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority, in particular in the EU
Member State of your habitual residence, place of work, or place of the alleged
infringement.
Our competent supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht
https://www.lda.bayern.de/
Member State of your habitual residence, place of work, or place of the alleged
infringement.
Our competent supervisory authority is:
Bayerisches Landesamt für Datenschutzaufsicht
https://www.lda.bayern.de/
12. Changes to This Privacy Policy
We reserve the right to amend this Privacy Policy at any time, in particular to reflect legal
changes or changes to our services.
changes or changes to our services.