Privacy policy

Privacy Policy

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below we inform you about how we handle your personal data when you use our website. Personal data means any information that can be used to identify you personally.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Luna & Livia . The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.3 For security reasons and to protect the transmission of personal data and other confidential content (eg, orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string “https://” and the lock icon in your browser's address bar.

2) Data Collection When Visiting Our Website

If you use our website for informational purposes only, ie, you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called server log files ). When you visit our website, we collect the following data, which are technically necessary for us to display the website to you:

  • The pages of our website you visited

  • Date and time of access

  • Amount of data sent (in bytes)

  • Source/referrer from which you reached our pages

  • Browser used

  • Operating system used

  • IP address used (where applicable, in anonymized form)

Processing is carried out pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data are not disclosed or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

3) Cookies

To make visiting our website attractive and to enable certain functions, we use cookies on various pages. Cookies are small text files that are stored on your device. Some cookies are deleted after the end of the browser session (so-called session cookies ). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit ( persistent cookies ). Where cookies are set, certain user information (eg, browser and location data and IP address values) may be collected and processed on an individual basis. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

In some cases, cookies are used to simplify the ordering process (eg, remembering the contents of a virtual shopping cart for a later visit). Insofar as cookies implemented by us also process personal data, processing takes place pursuant to Art. 6(1)(b) GDPR (performance of a contract) or pursuant to Art. 6(1)(f) GDPR (our legitimate interest in the best possible website functionality and a customer-friendly, effective visit experience).

We may cooperate with advertising partners who help us make our website more interesting for you. For this purpose, cookies from partner companies may also be stored on your hard drive when you visit our website ( third-party cookies ). If we work with such advertising partners, you will be informed about the use of these cookies and the scope of the information collected in each case in the sections below.

You can set your browser to inform you about the setting of cookies and to allow you to decide individually whether to accept them, to accept cookies for certain cases, or to exclude them altogether. How you manage cookie settings differs by browser; please consult the help menu of your browser for instructions. Examples:

If you do not accept cookies, the functionality of our website may be limited.

4) Contacting Us

When you contact us (eg, via contact form or email), personal data are collected. Which data are collected can be seen from the respective contact form. These data are used solely for the purpose of responding to your inquiry or for establishing contact and the associated technical administration. The legal basis for processing is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR. If your contact aims at concluding a contract, the additional legal basis is Art. 6(1)(b) GDPR. Your data will be deleted after final processing of your request, provided that there are no statutory retention obligations to the contrary.

5) Data Processing When Opening a Customer Account and for Contract Processing

Pursuant to Art. 6(1)(b) GDPR, personal data are collected and processed if you provide them to us for the performance of a contract or when opening a customer account. The data collected are evident from the respective input forms. Deletion of your customer account is possible at any time by sending a message to the controller's address indicated above. We store and use the data you provide for contract processing. After complete performance of the contract or deletion of your account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods, unless you have expressly consented to further use or we are legally permitted to further use the data as explained in this policy.

6) Use of Your Data for Direct Advertising

6.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address; providing additional data is voluntary and used to address you personally. We use the double opt-in procedure: we will only send you the newsletter after you have expressly confirmed your consent by clicking a confirmation link sent to you. By activating the confirmation link, you consent to the use of your personal data pursuant to Art. 6(1)(a) GDPR.

When you register, we store the IP address assigned by your internet service provider (ISP) as well as the date and time of registration to prevent misuse of your email address. The data collected upon registration are used exclusively for newsletter advertising. You can unsubscribe at any time via the link in the newsletter or by contacting the controller. Upon unsubscribing, your email address will be removed from the distribution list unless you have expressly consented to further use or we reserve the right to use the data for other purposes permitted by law and described in this policy.

6.2 Newsletter to Existing Customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular offers for similar goods or services by email. No separate consent is required. Processing is based solely on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR. If you initially objected to the use of your email address for this purpose, we will not send such emails. You can object at any time with future effect by contacting the controller; only transmission costs according to basic rates apply. After receipt of your objection, use of your email for advertising purposes will cease immediately.

7) Data Processing for Order Handling

7.1

Personal data collected by us will be passed on to the transport company commissioned with delivery to the extent necessary for delivering the goods, and to the financial institution commissioned with payment processing, to the extent necessary for processing payments. Where we use payment service providers, we expressly inform you below. Legal basis: Art. 6(1)(b) GDPR.

7.2 Use of Payment Service Providers

PayPal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or—if offered—“purchase on account” or “installment payment” via PayPal, we transmit your payment data to PayPal (Europe) S.à rl et Cie, SCA, 22–24 Boulevard Royal, L-2449 Luxembourg, for payment processing pursuant to Art. 6(1)(b) GDPR.

PayPal may conduct a credit check for the payment methods credit card via PayPal, direct debit via PayPal, or—if offered—purchase on account/installments. For this purpose, your payment data may be transmitted to credit agencies pursuant to Art. 6(1)(f) GDPR based on PayPal's legitimate interest in assessing your solvency. The result (including score values ​​based on scientifically recognized mathematical-statistical procedures and possibly address data) is used to decide on the provision of payment methods. Further information, including the credit agencies used, can be found in PayPal's Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full
You may object to this processing at any time by contacting PayPal. However, PayPal may still be entitled to process your personal data if necessary for contractual payment processing.

SOFORT (Klarna Group)
If you choose “SOFORT,” payment is processed by SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (part of Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). We transmit the information you provided during the order process along with order details to SOFORT pursuant to Art. 6(1)(b) GDPR, solely for payment processing.

SOFORT Privacy: https://www.klarna.com/sofort/privacy-policy/

8) Contacting You for a Review Reminder

Own review reminder (not via a customer review system)
With your express consent given during or after your order (Art. 6(1)(a) GDPR), we may use your email address once to remind you to submit a review of your order in our review system. You can withdraw consent at any time by contacting the controller.

9) Use of Social Media: Social Plugins

9.1 Facebook Plugins (Shariff Solution)

Our website uses social plugins (“plugins”) of Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA.

To better protect your data, these buttons are integrated as HTML links ( Shariff ). This prevents a direct connection to Facebook's servers when a page is loaded. Only when you click the button is a new browser window opened to the Facebook page where you can interact with the plugins (if necessary after logging in).

Facebook Inc. is certified under the EU-US “Privacy Shield,” ensuring an adequate level of data protection.

Purpose, scope of data collection, further processing and use by Facebook, your rights, and settings to protect your privacy can be found in Facebook's Data Policy: https://www.facebook.com/policy.php

Note: Special additional customs charges and/or import duties are not included in prices and are borne by the customer.

9.2 Google+ Plugins (Shariff Solution)

Our website uses plugins of the Google+ social network, operated by Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Integration is via HTML links (Shariff) as above. Google LLC is certified under the EU-US “Privacy Shield.” Privacy details: https://www.google.com/policies/privacy/

9.3 Instagram Plugins (Shariff Solution)

Our website uses plugins of Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA. Integration is via HTML links (Shariff) as above. Instagram LLC is certified under the EU-US “Privacy Shield.” Privacy details: https://help.instagram.com/155833707900388/

10) Online Marketing

10.1 DoubleClick by Google

We use DoubleClick by Google (Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA) to display relevant ads, improve campaign performance, and prevent repeat ads. Google uses a cookie ID to record which ads are displayed in which browser and to prevent repeats. Processing is based on our legitimate interest in optimal marketing of our website (Art. 6(1)(f) GDPR).

DoubleClick may also use cookie IDs to record conversions related to ad requests (eg, when a user views a DoubleClick ad and later makes a purchase). According to Google, DoubleClick cookies do not contain personal information.

Your browser automatically establishes a connection to Google's server. If you are registered with a Google service, Google may associate the visit with your account. Even if you are not registered or logged in, it is possible that Google obtains and stores your IP address.

You can object to tracking by disabling conversion cookies from the domain googleadservices.com ( https://www.google.com/settings/ads). You can also visit aboutads.info for cookie settings, or set your browser to notify you about cookies and decide individually. If you do not accept cookies, our website's functionality may be limited.

Google LLC is certified under the EU-US “Privacy Shield.” More on DoubleClick privacy: https://policies.google.com/privacy

10.2 Google Ads Conversion Tracking

We use Google Ads (Google LLC) and conversion tracking. The conversion cookie is set when a user clicks a Google Ads ad. It expires after 30 days and does not personally identify users. If the cookie is still valid when the user visits certain pages, Google and we can recognize that the user clicked the ad and was redirected. Each Ads customer receives a different cookie. We use Google Ads based on our legitimate interest in targeted advertising (Art. 6(1)(f) GDPR). Privacy: https://policies.google.com/privacy
You can permanently disable ad cookies in your browser settings or via the plugin at: https://www.google.com/settings/ads/plugin

11) Web Analytics

Google (Universal) Analytics

This website uses Google Analytics (Google LLC). Google Analytics uses cookies to analyze website usage. The information generated (including the truncated IP address) is usually transferred to a Google server in the USA and stored there.

We use Google Analytics with the extension _anonymizeIp() , which truncates IP addresses within EU/EEA before transmission, excluding a direct personal reference. Only in exceptional cases is the full IP address sent to a Google server in the USA and truncated there. Processing is based on Art. 6(1)(f) GDPR (legitimate interest in statistical analysis for optimization and marketing). Google will use this information to evaluate website use, compile reports, and provide other services. The IP address transmitted by your browser is not merged with other Google data.

You can prevent cookie storage via your browser settings; however, not all functions may be fully usable. You can also prevent data collection and processing by Google by installing the browser add-on: https://tools.google.com/dlpage/gaoptout

We may also use cross-device analysis via a User-ID . When a page is accessed for the first time, a unique, permanent, anonymized ID is assigned to the user across devices and sessions. It contains no personal data and is not disclosed to Google. You can revoke collection/storage via User-ID at any time with future effect by deactivating Google Analytics on all systems you use.

More on Universal Analytics: https://support.google.com/analytics/answer/2838718

12) Retargeting/Remarketing/Referral Advertising

Facebook Custom Audiences (Pixel method)
With your explicit consent, we use the Facebook pixel (Facebook Inc.) to track user behavior after viewing or clicking a Facebook ad. This helps evaluate ad effectiveness for statistical and market research purposes and optimize future advertising. The data are anonymous to us, but Facebook may associate them with a user profile and use them per its Data Policy: https://www.facebook.com/about/privacy/
Consent can only be given by users over 13. To disable cookies, adjust your browser settings or use the DAA site: https://www.aboutads.info/choices/

Google Ads Remarketing
We use Google Ads Remarketing to advertise in Google search results and on third-party websites. Google sets a cookie with a pseudonymous ID based on pages visited. Processing is based on our legitimate interest in optimal marketing (Art. 6(1)(f) GDPR). Further processing occurs only if you consent to Google linking your web/app history with your Google Account and using account information to personalize ads across devices. You can disable ad cookies via: https://www.google.com/settings/ads/onweb/ and see more at: https://policies.google.com/technologies/ads

13) Rights of the Data Subject

13.1 Under applicable data protection law, you have the following rights with respect to the controller's processing of your personal data:

  • Right of access (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to be informed (Art. 19 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR) with future effect

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

13.2 Right to Object

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR COMPELLING LEGITIMATE INTERESTS WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL CEASE PROCESSING THE DATA CONCERNED. FURTHER PROCESSING MAY BE RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA ARE PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR SUCH ADVERTISING. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE RELEVANT DATA FOR DIRECT MARKETING PURPOSES.

14) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective statutory retention periods (eg, commercial and tax law). After expiry of these periods, the corresponding data will be routinely deleted if they are no longer required for the performance or initiation of a contract and/or if we no longer have a legitimate interest in further storage.