Last updated: March 17, 2025

PRIVACY POLICY

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1

We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when using our website. Personal data includes all data that can personally identify you.

1.2

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Lumé Boutique. The controller for processing personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

1.3

This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognise an encrypted connection by the string "https://" and the padlock symbol in your browser's address bar.

2) Data Collection When Visiting Our Website

When using our website for purely informational purposes, meaning that you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server (so-called "server log files"). When you access our website, we collect the following data, which is technically necessary to display the website to you:

• Our visited website
• Date and time of access
• Amount of transmitted data in bytes
• Source/reference from which you accessed the page
• Browser used
• Operating system used
• IP address used (if applicable: in anonymised form)

Processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be shared or used otherwise. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

3) Cookies

To make visiting our website attractive and enable the use of certain functions, we use cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after your browser session ends (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies).

If cookies are set, they collect and process user-specific information such as browser and location data and IP address values. Persistent cookies are automatically deleted after a predetermined period, which varies depending on the cookie.

Some cookies serve to simplify order processes by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit). If personal data is also processed through cookies, processing is carried out in accordance with Article 6(1)(b) GDPR for contract execution or in accordance with Article 6(1)(f) GDPR to protect our legitimate interest in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

We may collaborate with advertising partners who help us make our online presence more interesting for you. In this case, third-party cookies may also be stored on your hard drive during your visit. If we cooperate with such advertising partners, you will be informed individually in the following sections about the use of such cookies and the extent of the collected information.

Cookie Management

Please note that you can configure your browser settings so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for specific cases or in general. Each browser differs in how it manages cookie settings. These settings are described in the help menu of each browser, which explains how you can change your cookie settings. You can find these settings for the respective browsers at the following links:

• Internet Explorer: Delete and manage cookies
• Firefox: Allow and reject cookies
• Chrome: Manage cookies in Chrome
• Safari: Manage cookies and website data
• Opera: Managing cookies in Opera

Please note that if you do not accept cookies, the functionality of our website may be restricted.

4) Contacting Us

When contacting us (e.g., via contact form or email), personal data is collected. The data collected in a contact form is visible in the respective form fields. This data is stored and used exclusively for responding to your request and for technical administration related to it.

The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Article 6(1)(f) GDPR. If your contact aims at concluding a contract, Article 6(1)(b) GDPR also applies.

Your data will be deleted once your request has been fully processed, provided that there are no legal retention obligations.

5) Data Processing for Customer Account Creation and Contract Execution

In accordance with Article 6(1)(b) GDPR, personal data is collected and processed when you provide it to us to execute a contract or open a customer account. The required data fields are visible in the respective input forms.

Deleting your customer account is possible at any time and can be done by sending a message to the controller’s contact address mentioned above.

We store and use the data you provide for contract execution. After the contract is fully executed or your account is deleted, your data will be restricted for further processing and deleted after the applicable tax and commercial retention periods, unless you have explicitly agreed to further use or if legally permitted further data use applies.

6) Use of Your Data for Direct Marketing

6.1 Subscription to Our Email Newsletter

If you subscribe to our email newsletter, we will send you regular information about our offers. The only mandatory information required for sending the newsletter is your email address. Providing additional data is voluntary and serves to personalise the newsletter.

We use the double opt-in procedure, meaning that we will only send you a newsletter if you have explicitly confirmed to us that you consent to receiving the newsletter. We will then send you a confirmation email asking you to click on a corresponding link to confirm that you wish to receive the newsletter in the future.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Article 6(1)(a) GDPR. When registering for the newsletter, we store the IP address registered by your Internet Service Provider (ISP)as well as the date and time of registration, in order to track potential misuse of your email address at a later date. The data collected when registering for the newsletter is used exclusively for promotional purposes via the newsletter.

You can unsubscribe from the newsletter at any time via the link provided in each newsletter or by contacting the controller mentioned above. Once you have unsubscribed, your email address will be immediately deleted from our newsletter mailing list, unless you have explicitly consented to further use of your data or we reserve the right to further data use that is legally permitted and about which we inform you in this policy.

6.2 Sending Email Newsletters to Existing Customers

If you have provided us with your email address when purchasing goods or services, we may send you regular offers for similar goods or services from our range via email.

For this, we do not need separate consent from you. Data processing in this case is carried out solely on the basis of our legitimate interest in personalised direct marketing in accordance with Article 6(1)(f) GDPR.

If you initially objected to the use of your email address for this purpose, we will not send you any promotional emails. You have the right to object to the use of your email address for advertising purposes at any time with effect for the future by sending a message to the controller mentioned at the beginning.

For this, you will only incur transmission costs according to the basic rates. Upon receiving your objection, we will immediately cease using your email address for advertising purposes.

7) Data Processing for Order Fulfilment

7.1 Sharing Personal Data for Order Processing

The personal data we collect will be shared with the transport company entrusted with delivery, to the extent necessary for delivering the goods.

Your payment data will be passed on to the authorised financial institution within the payment process, provided this is necessary for payment processing.

If we use payment service providers, you will be informed explicitly about them below. The legal basis for data transfer in this case is Article 6(1)(b) GDPR.

7.2 Use of Payment Service Providers

PayPal

If you select PayPal as the payment method (including credit card via PayPal, direct debit via PayPal, or – if offered – "Purchase on Invoice" or "Instalment Payment" via PayPal), your payment data will be forwarded to:

PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg

The transfer of data is based on Article 6(1)(b) GDPR and is solely for payment processing purposes.

PayPal reserves the right to conduct a credit check for specific payment methods (e.g., credit card, direct debit, "Purchase on Invoice," or "Instalment Payment" via PayPal). For this, your payment data may be transferred to credit agencies based on Article 6(1)(f) GDPR, which is in PayPal's legitimate interest in determining your solvency.

The results of the credit check regarding the statistical probability of payment default may be used by PayPal to determine whether to offer a particular payment method. The credit check may include score values, which are calculated based on a scientifically recognised mathematical-statistical procedure. These calculations may include, but are not limited to, address data.

For more privacy information on PayPal, including details of the used credit agencies, please see:
PayPal Privacy Policy

You can object to this data processing at any time by notifying PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for contractual payment processing.

SOFORT

If you choose the "SOFORT" payment method, payment processing will be carried out via the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter referred to as "SOFORT"), to whom we transmit the information you provided during the ordering process along with information about your order.

SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of data is based on Article 6(1)(b) GDPR and serves solely for payment processing purposes.

For more privacy information on SOFORT, visit:
SOFORT Privacy Policy

8) Contacting You for Review Reminders

Own Review Reminder (No Use of a Customer Review System)

We use your email address to send you a one-time reminder to submit a review of your order for the review system we use, provided that you have given your explicit consent to this during or after placing your order in accordance with Article 6(1)(a) GDPR.

You can revoke this consent at any time by notifying the controller responsible for data processing.

9) Use of Social Media: Social Plugins

9.1 Facebook Plugins with Solution

Our website uses social plugins ("plugins") from the Facebook social network, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

To enhance the protection of your data when you visit our website, these buttons are not fully integrated as plugins but are embedded only through an HTML link. This ensures that when you visit a page on our website containing such buttons, no direct connection is established with Facebook's servers.

If you click on the button, a new browser window opens and directs you to Facebook's website, where you can interact with the plugins (after logging in, if necessary).

Facebook Inc., based in the USA, is certified under the EU-US "Privacy Shield" Agreement, ensuring compliance with the data protection standards applicable in the EU.

For the purpose and scope of data collection and further processing and use of data by Facebook, as well as your related rights and settings options to protect your privacy, please refer to Facebook's privacy policy:
Facebook Privacy Policy

9.2 Google+ Plugins with Solution

Our website uses social plugins ("plugins") from the Google+ social network, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

To enhance the protection of your data when you visit our website, these buttons are not fully integrated as plugins but are embedded only through an HTML link. This ensures that when you visit a page on our website containing such buttons, no direct connection is established with Google's servers.

If you click on the button, a new browser window opens and directs you to Google+, where you can interact with the plugins (after logging in, if necessary).

Google LLC, based in the USA, is certified under the EU-US "Privacy Shield" Agreement, ensuring compliance with the data protection standards applicable in the EU.

For the purpose and scope of data collection and further processing and use of data by Google, as well as your related rights and settings options to protect your privacy, please refer to Google's privacy policy:
Google Privacy Policy

9.3 Instagram Plugin with Solution

Our website uses social plugins ("plugins") from the Instagram online service, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram").

To enhance the protection of your data when you visit our website, these buttons are not fully integrated as plugins but are embedded only through an HTML link. This ensures that when you visit a page on our website containing such buttons, no direct connection is established with Instagram's servers.

If you click on the button, a new browser window opens and directs you to Instagram, where you can interact with the plugins (after logging in, if necessary).

Instagram LLC, based in the USA, is certified under the EU-US "Privacy Shield" Agreement, ensuring compliance with the data protection standards applicable in the EU.

For the purpose and scope of data collection and further processing and use of data by Instagram, as well as your related rights and settings options to protect your privacy, please refer to Instagram's privacy policy:
Instagram Privacy Policy

10) Online Marketing

10.1 DoubleClick by Google

This website uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick").

DoubleClick uses cookies to display relevant ads to users, improve campaign performance reports, or prevent users from seeing the same ads multiple times.

When a DoubleClick ad is displayed in a browser, Google assigns a Cookie-ID, which records which ads have been displayed and prevents repeated ads.

Processing is carried out based on Article 6(1)(f) GDPR, which is our legitimate interest in the optimal marketing of our website.

Additionally, DoubleClick can track conversions related to ad interactions. This happens, for example, when a user clicks on a DoubleClick ad and later visits the advertiser's website and makes a purchase. According to Google, DoubleClick cookies do not contain personal information.

Due to the marketing tools used, your browser automatically connects to Google's servers. We have no control over the extent and further use of data collected through Google.

If you want to opt out of this tracking, you can disable cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com:
Google Ads Settings

Google LLC is certified under the EU-US "Privacy Shield" Agreement, ensuring compliance with EU data protection regulations.

For more information, refer to the Google DoubleClick privacy policy:
Google DoubleClick Privacy Policy

10.2 Use of Google AdWords Conversion Tracking

This website uses the online advertising program "Google AdWords", and within Google AdWords, the Conversion Tracking service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

We use Google AdWords to display our attractive offers on external websites through ads (Google AdWords). This helps us assess how successful these advertisements are.

If you click on a Google AdWords ad, a conversion tracking cookie is set on your device.

• These cookies generally expire after 30 days.
• They do not contain personal data and do not serve personal identification.

If the cookie has not yet expired and you visit certain pages on our site, we and Google can see that you clicked on an ad and were redirected to our page.

Each Google AdWords customer receives a different cookie, which means AdWords cookies cannot be tracked across multiple AdWords customers' websites.

The data collected using conversion cookies helps us generate conversion statistics.

Processing is carried out based on Article 6(1)(f) GDPR, which is our legitimate interest in targeted advertising.

Google LLC is certified under the EU-US "Privacy Shield" Agreement, ensuring compliance with EU data protection regulations.

For more details, see the Google Privacy Policy:
Google Privacy Policy

You can permanently disable cookies for ad preferences by adjusting your browser settings or installing the Google Ads plugin:
Google Ads Plugin

Please note: If cookies are disabled, some website functions may not work properly.

11) Web Analytics Services

Google (Universal) Analytics

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Google Analytics uses cookies, which are text files stored on your computer, allowing an analysis of your website usage. The data collected by the cookie about your use of this website (including a truncated IP address) is usually transmitted to a Google server in the USA and stored there.

This website uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures that your IP address is truncated and cannot be directly linked to you. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Processing is carried out based on Article 6(1)(f) GDPR, which is our legitimate interest in analysing user behaviour for optimisation and marketing purposes.

Google processes this information on our behalf to:

• Evaluate your use of the website,
• Compile reports on website activity,
• Provide additional services related to website and internet usage.

The IP address collected through Google Analytics will not be merged with other Google data.

How to Opt Out of Google Analytics

You can prevent cookie storage by adjusting your browser settings. However, disabling cookies may restrict the functionality of this website.

You can also opt out of Google Analytics by downloading and installing the Google opt-out plugin:
Google Analytics Opt-Out

Alternatively, you can set an opt-out cookie, which prevents future data collection by Google Analytics:
Disable Google Analytics

For more details on Google Analytics, visit:
Google Analytics Privacy Policy

Google LLC is certified under the EU-US "Privacy Shield" Agreement, ensuring compliance with EU data protection regulations.

12) Retargeting / Re-marketing / Referral Advertising

Facebook Custom Audience via Pixel Method

This website uses the Facebook Pixel, provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

With your explicit consent, this tracking method allows us to track user behaviour after interacting with a Facebook ad.

This method evaluates the effectiveness of Facebook ads for statistical and market research purposes and helps us optimise future advertising strategies.

The collected data is anonymous to us and does not identify you. However, Facebook may store and link it to your profile for advertising purposes according to the Facebook Privacy Policy:
Facebook Privacy Policy

You can allow Facebook and its partners to show advertisements on and off Facebook. A cookie may be stored on your device for this purpose.

This processing occurs only with your explicit consent under Article 6(1)(a) GDPR.

Note: Only users 13 years or older can consent to the Facebook Pixel. If you are under 13, please ask your guardian for permission.

To disable cookies on your computer, adjust your browser settings to prevent cookie storage or delete existing cookies.

You can also opt out of Facebook tracking here:
Digital Advertising Alliance Opt-Out

Google AdWords Re-marketing

This website uses Google AdWords Re-marketing, a feature provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

This feature allows us to display personalised ads to users who have previously visited our site.

For this, Google places a cookie in your browser, which assigns a pseudonymous ID based on your browsing behaviour.

Processing is carried out based on Article 6(1)(f) GDPR, which is our legitimate interest in targeted advertising.

If you have consented to Google linking your browsing data with your Google account, Google may personalise ads based on combined data from various devices.

To opt out of this tracking, you can:

• Adjust your browser settings to disable cookies,
• Use the Google opt-out plugin:
  Google Ads Plugin

For more details on Google Ads and re-marketing, visit:
Google Advertising Privacy Policy

13) Your Rights as a Data Subject

13.1 Rights Under GDPR

The current data protection laws grant you extensive rights regarding the processing of your personal data, which we explain below:

Right of Access (Article 15 GDPR)

You have the right to:

• Request information on your stored personal data,
• Know the purpose of processing,
• Find out who receives your data,
• Understand the storage period and its criteria,
• Know whether your data is used for automated decision-making (including profiling).

Right to Rectification (Article 16 GDPR)

You have the right to request the immediate correction of inaccurate or incomplete data stored about you.

Right to Erasure ("Right to Be Forgotten") (Article 17 GDPR)

You may request the deletion of your personal data, provided:

• It is no longer needed,
• You withdraw your consent,
• The processing was unlawful,
• The data must be deleted for legal compliance.

This right does not apply if the data processing is necessary for:

• Exercising freedom of speech and information,
• Compliance with legal obligations,
• Public interest reasons,
• Establishing, exercising, or defending legal claims.

Right to Restriction of Processing (Article 18 GDPR)

You may request the restriction of processing if:

• You dispute the accuracy of your data,
• Processing is unlawful, but you oppose deletion,
• You need the data for legal claims,
• You have objected, and the legitimate grounds are still under review.

Right to Data Portability (Article 20 GDPR)

You can request that we transfer your personal data to another controller in a structured, machine-readable format.

Right to Withdraw Consent (Article 7(3) GDPR)

You can withdraw consent at any time with future effect.

Right to Lodge a Complaint (Article 77 GDPR)

If you believe your data processing violates GDPR, you may file a complaint with a data protection authority in:

• Your country of residence,
• Your place of work, or
• The location of the alleged violation.

14) Duration of Personal Data Storage

The storage period of your personal data is determined based on:

• Legal retention requirements (e.g., tax and commercial laws),
• Contractual necessity,
• Legitimate business interest.

Once these purposes are fulfilled, the data is deleted, unless:

• You have consented to further processing,
• A legal obligation requires retention.