Privacy policy

1. Information on Data Protection

We are pleased that you are visiting our website and thank you for your interest in our company and our products. We would like to inform you about what data we collect, when we collect it, how we use and process it, and how we handle your personal data.

2. Data Collection and Use

2.1 Collection of Personal Data When Using the Website

When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display the website and to ensure stability and security:

• IP address

• Date and time of the request

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (specific page)

• Access status/HTTP status code

• Amount of data transmitted

• Website from which the request originates

• Browser

• Operating system and its interface

• Language and version of the browser software

The legal basis for storing the data is Art. 6 para. 1 lit. f GDPR.

2.2 Collection of Personal Data During Registration

We offer you the opportunity to register on our website by providing personal data. Depending on the type of contract concluded, we store the following data:

• First and last name

• Address

• Billing address

• Email address

• Telephone number

The data is entered into an input mask, transmitted to us, and stored. No data will be passed on to third parties. Users can access their user account to place orders for goods.

As part of the registration process, the user’s consent to the processing of this data is obtained pursuant to Art. 6 para. 1 lit. a GDPR. Registration is also necessary for the fulfillment of a contract for the purchase of goods in our online store or for the implementation of pre-contractual measures, pursuant to Art. 6 para. 1 lit. b GDPR. The collected data is used by us to process the purchase of goods in our online store, in particular to enable the proper shipment of ordered goods.

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the registration on our website is cancelled or modified, or when the data is no longer required for the execution of the contract. Even after the conclusion of a contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations (e.g., for tax reasons).

Users have the option to cancel their registration at any time. You can have the data stored about you changed at any time. Insofar as the data is required for the performance of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations to the contrary.

The legal basis for the processing of the data is, in the case of your consent, Art. 6 para. 1 lit. a GDPR and, if the registration serves the fulfillment of a contract or the implementation of pre-contractual measures with you, additionally Art. 6 para. 1 lit. b GDPR.

3. Name and Contact Details of the Controller

The controller responsible for the management of personal data is:

Madluxx
Kaffeestr. 8D
8180 Bülach
Managing Director: Denis Lutz
Email: info@madluxx.com

Contact Details of the Data Protection Officer You can reach our data protection officer at:
Email: info@madluxx.com

4. Purposes of Processing Personal Data

We store your data only for the following purposes:

• For processing orders (including payment processing and, if applicable, credit checks),

• For sending advertising by us,

• For customer service.

We store and process your personal data at our central office.

Your personal data will only be transferred to third parties if the transfer is necessary for contract processing or for billing or collection purposes (e.g., shipping companies or payment service providers) or if you have expressly consented to this.

The legal basis for the transfer of data to third parties for the purpose of contract processing or for billing purposes is Art. 6 para. 1 lit. b GDPR and for the transfer in the context of legally prescribed cases Art. 6 para. 1 lit. c GDPR.

5. Duration of Data Storage

We store your data as long as required for the respective purpose and in consideration of your legitimate interests. If certain data, which is processed for the execution of purchase contracts, is subject to a statutory retention period, it will be stored for 6 or 10 years. During this period, processing is restricted after 2 years, meaning that the data is only used to comply with legal obligations. The retention period begins at the end of the calendar year in which the order was placed or the contract was fulfilled.

6. Disclosure of Personal Data to Third Parties

We may disclose your personal data, in accordance with the legal provisions, to the following companies or categories of persons:

• Tax, audit and other authorities

• External service providers and professional advisers such as lawyers, auditors, accountants, credit agencies for credit checks, collection service providers

• Postal/shipping service providers, carriers such as UPS, DHL, Deutsche Post

• Payment service providers such as PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg; Klarna AB (publ), Sveavägen 46, 111 34 Stockholm, Sweden; Amazon Payments Europe s.c.a., 5 Rue Plaetis, L-2338 Luxembourg; Apple Distribution International, Hollyhill Industrial Estate, Hollyhill Cork, Ireland; Shopify Payments, 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5; Google Pay (Europe), Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

E-Commerce Platform Shopify We use Shopify, a service of Shopify Inc., 126 York Street, Suite 200, Ottawa, ON, Canada, K1N 5T5, to operate our online store. This service provides an e-commerce platform through which we offer our goods for sale. The data you provide as part of your order is stored on a server of Shopify.

Shopify has designed its infrastructure in such a way that cross-border data transfers are GDPR-compliant. Personal data of individuals from Europe is initially received and processed in Ireland as Shopify’s EU location and subsequently transferred to its parent company in Canada. If data is then forwarded from there to processors based in other countries, e.g., the USA, this is done in accordance with the export requirements of Canadian data protection law recognized by the European Commission.

Personal data may also be transferred within a corporate group (e.g., between Shopify Inc. (Canada) and Shopify in the USA), if these companies have an internal policy for data protection (so-called "Binding Corporate Rules, BCR") approved by a European data protection authority (based in Ireland) pursuant to Article 47 GDPR.

Finally, data transferred from Shopify Canada to the USA is encrypted during transmission and storage. This means it cannot easily be decrypted by unauthorized persons.

For more information, please visit http://www.shopify.com/legal/privacy.

The legal basis for the transfer of data to third parties for the purpose of contract processing or billing is Art. 6 para. 1 lit. b GDPR, and for transfer in legally required cases Art. 6 para. 1 lit. c GDPR.

7. Your Rights

To exercise your rights, please contact the data protection officer or the controller using the contact details provided above, or email us at info@madluxx.com.

You have the following rights regarding your personal data:

7.1 Withdrawal of Consent

You can withdraw your consent to the processing of your personal data at any time with future effect. You may use the contact options listed above or visit: https://www.madluxx.com/pages/contact.

7.2 Additional Rights

In addition, you have the following rights:

• The right to access information about your personal data

• The right to rectification of inaccurate personal data

• The right to erasure or restriction of processing

• The right to object to the processing

• The right to data portability

You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by us.

8. Contact Form

When you submit an inquiry via our contact form, we use the data you provide exclusively to process your request. We do not use this data for marketing purposes nor do we share it with third parties.

The legal basis for processing the data you submit via the contact form or by email is Art. 6 para. 1 lit. f GDPR. If the contact is aimed at concluding a contract, the additional legal basis is Art. 6 para. 1 lit. b GDPR.

We will retain the data you submit via the contact form until you request its deletion, revoke your consent to its storage, or the purpose for storing the data no longer applies.

9. Cookies

We use cookies to make our website more user-friendly and to enable the use of certain features. Cookies are small text files that your browser saves on your device. Some cookies are deleted after the browser session ends, while others remain on your device and allow us to recognize your browser the next time you visit.

This website uses the following types of cookies:

a) Transient cookies: These are automatically deleted when you close your browser. This includes session cookies, which store a session ID that enables various browser requests to be assigned to a single session. This allows your device to be recognized when you return to the site. Session cookies are deleted when you log out or close your browser.

b) Persistent cookies: These are automatically deleted after a set period of time, which can vary depending on the cookie. You can delete these cookies at any time in your browser’s security settings.

You can configure your browser settings to block or restrict cookies. Most browsers provide options for this in their help menus:

• Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies

• Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

• Chrome: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647

• Safari: https://support.apple.com/kb/ph21411?locale=de_DE

Please note that disabling cookies may limit the functionality of this website.

The legal basis for the use of cookies is Art. 6 para. 1 lit. f GDPR.

Cookies are categorized as either strictly necessary or non-essential. You may choose to accept or reject non-essential cookies via our consent management system. If you opt out, certain features of the website may not function properly. You can manage and revoke your consent at any time through our cookie settings or banner.

10. Analytics Tools (Google Analytics)

We use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies, which allow analysis of how users interact with our website. The information generated by the cookies is generally transmitted to a Google server in the United States and stored there.

If IP anonymization is activated on this website, Google will truncate your IP address within the European Union or other countries of the European Economic Area before transmitting it. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.

Google will use this information on our behalf to evaluate your use of the website, compile reports on website activity, and provide further services related to website and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by configuring your browser settings accordingly. However, this may prevent you from using all functions of the website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and its processing by Google by downloading and installing the browser plug-in available at: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension “_anonymizeIp()”. This ensures that IP addresses are processed in truncated form and prevents direct personal identification.

We use Google Analytics to analyze and improve the use of our website. The statistics obtained help us to improve our offer and make it more interesting for you as a user.

In exceptional cases where personal data is transferred to the USA, Google is certified under the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework

Further information:

• Google Inc., Gordon House, Barrow Street, Dublin 4, Ireland

• Terms of Service: http://www.google.com/analytics/terms/de.html

• Privacy overview: http://www.google.com/intl/de/analytics/learn/privacy.html

• Privacy policy: http://www.google.de/intl/de/policies/privacy

Right to Object You may object to the collection and storage of data for web analytics purposes at any time with effect for the future by contacting us at info@madluxx.com.

The legal basis for the use of analytics tools is Art. 6 para. 1 sentence 1 lit. f GDPR.

11. Social Media Links

We provide links to our social media profiles on Facebook, Instagram, and YouTube via icons on our website. These are hyperlinks, meaning no data is transmitted to these platforms until you click on the icon. Once clicked, you will be redirected to the respective social media platform, and data transmission will occur only if you are logged into your account.

Please note that once you visit these platforms, their own data protection regulations apply. They may collect information about your interaction with our content if you are logged in to their services.

The responsible entities for the platforms are:

• Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA

• Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA

• YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA

For more information on data protection at these platforms, please refer to their respective privacy policies.

12. Google Tag Manager

We use Google Tag Manager, a tag management system provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Tags are small code elements on our website used for tracking and analytics purposes.

Google Tag Manager itself does not use cookies and does not collect personal data. It only facilitates the deployment of other tags, which in turn may collect data. However, Google Tag Manager does not access this data. If you have deactivated cookies, this will apply to all tracking tags implemented via Google Tag Manager.

Google may ask you for permission to share some product data (e.g., your account information) with other Google services to enable certain functions. Google will not share this data without your consent. You can find more details in Google’s terms of service and privacy policies.

13. Newsletter

13.1 Subscription and Content

With your consent, you can subscribe to our newsletter, which informs you about current offers and promotions. The goods and services advertised are specified in the declaration of consent.

13.2 Double Opt-In Procedure

We use the double opt-in process for newsletter subscriptions. After signing up, you will receive an email asking you to confirm your subscription. If you do not confirm within 24 hours, your information will be deleted. We also log the IP address and timestamps of your registration and confirmation. This procedure is necessary to prove your subscription and to prevent misuse of your personal data.

13.3 Required Information

The only required field for newsletter subscription is your email address. Providing additional information (e.g., name) is optional and used for personalization. Your data will be stored until you unsubscribe. Legal basis: Art. 6 para. 1 lit. a GDPR.

13.4 Withdrawal of Consent

You can unsubscribe from the newsletter at any time by clicking the link provided in each email or by emailing info@madluxx.com. Upon unsubscribing, your data will be deleted or stored in anonymized form for statistical purposes only.

13.5 Newsletter Provider

We use Klaviyo Inc., 225 Franklin St, Floor 10, Boston, MA 02110, USA to send our newsletters. Your data may be transferred and processed in the USA. According to the European Court of Justice, an adequate level of data protection does not currently exist in the USA.

Klaviyo relies on Standard Contractual Clauses (Art. 46 para. 2 and 3 GDPR) to ensure GDPR compliance. You can find more information here:

• https://www.klaviyo.com/legal/data-processing-agreement

• https://www.klaviyo.com/legal/privacy/privacy-notice

13.6 Newsletter Tracking

We analyze user behavior in our newsletters using tracking pixels (web beacons). These allow us to track when you open the email and which links you click. This information is used to tailor our content to your interests. If you disable images in your email client, tracking is not possible.

You can opt out of tracking by unsubscribing via the link in the newsletter or by contacting us at info@madluxx.com.

14. Use of Social Media Plugins

We use social media plugins from Instagram on our website. These plugins are operated by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

We use what is known as the two-click solution. This means that when you visit our site, no personal data is initially transmitted to Instagram. The plugin is displayed as an image under the heading “Follow us on Instagram.” We offer you the opportunity to interact directly with Instagram via a button. Only when you click on the marked field and thereby activate it, will Instagram receive the information that you have accessed our website. Additionally, the data mentioned in section 1 of this statement will be transmitted.

By activating the plugin, your personal data is transmitted to Instagram and stored in the USA. Since Instagram collects data particularly via cookies, we recommend that you delete all cookies in your browser’s security settings before clicking on the plugin.

We have no influence on the data collected and data processing operations, nor are we aware of the full extent of the data collection, the purposes of processing, or the storage periods. We also have no information regarding the deletion of the collected data by Instagram.

When you interact with the plugin – for example, by clicking on the image – your browser establishes a direct connection with Instagram’s servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the site. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram. This information (including your IP address) is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. The information may also be published on your Instagram account and shown to your contacts.

We recommend logging out of social media platforms after use, especially before activating the button, to prevent any association with your profile.

Instagram stores your data as usage profiles and uses them for advertising, market research, and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Instagram to exercise this right.

Further information on the purpose and scope of data collection and its processing by Instagram, as well as your rights and privacy settings, can be found in Instagram’s privacy policy: https://help.instagram.com/155833707900388/

If you do not want Instagram to directly associate the data collected via our website with your Instagram account, you must log out of Instagram before visiting our website. You can also completely prevent the loading of Instagram plugins with browser add-ons such as “NoScript” (http://noscript.net/).

The legal basis for the use of plugins is Art. 6 para. 1 sentence 1 lit. f GDPR.

15. Remarketing / Retargeting

15.1 Facebook Custom Audiences

We use the “Custom Audiences” remarketing function of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) on our website. This service uses tracking or remarketing pixels – small image files – that allow log file analysis. These pixels enable Facebook to determine when and how many users have accessed the pixel or whether and when an email was opened or a website was visited.

Using this service, we can show users of our website interest-based advertisements (“Facebook Ads”) within the social network Facebook or on websites that also use this method. Our aim is to show you ads that are relevant to your interests and to make our website more engaging.

When you visit our website, a direct connection is established between your browser and Facebook’s servers via the pixel. Facebook can then identify you via your browser ID, which can be linked to your user account. We have no control over the scope and further use of the data collected by Facebook using this tool and inform you based on our knowledge:

Through integration of Facebook Custom Audiences, Facebook receives the information that you have visited the corresponding website of our online presence or clicked on one of our ads. If you are registered with a Facebook service, Facebook can associate your visit with your account. Even if you are not registered or logged in to Facebook, it is possible that the provider may identify and store your IP address and other identifiers.

You can disable the “Facebook Custom Audiences” feature if you are logged in at: https://www.facebook.com/settings/?tab=ads#_

The legal basis for processing your data is Art. 6 para. 1 sentence 1 lit. f GDPR. Further information about Facebook’s data processing can be found at: https://www.facebook.com/about/privacy/

Right to Object If you do not wish to receive targeted advertising through this remarketing service, you can object by sending a message to info@madluxx.com or by adjusting your Facebook ad preferences.

16. Orders via Our Website

To place orders on our website, users must provide certain personal data, namely the following:

• Name

• Address

• Payment details (e.g., credit card information, if applicable)

We store this data and use it solely for order processing. Additionally, the following data is automatically stored:

• IP address

• Date and time of registration

We only pass on your data to third parties if and to the extent necessary for proper order fulfillment and execution of the purchase agreement. For shipping purposes, order-relevant data (contact and delivery information) may be transmitted to our shipping partners.

The legal basis for data processing is Article 6 para. 1 lit. b GDPR. The data collected will be deleted as soon as it is no longer required to fulfill the purpose of its collection, i.e., after complete contract fulfillment.

The collection of data is necessary for the proper handling of an order and contract fulfillment. Therefore, users do not have the option to object.

17. Emails

We use the service provider Klaviyo Inc., 225 Franklin St, Floor 10, Boston, MA 02110, USA, to send emails. This applies to transactional emails such as order confirmations, shipping notifications, promotional content, and newsletters.

Klaviyo may access your data and process it in the USA. According to the European Court of Justice, the USA is currently considered not to have an adequate level of data protection.

To ensure compliance with the GDPR, Klaviyo uses Standard Contractual Clauses under Article 46 para. 2 and 3 GDPR. These clauses require Klaviyo to maintain EU data protection standards even when transferring and processing data in third countries like the USA. You can find more information here:

• https://www.klaviyo.com/legal/data-processing-agreement

• https://www.klaviyo.com/legal/privacy/privacy-notice

18. Data Security

We implement a variety of security measures to protect your personal data. Our servers and databases are protected by physical and technical safeguards.

When collecting and transmitting data via our website, we use standardized SSL encryption technology. Personal data is transmitted via SSL encryption during the ordering process. You can recognize this by the lock symbol in your browser and the “https://” prefix in the address bar.

With encrypted communication, your payment data cannot be read by third parties. Please note, however, that complete data security cannot be guaranteed for email communication.

19. Changes to This Privacy Policy

We may update this privacy policy at any time. All changes will be published on this website and take effect 30 days after publication. We will inform you of significant changes to this privacy policy via email.