Data protection information as defined by Article 13 DSGVO LUXX United GmbH
We would like to inform you as precisely and comprehensibly as possible about how we implement the special requirements of data protection. Therefore, in the following data protection declaration, we have explained to you in what way, to what extent and for what purpose we collect, process and use personal data.
The responsible body for data processing on these websites is:
LUXX United GmbH
Managing Director: Peter Boltersdorf
Phone: +49 (0)241 – 60 85 97 73
Data Protection Officer
We are not legally obliged to appoint a data protection officer, but we are supported by an external data protection consultant.
If you have any questions about data protection, please contact us at email@example.com.
When our websites are called up, our system automatically collects data and information from the visitor’s end device.
The following data is collected for a limited period of time:
(1) Information about the browser type and the version used.
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The IP address of the user
(5) Date and time of access
(6) Websites from which the user’s system accesses our website.
This data is stored in the log files of our system. This data is only required for the analysis of any malfunctions and is deleted within seven days at the latest. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s end device. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimise the website and to protect our information technology systems. An evaluation of the data for marketing purposes does not take place in this context and no conclusions are drawn about your person. Our web servers are hosted, i.e. they are operated in the data centres of our partners and administered by them. The data centres on which our web servers are operated are located exclusively in the EU.
The legal basis for the processing of this data is Art. 6 para. 1 lit. f) DSGVO. Our interest is to ensure the integrity, confidentiality and availability of the data processed via these web pages.
On our website you have the possibility to book a place in one of our seminars. We provide a contact form for this purpose. In order for us to process your request and reserve a place for you, we need your name and e-mail address. After processing your request, our staff will contact you by e-mail to finalise the booking. Information you provide in the comment field is completely voluntary and not required for the booking. Legal basis: Art. 6 para. 1 lit. b) DSGVO. Without providing your full name and email address, a seminar booking via our website is not possible.
Registration for LUXXprofile Experts
We provide a special “expert area” on our website for our trained LUXXprofile Experts (hereinafter: experts). Here, as an expert, you can, among other things, edit your expert profile, buy tests or book participation in seminars or manage your company profile depending on your authorisations. Instructors can also post seminars
Once you have completed the expert training with one of our instructors, he or she will create a profile in our system with some basic data. You will then receive your provisional access to the “expert area”. For security reasons, we recommend that you replace the initial password with your own secure password when logging in for the first time.
Data we process in connection with the login area:
Profile data: To enable potential clients to find you via our website, you have the option to create an expert profile. The publication of an expert profile is completely voluntary. If you decide to publish a profile on our website, all information is voluntary except for some basic data (name, location, contact details). You decide yourself what information you publish on our website. You have the option to take your expert profile “offline” at any time and delete the information it contains. Legal basis: Art. 6 para. 1 lit. a) DSGVO, If you decide to publish your profile, you thereby grant us the consent required for this. You can revoke this at any time by taking the profile “offline” via the expert area.
Billing data: We process all data required for purchase processing (e.g. invoice data) only for this purpose and store them for as long as we need them to fulfil our legal storage and verification obligations (usually 5-10 years). Legal basis: Art. 6 para. 1 lit. b) DSGVO. Without the provision of the required purchase and billing data, it is not possible to process a purchase with us.
Expert newsletter: We regularly inform our experts about news from our company and various promotions (e.g. offers from the LUXX Academy) For the newsletter, we use the CleverReach platform (CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany).
CleverReach allows us to easily and securely manage and send our newsletter and associated data. You can unsubscribe from the newsletter at any time by using the unsubscribe link at the bottom of each newsletter. Your email address will then be placed on a so-called blacklist at CleverReach so that you will not receive any further newsletters from us in the future until you subscribe again. Legal basis: §7 para. 3 UWG in conjunction with. Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest is to inform our experts regularly about special promotions concerning the LUXX profiles or seminars and thus to further increase the quality of advice provided by our experts.
Expert Info: Information that is essential for the cooperation with LUXX is sent to our experts via a distribution list. We also manage the administration of the distribution list and the dispatch via CleverReach (see previous section). As this list is used for internal communication and we only distribute information via it that is necessary for the fulfilment of the contract, you cannot easily unsubscribe from it. Legal basis: Art. 6 para. 1 lit.b) DSGVO
Expert test / LUXXprofile test: In the course of the expert training, your trainer may also conduct one of our tests with you and discuss the results with you so that you can, on the one hand, convince yourself of the quality of our tests and the subsequent counselling sessions and, on the other hand, to get to know the procedure for your future clients. This test is stored in your data in the expert area and is available to you at any time. Apart from you, only your trainer can access the test, who has carried it out with you. Legal basis: Art. 6 para. 1 lit. b) DSGVO (The execution of a test and the subsequent evaluation are part of the contract for the expert training and serve to guarantee our quality standards for our experts). If you refuse to carry out your own test, this may result in you not being approved as an expert with us.
Purchase processing (via invoice purchase): If you make a purchase on our website, our accounting department will create a pdf invoice which you will receive by e-mail. You then transfer the amount owed independently to our account. We store all invoice data on our internal systems for up to 10 years in order to fulfil our legal obligations to provide proof. Legal basis: Art. 6 para. 1 lit. b) DSGVO. Without providing the respective required purchase and billing data, you will not be able to complete the purchase.
Blog: Any expert can write blog posts on our site, which are then published on the website after a review and approval by our staff. When a blog post is published, your name is given as the author. Legal basis: Art. 6 para. 1 lit. a) DSGVO. The publication of blog posts is absolutely voluntary. You can have your blog posts deleted by us at any time. To do so, simply send us an e-mail to: firstname.lastname@example.org.
If you take a personality test on our website via a link (e.g. by one of our experts), we will only use the personal data you provide to evaluate your test and to provide further advice from our experts. The procedure is as follows:
– In the course of the consultation with the expert, you will receive a link to the personality test.
– You enter your personal data on the corresponding website and carry out the test.
– The evaluation of the tests takes place on our web servers, which are hosted by our partners, as described under “web servers”.
– The results are sent to the expert so that he or she can discuss the results with you and advise you further.
– Furthermore, your test results are transmitted to us (LUXX United GmbH) anonymously. We cannot draw any conclusions about your person based on the information you provide. The statistical results of the tests are used for research and further development of our personality tests.
– After the results have been transmitted, they remain stored by us for 1 year for the purpose of traceability or repeated retrieval by the expert and are then deleted.
The legal basis for the processing of your data and information when conducting our personality tests is Art. 6 para. 1 lit. b) DSGVO. Without the complete provision of your data, it is not possible to carry out the test or evaluate your results.
If, after consultation with your expert, you carry out a test in which special categories of personal data (in this case questions about your sex life) are processed in accordance with Art. 9 DSGVO, we need your consent to carry out the test, which you can give at the beginning of the test. The legal basis for processing special categories of data would then be Art. 9(2)(a) DSGVO.
We offer payment via PayPal on our website. The provider of this payment service is the American company PayPal Inc. PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) is responsible for the European Economic Area.
If you select payment via PayPal, the payment data you enter will be transmitted to PayPal.
Legal basis for data processing: The transmission of your data to PayPal is based on Art. 6 para. 1 lit. b) GDPR. Payment with PayPal is not possible without forwarding the necessary order information to PayPal.
Purpose of data processing: The transfer of order data to PayPal is necessary for the use of the service. We use PayPal to provide our customers with a simple payment option and alternative to invoice or credit card purchases.
Duration of storage: Data that is required due to legal obligations (e.g. obligations to provide evidence) remains stored by us for up to 10 years (e.g. in the case of tax relevance). Data that does not need to be stored for longer for the aforementioned reasons will be deleted once the transaction has been completed.
Google Web Fonts
To ensure that our websites are always displayed in the same way on our visitors’ different systems, we use Google Web Fonts. This means that when you access our pages, our web server establishes a connection to a Google Web Fonts (fonts) server and transmits information about you, such as your IP address to Google LLC.
The legal basis for this processing is Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest lies in the appealing and uniform presentation of our websites on different systems and browsers.
Data that we process in connection with business communication is stored both on our e-mail server and in our (customer) administration system. We store your data for the period of communication or processing of your enquiry, unless a business relationship is established between you and us. In addition, we archive all our business e-mail correspondence for up to 5 years in order to fulfil legal obligations to provide evidence or to defend legal claims.
Legal bases for the processing of data with our e-mail programme are:
- Art. 6 para. 1 lit. b) DSGVO, insofar as the e-mail correspondence takes place for the initiation, implementation or termination of a contractual relationship.
- Art. 6 para. 1 lit. a) DSGVO, when sending advertising which you have requested.
We use Zoom to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). Zoom is a service of Zoom Video Communications, Inc. which is based in the USA.
When using Zoom, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an “online meeting”.
The following personal data may be processed:
First name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional), department (optional)
Topic, description (optional), attendee IP addresses, device/hardware information.
For recordings (optional)
MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
For dial-in with telephone
Information on incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
Text, audio and video data
You may have the opportunity to use the chat, question or survey function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom applications.
To participate in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed to you in the Zoom app.
If it is necessary for the purposes of recording the results of an online meeting, we will record the chat content. However, this will not usually be the case.
In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up on webinars.
If you are registered as a user with Zoom, then reports of “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by Zoom for up to one month.
Personal data processed in connection with participation in “online meetings” will generally not be passed on to third parties unless it is intended to be passed on. Please note that the content of “online meetings”, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
The provider of Zoom necessarily receives knowledge of the above-mentioned data to the extent provided for in our order processing agreement with Zoom.
Zoom is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing agreement with the provider of Zoom that complies with the requirements of Art. 28 DSGVO.
An appropriate level of data protection is guaranteed, among other things, by the conclusion of the so-called EU standard contractual clauses. As a supplementary protective measure, we have also configured our Zoom so that only data centres in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”.
Legal basis for processing
Insofar as personal data is processed by employees of “LUXX United GmbH”, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of Zoom, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of Zoom, Article 6 (1) (f) DSGVO is the legal basis for data processing. In these cases, our legitimate interest lies in the effective implementation of “online meetings”.
In addition, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) DSGVO, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective conduct of “online meetings”.
We maintain publicly accessible profiles on social networks. We have described the social networks we use for you below.
Social networks such as Facebook, Twitter etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered.
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, you can be shown interest-based advertising inside and outside the respective social media presence. Provided you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.
Our social media presences are intended to ensure the most comprehensive possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) f) DSGVO. The analysis processes initiated by the social networks may be based on different legal grounds, which are to be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a) DSGVO).
Responsible party and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).
Please note that despite the joint responsibility with the social media portal operators, we cannot fully influence the data processing procedures of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.
We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://about.instagram.com/safety
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Your rights as a data subject
Revocation of your consent to data processing
Some data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us: email@example.com is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right of appeal to the competent supervisory authority
In the event of violations of data protection law, the data subject has a right of appeal to the competent supervisory authority. The competent supervisory authority in matters of data protection law is the State Data Protection Commissioner of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, blocking, deletion, restriction
Right to information
You have the right to request information about your data processed by us. In the case of a request for information that is not made in writing, we may require evidence that you are the person you claim to be.
Right to rectification
Of course, you can also contact us at any time if we have stored incorrect or old data about you. We will then correct this.
Anywhere on our website where you have left personal data, you can change and/or delete it directly via the respective registration page.
Right of deletion
If you no longer want us to store or process your data in the future, you can request that we delete your data if you are entitled to do so by law. If we still need your data for legal reasons (e.g. legal obligations to provide evidence) or for a legitimate interest (e.g. to defend legal claims), the processing of your data will be restricted.
You have the right to object to processing of your data by us that is based on a legitimate interest within the meaning of Art. 6 (1) (f) DSGVO. In this case, we reserve the right to closely examine and evaluate the particular personal situation described by you for this purpose.
Right to object
You have the right to object to processing of your data by us that is based on a legitimate interest within the meaning of Art. 6 (1) (f) DSGVO. Here, we reserve the right to closely examine and assess the particular personal situation described by you for this purpose.
Changes to the data protection information
We revise this data protection notice on various occasions that make this necessary, e.g. when changes are made to our websites. You will find the current version here.