LUXX United GmbH
Mauerstraße 71
52064 Aachen
Germany
Managing Director: Peter Boltersdorf
Phone: +49 (0)241 – 60 85 97 73
E-mail: datenschutz@luxxexperts.com
We would like to inform you as precisely and comprehensibly as possible about how we implement the special requirements of data protection. We have therefore set out in the following privacy policy the type, scope and purpose for which we collect, process and use personal data.
The controller responsible for data processing on these websites is:
LUXX United GmbH
Mauerstraße 71
52064 Aachen
Germany
Managing Director: Peter Boltersdorf
Phone: +49 (0)241 – 60 85 97 73
E-mail: datenschutz@luxxexperts.com
We are not legally obliged to appoint a data protection officer, but we are supported by an external data protection consultant.
If you have any questions about data protection, please contact us at datenschutz@luxxexperts.com.
When our websites are accessed, our system automatically collects data and information from the visitor’s end device.
The following data is collected for a limited period of time:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s internet service provider
(4) The user’s IP address
(5) The date and time of access
(6) Websites from which the user’s system accesses our website
The data is stored in the log files of our system. This data is only required to analyze any malfunctions and is deleted within seven days at the latest. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to protect our information technology systems. The data is not analyzed for marketing purposes in this context and no conclusions are drawn about your person. Our web servers are hosted, i.e. they are operated in the data centers of our partners and administered by them. The data centers on which our web servers are operated are located exclusively in the EU.
The legal basis for the processing of this data is Art. 6 para. 1 lit. f) GDPR. Our interest is to ensure the integrity, confidentiality and availability of the data processed via this website.
We use so-called session or flash cookies on our websites. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s end device. A cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f) GDPR. The purpose of using technically necessary cookies is to simplify the use of our websites for users. Some functions of our websites cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change
You can book a place on one of our seminars on our website. We provide a contact form for this purpose. We need your name and e-mail address so that we can process your request and reserve a place for you. Our staff will contact you by e-mail after processing your request to finalize the booking. Information you provide in the comments field is completely voluntary and not required for the booking. Legal basis: Art. 6 para. 1 lit. b) GDPR. It is not possible to book a seminar via our website without providing your full name and email address.
We provide a special “expert area” on our website for our trained LUXXprofile experts (hereinafter referred to as “experts”). As an expert, you can edit your expert profile, purchase tests, book participation in seminars or manage your company profile, depending on your authorizations. Instructors can also post seminars
If you have completed expert training with one of our trainers, they will create a profile in our system with some basic data. You will then receive your provisional access to the “expert area”. For security reasons, we recommend that you replace the initial password with your own secure password when you log in for the first time.
Data that we process in connection with the login area:
Profile data: So that you can be found by potential customers via our website, you have the option of creating an expert profile. The publication of an expert profile is completely voluntary. If you decide to publish a profile on our website, all information is voluntary except for some basic data (name, location, contact details). You decide for yourself what information you publish on our website. You have the option of taking your expert profile “offline” at any time and deleting the information it contains. Legal basis: Art. 6 para. 1 lit. a) GDPR, If you decide to publish your profile, you thereby give us the necessary consent. You can revoke this at any time by switching the profile “offline” via the expert area.
Billing data: We only process all data required for purchase processing (e.g. invoice data) for this purpose and store it for as long as we need it to fulfill our statutory retention or verification obligations (usually 5-10 years). Legal basis: Art. 6 para. 1 lit. b) GDPR. Without providing the required purchase and billing data, it is not possible for us to process your purchase.
Expert newsletter: We regularly inform our experts about news from our company and various promotions (e.g. offers from the LUXX Academy). We use the CleverReach platform (CleverReach GmbH & Co. KG, //CRASH Building, Schafjückenweg 2, 26180 Rastede, Germany) for the newsletter.
CleverReach enables us to manage and send our newsletter and the associated data easily and securely. You can unsubscribe from the newsletter at any time by using the unsubscribe link at the bottom of each newsletter. Your e-mail address will then be placed on a blacklist at CleverReach so that you will not receive any further newsletters from us in the future until you subscribe again. Legal basis: §7 para. 3 UWG i.V.m. Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to regularly inform our experts about special promotions concerning the LUXX profiles or seminars and thus further increase the quality of advice provided by our experts.
Expert information: Our experts receive information that is essential for working with LUXX via a distribution list. We also use CleverReach to manage the distribution list and send it out (see previous section). As this list is used for internal communication and we only use it to distribute information that is necessary to fulfill the contract, you cannot easily unsubscribe from it. Legal basis: Art. 6 para. 1 lit.b) GDPR
Expert test: In the course of the expert training, your trainer may also carry out one of our tests with you and discuss the results with you so that you can see for yourself the quality of our tests and the subsequent consultations and to familiarize yourself with the process for your future customers. This test is stored in your data in the expert area and is available to you at any time. Apart from you, only your trainer, who has carried out the test with you, can access the test. Legal basis: Art. 6 para. 1 lit. b) GDPR (the performance of a test and the subsequent evaluation are part of the contract for expert training and serve to guarantee our quality standards for our experts). If you refuse to carry out your own test, this may result in you not being approved as an expert with us.
Purchase processing (for purchase on account): If you make a purchase on our website, our accounting department will create a pdf invoice, which you will receive by e-mail. You then transfer the amount owed to our account yourself. We store all invoice data on our internal systems for up to 10 years to fulfill our legal obligations to provide evidence. Legal basis: Art. 6 para. 1 lit. b) GDPR. You cannot complete the purchase without providing the required purchase and billing data.
Blog: Any expert can write blog posts on our site, which are then published on the website after they have been checked and approved by our staff. When a blog post is published, your name will be given as the author. Legal basis: Art. 6 para. 1 lit. a) GDPR. The publication of blog posts is entirely voluntary. You can have your blog posts deleted by us at any time. To do so, simply send us an email to: team@luxxexperts.com
If you carry out a personality test on our website via a link (e.g. through one of our experts), we will only use the personal data you provide to evaluate your test and for further advice from our experts. The procedure is as follows:
– During the consultation, the expert will provide you with a link to the personality test
– You enter your personal data on the relevant website and carry out the test
– The evaluation of the tests takes place on our web servers, which are hosted by our partners as described under “Web server”.
– The results are sent to the expert so that they can discuss the results with you and advise you further.
– Furthermore, your test results are transmitted to us (LUXX United GmbH) in anonymized form. We cannot draw any conclusions about your person based on the information you provide. The statistical results of the tests are used for research and further development of our personality tests.
– After the results have been transmitted, they are stored by us for 1 year for the purpose of traceability or repeated retrieval by the expert and are then deleted.
The legal basis for the processing of your data and information when carrying out our personality tests is Art. 6 para. 1 lit. b) GDPR. Without the complete provision of your data, it is not possible to carry out the test or evaluate your results.
If, after consultation with your expert, you take a test in which special categories of personal data (in this case questions about your sex life) are processed in accordance with Art. 9 GDPR, we need your consent to carry out the test, which you can give at the beginning of the test. The legal basis for the processing of special categories of data would then be Art. 9 para. 2 lit. a) GDPR.
We have integrated the WooCommerce plugin from Automatic Inc (60 29th Street #343 San Francisco, CA 94110, USA) into our website to provide our online store offers. This is used to make our purchase,
Booking and payment processing is carried out. Since the provider administers the services and handles payment processing, it necessarily receives all data collected from you in connection with the aforementioned processing.
Please also refer to the data protection information of the provider WooCommerce(https://automattic.com/privacy/) The legal basis for this processing is Art. 6 para. 1 lit. b) GDPR. If you do not provide us with the necessary data in the web stores, the order / purchase process cannot be completed.
On our website we offer, among other things, payment via PayPal. The provider of this payment service is the American company PayPal Inc. PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) is responsible for the European Economic Area.
If you select payment via PayPal, the payment data you enter will be transmitted to PayPal.
It cannot be ruled out that PayPal may store and process your data outside the EU or the EEA. Further information on the processing of data by PayPal can be found in PayPal’s privacy policy at https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Legal basis for data processing: The transmission of your data to PayPal is based on Art. 6 para. 1 lit. b) GDPR. Payment with PayPal is not possible without forwarding the necessary order information to PayPal.
Purpose of data processing: The transfer of order data to PayPal is necessary for the use of the service. We use PayPal to provide our customers with a simple payment option and alternative to invoice or credit card purchases.
Duration of storage: Data that is required due to legal obligations (e.g. obligations to provide evidence) is stored by us for up to 10 years (e.g. in the case of tax relevance). Data that does not need to be stored for longer for the aforementioned reasons will be deleted once the process has been completed.
We use Google Web Fonts to ensure that our websites are always displayed in the same way on the different systems of our visitors. This means that when you access our pages, our web server establishes a connection to a Google Web Fonts server and transmits information about you, such as your IP address, to Google LLC.
The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the appealing and uniform presentation of our websites on different systems and browsers.
Data that we process in connection with business communication is stored both on our e-mail server and in our (customer) administration system. We store your data for the duration of the communication or the processing of your request, unless a business relationship is established between you and us. In addition, we archive all our business e-mail correspondence for up to 5 years in order to fulfill legal obligations to provide evidence or to defend against legal claims.
The legal basis for the processing of data with our e-mail program is:
Art. 6 para. 1 lit. b) GDPR, insofar as the e-mail correspondence takes place for the initiation, execution or termination of a contractual relationship
Art. 6 para. 1 lit. a) GDPR, when sending advertising that you have requested.
We use Zoom to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter: “online meetings”). Zoom is a service of Zoom Video Communications, Inc. based in the USA.
Various types of data are processed when using Zoom. The scope of the data also depends on the data you provide before or when participating in an “online meeting”.
The following personal data may be subject to processing:
User details
First name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional), department (optional)
Meeting metadata
Topic, description (optional), participant IP addresses, device/hardware information
For recordings (optional)
MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
When dialing in with the telephone
Information on the incoming and outgoing call number, country name, start and end time. Additional connection data such as the IP address of the device may be saved.
Text, audio and video data
You may have the option of using the chat, question or survey function in an “online meeting”. In this respect, the text entries you make are processed in order to display them in the “online meeting” and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the Zoom applications.
To take part in an “online meeting” or to enter the “meeting room”, you must at least provide information about your name.
If we want to record “online meetings”, we will inform you transparently in advance and – if necessary – ask for your consent. The fact of the recording will also be displayed to you in the Zoom app.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.
In the case of webinars, we may also process the questions asked by webinar participants for the purpose of recording and following up on webinars.
If you are registered as a user at Zoom, reports on “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored at Zoom for up to one month.
Personal data that is processed in connection with participation in “online meetings” is not passed on to third parties unless it is intended to be passed on. Please note that content from “online meetings”, as with face-to-face meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients
The provider of Zoom necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Zoom.
Zoom is a service provided by a provider from the USA. Personal data is therefore also processed in a third country. We have concluded an order processing agreement with the provider of Zoom that meets the requirements of Art. 28 GDPR.
An appropriate level of data protection is guaranteed, among other things, by the conclusion of the so-called EU standard contractual clauses. As additional protective measures, we have also configured Zoom in such a way that only data centers in the EU, the EEA or secure third countries such as Canada or Japan are used to conduct “online meetings”.
Legal basis of the processing
Insofar as personal data of employees of “LUXX United GmbH” is processed, Section 26 BDSG is the legal basis for data processing. If, in connection with the use of Zoom, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of Zoom, Art. 6 para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our legitimate interest lies in the effective conduct of “online meetings”.
In addition, the legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we are interested in the effective conduct of “online meetings”.
We maintain publicly accessible profiles on social networks. We have described the social networks we use for you below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presences triggers numerous data protection-relevant processing operations.
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.
Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.
Our social media presences are intended to ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a) GDPR).
If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).
Please note that, despite our joint responsibility with the social media portal operators, we cannot fully influence the data processing procedures of the social media portals. Our options are largely determined by the corporate policy of the respective provider.
The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Stored cookies remain on your end device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.
We have no influence on the storage period of your data that is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.
We have concluded an agreement with Facebook on joint processing (Controller Addendum). This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/.
We have a profile on Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://about.instagram.com/safety
Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/519522125107875.
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Details on how they handle your personal data can be found in LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.
Revocation of your consent to data processing
Some data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send us an informal email to: datenschutz@luxxexperts.com. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to lodge a complaint with the competent supervisory authority
In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link:www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.
TLS encryption
This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, blocking, deletion, restriction
Right to information
You have the right to request information about your data processed by us. In the case of a request for information that is not made in writing, we may require proof that you are the person you claim to be.
Right to rectification
Of course, you can also contact us at any time if we have stored incorrect or old data about you. We will then correct them.
Wherever you have left personal data on our website, you can change and/or delete it directly via the respective registration page.
Right to erasure
If you no longer want us to store or process your data in the future, you can request the deletion of your data, provided you are legally entitled to do so. If we continue to need your data for legal reasons (e.g. legal obligations to provide evidence) or for a legitimate interest (e.g. to defend against legal claims), the processing of your data will be restricted.
Right to object
You have the right to object to the processing of your data by us, which is based on a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. In this case, we reserve the right to carefully examine and assess the particular personal situation described by you.
Revocation of your consent to data processing
Some data processing operations are only possible with your express consent. You can revoke any consent you have already given at any time. All you need to do is send us an informal email to: datenschutz@luxxexperts.com. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to lodge a complaint with the competent supervisory authority
In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link:www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.
TLS encryption
This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, blocking, deletion, restriction
Right to information
You have the right to request information about your data processed by us. In the case of a request for information that is not made in writing, we may require proof that you are the person you claim to be.
Right to rectification
Of course, you can also contact us at any time if we have stored incorrect or old data about you. We will then correct them.
Wherever you have left personal data on our website, you can change and/or delete it directly via the respective registration page.
Right to erasure
If you no longer want us to store or process your data in the future, you can request the deletion of your data, provided you are legally entitled to do so. If we continue to need your data for legal reasons (e.g. legal obligations to provide evidence) or for a legitimate interest (e.g. to defend against legal claims), the processing of your data will be restricted.
Right to object
You have the right to object to the processing of your data by us, which is based on a legitimate interest within the meaning of Art. 6 para. 1 lit. f) GDPR. In this case, we reserve the right to carefully examine and assess the particular personal situation described by you.
We revise this data protection notice on various occasions that make this necessary, e.g. when changes are made to our websites. You will find the current version here.
Status: 15.11.2023