Lux International AG and all its affiliates (together Lux or we or us) are pleased that you wish to interact with us and thank you for your interest. This privacy notice specifies which personal data we process, for what purposes and in which manner.
The Controller is the company that determines which of your personal data is processed, for which purposes, and how. The Controller is primarily responsible for the processing of your personal data, and is also your primary point of contract for data protection matters. These decisions may also be taken by two or more Lux companies together, which then act as joint controller and share in that responsibility. For example, where a web shop is maintained by a distribution partner, we both may be jointly responsible for the processing of your personal data in this context. However, as processing of personal data is related to (direct) marketing activities, a distribution partner acts as an independent controller according to its own privacy notice.
Lux is present in a number of countries around the world. As a rule, the company in your region is responsible for the processing of your personal data, for example when you use our online services or web shops, or participate in a customer event. To learn more about the company that is responsible for your data processing, please see the section “Legal Notice” on the corresponding website.
For any questions you may have as regards this privacy notice feel free to contact the Controller at the address indicated in the legal notice, or send us an e-mail (firstname.lastname@example.org) or call us (+41 41 768 88 88).
2. The personal data we process
2.1. General points
Depending on the occasion, we process various types of personal data relating to you. In this section, you will learn about the different contexts in which we process your personal data, which of your personal data we process, and of the purposes of the processing. You will find more details in other documents such as general terms and conditions or other privacy notices that refers to particular circumstances therein.
Our processing may also include “sensitive data”, for example information about your health when you interact with us about a particular product, or if you participate in an online test or attend a specific customer event we hold. In this case we will inform you separately about the processing and ask for consent.
As a rule, we collect your personal data directly from you. However, in certain circumstances it may be necessary for us to collect data from third parties, for example, customer data received from our distribution partners (incl. information on their own existing and potential customers), data from public registers, data received in connection with administrative or court proceedings, data in connection with your professional role and activities, information about you in correspondence and discussions with third parties, credit information, information given to us by individuals associated with you (family, consultants, legal representatives, etc.) in order to conclude or process contracts with you or with your involvement, bank details, our distributors and other business partners for the purpose of ordering or delivering services to you or by you, data from the media or internet, your address and your interests, and data in relation with your use of our websites.
There is generally no legal obligation for you to provide your data to us. However, without personal data we will usually not be able to enter into or carry out a contract with you or the entity you represent. In addition, our websites cannot be used unless certain information is disclosed to enable data traffic (e.g., IP address), and we will not be able to communicate with you if we are not allowed to process some personal data relating of you.
2.2 Websites and online services
When you visit one of our websites, depending on the functionality and the service we provide to you we process the following categories of personal data:
Technical data: This includes your IP address, information about your browser and operating system and the end device you are use, and the time and duration spent on our website, the websites you access our websites from or those you visit from our website. We use this information for IT security reasons, for the proper maintenance of the websites, to ensure and improve a user-friendly usage thereof and to provide you with customized services.
Online services: If you use our online services, we process personal data such as contact details, credit and payment information, information on the usage of your account with us, information on your shopping cart, information relating to your online test results we offer to you and information on how you interact with us. We process this information to perform a contract with you, provide you with our services, analyze your product and customer behavior, send you personalized advertising and find out how often you visit our sites. We also analyze data on an aggregate basis, for example which pages are used most and how customers proceed on our websites. Based on this analysis we may use personal data to personalize services, tailor our offers to you and show you personalized ads.
Web shops: When you use a web shop, we process contact information and other information, including information about your order, which may also include sensitive data, payment data (e.g. for example your credit card number and information about your use of a payment system), shopping cart information, and other information related to your shopping behavior (schedule, frequency, personal shopping list etc.). We process that data in order to enter into and perform a contract with you, and analyze it to get to know you better and be able to provide personalized ads to you. If an online shop is operated by a regional distribution partner, that partner may process your personal data for their own purposes as set forth in their own privacy notice.
You can object to cookies by rejecting cookies when they are placed on your device or by installing a browser add-on, or by deleting cookies.
Social plugins: Social plugins are bits of code that connect our website with a social media platform. We use them to make our website more attractive and provide additional features, such as a “like” button. These plugins tell the provider of the relevant social network (for example Facebook, Twitter, LinkedIn, YouTube and others) that you have visited our site and may cause personal data to be processed by these providers for their own purposes and in accordance with their own privacy notice. When you visit one of our websites while logged in at your account with a social network, the provider may keep information about your visit with your user account. Please read the provider’s privacy notice for additional information.
2.3 Communication and customer services
When you communicate with us, we process the required personal data, for example when you contact us by phone, e-mail, post or using an online form, and when we interact you, for example for customer services. This includes your name, address, phone number, e-mail address or other contact details share with us, and the content of the communication exchanged with us. We may also record communications, subject to your consent, and collect information about your participation in customer events. We may store these types of data in our customer relation management system, and combine it with other data collected, for example, when you visit our websites or use a web shop, in order to get to know our customers and their representatives better and improve customer satisfaction. We may also use such data for training purposes and to improve service quality.
We process personal data to send you informational and advertising communications, for example to invite you to an event or inform you about a special offer, provided we may do so under applicable laws. We may also track and analyze your response to communication sent to you, for example if you opened an e-mail or clicked a link. If we have asked you for consent, you may withdraw consent at any time by unsubscribing.
Such processing may also include personal data of (existing and potential) customers of our distribution partners, if they disclose such information to us.
2.5 Other purposes
Business Partners: We interact with various business partners (for example IT providers, logistic companies, facility management, etc.) as well local distributors worldwide. We process personal data of their employees who interact with us, for example name, function, contact details, work-related data in connection with the provision of a service to us (working hours, security information, access rights, nationality, criminal records, driving license, etc.), in order to perform our business relationships, fulfill obligations, execute contracts, provide our services and deliver our products to customers. We may also use such information for security reviews, staff planning or credit checks of customers.
Administration: We process personal data for our own administration (for example IT administration, accounting, customer services and customer relationship management, etc.). We also work with local distributors to perform contracts with you, and ensure proper delivery of products and services you have ordered in a web shop. For these purposes we process contact details, information on specific orders and payment, information about requests or complaints and other information necessary for administration purposes.
Corporate transactions: We may process personal data in the context of corporate transactions and re-structuring processes and share that information with potential contract partners as permitted under applicable law.
Compliance with legal requirements: We process personal data in order to comply with legal requirements and prevent and detect violations. This processing may include receipt and processing of complaints and other notifications, internal investigations or the disclosure of documents to an authority, if we have a good reason or are legally obliged to do so.
Legal defense: We may process personal data to protect our rights, for example to enforce claims in court and out of court and when dealing with authorities at home or abroad, and to defend ourselves against claims. We can process personal data or pass personal data to third parties in Germany and abroad, to the extent that this is necessary and permissible.
Career website: See our separate privacy notice for job applicants available on https://luxcareer.com/data-protection.
3. Legal basis for our processing
When processing personal data in accordance with this privacy notice, we rely on one or more of the following legal grounds:
- Consent: We rely on your consent if we obtain consent for a particular processing;
- Performance of a contract: We may process personal data as required to enter into or carry out a contract with you;
- Legitimate interest: Certain processing is required to safeguard legitimate interests, for example to comply with a contract with you or business partners, to compete with other companies and improve our market position, to optimize customer management, to personalize and improve services and tailor offers, to get to know you better, to execute legal claims and to defend against claims, for administration purposes, to maintain our website(s) and improve online services;
- Compliance with laws: Certain processing is required under applicable law, and we may be obliged to disclose personal information to authorities or public bodies.
4. Disclosure of Personal Data
We may disclose personal data within our group for the purposes set out above in sec. 2. We may also share your personal data with service providers acting as processors, for example to procure IT services (such as data hosting services, digital marketing services etc.), credit checks, and other business-related services, and with other parties acting on their own behalf (such as new employers, the authorities, etc.).
In certain cases we may transfer personal data to recipients abroad in countries outside of Switzerland or the EU/EEA that have no appropriate level of data protection. In that case we rely on the recipient’s certification under the EU-US or CH-US Privacy Shield, if the recipient is located in the US and is certified, or ensure that your personal data is protected for example by requiring the recipient to enter into a contract that protects your data. If you wish to obtain a copy of such a data transfer agreement please let us know.
5. Storage and retention
We store your personal data for as long as it is necessary for the purposes for which we have collected it and to protect legitimate interests, for example in asserting or defending claims, maintaining back-ups and archives, and ensuring IT security. We will also store personal data as required under applicable laws. For certain data, for example, a ten-year retention period applies. Other data will be deleted or anonymized earlier, such as recordings from video surveillance or internet logs. We may also ask for consent to store personal data longer.
6. Data subject rights
You have the following rights as regards the processing of your personal data, provided that the requirements under applicable law are met:
- Access: the right to request, at any time and free of charge, access to your personal data stored and processed by us;
- Rectification: the right to have incorrect or incomplete personal data corrected or updated;
- Deletion: the right to have your personal data erased if it is no longer necessary or if you have withdrawn consent or have objected to the processing (provided there are no other grounds for processing), or if your personal data is processed unlawfully;
- Restriction: the right to request that the processing of your personal data be restricted;
- Right to data portability: the right to receive or transfer to someone else the personal data that you have provided to us, free of charge, in a commonly used and machine-readable format;
- Right to lodge a complaint: the right to lodge a complaint with a competent supervisory authority about the way we handle or process your personal data;
- Right to withdraw consent: the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You also have the right to object to data processing and revoke consent. In particular, you can object to data processing in connection with direct advertising.
In case of queries please contact the relevant Controller (see sec. 1 above).
Last update: July 2019