Data Security Statement | www.lotuslight.de/en

Privacy Statement

1) Information on the collection of personal data and contact details of the responsible person
1.1 We are pleased that you are visiting our website and thank you for your interest. In the following we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The person responsible for data processing on this website within the meaning of the General Data ProtectionRegulation (GDPR) is Daniela Vogt, Dorfstrasse 18c,07751 Löberschütz, Germany, Tel.: 01752539293, e-mail: connect@lotuslight.de. The person responsible for processing personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or enquiries to the person responsible). You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line.

2) Data collection when visiting our website
If you only use our website for information purposes, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called “server log files”). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymous form)

Processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

3) Cookies
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after closing your browser (so-called session cookies). Other cookies remain on your end device and enable us or our partner companies (cookies from third parties) to recognize your browser during your next visit (so-called persistent cookies). If cookies are set, they collect and process certain user information such as browser and location data as well as IP address values to an individual extent. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie.
In some cases, cookies are used to simplify the ordering process by saving settings (e.g. remembering the contents of a virtual shopping basket for a later visit to the website). If individual cookies used by us also process personal data, processing is carried out in accordance with Art. 6 Para. 1 lit. b GDPR either to implement the contract or in accordance with Art. 6 Para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
We may work with advertising partners who help us to make our website more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive (cookies from third parties) when you visit our website. If we cooperate with the aforementioned advertising partners, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following paragraphs.
Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or whether to exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for each browser under the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Opera: https://help.opera.com/en/latest/web-preferences/#cookies
Please note that if cookies are not accepted, the functionality of our website may be restricted.

4) Making contact
Within the scope of contacting us (e.g. via contact form or e-mail), personal data is collected. Which data is collected in the case of a contact form, is apparent from the respective contact form. These data are stored and used exclusively for the purpose of answering your request or for establishing contact and the associated technical administration. The legal basis for the processing of this data is our legitimate interest in responding to your request pursuant to Art. 6 Para. 1 lit. f GDPR. If the purpose of your contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted after final processing of your request. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided there are no legal obligations to retain data.

5) Data processing when opening a customer account and for contract processing
Pursuant to Art. 6 Para. 1 lit. b GDPR, personal data will continue to be collected and processed if you provide it to us for the execution of a contract or when opening a customer account. Which data is collected can be seen from the respective input forms. A deletion of your customer account is possible at any time and can be done by sending a message to the above address of the responsible person. We store and use the data provided by you for contract processing. After complete completion of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial retention periods and deleted after these periods, unless you have expressly consented to further use of your data or a legally permitted further use of data from our side was reserved.

6) Use of your data for direct marketing purposes
6.1 Subscribing to our e-mail newsletter
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. Your e-mail address is the only mandatory information for sending the newsletter. The provision of further data is voluntary and is used to address you personally. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an e-mail newsletter after you have expressly confirmed that you agree to receive the newsletter. We will then send you a confirmation e-mail asking you to confirm that you wish to receive the newsletter in the future by clicking on the appropriate link.
By activating the confirmation link, you consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When you register for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to track any possible misuse of your e-mail address at a later point in time. The data collected by us when you register for the newsletter will be used exclusively for the purposes of advertising in the newsletter. You can unsubscribe from the newsletter at any time via the link provided for this purpose in the newsletter or by sending a corresponding message to the responsible person named at the beginning. After you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list unless you have expressly consented to the further use of your data or unless we reserve the right to make further use of your data which is permitted by law and about which we inform you in this declaration.

6.2 Sending the e-mail newsletter to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to send you regular offers of similar goods or services to those already purchased from our range by e-mail. According to § 7 Abs. 3 UWG, we do not have to obtain your separate consent for this. Data processing in this respect takes place solely on the basis of our justified interest in personalised direct advertising pursuant to Art. 6 Para. 1 lit. f GDPR. If you have initially objected to the use of your e-mail address for this purpose, we will not send you an e-mail. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying the person responsible named at the beginning. For this you only incur transmission costs according to the basic tariffs. Upon receipt of your objection, the use of your e-mail address for advertising purposes will be discontinued immediately.

6.3 Newsletter dispatch via MailChimp
Our e-mail newsletters are sent via the technical service provider The Rocket Science Group, LLC d/b/a MailChimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA (http://www.mailchimp.com/), to whom we forward the data you provided when registering for the newsletter. This disclosure is made in accordance with Art. 6 Para. 1 lit. f GDPR and serves our legitimate interest in the use of an effective, secure and user-friendly newsletter system. Please note that your data is usually transferred to a MailChimp server in the USA and stored there.
MailChimp uses this information for the dispatch and statistical evaluation of the newsletter on our behalf. For the evaluation, the e-mails sent contain so-called web beacons or tracking pixels, which represent one-pixel image files stored on our website. This enables us to determine whether a newsletter message has been opened and which links have been clicked. Mailchimp uses web beacons to automatically generate general, non-personal statistics about the response behaviour to newsletter campaigns. On the basis of our justified interest in the statistical evaluation of the newsletter campaigns for the optimisation of advertising communication and the better orientation towards recipient interests, the web beacons in accordance with Art. 6 Para. 1 lit f GDPR also collect and process data of the respective newsletter recipient (e-mail address, time of retrieval, IP address, browser type and operating system). These data allow an individual conclusion to be drawn about the newsletter recipient and are processed by Mailchimp for the automated generation of statistics that show whether a certain recipient has opened a newsletter message.
If you wish to deactivate data analysis for statistical evaluation purposes, you must unsubscribe from the newsletter.
MailChimp can also use this data in accordance with Art. 6 Para. 1 lit. f GDPR itself on the basis of its own legitimate interest in the needs-based design and optimisation of the service as well as for market research purposes, for example to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write to them itself or to pass them on to third parties.
In order to protect your data in the USA, we have concluded a data processing agreement with MailChimp based on the standard contractual clauses of the European Commission to enable the transfer of your personal data to MailChimp. If you are interested, this data processing agreement can be viewed at the following Internet address: https://mailchimp.com/legal/forms/data-processing-agreement/
In addition, MailChimp is certified under the us European data protection agreement “Privacy Shield” and is thus committed to complying with EU data protection regulations.
You can view the privacy policy of MailChimp here: https://mailchimp.com/legal/privacy/

7) Data processing for order processing

7.1 To the completion of your order

In order to process your order, we work together with the following service provider(s), who support us in whole or in part in the execution of concluded contracts. Certain personal data will be transmitted to these service providers in accordance with the following information.
The personal data collected by us are passed on to the transport company commissioned with the delivery within the framework of contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the scope of payment processing, insofar as this is necessary for payment processing. If payment service providers are used, we will inform you explicitly below. Legal basis for the passing on of the data is Art. 6 Para. 1 lit. b GDPR.

7.2 Use of payment service providers (payment services)

Paypal
When paying via PayPal, credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “payment by instalments” via PayPal, we pass on your payment details to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”) within the framework of the payment processing. The transfer takes place in accordance with Art. 6 Para. 1 lit. b GDPR and only insofar as this is necessary for payment processing.
PayPal reserves the right to carry out a credit check for the payment methods credit card via PayPal, direct debit via PayPal or – if offered – “purchase on account” or “instalment payment” via PayPal. For this purpose, your payment data may be passed on to credit agencies in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of PayPal’s legitimate interest in determining your solvency. PayPal uses the result of the credit assessment with regard to the statistical probability of non-payment for the purpose of deciding on the provision of the respective payment method. The credit report can contain probability values (so-called score values). If score values are included in the result of the credit report, they have their basis in a scientifically recognized mathematical-statistical procedure. Address data, among other things but not exclusively, is included in the calculation of the score values. Please refer to PayPal’s data protection declaration for further information on data protection law, including the credit agencies used: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary to process your payment in accordance with the contract.

8) Use of Social Media: Videos

Use of Youtube videos
This website uses the Youtube embedding feature to display and play videos from “Youtube”, a provider owned by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
This uses the advanced privacy mode, which, according to the provider, only initiates the storage of user information when the video(s) is/are played. If the playback of embedded Youtube videos is started, the provider uses “Youtube” cookies to collect information about user behaviour. According to information provided by “Youtube”, these cookies serve, among other things, to collect video statistics, improve user-friendliness and prevent abusive practices. If you are logged in to Google, your information will be directly associated with your account when you click on a video. If you do not want your profile to be associated with YouTube, you must log out before activating the button. Google stores your data (even for users who are not logged in) as user profiles and evaluates them. In particular, such evaluation is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of Google’s legitimate interests in the display of personalised advertising, market research and/or the design of its website to meet requirements. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. In the course of using YouTube, personal data may also be transmitted to the servers of Google LLC. in the USA.
Irrespective of any reproduction of the embedded videos, each time you visit this website, you will be connected to the Google network, which may trigger further data processing operations without our influence.
In the event that personal data is transferred to Google LLC. based in the USA, Google LLC. has certified itself for the us European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU. A current certificate can be viewed here: https://www.privacyshield.gov/list
Further information on data protection at “YouTube” can be found in the provider’s data protection declaration at: https://www.google.de/intl/de/policies/privacy

9) Web analytics services

Jetpack (formerly WordPress.com-Stats)
This offering utilizes the Jetpack (formerly WordPress.com-Stats) web analytics service operated by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110-4929, USA, using tracking technology from Quantcast Inc., 201 3rd St, Floor 2, San Francisco, CA 94103-3153, USA. With the help of Jetpack, pseudonymized visitor data is collected, evaluated and stored on the basis of our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes in accordance with Art. 6 Para. 1 lit. f GDPR. From this data, pseudonymised user profiles can be created and evaluated for the same purpose. Jetpack uses so-called cookies, i.e. small text files that are stored locally in the cache of the Internet browser of the page visitor. These cookies serve, among other things, to recognize the browser and thus enable a more precise determination of the statistical data. The data of the user’s IP address is also collected, but is pseudonymised immediately after collection and before it is stored, in order to exclude any possibility of personal reference.
The information generated by the cookie about your use of this website (including the pseudonymised IP address) will be transmitted to a server in the USA and stored there in order to protect the above-mentioned interests.
Automattic Inc., headquartered in the USA, is certified for the us-European data protection agreement “Privacy Shield”, which guarantees compliance with the data protection level applicable in the EU.
In order to object to the collection and storage of your visitor data in the future, you can download an opt-out cookie from Quantcast under the following link. This will ensure that no visitor data from your browser will be collected and stored by Jetpack in the future: https://www.quantcast.com/opt-out
The opt-out cookie is set by Quantcast.

10) Rights of the person concerned

10.1 The applicable data protection law grants you comprehensive data subject rights (information and intervention rights) vis-à-vis the person responsible with regard to the processing of your personal data, about which we will inform you below:

Right of access pursuant to Art. 15 GDPR: In particular, you have a right of access to your personal data processed by us, the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, cancellation, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected by us from you, the existence of automated decision-making including profiling and, where applicable, meaningful information about the logic involved and the scope and desired effects of such processing, as well as your right to be informed of the guarantees pursuant to Art. 46 GDPR that exist when your data are transferred to third countries;
Right of rectification pursuant to Art. 16 GDPR: You have the right to have inaccurate data concerning you rectified without delay and/or your incomplete data stored by us completed;
Right of deletion pursuant to Art. 17 GDPR: You have the right to demand the deletion of your personal data if the conditions of Art. 17 para. 1 GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
Right to limitation of processing pursuant to Art. 18 GDPR: You have the right to demand limitation of processing of your personal data as long as the correctness of your data, which you dispute, is verified, if you refuse to delete your data due to inadmissible data processing and instead demand limitation of processing of your data, if you need your data to assert, exercise or defend legal claims after we no longer need this data after achieving the purpose or if you have lodged an objection due to reasons of your particular situation, as long as it is not yet known whether our justified reasons prevail;
Right to information pursuant to Art. 19 GDPR: If you have asserted the right to rectification, cancellation or limitation of processing to the data controller, the data controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification, cancellation or limitation of processing, unless this proves impossible or involves a disproportionate effort. You have the right to be informed of such recipients.
Right to data transfer in accordance with Art. 20 GDPR: You have the right to receive the personal data you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another responsible person, insofar as this is technically feasible;
Right to revoke consent granted pursuant to Art. 7 (3) GDPR: You have the right to revoke consent once granted for the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned unless further processing can be based on a legal basis for processing without consent. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation;
Right of appeal pursuant to Art. 77 GDPR: If you are of the opinion that the processing of your personal data violates the GDPR, you have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place where the alleged violation occurred.

10.2 RIGHT OF REVOCATION

IF WE PROCESS YOUR PERSONAL DATA AS PART OF A WEIGHING OF INTERESTS ON THE BASIS OF OUR PREDOMINANTLY LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO SUCH PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.
IF YOU MAKE USE OF YOUR RIGHT OF OBJECTION, WE WILL TERMINATE THE PROCESSING OF THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN PROVE COMPELLING GROUNDS FOR PROCESSING WORTHY OF PROTECTION WHICH OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.
IF YOUR PERSONAL DATA IS PROCESSED BY US FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING. YOU MAY OBJECT AS DESCRIBED ABOVE.
IF YOU EXERCISE YOUR RIGHT OF OBJECTION, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT ADVERTISING PURPOSES.

11) Duration of storage of personal data

The duration of the storage of personal data is measured according to the respective legal basis, the purpose of processing and – if relevant – additionally according to the respective legal retention period (e.g. commercial and tax retention periods).
If personal data are processed on the basis of an express consent pursuant to Art. 6 para. 1 lit. a GDPR, these data are stored until the data subject revokes his consent.
If there are legal storage periods for data that are processed within the framework of legal or similar obligations on the basis of Art. 6 para. 1 lit. b GDPR, these data will be routinely deleted after expiry of the storage periods if they are no longer necessary for the fulfilment of the contract or the initiation of the contract and/or if we no longer have a justified interest in further storage.
When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until the data subject exercises his right of objection in accordance with Art. 21 para. 1 GDPR, unless we can prove compelling grounds for processing worthy of protection which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If personal data are processed for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, these data are stored until the data subject exercises his right of objection pursuant to Art. 21 para. 2 GDPR.
Unless otherwise stated in the other information contained in this declaration on specific processing situations, stored personal data will otherwise be deleted if they are no longer necessary for the purposes for which they were collected or otherwise processed.