Data protection at Lights.ie
The protection of your privacy is very important to us. We, therefore proceed with all data processing procedures (e.g. collection, processing and transmission) in accordance with the legal regulations of the Irish and European data protection laws.
The following declaration gives you an overview of which of your data is requested on our websites, how this data is used and passed on, how you can obtain information about the information given to us, and what security measures we take to protect your data.
Here you will find the following information:
- Person responsible for data processing
- Purposes of data processing and legal basis
- Data transfer to partner companies
- Data processing for advertising purposes
- Online presence and website optimisation
- Transmission via affiliate networks
- Social media
- Recipients of data
- Data subjects' rights
§ 1 Person responsible for data processing
The person responsible within the meaning of the data protection regulations for all data processing carried out via our websites is:
Phone: +353 1 699 2138
Contact details of the data protection officers
For enquiries about data protection as well as for the assertion of data subject rights (cf. below), we ask you to write to the aforementioned address.
§ 2 Purposes of data processing and legal basis
Visit to our website
Each time websites/applications are accessed, information is sent by the respective internet browser of your device to the server of our website/application and temporarily stored in log files. The data records stored in this process contain the following data, which are stored, until automatic deletion after 30 days: date and time of access, name of the page accessed, IP address of the requesting device, referrer URL (origin URL from which you came to our websites), the amount of data transferred, loading time, as well as product and version information of the respective browser used and the name of your access provider. The legal basis for the processing of the IP address is Article 6 para. 1 lit. f GDPR. Our legitimate interest results from the guarantee of the connection establishment, the easy use of our website/application and the evaluations regarding the system security and stability. A direct conclusion to your identity is impossible based on the information provided. The data is stored and automatically deleted after the aforementioned purposes have been achieved.
Tracking, cookies and social media
Initiation, establishment, implementation of a contractual relationship
Data processing before conclusion of the contract
To enable you to benefit from our excellent customer service even before you sign a contract - we offer you comprehensive professional advice. Various contact channels are available for this purpose:
Contact form / request by e-mail:
You can send us your request anytime via the contact form or e-mail, where we will request your name and e-mail address. In addition, you may voluntarily submit further personal data, such as your telephone number or address. This data will be processed at least for the purpose of dealing with your request and, if necessary, your contract. The legal basis for this processing is pre-contractual measures according to Art. 6 para. 1 lit. b GDPR as well as a legitimate interest according to Art. 6 para. 1 lit. f GDPR in guaranteeing you optimal customer service.
Our customer service is also available for telephone consultation. We will record your name and telephone number. Optionally, we also collect other personal data provided during the consultation, such as your e-mail or postal address. This data is processed at least for the purpose of dealing with your request and, if necessary, beyond that, should a contract be concluded. The legal basis for this processing is pre-contractual measures according to Art. 6 para. 1 lit. b GDPR, as well as a legitimate interest according to Art. 6 para. 1 lit. f GDPR in guaranteeing you optimal customer service.
Establishment and implementation of the contractual relationship
In order to process a purchase contract between you and Lampenwelt GmbH to your satisfaction, the processing of personal data is necessary. You have the option of creating a customer account through which you can manage your data. However, we are also happy to offer you the option of completing an order without registering via a customer account. We use the following personal data to process the contract: first and last name, billing and delivery address, payment data, e-mail address and telephone number, date of birth, and if applicable, a password for your customer account. We use and store your data at least for the duration of the contract and until the expiration date of the statutory or contractual warranty and guarantee rights. In addition, we store some of your data in accordance with commercial and tax law requirements and retention periods. The legal basis for this processing is the fulfilment of the contract according to Art. 6 para. 1 lit. b GDPR as well as compliance with legal requirements according to Art. 6 para. 1 lit. c GDPR. Depending on the payment method used, we transmit your payment data to payment service providers commissioned by us so that they can process the transactions.
Data processing within the framework of parcel delivery
Following your order, if you have consented to this, you will receive information via e-mail on the processing and shipping status. You will receive these updates until your order has been successful. The legal basis for this processing is your consent under Art. 6 Para. 1 lit. a GDPR. For this purpose, we use the services of Parcel Lab GmbH, Schillerstraße 23a, 80336 Munich, Germany, which receives the personal data (name, address, order number, e-mail address) necessary for the creation of these notifications and uses them exclusively for the previously mentioned purpose following our instructions. For this purpose, we have concluded a contract processing agreement with Parcel Lab. You can find more information on the data protection of Parcel Lab GmbH at https://parcellab.com/en/privacy-policy.
Transport and logistics services
We work together with transport and logistics companies. The following data may be transmitted to them to deliver the ordered goods: First and last name, postal address, and if applicable, e-mail address and telephone number. The legal basis for this processing is the fulfilment of the contract under Art. 6 Para. 1 lit. b GDPR.
§ 3 Data transfer to partner companies
Voucher and benefit offers from Sovendus GmbH
If you are interested in a voucher offer from Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe, Germany (Sovendus) and click on the voucher banner - we will transmit your name and e-mail address in encrypted form to Sovendus to prepare the voucher. Before this, the IP address is transmitted, and used by Sovendus exclusively for data security purposes and, as a rule, anonymised after seven days. In addition, for billing purposes, we transmit the order number, order value with currency, session ID, coupon code and time stamp to Sovendus in pseudonymised form. The legal basis for this processing is our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR in being able to offer you the offers of our partner. For more information on how Sovendus processes your data, please visit https://online.sovendus.com/en/online-privacy-notice/.
By sending your order in our online shop and ticking the box, in which you confirm your agreement with this data protection declaration, you also give us your express consent under Art. 6 para. 1 p. 1 lit. a) GDPR that we may transmit your e-mail address to Bazaarvoice (Bazaarvoice Inc., 10901 Stonelake Blvd., Austin, Texas 78759, USA), so that they can ask you by e-mail to submit a review and send you the appropriate link, and if necessary, send you a review reminder by e-mail. To the extent necessary for providing the agreed services, we grant this service provider access to personal data (name and e-mail address). The service provider is contractually obliged to treat all data as strictly confidential. It is also contractually prohibited to process the data for purposes other than those agreed. Data is erased when it is no longer required to achieve the original purposes. The user can object to receiving further e-mails at any time by clicking on the unsubscribe link.
§ 4 Data processing for advertising purposes
On our website, you can subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is processed (e-mail address as a mandatory field as well as optional title, first and last name and date of birth; for business customers also the company name). The data will be on record for the duration of the subscription. The legal basis for this processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. For this purpose, we use the double opt-in procedure (DOI procedure), by means of which you finally register for our newsletter via a confirmation link.
Cancellation rights: You can cancel this registration at any time with immediate and ongoing effect by clicking on the unsubscribe link at the end of the newsletter or by sending an informal declaration of intent to email@example.com. As a result, your data will no longer be used for sending out newsletters.
Optionally, we may use the data collected from your order to send you transaction and product-related messages by post, such as offers or promotions. If you do not agree to receiving postal advertising, you can inform us of this at any time via firstname.lastname@example.org. Alternatively, you can inform us via any other contact points.
§ 5 Online presence and website optimisation
Cookies - General information
The right to object is excluded for strictly necessary cookies, as these are strictly necessary in order to be able to display our website and its contents and to provide you with the functionalities of the website.
Cookies are utilised for analysis and marketing purposes in order to improve the quality of our website and its content. Through the statistics cookies, we learn how the website is used and can thus constantly optimise our offer. Data processing based on cookies or other identifiers (e.g. browser fingerprints, pixels) which is not strictly necessary for the function of our websites is only carried out with your consent. You can give your consent via the cookie banner which is displayed when you visit our website for the first time. The legal basis for this cookie-based processing is Article 6 para. 1 lit. f GDPR for the setting of these cookies on your terminal device and Article 6 (1) lit. a GDPR for the processing that subsequently takes place outside the terminal device (e.g. on web servers), insofar as this relates to personal data. Cookies that are not necessary for the function of our websites will not be set, unless you have provided your consent.
On our websites, we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland ("Google"). The legal basis for this processing is your consent according to Art. 6 para. 1 lit. a GDPR. Google Analytics uses "cookies" - text files placed on your computer, to help the website analyse how users use the site. Google may use this information to evaluate your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
Demographic characteristics in Google Analytics
We use the technical extension "Google Signals" in Google Analytics which enables cross-device tracking. This makes it possible to associate a single website visitor with different end devices. However, this only happens if the visitor has logged into a Google service when visiting the website and has also activated the "personalised advertising" option in their Google account settings. Even then, however, no personal data or user profiles become accessible to us; they remain anonymous for us.
This website uses the remarketing technology of "Microsoft Advertising" from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft stores a cookie on your computer ("conversion cookie") if you have reached our website via a Microsoft Advertising ad. Microsoft and "Microsoft Advertising" customers can recognise that the advertisement has been clicked on and that a redirection to our website has taken place. This allows you to be retargeted with targeted product recommendations and interest-based advertising on Microsoft and other Microsoft Advertising customers' sites. The information collected using the conversion cookie is also used to compile conversion statistics. We get to know the total number of users who clicked on a Microsoft Advertising ad and were redirected to our website. In addition, other anonymous data (e.g. the number of page views and the time spent on the web pages) is collected. We do not receive any information that personally identifies users.
Google Ads Remarketing
Google Ads Conversion Tracking
Google Consent Mode
We use Google Consent Mode, a service of Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland ("Google"). Your consent decision regarding the cookies is transmitted to Consent Mode. Google Consent Mode introduces two new settings that manage cookies for analytics purposes on our website. Consent Mode allows us, as the website operator, to adjust the behaviour of our Google Tags and scripts based on your consent status. For this purpose, your IP address is transferred to Google regardless of your consent. The legal basis for this data processing is Article 6 (1) (f) GDPR.
Google Tag Manager
We use Google Ads Customer Match (Google Customer Match from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), as well as, Facebook Customer Match and Criteo Customer Match (hereinafter: partners). This function allows us to reach prospective and existing customers more effectively and in a personalised manner for advertising in Google Search, the Google Shopping tab, Gmail, YouTube, the Google networks, Facebook and Criteo. Google Ads customer matching is particularly used for remarketing and for the purpose of optimising campaigns and increasing conversion rates.
The personalisation of advertisement is based on the assignment to a target group, carried out by the partners using information from your user accounts with Google and Facebook, and the activities and interests that take place when you use the partner’s products. As an advertiser, the use of customer matching enables us to target you more precisely and ensures, for example, that the advertising displayed via the partners is tailored to the specific interests of the target group resulting from the use of our shop. Customer matching does not require any separate cookies. However, personalised advertising is only served via the partner's websites and products if you have consented to the cookies required for this via the cookie banner on our website or elsewhere. The partners require customer data from us to determine whether you are already known to them as a user. However, within this process, user profiles are not created or expanded. Furthermore, the partners do not receive your actual data (e.g. e-mail address, telephone number) but instead so-called hashed codes. This has been created with the help of one-way encryption. The partners compare these hashed codes with their user database. They cannot decrypt these codes again as long as the corresponding data is not already available in their user database. Consequently, the partners do not receive the uploaded customer data. They can only determine whether the data is already available to them or not. If the data is unavailable, the hashed codes created based on the customer data cannot be decoded again. If the data is already available, and if the codes already known to the partners and the hashed codes match, this will result in generating a target group. Once the target groups are generated, the data will then be erased.
The legal basis for the use of customer matching or customer match is consent in accordance with Art. 6 Para. 1 lit. a GDPR. The customer match procedure, in particular, the one-way encryption carried out, protects the personal data of our customers and prevents the partners from receiving data about persons who have not already provided this data as part of their user accounts.
If you wish to opt out, you can deactivate the data processing by the partners under the following links:
- Google: https://adssettings.google.com/notarget
- Facebook: https://www.facebook.com/privacy/policy
- Criteo: https://www.criteo.com/privacy/
For data processing in the context of Google Ads Customer Matching, we have concluded an order processing agreement with Google Ireland Limited. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses for the transfer of data to the USA.
§ 6 Affiliate networks
In our online shop, we work with the affiliate networks of AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany. In order to calculate the commission, the purchases referred to us by the affiliate networks are recorded. The networks store cookies for this purpose. A corresponding commission is calculated based on the referral that can be clearly attributed to a publisher. The data of the referred transaction may also be forwarded to the platform or the publisher who initiated the referral for verification reasons. The further processing of the data collected in the course of the transaction is based on Art. 6 para. 1 p. 1 lit. b, f GDPR. You can prevent cookies from being set by making the appropriate settings in your browser. Details on data protection can be found at: https://www.awin.com/gb/privacy.
On our websites, we use the service of Criteo SA, Rue Blanche, 75009 Paris, France. Criteo is a retargeting service which bundles numerous third-party providers in a network to deliver a range of user-related advertisements and other advertising media. For this purpose, Criteo sets an anonymous cookie in your browser when you visit our websites. The data collected in the process includes Cookie IDs, hashed email addresses, mobile advertising IDs and other technical IDs that allow Criteo to track people's online behaviour individually without making them directly identifiable. We and Criteo SA are jointly responsible for the use of the service within the meaning of the GDPR and other data protection provisions. An agreement on joint responsibility has been arranged between ourselves and Criteo (Art. 26 GDPR). This stipulates, among other things, that both controllers must agree on a mode for fulfilling requests from data subjects. Since we can only control and influence the use of the service on our websites, but not the delivery of our advertisements on other websites of the Criteo network, the responsibility is distributed as follows:
- Integration and use of Criteo tagging on our websites: responsibility on our part, including options for technical objection via the link solution (see below).
- Analysis and evaluation procedures for the placement of our advertisements on websites in the Criteo network: responsibility with Criteo, setting possible at https://www.criteo.com/privacy/
- Technical design for consent process to justify joint processing: responsibility for Criteo delivering a pop-up when the user is exposed to an ad for the first time on the Criteo network and obtaining the user's consent to serve ads (for the possibility to withdraw consent, see below)
Criteo may also recognise you on other websites based on the technical IDs set and track and evaluate your surfing behaviour on these websites too.
Withdrawal of consent:
To deactivate the use of Criteo in your browser, click on the corresponding link further down in this section.
This website uses Prudsys for personal product recommendations. To do this, Prudsys uses your shopping history. This includes items and product categories you have already viewed, searched for or purchased. This data is stored in pseudonymous form and processed by Prudsys AG, Zwickauer Straße 16, 09112 Chemnitz, Germany. We use this data to send you personal product recommendations and thus improve your shopping experience. The legal basis for the use of the service is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the aforementioned purposes. You can object to this analysis of your surfing behaviour at any time by clicking on the following link:
Please note that we will then no longer be able to offer you tailored recommendations in this browser.
We use a cookie from ContentSquare S.A.S., Landsbergerstraße 155 Haus 3, Stockwerk, 4, 80687 München, Germany ("ContentSquare") on our website. As a result, user interaction data is collected anonymously by using cookies for the purpose of optimising the user experience and user-friendliness. The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, which lies in the aforementioned marketing purposes. Further information on ContentSquare can be found at https://contentsquare.com/privacy-center/. You can deactivate the use of the cookie by clicking on this link.
§ 7 Social Media
We use a pixel from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on our website. By using the Facebook pixel, you enable us to improve our offer and make it more interesting for you as a user. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR. The Facebook pixel is integrated directly by Facebook when you visit our website and it can save a cookie on your device. If you subsequently log in to Facebook or visit our site while logged in, the visit to our online offering will be noted in your profile. The Facebook pixel collects the following types of data, which you can find in Meta's data protection information at www.facebook.com/about/privacy.
We use the pixel (Pinterest tag) of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. in Germany, France and the United Kingdom. Through this pixel, information about the use (e.g. information about viewed items) is collected under joint responsibility by Pinterest Europe Limited and Lampenwelt GmbH and transmitted to Pinterest Europe Limited. The further processing of the data transmitted to Pinterest Europe Limited is the sole responsibility of Pinterest Europe Limited under data protection law. This information transmitted to Pinterest Europe Limited can be assigned to you with the help of further information that Pinterest Europe Limited has stored about you, e.g. due to your ownership of an account on the social network "Pinterest". The information collected via the pixel can be used to display interest-based advertisements to you in your Pinterest account (retargeting). The information collected via the pixel may be aggregated by Pinterest Europe Limited. The aggregated information can be used by Pinterest Europe Limited for its advertising purposes, and for advertising purposes of third parties. For example, Pinterest Europe Limited may infer certain interests from your browsing behaviour on this website and can use this information to promote third-party offers. Pinterest Europe Limited may also combine the information collected via the pixel with other information that Pinterest Europe Limited has collected about you via other websites and/or in connection with the use of the social network "Pinterest" so that a profile about you can be stored at Pinterest Europe Limited. This profile can be used for advertising purposes. The legal basis for this data processing is Article 6 (1) a GDPR.
You can find more information about data protection at Pinterest Europe Limited here: https://policy.pinterest.com/en-gb/privacy-policy.
Here you can also assert your data subject rights (e.g. the right to erasure) concerning the data processed by Pinterest Europe Limited as the data controller. We only use the cookies required for this service (so-called marketing cookies) with your consent. You can revoke your consent at any time in our preference section.
This website contains at least one plugin from YouTube, belonging to Google Inc. based in San Bruno/California, USA. We use the YouTube No-Cookies function, i.e. we have activated Enhanced Privacy. Videos are accessed via youtube-nocookie.com, not via youtube.com. YouTube provides this itself and thus ensures that YouTube does not initially save any cookies on your device. However, when the relevant pages are up, the IP address and the other data mentioned in section 4 are transmitted, information is visible as to which of our Internet pages you have visited. However, this information cannot be assigned to you if you are permanently logged in to YouTube or another Google service when you access the page. As soon as you click play on an embedded video, YouTube only saves cookies on your device through the extended data protection mode, which does not contain any personally identifiable data; unless you are logged in to a Google service.
§ 8 Recipients of data
In some cases, we are supported in our data processing by service providers and technology partners who process personal data on our behalf. We have bound these service providers to us using a contract processing agreement or a joint controller agreement in such a way that they may only process the data for our business purposes and based on our instructions. The service providers primarily include technical service providers (including affiliates) for maintenance, hosting and support of our IT infrastructure, including this website, and service providers for mailings and other marketing activities.
§ 9 Data subjects' rights
If your personal data is being used, you are a data subject in relation to the GDPR and you can claim the following rights with those responsible:
Information, rectification, restriction of processing and deletion
You have the right at any time to receive information free of charge about the data we have stored about you, its origin and recipient, as well as the purpose of the data processing via our websites. In addition, you have the right to correct, delete and restrict the processing of your data, provided that the legal requirements for this are met.
Right to data portability
You have the right to receive the personal data relating to you that you have provided to us as the controller in a structured, commonly used, and machine-readable format. We can fulfil this right by providing a CSV export of the customer data processed about you.
Right to information
If you have claimed the right to rectification, erasure or restriction of data processing against the controller, the controller is obliged to notify all recipients to whom your personal data have been disclosed to about the claimed rectification, erasure or restriction of data processing; unless this proves impossible or involves a disproportionate effort. You have the right against the controller to be informed about these recipients.
Right of objection
On grounds relating to your personal circumstances, you have the right to object to the processing of your personal data, which is carried out based on Article 6(1)(e) or (f) GDPR, at any time. This also applies to profiling based on these provisions. The controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or the processing serves the purpose of asserting, exercising, or defending legal claims. If your personal data is processed for direct marketing, you have the right to object at any time; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by using automated procedures whereby technical specifications are utilized.
Revocability of declarations of consent under data protection law
In addition, you can revoke your consent at any time with effect for the future by contacting us using the contact details above under section § 1.
Automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences, or can significantly affect you in a similar manner. This does not apply if (1) the decision is necessary for the conclusion or performance of a contract between you and the controller, (2) is permitted by Union or Member State law to which the controller is subject and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or (3) is made with your explicit consent. However, these decisions may not be based on special categories of personal data according to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. Concerning the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms, as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.
Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the EU General Data Protection Regulation. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
As of September 2022