Privacy Policy

Data protection at Lights.ie

The protection of your privacy is very important to us. We, therefore proceed with all data processing procedures (e.g. collection, processing and transmission) in accordance with the legal regulations of the Irish and European data protection laws.

The following declaration gives you an overview of which of your data is requested on our websites, how this data is used and passed on, how you can obtain information about the information given to us, and what security measures we take to protect your data.

Here you will find the following information:


  1. Person responsible for data processing
  2. Purposes of data processing and legal basis
  3. Data transfer to partner companies
  4. Data processing for advertising purposes
  5. Online presence and website optimisation
  6. Transmission via affiliate networks
  7. Social media
  8. Recipients of data
  9. Data subjects' rights
  10. Changes to this privacy policy

§ 1 Person responsible for data processing

The person responsible within the meaning of the data protection regulations for all data processing carried out via our websites is:

Lampenwelt GmbH
Rabanusstraße 14-16
36037 Fulda
Germany
Phone: +353 1 699 2138
Contact form


Contact details of the data protection officers

Lampenwelt GmbH
Rabanusstraße 14-16
36037 Fulda
Germany
E-mail: data-protection@lights.ie

For enquiries about data protection as well as for the assertion of data subject rights (cf. below), we ask you to write to the aforementioned address.


§ 2 Purposes of data processing and legal basis

Visit to our website

Log files

Each time websites/applications are accessed, information is sent by the respective internet browser of your device to the server of our website/application and temporarily stored in log files. The data records stored in this process contain the following data, which are stored, until automatic deletion after 30 days: date and time of access, name of the page accessed, IP address of the requesting device, referrer URL (origin URL from which you came to our websites), the amount of data transferred, loading time, as well as product and version information of the respective browser used and the name of your access provider. The legal basis for the processing of the IP address is Article 6 para. 1 lit. f GDPR. Our legitimate interest results from the guarantee of the connection establishment, the easy use of our website/application and the evaluations regarding the system security and stability. A direct conclusion to your identity is impossible based on the information provided. The data is stored and automatically deleted after the aforementioned purposes have been achieved.

Tracking, cookies and social media

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. You can find more information on this below under §§ 5-7.


Initiation, establishment, implementation of a contractual relationship

Data processing before conclusion of the contract

To enable you to benefit from our excellent customer service even before you sign a contract - we offer you comprehensive professional advice. Various contact channels are available for this purpose:

Contact form / request by e-mail:
You can send us your request anytime via the contact form or e-mail, where we will request your name and e-mail address. In addition, you may voluntarily submit further personal data, such as your telephone number or address. This data will be processed at least for the purpose of dealing with your request and, if necessary, your contract. The legal basis for this processing is pre-contractual measures according to Art. 6 para. 1 lit. b GDPR as well as a legitimate interest according to Art. 6 para. 1 lit. f GDPR in guaranteeing you optimal customer service.

Phone:
Our customer service is also available for telephone consultation. We will record your name and telephone number. Optionally, we also collect other personal data provided during the consultation, such as your e-mail or postal address. This data is processed at least for the purpose of dealing with your request and, if necessary, beyond that, should a contract be concluded. The legal basis for this processing is pre-contractual measures according to Art. 6 para. 1 lit. b GDPR, as well as a legitimate interest according to Art. 6 para. 1 lit. f GDPR in guaranteeing you optimal customer service.

Establishment and implementation of the contractual relationship

In order to process a purchase contract between you and Lampenwelt GmbH to your satisfaction, the processing of personal data is necessary. You have the option of creating a customer account through which you can manage your data. However, we are also happy to offer you the option of completing an order without registering via a customer account. We use the following personal data to process the contract: first and last name, billing and delivery address, payment data, e-mail address and telephone number, date of birth, and if applicable, a password for your customer account. We use and store your data at least for the duration of the contract and until the expiration date of the statutory or contractual warranty and guarantee rights. In addition, we store some of your data in accordance with commercial and tax law requirements and retention periods. The legal basis for this processing is the fulfilment of the contract according to Art. 6 para. 1 lit. b GDPR as well as compliance with legal requirements according to Art. 6 para. 1 lit. c GDPR. Depending on the payment method used, we transmit your payment data to payment service providers commissioned by us so that they can process the transactions.


Data processing within the framework of parcel delivery

Status notifications

Following your order, if you have consented to this, you will receive information via e-mail on the processing and shipping status. You will receive these updates until your order has been successful. The legal basis for this processing is your consent under Art. 6 Para. 1 lit. a GDPR. For this purpose, we use the services of Parcel Lab GmbH, Schillerstraße 23a, 80336 Munich, Germany, which receives the personal data (name, address, order number, e-mail address) necessary for the creation of these notifications and uses them exclusively for the previously mentioned purpose following our instructions. For this purpose, we have concluded a contract processing agreement with Parcel Lab. You can find more information on the data protection of Parcel Lab GmbH at https://parcellab.com/en/privacy-policy.

Transport and logistics services

We work together with transport and logistics companies. The following data may be transmitted to them to deliver the ordered goods: First and last name, postal address, and if applicable, e-mail address and telephone number. The legal basis for this processing is the fulfilment of the contract under Art. 6 Para. 1 lit. b GDPR.


§ 3 Data transfer to partner companies

Zenloop

We would like to know more about how you found the shopping experience at Lights.ie. Therefore, we ask for feedback on your purchase at various points on our webshop. The legal basis for sending the surveys is our legitimate interest in conducting customer surveys to improve our offer, Art. 6 para. 1 lit. f GDPR. For this purpose, we work together with our partner Zenloop GmbH, Brunnenstraße 196, 10119 Berlin, Germany. If you give us feedback, the IP address, your e-mail address, device and browser data and statistical data about your purchase are collected. If you wish to be contacted by Lights.ie following your feedback, you can leave a message in the contact field and confirm the process. The legal basis for this is your consent under Art. 6 Para. 1 lit. a GDPR, which you give by leaving us a message expressing your wish to be contacted. For more information about Zenloop's privacy policy, please visit https://www.zenloop.com/en/legal/privacy/.

Trustpilot

We may contact you via email to ask you to review products that you have received from us. This is for the purpose of collecting your feedback and improving our services and products. We use the automated service of Trustpilot A/S ('Trustpilot'), Pilestraede 58, 5th floor, 1112 Copenhagen K, Denmark to collect your feedback. For this purpose, we share your name, email address and reference number (order number) with Trustpilot A/S. The legal basis for sending the evaluation emails is your consent according to Art. 6 para. 1 lit. a GDPR. If you would like to read more about how Trustpilot processes your data, you can find the privacy policy here.


§ 4 Data processing for advertising purposes

If you purchase goods or services on our website and enter your e-mail address, you may receive transaction and product related messages from Lights.ie. This can occur regardless of whether you have subscribed to our newsletter. The aim is to send you advertising tailored to your actual or perceived needs; but not to bother you with useless advertising. To this end, Emarsys uses cookies in your browser when you visit our websites, which record, among other things, your browser type, your IP address (encrypted and abbreviated) and session and cookie IDs. This data allows us to track your shopping history (e.g. items purchased and/or product categories searched for) in a pseudonymised manner and to associate it with your e-mail address. You can find more information about Emarsys at https://emarsys.com. The legal basis for this processing is Article 6 para. 1 lit. f GDPR. You can unsubscribe at any time by clicking on the 'unsubscribe' link at the end of each promotional e-mail (e.g. newsletter or product recommendations by e-mail). Alternatively, you can contact us via our contact form and thereby object to the use of your e-mail address for the mentioned purposes.

Newsletter

On our website, you can subscribe to a free newsletter. When registering for the newsletter, the data from the input mask is processed (e-mail address as a mandatory field as well as optional title, first and last name and date of birth; for business customers also the company name). The data will be on record for the duration of the subscription. The legal basis for this processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. For this purpose, we use the double opt-in procedure (DOI procedure), by means of which you finally register for our newsletter via a confirmation link.
Cancellation rights: You can cancel this registration at any time with immediate and ongoing effect by clicking on the unsubscribe link at the end of the newsletter or by sending an informal declaration of intent to us via our contact form. As a result, your data will no longer be used for sending out newsletters.


§ 5 Online presence and website optimisation

Cookies - General information

We use so-called cookies on our websites. Cookies are small amounts of data in the form of text information that the web server sends to your browser. Cookies are only stored on your end device. Cookies can only be read by the server that previously stored them and contain information about what you have viewed on a website and when. Cookies themselves only identify the IP address of your computer and do not store any personal information, such as your name. The data stored in the cookies is not linked to your personal data (name, address, etc.). We use cookies to make our website more user-friendly. Some elements of our website also require that the browser can be identified even after a page change. The user data collected in this way is pseudonymised by technical means. Therefore, it is no longer possible to assign the data to the user. The data is not stored together with other personal data of the user. You can decide for yourself whether to allow cookies. You can change this in your browser settings (usually found under "Option" or "Settings" in the browser menus) - you have the choice of accepting all cookies, being informed when a cookie is set or rejecting all cookies. Alternatively, you can freely decide via the banner referring to this data protection declaration which is displayed when you first load our webpages whether you wish to continue to allow us to set cookies or whether you wish to reject them. If these cookies and/or information contained therein are personal data, the legal basis for data processing using strictly necessary cookies as well as for setting these cookies on your terminal device and for any subsequent processing on our systems that may be required is Article 6 para. 1 lit. f GDPR. Our interest in simplifying the use of websites for users is to be regarded as legitimate in the sense of the aforementioned provision. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

The right to object is excluded for strictly necessary cookies, as these are strictly necessary in order to be able to display our website and its contents and to provide you with the functionalities of the website.

Cookies are utilised for analysis and marketing purposes in order to improve the quality of our website and its content. Through the statistics cookies, we learn how the website is used and can thus constantly optimise our offer. Data processing based on cookies or other identifiers (e.g. browser fingerprints, pixels) which is not strictly necessary for the function of our websites is only carried out with your consent. You can give your consent via the cookie banner which is displayed when you visit our website for the first time. The legal basis for this cookie-based processing is Article 6 para. 1 lit. f GDPR for the setting of these cookies on your terminal device and Article 6 (1) lit. a GDPR for the processing that subsequently takes place outside the terminal device (e.g. on web servers), insofar as this relates to personal data. Cookies that are not necessary for the function of our websites will not be set, unless you have provided your consent.

Kameleoon

This website uses the personalisation and web analysis service Kameleoon. The programme enables the analysis of user behaviour based on (automated) user segmentations. By analysing the logfile data, we can determine how the individual user segments visit the website, which landing pages are visited and how an increase in click rates can be achieved. When using this website, the system analyses your behaviour and its context and assigns this data anonymously to target groups. For this analysis, cookies/local storage of the browser are used, which are linked to a pseudonymised ID. Your IP address is completely anonymised and will not be stored for this purpose. The information generated by the cookie/local storage about your use of this website is transmitted to a Kameleoon server located in Germany and stored in aggregated and pseudonymised form.

The IP address transmitted by your browser in the context of Kameleoon is not merged with other data collected by Kameleoon. The purpose of using Kameleoon is to evaluate the use of this website and to compile reports on website activities so that we can improve our offer on a regular basis. The legal basis for the storage of the cookie is the legitimate interest (Art. 6 para. 1 p. 1 lit. a GDPR) to offer you an optimal shopping experience. The subsequent evaluation of the collected data is carried out for a maximum period of 365 days on the basis of Art. 6 para. 1 p. 1 lit. f GDPR. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, if you do this you may not be able to use the full functionality of this website anymore.

AT Internet (Piano Analytics)

As part of the expansion and improvement of our website and to increase the attractiveness of the content offered to you, we use the analysis procedures of AT Internet GmbH, Bordeaux. For this purpose, data is stored by an external service provider. The servers of the service provider are located in member states of the EU. With this procedure, the data is already anonymized when collected and evaluated in aggregated form. Your Internet browser automatically transmits data to our server when you access our Internet pages. This data includes the date and time of access, URL (address) of the referring website, retrieved file, amount of data sent, HTTP response code, browser type and version, any browser extensions, width and height of the browser window, colour depth, operating system and your IP address (in abbreviated and anonymized form). Your IP address is only used to collect geolocation analysis. Your IP address is neither permanently stored nor linked to other usage data. This data is stored separately from other data that you enter when using our service. It is not possible for us to assign this data to a specific person. The data does not contain any information that allows conclusions to be drawn about individuals. They are collected and used exclusively for statistical purposes as well as for analysis purposes, such as the improvement of the offer. In order to carry out these analyses, cookies are used, among other things, which are stored on your computer in the form of text files. They enable the identification of a computer system during a repeated visit to the website. You can reject or delete cookies at any time in your browser settings. However, this could result in you no longer being able to use the full range of functions of our portal. Most of the cookies used are so-called "session cookies", which are deleted when you end your browser session. In addition, AT Internet uses two long-lasting (persistent) cookies that are stored for 30 days and a maximum of 12 months, respectively.

Information and objection:

By using this website, you agree to the previously described procedure for analyzing the use of our website. You can find more information about AT Internet's measurement procedure on the website of AT Internet GmbH: GDPR compliance and privacy.

Exactag GmbH

For optimisation purposes, we use cookies from Exactag GmbH on our website. Each time the website is visited via the browser, these cookies identify the user and send a unique cookie ID, a time stamp and information about the user's previous activities on the website. The information stored in the cookies is anonymous and does not contain personal data. However, this information enables precise identification and allows Exactag to analyse the website visit. In Germany, the data will be processed, and Exactag will not produce a user profile for the website visitor. You can find further information at https://exactag.com/privacy-policy/.

Microsoft Advertising

This website uses the remarketing technology of "Microsoft Advertising" from Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft stores a cookie on your computer ("conversion cookie") if you have reached our website via a Microsoft Advertising ad. Microsoft and "Microsoft Advertising" customers can recognise that the advertisement has been clicked on and that a redirection to our website has taken place. This allows you to be retargeted with targeted product recommendations and interest-based advertising on Microsoft and other Microsoft Advertising customers' sites. The information collected using the conversion cookie is also used to compile conversion statistics. We get to know the total number of users who clicked on a Microsoft Advertising ad and were redirected to our website. In addition, other anonymous data (e.g. the number of page views and the time spent on the web pages) is collected. We do not receive any information that personally identifies users.

You can opt out of receiving interest-based advertising from Microsoft by visiting Mircosoft's opt-out page: https://choice.microsoft.com/en-GB/opt-out. For more information on Microsoft's privacy policy and the cookies used by Microsoft, please see: https://privacy.microsoft.com/en-us/privacystatement.

Google Ads Remarketing

On our websites, we use Google Ads Remarketing or "Similar Audiences", both services of Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland ("Google"). With the help of these services, we can show you advertising messages in connection with our online shop, e.g. interesting product offers, on the websites of other providers who also use these services from Google ("partners" in the Google Display Network). In addition, we can use Google Ad Remarketing to remind you via messages on the websites of other providers in the Google Display Network to complete your order if you have recently cancelled an order in our online shop. This is done using cookie technology. To do this, Google stores a small file with a sequence of numbers (known as a cookie ID) in your browser to remember you as a visitor to our websites and to collect further anonymous data about the use of our websites. The cookie ID is stored and only used to identify your browser and not to identify you. Personal data about you is not collected or stored via these services. We also use Google Remarketing across devices. This means that if, for example, you start your shopping in our online shop on your smartphone and finish it on your laptop, we can also reach you with the aforementioned personalised advertising messages on the other device you use. However, this will only happen if you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalise ads you see on the web. In this case, Google uses the data of these logged-in users to create and define target group lists for cross-device remarketing. Please check your Google account privacy settings to prevent Google from linking your web and app browsing history to your Google account. In order to remind you of a cancelled order within our online shop via message - no personal data is transmitted to Google, besides the fact you wanted to place an order with us in the online shop under the recorded cookie ID and cancelled it, as well as the total price of the intended order ("shopping cart transfer"). Further information on Google's remarketing services, data processing details via these services and Google's corresponding data protection provisions can be found here: https://policies.google.com/technologies/ads. You can permanently disable Google's use of cookies by downloading and installing the browser plugin available at the following link: https://www.google.com/settings/ads/plugin or by clicking on the relevant opt-out link in the grey highlighted box further down in this section and following any further instructions that may then appear. Google's ad settings allow you to control which ads you see and opt-out of interest-based ads.

Google Ads Conversion Tracking

We use conversion tracking for the Google Ads service. When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer/end device. These cookies lose their validity after 30 days, do not contain any personal data and are therefore not used for personal identification. The information obtained with the help of the conversion cookie is used to create conversion statistics for customers of Google Ads who have opted for conversion tracking. The legal basis for this data processing is Article 6 (1) (f) GDPR. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do, you may not be able to use the full functionality of this website. In addition, you can deactivate interest-based ads on Google and interest-based Google ads on the web (within the Google display network) in your browser by activating the "Off" button at https://adssettings.google.de/authenticated or by deactivating them at https://optout.aboutads.info/?c=2&lang=EN. For more information on your settings options in this regard and Google's data protection, please visit https://policies.google.com/privacy?hl=en&gl=uk.

Google reCAPTCHA

Google reCAPTCHA We use "Google reCAPTCHA" ("reCAPTCHA") on our websites. The provider is also Google. The purpose of reCAPTCHA is to check whether data entry on our websites (e.g. in a contact form) is made by a human or through an automated programme. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place. The data processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with Art. 32 GDPR. The "reCAPTCHA" function serves to protect our systems and thus also the personal data stored by you on these systems from attacks by automated machine entries (e.g. by so-called bots). For more information on Google reCAPTCHA and Google's privacy policy, please see the following links: https://policies.google.com/privacy?hl=en and https://www.google.com/recaptcha/about/.

Google Consent Mode

We use Google Consent Mode, a service of Google Ireland Limited, Gordon House, Barrow St, Dublin 4, Ireland ("Google"). Your consent decision regarding the cookies is transmitted to Consent Mode. Google Consent Mode introduces two new settings that manage cookies for analytics purposes on our website. Consent Mode allows us, as the website operator, to adjust the behaviour of our Google Tags and scripts based on your consent status. For this purpose, your IP address is transferred to Google regardless of your consent. The legal basis for this data processing is Article 6 (1) (f) GDPR.

Google Tag Manager

We use the service called Google Tag Manager from Google. Tags are small code elements on our websites that are executed upon certain interactions with the website and send measured data to the 3rd party programmes used. The Tag Manager itself does not use cookies and does not collect any personal data. The Tag Manager provides for the triggering of other tags, which in turn may set data collection and cookies (e.g. the 3rd party programmes used). The Tag Manager does not access this data. The legal basis is Article 6 para. 1 lit. f GDPR.

CRM Ads

We use Google Ads Customer Match (Google Customer Match from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), as well as, Facebook Customer Match and Criteo Customer Match (hereinafter: partners). This function allows us to reach prospective and existing customers more effectively and in a personalised manner for advertising in Google Search, the Google Shopping tab, Gmail, YouTube, the Google networks, Facebook and Criteo. Google Ads customer matching is particularly used for remarketing and for the purpose of optimising campaigns and increasing conversion rates.

The personalisation of advertisement is based on the assignment to a target group, carried out by the partners using information from your user accounts with Google and Facebook, and the activities and interests that take place when you use the partner’s products. As an advertiser, the use of customer matching enables us to target you more precisely and ensures, for example, that the advertising displayed via the partners is tailored to the specific interests of the target group resulting from the use of our shop. Customer matching does not require any separate cookies. However, personalised advertising is only served via the partner's websites and products if you have consented to the cookies required for this via the cookie banner on our website or elsewhere. The partners require customer data from us to determine whether you are already known to them as a user. However, within this process, user profiles are not created or expanded. Furthermore, the partners do not receive your actual data (e.g. e-mail address, telephone number) but instead so-called hashed codes. This has been created with the help of one-way encryption. The partners compare these hashed codes with their user database. They cannot decrypt these codes again as long as the corresponding data is not already available in their user database. Consequently, the partners do not receive the uploaded customer data. They can only determine whether the data is already available to them or not. If the data is unavailable, the hashed codes created based on the customer data cannot be decoded again. If the data is already available, and if the codes already known to the partners and the hashed codes match, this will result in generating a target group. Once the target groups are generated, the data will then be erased.

The legal basis for the use of customer matching or customer match is consent in accordance with Art. 6 Para. 1 lit. a GDPR. The customer match procedure, in particular, the one-way encryption carried out, protects the personal data of our customers and prevents the partners from receiving data about persons who have not already provided this data as part of their user accounts.

If you wish to opt out, you can deactivate the data processing by the partners under the following links:

For data processing in the context of Google Ads Customer Matching, we have concluded an order processing agreement with Google Ireland Limited. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses for the transfer of data to the USA.

ContentSquare

We use a cookie from ContentSquare S.A.S., Landsbergerstraße 155 Haus 3, Stockwerk, 4, 80687 München, Germany ("ContentSquare") on our website. As a result, user interaction data is collected anonymously by using cookies for the purpose of optimising the user experience and user-friendliness. The legal basis for this processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, which lies in the aforementioned marketing purposes. Further information on ContentSquare can be found at https://contentsquare.com/privacy-center/.

You can revoke your consent at any time under the privacy settings.

Bloomreach

When you visit our website and use the services of Bloomreach B.V. (Fred. Roeskestraat 109, 1076 EE Amsterdam, The Netherlands), Bloomreach may collect certain information, such as IP addresses, browser types, device information, pages visited and other data about your browsing behavior. The purpose of the data processing is to use the data collected by Bloomreach to generate personalized search results and product recommendations that match your interests. In addition, this data may be used to analyze and improve the performance of our website. The legal basis for data processing is consent in accordance with Art. 6 p. 1 lit. a GDPR.

For more information about Bloomreach's privacy practices and your rights, please visit: https://www.bloomreach.com/en/legal/privacy.


§ 6 Affiliate networks

In our online shop, we work with the affiliate networks of AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany. In order to calculate the commission, the purchases referred to us by the affiliate networks are recorded. The networks store cookies for this purpose. A corresponding commission is calculated based on the referral that can be clearly attributed to a publisher. The data of the referred transaction may also be forwarded to the platform or the publisher who initiated the referral for verification reasons. The further processing of the data collected in the course of the transaction is based on Art. 6 para. 1 p. 1 lit. b, f GDPR. You can prevent cookies from being set by making the appropriate settings in your browser. Details on data protection can be found at: https://www.awin.com/gb/privacy.

Criteo

On our websites, we use the service of Criteo SA, Rue Blanche, 75009 Paris, France. Criteo is a retargeting service which bundles numerous third-party providers in a network to deliver a range of user-related advertisements and other advertising media. For this purpose, Criteo sets an anonymous cookie in your browser when you visit our websites. The data collected in the process includes Cookie IDs, hashed email addresses, mobile advertising IDs and other technical IDs that allow Criteo to track people's online behaviour individually without making them directly identifiable. We and Criteo SA are jointly responsible for the use of the service within the meaning of the GDPR and other data protection provisions. An agreement on joint responsibility has been arranged between ourselves and Criteo (Art. 26 GDPR). This stipulates, among other things, that both controllers must agree on a mode for fulfilling requests from data subjects. Since we can only control and influence the use of the service on our websites, but not the delivery of our advertisements on other websites of the Criteo network, the responsibility is distributed as follows:

  • Integration and use of Criteo tagging on our websites: responsibility on our part, including options for technical objection via the link solution (see below).
  • Analysis and evaluation procedures for the placement of our advertisements on websites in the Criteo network: responsibility with Criteo, setting possible at https://www.criteo.com/privacy/
  • Technical design for consent process to justify joint processing: responsibility for Criteo delivering a pop-up when the user is exposed to an ad for the first time on the Criteo network and obtaining the user's consent to serve ads (for the possibility to withdraw consent, see below)

Criteo may also recognise you on other websites based on the technical IDs set and track and evaluate your surfing behaviour on these websites too.

Withdrawal of consent:
To deactivate the use of Criteo in your browser, click on the corresponding link further down in this section.

For more information about Criteo and data processing details via this service and Criteo's corresponding privacy policy, please visit https://www.criteo.com/privacy/. To deactivate the use of Criteo in your browser, click here. The legal basis for the use of the service is Art. 6 para. 1 lit. f GDPR. The legitimate interest lies in the aforementioned purposes.


§ 7 Social Media

Facebook

We use a pixel from Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on our website. By using the Facebook pixel, you enable us to improve our offer and make it more interesting for you as a user. The legal basis for this is Art. 6 para. 1 sentence 1 lit. a GDPR. The Facebook pixel is integrated directly by Facebook when you visit our website and it can save a cookie on your device. If you subsequently log in to Facebook or visit our site while logged in, the visit to our online offering will be noted in your profile. The Facebook pixel collects the following types of data, which you can find in Meta's data protection information at www.facebook.com/about/privacy.

Pinterest

We use the pixel (Pinterest tag) of Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. in Germany, France and the United Kingdom. Through this pixel, information about the use (e.g. information about viewed items) is collected under joint responsibility by Pinterest Europe Limited and Lampenwelt GmbH and transmitted to Pinterest Europe Limited. The further processing of the data transmitted to Pinterest Europe Limited is the sole responsibility of Pinterest Europe Limited under data protection law. This information transmitted to Pinterest Europe Limited can be assigned to you with the help of further information that Pinterest Europe Limited has stored about you, e.g. due to your ownership of an account on the social network "Pinterest". The information collected via the pixel can be used to display interest-based advertisements to you in your Pinterest account (retargeting). The information collected via the pixel may be aggregated by Pinterest Europe Limited. The aggregated information can be used by Pinterest Europe Limited for its advertising purposes, and for advertising purposes of third parties. For example, Pinterest Europe Limited may infer certain interests from your browsing behaviour on this website and can use this information to promote third-party offers. Pinterest Europe Limited may also combine the information collected via the pixel with other information that Pinterest Europe Limited has collected about you via other websites and/or in connection with the use of the social network "Pinterest" so that a profile about you can be stored at Pinterest Europe Limited. This profile can be used for advertising purposes. The legal basis for this data processing is Article 6 (1) a GDPR.

You can find more information about data protection at Pinterest Europe Limited here: https://policy.pinterest.com/en-gb/privacy-policy.

Here you can also assert your data subject rights (e.g. the right to erasure) concerning the data processed by Pinterest Europe Limited as the data controller. We only use the cookies required for this service (so-called marketing cookies) with your consent. You can revoke your consent at any time in our preference section.

Youtube

This website contains at least one plugin from YouTube, belonging to Google Inc. based in San Bruno/California, USA.
We use the YouTube No-Cookies function, i.e. we have activated Enhanced Privacy. Videos are accessed via youtube-nocookie.com, not via youtube.com.
YouTube provides this itself and thus ensures that YouTube does not initially save any cookies on your device. However, when the relevant pages are up, the IP address and the other data mentioned in section 4 are transmitted, information is visible as to which of our Internet pages you have visited. However, this information cannot be assigned to you if you are permanently logged in to YouTube or another Google service when you access the page.
As soon as you click play on an embedded video, YouTube only saves cookies on your device through the extended data protection mode, which does not contain any personally identifiable data; unless you are logged in to a Google service.

Google/YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland –
Privacy policy: policies.google.com/privacy,
Opt-out: adssettings.google.com/authenticated,
Privacy shield: www.privacyshield.gov/participant.


§ 8 Recipients of data

In some cases, we are supported in our data processing by service providers and technology partners who process personal data on our behalf. We have bound these service providers to us using a contract processing agreement or a joint controller agreement in such a way that they may only process the data for our business purposes and based on our instructions. The service providers primarily include technical service providers (including affiliates) for maintenance, hosting and support of our IT infrastructure, including this website, and service providers for mailings and other marketing activities.


§ 9 Data subjects' rights

If your personal data is being used, you are a data subject in relation to the GDPR and you can claim the following rights with those responsible:

Information, rectification, restriction of processing and deletion

You have the right at any time to receive information free of charge about the data we have stored about you, its origin and recipient, as well as the purpose of the data processing via our websites. In addition, you have the right to correct, delete and restrict the processing of your data, provided that the legal requirements for this are met.

Right to data portability

You have the right to receive the personal data relating to you that you have provided to us as the controller in a structured, commonly used, and machine-readable format. We can fulfil this right by providing a CSV export of the customer data processed about you.

Right to information

If you have claimed the right to rectification, erasure or restriction of data processing against the controller, the controller is obliged to notify all recipients to whom your personal data have been disclosed to about the claimed rectification, erasure or restriction of data processing; unless this proves impossible or involves a disproportionate effort. You have the right against the controller to be informed about these recipients.

Right of objection

On grounds relating to your personal circumstances, you have the right to object to the processing of your personal data, which is carried out based on Article 6(1)(e) or (f) GDPR, at any time. This also applies to profiling based on these provisions. The controller shall no longer process your personal data unless it can demonstrate compelling legitimate grounds which override your interests, rights, and freedoms, or the processing serves the purpose of asserting, exercising, or defending legal claims. If your personal data is processed for direct marketing, you have the right to object at any time; this also applies to profiling insofar as it is related to such direct marketing. If you object to the processing for direct marketing purposes, your personal data will no longer be processed for these purposes. You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by using automated procedures whereby technical specifications are utilized.

Revocability of declarations of consent under data protection law

In addition, you can revoke your consent at any time with effect for the future by contacting us using the contact details above under section § 1.

Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences, or can significantly affect you in a similar manner. This does not apply if (1) the decision is necessary for the conclusion or performance of a contract between you and the controller, (2) is permitted by Union or Member State law to which the controller is subject and that law contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or (3) is made with your explicit consent. However, these decisions may not be based on special categories of personal data according to Art. 9(1) of the GDPR, unless Art. 9(2)(a) or (g) applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests. Concerning the cases referred to in (1) and (3), the controller shall take reasonable steps to safeguard the rights and freedoms, as well as your legitimate interests, including at least the right to obtain the intervention of a person on the part of the controller, to express his or her point of view and to contest the decision.

Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the EU General Data Protection Regulation. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.


§ 10 Changes to this privacy policy

We reserve the right to modify this privacy policy at any time and without prior notice. Therefore, please check this page regularly for any changes to this privacy policy.


Dated July 2024

Lampenwelt GmbH