Privacy Policy

Lucas & Grace Privacy Policy

This policy explains how Lucas & Grace processes your personal data when you use our website, aligning with the General Data Protection Regulation (GDPR).

1. Data Controller and Security Information

  • Your Data Controller: The entity responsible for determining the purposes and means of processing your personal data on this website is Lucas & Grace.

  • Data Security: Our website uses SSL or TLS encryption to ensure the secure transmission of all confidential content, such as orders and inquiries. An encrypted connection is recognizable by the "https://" in the address bar and the lock symbol.

2. Data Collected During Informational Website Use

When you visit our site purely for informational purposes (without registering or purchasing), we collect technical data transmitted by your browser ("server log files"):

  • The visited website and the date and time of access.

  • The amount of data sent and the source/reference from which you accessed the page.

  • The browser, operating system, and IP address (anonymized where necessary).

  • Legal Basis: Processing is based on our legitimate interest (Art. 6(1) lit. f GDPR) in ensuring the stability and functionality of our website. This data is not otherwise disclosed, though we reserve the right to review it if unlawful use is suspected.

3. Cookies

We use small text files called cookies on various pages to enhance your visit and enable certain functions.

  • Some cookies are deleted after you close your browser (session cookies); others remain to recognize your browser (persistent cookies).

  • Legal Basis: Processing is based on contract execution (Art. 6(1) lit. b GDPR) or our legitimate interest (Art. 6(1) lit. f GDPR) in providing an optimal, customer-friendly website experience.

  • Control: You can configure your browser to manage cookie settings, but note that disabling cookies may limit website functionality.

4. Contact and Inquiries

When you contact us (e.g., via contact form or email), we collect necessary personal data to respond to your inquiry and for technical administration.

  • Legal Basis: This is based on our legitimate interest (Art. 6(1) lit. f GDPR) in responding to your request. If your inquiry leads to a contract, Art. 6(1) lit. b GDPR serves as an additional legal basis.

  • Data Deletion: Your data is deleted once your inquiry is fully processed, unless legal storage obligations apply.

5. Customer Account Creation and Contract Execution

Personal data is collected when you create a customer account or provide data necessary for the execution of a contract.

  • Legal Basis: Contract execution (Art. 6(1) lit. b GDPR).

  • Control: You may delete your customer account at any time by contacting us. After contract execution or account deletion, data is restricted and deleted after applicable retention periods.

6. Use of Your Data for Direct Marketing

  • Newsletter Subscription: We use the double opt-in procedure. By confirming your subscription, you consent to processing your data per Art. 6(1) lit. a GDPR. You may unsubscribe anytime via the link in the newsletter.

  • Newsletters to Existing Customers: If you purchased a product, we may send promotional emails about similar products based on our legitimate interest (Art. 6(1) lit. f GDPR) in personalized marketing. You can object to this use anytime.

7. Data Processing for Order Handling

  • Shipping and Delivery: We share personal data (like your address) with shipping companies to fulfill our contractual obligations.

  • Payment Providers (Legal Basis: Contract Execution Art. 6(1) lit. b GDPR):

    • PayPal: Your payment data is transferred to PayPal (Europe) S.à r.l. et Cie, S.C.A. PayPal may conduct credit checks.

    • SOFORT: The transaction is processed through SOFORT GmbH (part of Klarna Group).

8. Review Reminders

If you consent during or after your order, we may send a one-time review reminder via email. This is based on Art. 6(1) lit. a GDPR, and you can revoke consent at any time.

9. Social Media Integration (Shariff Solution)

We use Shariff buttons for social media (Facebook, Google+, Instagram). These are embedded as HTML links, meaning no data is transmitted to the social media platforms unless you actively click them.

  • Facebook, Google, and Instagram comply with the "Privacy Shield" framework for data protection.

10. Online Marketing and Tracking Technologies

10.1 Google Marketing Tools (DoubleClick, AdWords)

  • We use DoubleClick and Google AdWords to serve relevant ads, prevent repetition, and track conversions.

  • Legal Basis: Our legitimate interest (Art. 6(1) lit. f GDPR) in optimal website marketing and advertising.

  • Control: You can deactivate cookies for conversion tracking or block cookies from the domain www.googleadservices.com via your browser settings or Google’s ad settings.

10.2 Google Analytics (Web Analysis)

  • We use Google Analytics to analyze website usage, which utilizes cookies.

  • Legal Basis: Legitimate interest (Art. 6(1) lit. f GDPR) in optimizing our website and advertising.

  • IP Anonymization: We activate IP anonymization, meaning your IP address is truncated within the EU/EEA before transmission to Google's servers.

  • Control: You can prevent cookie storage via browser settings or download the Google browser plugin at https://tools.google.com/dlpage/gaoptout?hl=en. You can also set an opt-out cookie: [Disable Google Analytics].

  • We have a data processing agreement with Google and utilize the demographic features function based on anonymized data.

10.3 Google (Universal) Analytics

  • This service uses the _anonymizeIp() extension to shorten your IP address and exclude direct personal reference, ensuring processing is based on our legitimate interest for statistical analysis.

  • Cross-Device Analysis: We use User-ID for cross-device analysis of visitor flows; the User-ID is anonymous and does not transmit personal data to Google. You can object to data collection via the User-ID by disabling Google Analytics on all systems you use.

10.4 Facebook Custom Audience via the Pixel Method

  • We use the Facebook Pixel to track user behavior after viewing or clicking a Facebook advertisement, based on your explicit consent (Art. 6(1) lit. a GDPR).

  • Control: You can disable cookies on your computer via your internet browser settings or use the Digital Advertising Alliance website: https://www.aboutads.info/choices/.

10.5 Google AdWords Remarketing

  • We use Remarketing features to advertise our website in search results and on third-party websites by placing a cookie in your browser for interest-based advertising.

  • Legal Basis: Legitimate interest (Art. 6(1) lit. f GDPR).

  • Control: Further processing occurs only if you consent to Google linking your browsing history with your Google account.

11. Third-Party Tracking Technologies

We may use other third-party tracking technologies to analyze user behavior, optimize our services, and provide better advertisements.

12. User Consent and Control

Users can control data collection via browser settings, opt-out mechanisms, and privacy tools provided by third-party services. We are committed to protecting user privacy while optimizing our digital services.