Privacy Policy

This privacy policy applies to the website www.koslux.com

Controller:

KOSLUX GmbH
Albert-Schweitzer-Straße 9
72175 Dornhan
info@koslux.com

1) Processing of Personal Data

We process personal data from you within the scope of the website, including but not limited to the following (for further data processing within the website, please refer to the following sections of this privacy policy):

Logfiles when Visiting the Website:

When using our website, our hosting provider logs "logfile" data upon each server access, including, for example, the name of the accessed website, previously visited page ("referrer" URL), product and version information of the browser and operating system used, requesting provider, date and time of access, search engines used, country of access, amount of transmitted data, names of downloaded files, and IP address.

The legal basis for processing is Article 6(1)(f) GDPR. Our legitimate interest in storing logfile data lies in ensuring system security, including the investigation of misuse. Logfile data is deleted or anonymized after a maximum of 30 days, unless needed for a longer period due to a security-related incident, such as for investigation or evidential purposes.

Contact:

For contact inquiries, we process your personal data such as name, address, email address, telephone number, etc., which we need to respond to your inquiry.

The legal basis for processing your personal data in the context of contact inquiries is Article 6(1)(b) GDPR, if your inquiry is aimed at concluding a contract; otherwise, Article 6(1)(f) GDPR, with our legitimate interest being to respond to inquiries.

In the context of contact inquiries, we store your personal data for as long as necessary to process your inquiry or in view of legal retention obligations.

Registration/Orders:

During your registration or orders, we process your personal data such as name, address, email address, telephone number, date of birth, self-selected username, payment data, etc., which we need to fulfill the contractual relationship with you or to carry out pre-contractual measures initiated by you.

We store the personal data collected during registration or orders for as long as necessary to fulfill the contractual relationship (including, if applicable, providing the customer account) and/or to carry out pre-contractual measures initiated by you and/or in view of warranty, guarantee, or similar obligations and/or legal retention periods.

The legal basis for processing your personal data collected during registration or orders is Article 6(1)(b) GDPR ("performance of a contract").

The provision of this personal data is not legally or contractually required. However, it is necessary for contract conclusion, i.e., the execution of registration or order, to the extent that the relevant information must be provided in our registration/order process mandatorily (rather than only voluntarily).

Newsletter:

When you subscribe to our newsletter, we process the data collected during registration, such as your email address, salutation, etc., for the purpose of sending the newsletter.

If data processing for the above purposes is based on your consent, the legal basis is Article 6(1)(a) GDPR (consent). Otherwise, data processing is based on Article 6(1)(f) GDPR ("legitimate interests"), with the legitimate interests being in the purposes mentioned above.

We store the personal data necessary for sending the newsletter for as long as we need it for this purpose or until you revoke your consent to receive the newsletter. Any legitimate continued storage for other purposes (e.g., customer communication) remains unaffected.

2) Cookies

Cookies are small text files stored on the user's computer that enable analysis of the user's website usage.

Cookies can, for example, be used to make website usage easier and more convenient for visitors or to enable certain functions, or to analyze visitor traffic.

If personal data is also processed by individual cookies we use, processing is carried out in accordance with Article 6(1)(b) GDPR for contract performance, Article 6(1)(a) GDPR in case of consent given, or Article 6(1)(f) GDPR to safeguard our legitimate interests in the commercial operation of our online offering and a user-friendly and effective design of the website visit.

The storage duration of cookies may be limited to the duration of the respective browser session, i.e., the cookies are deleted after closing the browser (temporary cookies); or the storage duration may extend beyond that to recognize the user on their next visit and then display preferred content (persistent cookies). Unless we provide different information in this privacy policy, or within our cookie management services or other separate information on cookies, you should assume that cookies are persistent and have a storage duration of up to two years.

You have the option at any time to revoke your consent to the setting of cookies or to object to data processing by cookies by deleting the cookies in your browser settings.

You can also configure your browser to accept cookies only with your consent.

You can find a way to revoke, object to, and/or manage your cookies here: Contact info@koslux.com.

Regarding advertising cookies, you can block and/or manage many of them through the following services: www.aboutads.info/choices/
www.youronlinechoices.com/uk/your-ad-choices/
www.networkadvertising.org/managing/opt_out.asp

However, if you reject cookies, you may not be able to use certain website functions, services, applications, or tools.

3) Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. Google may transmit your data to servers worldwide. Data transfers to the USA are based on the EU-US Privacy Shield. Data transfers to countries without an adequate level of data protection are based on the EU Standard Contractual Clauses. Details can be found in the Privacy Shield section of Google's privacy policy: https://policies.google.com/privacy/frameworks

You can prevent Google Analytics from collecting and processing data about your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

4) Google Fonts

We use "Google Web Fonts," a directory of various fonts, for the uniform and visually appealing display of textual content on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit our website, the fonts are loaded from a Google server, enabling us, among other things, to achieve faster loading times.

With each visit to our website, the following data is also transmitted to Google:

  • IP address
  • Language settings
  • Screen resolution of the browser
  • Browser version and browser name

Google may transmit your data to servers worldwide. Data transfers to the USA are based on the EU-US Privacy Shield. Data transfers to countries without an adequate level of data protection are based on the EU Standard Contractual Clauses. Details can be found in the Privacy Shield section of Google's privacy policy: https://policies.google.com/privacy/frameworks

5) Rights of Data Subjects

You have the right to request information about the processing of your personal data according to Article 15 GDPR ("Right of Access by the Data Subject").

You have the right to demand correction and deletion of your incorrect personal data according to Article 16 GDPR ("Right to Rectification").

According to Article 17 GDPR, you can request the deletion of your personal data if one of the reasons listed there applies ("Right to Erasure").

Likewise, according to Article 18 GDPR, you have the right to demand the restriction of the processing of your personal data if one of the conditions listed there applies ("Right to Restriction of Processing").

According to Article 20 GDPR, you have the right to receive the personal data concerning you and provided by you, and to transmit this data to another controller ("Right to Data Portability").

Revocation of Consents: See section "Right of Withdrawal" in this privacy policy.

Right to Object: See section "Right to Object" in this privacy policy.

You have the right to lodge a complaint with the competent supervisory authority.

6) Right of Withdrawal

You can revoke any consent given for the processing of your personal data at any time, e.g., by email to our email address provided at the beginning. The lawfulness of the processing carried out based on the consent until the revocation is not affected by this.

7) Right to Object

Insofar as our data processing is based on Article 6(1)(f) GDPR ("legitimate interests"), you have the right, in accordance with Article 21 GDPR, to object to the processing of your personal data.

8) Disclosure of Your Data

Unless already listed elsewhere in this privacy policy, we disclose your personal data to the following additional recipients or categories of recipients:

  • Third-party shipping providers

Unless already listed elsewhere in this privacy policy, we intend to transfer your personal data to the following third country or international organization.

  • We operate our online shop using the software and servers of Shopify; Shopify processes data globally according to its privacy policy, including in Canada and the USA; you can access Shopify's privacy policy, which also provides more detailed information on data transfer abroad, here: https://www.shopify.de/legal/datenschutz