Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is any data with which you can be personally identified.

1.2 The controller for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Lio Uhlitzsch, Primmelwitz 1a, 04617 Treben, Germany, Email: business@lucanu.de. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website purely for information purposes, i.e. if you do not register or otherwise transmit information to us, we only collect such data that your browser transmits to the page server (so-called "server log files"). When you access our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time at the time of access
Amount of data sent in bytes
Source/reference from which you reached the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or otherwise used. However, we reserve the right to subsequently check the server log files if there are concrete indications of illegal use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the character string "https://" and the lock symbol in your browser line.

3) Hosting & Content Delivery Network

3.1 Shopify

For hosting our website and displaying page content, we use the system of the following provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland ("Shopify")

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

All data collected on our website is processed on the provider's servers. We have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

In the case of data transmission to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

3.2 Cloudflare

We use a content delivery network from the following provider: Cloudflare Inc., 101 Townsend St. San Francisco, CA 94107, USA

This service enables us to deliver large media files such as graphics, page content or scripts faster via a regionally distributed server. The processing is carried out to protect our legitimate interest in improving the stability and functionality of our website in accordance with Art. 6 para. 1 lit. f GDPR. We have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European level of data protection on the basis of an adequacy decision by the European Commission.

4) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), while others remain on your device for longer and enable the storage of page settings (so-called "persistent cookies"). In the latter case, you can view the storage duration in the overview of the cookie settings of your web browser.

If personal data is also processed by individual cookies we use, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the performance of the contract, in accordance with Art. 6 para. 1 lit. a GDPR in the case of consent given, or in accordance with Art. 6 para. 1 lit. f GDPR to protect our interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that the functionality of our website may be limited by not accepting cookies.

5) Contact

When contacting us (e.g. via contact form or email), personal data is processed exclusively for the purpose of processing and answering your inquiry.

The legal basis for processing this data is our legitimate interest in answering your inquiry in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted if it can be inferred from the circumstances that the matter in question has been finally clarified and provided there are no legal retention obligations to the contrary.

6) Use of Customer Data for Direct Marketing

6.1 GoDaddy

Our email newsletter is sent via this provider: Go Daddy Operating Co LLC, 14455 North Hayden Road, Suite 226, Scottsdale, AZ 85260, USA

Based on our legitimate interest in effective and user-friendly newsletter marketing, we pass on your data provided during newsletter registration in accordance with Art. 6 para. 1 lit. f GDPR to this provider so that they can send the newsletter on our behalf.

Subject to your express consent in accordance with Art. 6 para. 1 lit. a GDPR, the provider also carries out a statistical success evaluation of newsletter campaigns using web beacons or counting pixels in the emails sent, which can measure opening rates and specific interactions with the newsletter content. Device information (e.g. time of access, IP address, browser type and operating system) is also collected and evaluated, but not merged with other data sets.

You can revoke your consent to newsletter tracking at any time with effect for the future.

We have concluded a data processing agreement with the provider that protects the data of our site visitors and prohibits disclosure to third parties.

6.2 Shopify Email

Our email newsletter is sent via this provider: Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

Data is also transferred to: Shopify Inc., 150 Elgin St, Ottawa, ON K2P 1L4, Canada

We have concluded a data processing agreement with the provider that protects the data of our site visitors and prohibits disclosure to third parties.

In the case of data transmission to Canada, an adequate level of data protection is ensured by an adequacy decision of the European Commission.

7) Data Processing for Order Processing

7.1 Insofar as necessary for contract processing for delivery and payment purposes, the personal data collected by us will be passed on to the transport company and the commissioned credit institution in accordance with Art. 6 para. 1 lit. b GDPR.

If we owe you updates for goods with digital elements or for digital products on the basis of a corresponding contract, we process the contact data you provided when ordering in order to inform you personally within the framework of our legal information obligations in accordance with Art. 6 para. 1 lit. c GDPR. Your contact data is used strictly for the purpose of notifications about updates we owe and is only processed by us to the extent necessary for the respective information.

To process your order, we also work with the following service provider(s) who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information.

7.2 Transfer of Personal Data to the Shipping Service Provider

- DHL

As a transport service provider, we use the following provider: DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn, Germany

We pass on your email address and/or telephone number in accordance with Art. 6 para. 1 lit. a GDPR before delivery of the goods for the purpose of coordinating a delivery date or delivery notification to the provider, provided you have given your express consent to this in the order process. Otherwise, for the purpose of delivery in accordance with Art. 6 para. 1 lit. b GDPR, we only pass on the name of the recipient and the delivery address to the provider. The transfer only takes place to the extent necessary for the delivery of goods. In this case, prior coordination of the delivery date with the provider or delivery notification is not possible.

Consent can be revoked at any time with effect for the future to the controller named above or to the provider.
- DPD

As a transport service provider, we use the following provider: DPD Deutschland GmbH, Wailandtstraße 1, 63741 Aschaffenburg, Germany

Consent can be revoked at any time with effect for the future to the controller named above or to the provider.

7.3 Use of Payment Service Providers

- Apple Pay

If you choose the payment method "Apple Pay" from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment processing is carried out via the "Apple Pay" function of your device running iOS, watchOS or macOS by debiting a payment card stored in "Apple Pay". Apple Pay uses security features that are integrated into the hardware and software of your device to protect your transactions. To authorize a payment, you must also enter a code you have previously set and verify using the "Face ID" or "Touch ID" function of your device.

For the purpose of payment processing, the information about your order is first passed on to Apple in encrypted form along with the information you provided during the order process. Apple encrypts this data again with a developer-specific key before the data is transmitted to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm the success of the payment.

If personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Apple stores anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. The anonymization completely excludes any personal reference. Apple uses the anonymized data to improve "Apple Pay" and other Apple products and services.

If you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made via Safari on your Mac, your Mac and the authorization device communicate via an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that can identify you. You can disable the ability to use Apple Pay on your Mac in your iPhone settings. Go to "Wallet & Apple Pay" and disable "Allow Payments on Mac".

Further information on data protection with Apple Pay can be found at the following internet address: https://support.apple.com/en-us/HT203027
- Google Pay

If you choose the payment method "Google Pay" from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment processing is carried out via the "Google Pay" application of your mobile device equipped with at least Android 4.4 ("KitKat") by debiting a payment card stored in Google Pay or a payment system verified there (PayPal). To authorize a payment via Google Pay in excess of €25, you must first unlock your mobile device using the verification measure set up (such as facial recognition, password, fingerprint or pattern).

For the purpose of payment processing, the information about your order is first passed on to Google along with the information you provided during the order process. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, with which a successful payment is verified. This transaction number does not contain any information about the real payment data of your payment method stored in Google Pay, but is created and transmitted as a one-time valid numeric token. In all transactions via Google Pay, Google only acts as an intermediary to process the payment transaction. The transaction is carried out exclusively in the relationship between the user and the originating website by debiting the payment method stored in Google Pay.

If personal data is processed in the transmissions described, the processing is carried out exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR.

Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description of the goods or services purchased provided by the merchant, photos you have attached to the transaction, the name and email address of the seller and buyer or sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.

According to Google, this processing is carried out exclusively in accordance with Art. 6 para. 1 lit. f GDPR on the basis of the legitimate interest in proper accounting, verification of transaction data and optimization and maintenance of the Google Pay service.

Google also reserves the right to merge the processed transaction data with other information that is collected and stored by Google when using other Google services.

The terms of use of Google Pay can be found here:

https://payments.google.com/payments/apis-secure/u/0/get_legal_document?ldo=0&ldt=googlepaytos&ldl=en
Further information on data protection with Google Pay can be found at the following internet address:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en
- Klarna

One or more online payment methods from the following provider are available on this website: Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden

If you select a payment method from the provider in which you pay in advance (such as credit card payment), your payment data (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to you during the order process in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data is only passed on for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method in which the provider pays in advance (such as purchase on account or installment purchase or direct debit), you will also provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable data on an alternative means of payment) during the order process.

In order to protect our legitimate interest in determining the creditworthiness of our customers, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. The provider checks on the basis of the personal data you have provided as well as other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option you have selected can be guaranteed with regard to payment and/or default risks.

For the decision in the context of the application review, in addition to provider-internal criteria in accordance with Art. 6 para. 1 lit. f GDPR, identity and credit information from the following credit agencies may also be included:

https://cdn.klarna.com/1.0/shared/content/legal/terms/0/en_gb/credit_rating_agencies

The credit report may contain probability values (so-called score values). If score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical method. Address data, among other things, but not exclusively, is included in the calculation of score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may remain entitled to continue processing your personal data if this is necessary for contractual payment processing.
- PayPal

One or more online payment methods from the following provider are available on this website: PayPal (Europe) Sarl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg

If you select a payment method from the provider in which you pay in advance, your payment data (including name, address, bank and payment card information, currency and transaction number) as well as information about the content of your order will be passed on to you during the order process in accordance with Art. 6 para. 1 lit. b GDPR. In this case, your data is only passed on for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method in which we pay in advance, you will also provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, if applicable data on an alternative means of payment) during the order process.

In order to protect our legitimate interest in determining your creditworthiness in such cases, this data is forwarded by us to the provider for the purpose of a credit check in accordance with Art. 6 para. 1 lit. f GDPR. The provider checks on the basis of the personal data you have provided as well as other data (such as shopping cart, invoice amount, order history, payment experience) whether the payment option you have selected can be guaranteed with regard to payment and/or default risks.

One or more online payment methods from the following provider are available on this website: Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland

8) Page Functionalities

YouTube

This website uses plugins to display and play videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may be transmitted to: Google LLC., USA

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the provider's servers to load the plugin. Certain information, including your IP address, is transmitted to the provider.

If playback of embedded videos is started via the plugin, the provider also uses cookies to collect information about user behavior, create playback statistics and prevent abusive behavior.

If you are logged into a user account with the provider during your page visit, your data will be directly assigned to your account when you click on a video. If you do not want the assignment to your account, you must log out before activating the playback button.

All of the aforementioned processing operations, in particular the setting of cookies for reading information on the device used, only take place if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke the consent given at any time with effect for the future by deactivating this service via the "Cookie Consent Tool" provided on the website.

9) Tools and Other

Cookie Consent Tool

This website uses a so-called "Cookie Consent Tool" to obtain effective user consent for cookies requiring consent and cookie-based applications. The "Cookie Consent Tool" is displayed to users when they access the page in the form of an interactive user interface on which consent can be given for certain cookies and/or cookie-based applications by ticking boxes. By using the tool, all cookies/services requiring consent are only loaded if the respective user gives corresponding consent by ticking boxes. This ensures that such cookies are only set on the respective user's device if consent has been given.

The tool sets technically necessary cookies to save your cookie preferences. Personal user data is generally not processed.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning or logging cookie settings, this is done in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in legally compliant, user-specific and user-friendly consent management for cookies and thus in a legally compliant design of our website.

A further legal basis for processing is Art. 6 para. 1 lit. c GDPR. As the controller, we are subject to the legal obligation to make the use of technically non-necessary cookies dependent on the respective user consent.

Where necessary, we have concluded a data processing agreement with the provider that ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.

Further information about the operator and the setting options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.

10) Rights of the Data Subject

10.1 The applicable data protection law grants you the following data subject rights (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, whereby reference is made to the cited legal basis for the respective exercise requirements:

Right of access according to Art. 15 GDPR;
Right to rectification according to Art. 16 GDPR;
Right to erasure according to Art. 17 GDPR;
Right to restriction of processing according to Art. 18 GDPR;
Right to notification according to Art. 19 GDPR;
Right to data portability according to Art. 20 GDPR;
Right to withdraw consent given according to Art. 7 para. 3 GDPR;
Right to lodge a complaint according to Art. 77 GDPR.

10.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF A BALANCING OF INTERESTS DUE TO OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

11) Duration of Storage of Personal Data

The duration of storage of personal data is based on the respective legal basis, the processing purpose and - if applicable - additionally on the respective statutory retention period (e.g. commercial and tax retention periods).

When processing personal data on the basis of express consent in accordance with Art. 6 para. 1 lit. a GDPR, the data concerned is stored until you revoke your consent.

If there are statutory retention periods for data that is processed in the context of legal or quasi-legal obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data is routinely deleted after the retention periods have expired, provided it is no longer required for contract fulfillment or contract initiation and/or we have no legitimate interest in continued storage.

When processing personal data on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object according to Art. 21 para. 1 GDPR, unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data is stored until you exercise your right to object according to Art. 21 para. 2 GDPR.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data is otherwise deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.

Last updated: May 19, 2025, 12:30:48 PM