Privacy Policy (GDPR)

Controller (Art. 4(7) GDPR):
Luscaro, Laurenz Maximilian Ruf, Gerichtsweg 116, 52355 Düren, Email: service@luscaro.de

Data Protection Officer: [if applicable / “Not required by law; contact the controller for privacy matters.”]

1. What data we process

  • Order & account data: name, addresses, email, phone, ordered items, delivery & billing details.

  • Payment data: processed by payment providers (e.g., Stripe, PayPal, Klarna); we receive confirmation/status, not full card details.

  • Technical data: IP address, device/browser info, cookies, log files.

  • Marketing & analytics (if enabled): Shopify Analytics, Google Analytics, Meta (Facebook) Pixel, email marketing (consent-based).

  • Customer support: your messages, returns, warranty claims.

2. Purposes & legal bases (Art. 6(1) GDPR)

  • Contract & pre-contract measures (Art. 6(1)(b)): order processing, payments, delivery, customer service.

  • Legal obligations (Art. 6(1)(c)): tax, commercial retention, consumer protection.

  • Legitimate interests (Art. 6(1)(f)): security, fraud prevention, improvement of services, direct marketing to existing customers (§ 7(3) UWG).

  • Consent (Art. 6(1)(a)): newsletters, cookies/analytics/marketing (via cookie banner), optional account creation. You can withdraw consent anytime with effect for the future.

3. Recipients & processors (Art. 28 GDPR)

  • Shopify (host/platform) – Shopify International Ltd. / Shopify Inc.

  • Payment services – Stripe Payments Europe Ltd.; PayPal (Europe) S.à r.l.; Klarna Bank AB; and similar providers you select.

  • Logistics & carriers – e.g., DHL/DPD/UPS and fulfillment partners.

  • IT & marketing tools – email service provider, analytics/ads (if enabled), cookie consent tool.
    With all processors we maintain data-processing agreements.

4. International transfers (Art. 44 et seq. GDPR)

Data may be processed outside the EU/EEA (e.g., Canada/USA). We rely on adequacy decisions (e.g., Canada) or Standard Contractual Clauses with supplementary measures. Copies of safeguards are available upon request (where not restricted by confidentiality).

5. Storage periods

We keep personal data only as long as necessary for the purposes above and statutory duties. Typical retention: commercial/tax records 6–10 years; contract data up to the end of limitation periods; marketing data until you object or withdraw consent.

6. Your rights (Art. 15–22 GDPR)

You may request access, rectification, erasure, restriction, data portability, and object to processing (Art. 21). You can withdraw consent at any time.
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace, or the place of the alleged infringement. In Germany, see Bundesbeauftragter für den Datenschutz und die Informationsfreiheit (BfDI) or your state authority.

7. Obligation to provide data

Providing order data is necessary for concluding a contract; without it, we cannot process your purchase.

8. Automated decision-making / profiling

We do not use automated decision-making producing legal effects. Standard analytics/ads segmentation may occur with your consent.

9. Contact

For privacy requests, contact service@luscaro.de.

Last updated: 05.09.2025