Privacy Policy

1. Data protection at a glance

General information

The following notices provide a simple overview of what happens to your personal data when you visit this website. Personal data means all data with which you can be personally identified. Detailed information on the subject of data protection can be found in our data protection declaration set out below this text.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section “Information on the Responsible Party” in this privacy policy.

How do we collect your data?

On the one hand, your data is collected by you providing it to us. This may, for example, be data that you enter into a contact form.

Other data is collected automatically or with your consent when you visit the website by our IT systems. This includes mainly technical data (e.g. internet browser, operating system or time of page access). The collection of this data takes place automatically as soon as you enter this website.

What do we use your data for?

Part of the data is collected in order to ensure error-free provision of the website. Other data may be used to analyse your user behaviour. Insofar as contracts can be concluded or initiated via the website, the data transmitted will also be processed for contract offers, orders or other business enquiries.

What rights do you have regarding your data?

You have the right at any time to receive information free of charge about the origin, recipient and purpose of your stored personal data. You also have the right to request the rectification or deletion of this data. If you have given your consent to data processing, you may revoke this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data. You also have the right to lodge a complaint with the competent supervisory authority.

You may contact us at any time regarding this or any other questions on the subject of data protection.

Analysis tools and tools from third-party providers

When visiting this website, your browsing behaviour may be statistically evaluated. This is done mainly with so-called analysis programmes.

Detailed information on these analysis programmes can be found in the following privacy policy.

2. Hosting

We host the contents of our website with the following provider:

Mittwald

The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp (hereinafter “Mittwald”).

Details can be found in Mittwald’s privacy policy: https://www.mittwald.de/datenschutz.

The use of Mittwald is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website possible. If the corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

Commissioned processing

We have concluded a contract on commissioned processing (AVV) for the use of the above-mentioned service. This is a contract required under data protection law, which ensures that this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

3. General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy.

When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains which data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission on the internet (e.g. when communicating by email) may have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible party

The responsible party for data processing on this website is:

Lucky Look GmbH
Münsterstr. 5
59065 Hamm

Phone: +492381972980
Email: info@lucky-look-media.de

The responsible party is the natural or legal person who alone or jointly with others
decides on the purposes and means of processing personal data (e.g. names, email
addresses, etc.).

Storage period

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for the data processing ceases to apply. If you assert a justified request for deletion or withdraw consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion takes place after these reasons cease to apply.

General notes on the legal bases for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR and Art. 9 (2) lit. a GDPR if special categories of data according to Art. 9 (1) GDPR are processed. In the event of express consent to the transfer of personal data to third countries, data processing is also carried out on the basis of Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or access to information on your device (e.g. via device fingerprinting), data processing is additionally carried out on the basis of § 25 (1) TDDDG. Consent may be revoked at any time. If your data is required for the performance of a contract or for the implementation of precontractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is necessary for the fulfilment of a legal obligation on the basis of Art. 6 (1) lit. c GDPR. Data processing may also take place on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. The relevant legal basis in each individual case is explained in the following paragraphs of this privacy policy.

Data protection officer

We have appointed a data protection officer.

Daubert IT-Consulting GmbH
Niederbergheimer Str. 96
59494 Soest

Phone: +49209219439505
Email: info@lucky-look-media.de

Notice on Data transfer to non-secure third Countries under Data protection Law and to US companies that are not DPF-certified

We may process data on this website using services provided by companies based in countries that are not secure third countries from a data protection perspective, as well as by US service providers that are not certified under the EU-US Data Privacy Framework (DPF). If these services are active, your personal data may be transferred to these countries and processed there. We would like to point out that in data protection non-secure third countries no level of data protection comparable to that of the EU can be guaranteed.

We would like to point out that the USA is generally considered a secure third country with a level of data protection comparable to that of the EU. Data transfer to the USA is therefore permissible if the recipient has certification under the “EU-US Data Privacy Framework” (DPF) or has appropriate additional safeguards. Information on data transfers to third countries, including the data recipients, can be found in this privacy policy.

Recipients of personal data

In the course of our business activities, we work with various external parties. In some cases, the transfer of personal data to these external parties is also necessary. We only pass on personal data to external parties if this is necessary within the framework of contract performance, if we are legally obliged to do so (e.g. transfer of data to tax authorities), if we have a legitimate interest pursuant to Art. 6 (1) lit. f GDPR in passing on the data, or if another legal basis permits the transfer of the data. When using processors, we only pass on personal data of our customers on the basis of a valid contract on commissioned processing. In the case of joint processing, a contract on joint processing is concluded.

Revocation of your consent to Data processing

Many data processing operations are only possible with your express consent. You may revoke consent that has already been given at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Objection right against Data collection in special cases and against direct advertising (Art. 21 GDPR)

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 (1) LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA, UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR SUCH ADVERTISING PURPOSES; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of breaches of the GDPR, data subjects shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged breach. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data which we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be carried out insofar as it is technically feasible.

Access, rectification and erasure

Within the scope of the applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipients and the purpose of the data processing and, if applicable, a right to rectification or erasure of this data. For this purpose, as well as for any further questions on the subject of personal data, you may contact us at any time

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. For this purpose, you may contact us at any time. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the review, you have the right to request the restriction of the processing of your personal data.
• If the processing of your personal data was/is unlawful, you may request the restriction of data processing instead of erasure.
• If we no longer need your personal data, but you need it for the exercise, defence or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of erasure.
• If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balancing of your and our interests must be carried out. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, such data may – apart from being stored – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such asorders or enquiries that you send to us as site operators, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

Objection to advertising emails

The use of contact data published within the scope of the imprint obligation for the transmission of advertising and information materials not expressly requested is hereby objected to. The operators of these pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

4. Data collection on this website

Cookies

Our internet pages use so-called “cookies”. Cookies are small data packages and do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or until they are automatically deleted by your web browser.

Cookies may originate from us (first-party cookies) or from third-party companies (so called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies within websites (e.g. cookies for the processing of payment services).

Cookies have various functions. Numerous cookies are technically necessary as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies may be used to analyse user behaviour or for advertising purposes.

Cookies that are necessary for carrying out the electronic communication process, for providing certain functions requested by you (e.g. for the shopping cart function), or for optimising the website (e.g. cookies for measuring the web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of its services. Insofar as consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG); consent may be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and that cookies are only allowed in individual cases, the acceptance of cookies is excluded for certain cases or in general, as well as the automatic deletion of cookies upon closing of the browser is activated. If cookies are deactivated, the functionality of this website may be limited.

Which cookies and services are used on this website can be found in this privacy policy.

Consent with Cookiebot

Our website uses Cookiebot’s consent technology to obtain your consent to store certain cookies on your device or to use certain technologies and to document this in a data protection-compliant manner. The provider of this technology is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter “Cookiebot”).

When you enter our website, a connection is established to Cookiebot’s servers to obtain your consents and other declarations regarding cookie use. Subsequently, Cookiebot stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself or the purpose for storing the data no longer applies. Mandatory statutory retention obligations remain unaffected.

The use of Cookiebot takes place in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 (1) lit. c GDPR.

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

• Browser type and browser version
• Operating system used
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP adress

A merging of this data with other data sources does not take place.

The collection of this data is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – for this purpose, the server log files must be collected.

Contact form

If you send us enquiries via the contact form, the details you provide in the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of precontractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this has been requested; consent may be revoked at any time.

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Enquiry by email, telephone or fax

If you contact us by email, telephone or fax, your enquiry, including all personal data resulting from it (name, enquiry), will be stored and processed by us for the purpose of handling your request. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of precontractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this has been requested; consent may be revoked at any time.

The data you send to us via contact enquiries will remain with us until you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

5. Analysis tools and advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies or carry out independent analyses. It merely serves to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to the parent company of Google in the United States.

The use of Google Tag Manager is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a in conjunction with Art. 49 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent may be revoked at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. The website operator receives various usage data, such as page views, length of stay, operating systems used and origin of the user. This data is assigned to the respective end device of the website visitor and summarised in a user ID.

Furthermore, we can use Google Analytics to record your mouse and scroll movements and clicks, among other things. Google Analytics also uses various modelling approaches to supplement the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 (1) lit. a in conjunction with Art. 49 (1) lit. a GDPR and § 25 (1) TDDDG. Consent may be revoked at any time.

Data transfer to the USA is based on the EU Commission’s standard contractual clauses. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

IP Anonymisation

IP anonymisation is activated on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available from the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information on the handling of user data at Google Analytics can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google signals

We use Google Signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history as well as demographic data (visitor data). This data may be used for personalised advertising with the help of Google Signals. If you have a Google account, the visitor data from Google Signals is linked to your Google account and used for personalised advertising messages. The data is also used to create anonymised statistics about user behaviour of our users.

Commissioned processing

We have concluded a contract on commissioned processing with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

6. Newsletter

Newsletter­ data

If you would like to receive the newsletter offered on the website, we require from you an email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is based exclusively on your consent (Art. 6 (1) lit. a GDPR). You may revoke the consent given to the storage of data, the email address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data stored by us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and deleted from the newsletter distribution list after you unsubscribe from the newsletter or after the purpose ceases to apply. We reserve the right to remove email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

Data stored by us for other purposes shall remain unaffected by this.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us or the newsletter service provider in a blacklist, insofar as this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). Storage in the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interest.

7. Plugins und Tools

Google Fonts (local hosting)

This site uses so-called Google Fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. There is no connection to Google servers in this process.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

8. Own Services

Handling of applicant data

We offer you the opportunity to apply to us (e.g. by email, post or via online application form). In the following, we inform you about the scope, purpose and use of your personal data collected during the application process. We assure you that the collection, processing and use of your data is carried out in accordance with applicable data protection law and all other statutory provisions and that your data is treated strictly confidentially.

Scope and purpose of data collection

If you send us an application, we process the associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.), insofar as this is necessary for the decision on establishing an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6 (1) lit. b GDPR (general contract initiation) and – if you have given your consent – Art. 6 (1) lit. a GDPR. Consent may be revoked at any time. Your personal data is only passed on within our company to persons who are involved in processing your application.

If the application is successful, the data you have submitted will be stored on the basis of § 26 BDSG and Art. 6 (1) lit. b GDPR for the purpose of carrying out the employment relationship in our data processing systems.

Retention period of the data

If we are unable to offer you a job, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted to us on the basis of our legitimate interests (Art. 6 (1) lit. f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. Retention serves, in particular, as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to a potential or pending legal dispute), deletion will only take place when the purpose for further retention no longer applies.

Longer retention may also take place if you have given corresponding consent (Art. 6 (1) lit. a GDPR) or if statutory retention obligations prevent deletion.