Privacy policy

Luisa Franzen respects your privacy. This Privacy Policy explains how we collect, use, disclose, and secure Personal Information about you through luisafranzen.com. By using the Service, you consent to the processing of your Personal Information as set forth in this Privacy Policy, now and as amended by us.

General contact information

The issue of data protection is particularly important to us in our business activities. Our following data protection notices inform you about the type, scope and purpose of the processing of personal data (“data” for short) by us.

Responsible for data processing:

Luisa Franzen GmbH
Hufnerstraße 94
22305 Hamburg

Contact person: Luisa Franzen Telephone: +491758834318 Email: info@luisafranzen.com

You can reach our data protection officer at:
TOP data protection GmbH & Co. KG Dipl.-oec. Tobias Kordes Wiekesch 1
26689 Apen
Internet: https://www.top-datenschutz.de
Email: info@top-datenschutz.de

Our information on data protection for visitors to our website

[matomo_opt_out]

Purposes of processing

The processing of personal data is justified on the basis of our legitimate interests in accordance with Art. 6 Para. 1 Sentence 1 Letter f) GDPR and is necessary in order to make our online offer available to visitors together with its functions and content (e.g. in order to to ensure rapid page loading, to enable user-friendly use of the online offer, to recognize and guarantee the security and stability of the systems, to facilitate and improve the administration of the website). The processing is expressly not carried out for the purpose of gaining knowledge about the person visiting the website. Only when the visitor voluntarily discloses data does further processing enable us to respond to contact inquiries and other communication with users (legal basis then Art. 6 Para. 1 Sentence 1 Letter a) GDPR). For statistical purposes, we use a combination of all the (usually non-personal) data available to us within the legally permitted framework.

Where the personal data comes from

We only process data that is transmitted by the internet browser of your end device. If you contact us by e-mail, telephone or online form, we process the data that you provide to us.

Which data categories we process

IP address of the visitor’s device
Date and time of access by the visitor
File name of the page accessed by the visitor
Website from which the visitor accesses our online offer (so-called referrer URL)
Browser and operating system of the visitor’s device and the name of the Internet access provider used by the visitor
Other Data Provided by You.

Categories of data subjects

All users of our online offer.

Duration of Storage and Deletion

We process and store your personal data as the data subject only for as long as is necessary to achieve the purpose. If the purpose no longer applies, your data will be blocked or deleted, provided there is no legal obligation to retain it.

Transfer of personal data to third parties (general information)

If personal data is passed on to third parties, processing is regularly carried out for a specific purpose or in accordance with instructions, for example to provide a service. However, due to the lack of control options, we cannot completely rule out the possibility that third-party providers carefully selected by us process user data transmitted by the browser (data categories see above) for their own purposes. Information processed via our online offer (about browser and operating system, IP address, referring online offers, visiting times, etc.) can also be combined with information from other sources. Cookies or browser fingerprints are usually used to clearly identify users. If you want to avoid this in principle, you must make the appropriate browser settings (e.g. via free privacy extensions).

Server log files and user information

The web host/provider commissioned by us automatically collects and stores information/meta data in so-called server log files for each access. The information contained therein is your IP address, the time of the server request and the file accessed. In addition, browser-specific information such as browser type and version, operating system used, possibly the referrer URL and possibly other information that is helpful for our provider to optimize our website is recorded and stored. The IP address is considered personal if the operator has the legal means to draw conclusions about a person from the data. The duration of the processing of the IP address as personal information therefore depends on the storage duration of the IP address at your service provider (Internet access provider). Usually this is 30 days or less. According to Art. 6 Para. 1 lit. f GDPR, the legal basis is the legitimate interest of the provider to guarantee the functionality and security of the server or to optimize the website, in particular with regard to operation. This data is not merged with other data sources. The provider works as a processor subject to instructions. A direct identification of a person via the metadata is therefore not possible.

Our information on data protection for users of our online shop

An online shop is an interactive website. Therefore, the points regulated under “Our information on data protection for visitors to our homepage” also apply to users of our online shop. If a purchase is made via the online shop, our customers will receive further information under “Our information on data protection for customers and interested parties”. The special data protection law features of the “online shop” sales channel are explained below.

Purposes of processing

We process the entries made by the user of our online shop to fulfill the contract (provision of a customer account and/or order processing). Technically, we use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.

Legal bases

Die Verarbeitung erfolgt zum Zweck der Vertragserfüllung, auf Grundlage des Art. 6 Abs. 1 lit. b in Verbindung mit Art.-Nr. 6 Abs. 1 lit. c DSGVO.

Where the personal data come from

The data is provided by the user himself or his browser (form entries, browser data, IP address, cookies).

Which data categories we process

Address and contact data (user input)
Username & Password (user input)
Time stamp, IP address (browser/provider)
Product data (user input)
Technically necessary cookies
Other voluntary user submissions

Information required for the order is marked accordingly.

Categories of data subjects

Users/customers of the online shop.

Duration of Storage and Deletion

We process and store your personal data as the data subject only for as long as the customer account exists or as long as this is necessary to achieve the purpose. If the purpose no longer applies, your data will be blocked or deleted, provided there is no legal obligation to retain it. If you place an order with us, we are legally obliged to keep the data for 10 years.

Disclosure of Personal Information to Third Parties

We disclose the data to third parties only in the context of delivery, payment or legal permits and obligations to legal advisers and authorities. The data will only be processed in third countries if this is necessary to fulfill the contract (e.g. at the customer’s request for delivery or payment).

Other third-party providers used are listed under “Our information on data protection for visitors to our website”.

Our information on data protection for customers and interested parties

Purposes of data processing

The data of our customers and interested parties is processed to create offers, to prepare and execute contracts (with all the resulting rights and obligations), for customer support purposes, for customer communication and for maintaining contacts. Other processing purposes result from contractual or legal obligations to which we are subject and include, for example, administration, financial accounting, office organization, archiving of data, etc.

What data we process

We process the data that is communicated to us in connection with an inquiry. In particular, this concerns the following personal data: First and last name, private and/or company address and contact details, bank details if applicable, commercial register data if applicable. If you do not provide the requested data, it will not be possible to fulfill the contract. Further mandatory or optional information will be marked accordingly by us during the collection.

Legal bases

The legal basis is Article 6 Paragraph 1 Letter b GDPR (provision of contractual services), our legitimate interest in accordance with Article 6 Paragraph 1 Letter f GDPR (e.g. service and customer care, marketing, advertising and market research) or Article 6 (1) (a) GDPR (consent).

Data lineage

We process personal data that we collect directly from our customers and prospects. In individual cases, we also process personal data that we obtain from publicly accessible sources (e.g. website) or that are transmitted to us by other third parties (e.g. credit reporting agencies).

Disclosure of Personal Data

We only transfer your personal data to third parties if this is permitted by law or if you have given your consent. In individual cases, we reserve the right to carry out a credit check by credit agencies such as Creditreform or Schufa and transmit personal data for this purpose. In addition, our tax advisor/auditor can gain insight into the data of our customers. In individual cases, we transmit data to a debt collection agency, our lawyer or a competent court for the purpose of enforcing a claim.

Storage duration

We process and store personal data as long as it is necessary to fulfill the respective purpose or due to contractual or legal obligations. In addition, personal data is stored for the period in which claims can be asserted against us (statutory limitation periods) or we are legally obliged to do so. Corresponding proof and storage obligations result from commercial, tax and social security law regulations (usually 6 or 10 years).

Our information on data protection for users of social networks (including messenger services)

In addition, in connection with our presence in the “social network” or via a messenger service, individual personal data is processed and this alone decides on the purposes and means of processing, the platform provider is solely responsible for processing. In the case of Facebook, Instagram and WhatsApp, this is: Facebook or WhatsApp Ireland Limited (hereinafter “Facebook Ireland”), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can contact the data protection officer of Facebook Ireland via the online contact form provided in the respective data protection declaration or by e-mail. Insofar as personal data is processed by the service provider and us in connection with our presence in the “social network” or via a messenger service and we are involved in deciding on the purposes and means of this processing, there is a joint responsibility for the processing . This can be the case in particular when interacting via the platform’s own communication channels, e.g. B. when you write us a message or comment on, share or view a post.

Fulfillment of information obligations

In the case of joint processing, it can be determined who is responsible for fulfilling the information obligations. In the case of Facebook or Instagram, this is Facebook Ireland Limited, in the case of WhatsApp – WhatsApp Ireland Limited. Facebook Ireland’s data protection information is available at https://www.facebook.com/policy.php, information for the “Instagram” service can be found at https://www.instagram.com/legal/privacy/, the data protection information from WhatsApp Ireland can be found at https://www.whatsapp.com/legal/.

Purpose and legal basis for interaction on our presence in a “social network”

If you react to one of our posts (comment, share, etc.) or send us a private message or write a post on our presence, we only process your data for the purpose of communicating with you or to answer your request. Depending on the case, the legal basis is Art. 6 (1) sentence 1 lit. 1 a or f GDPR. If you contact us with the aim of concluding a contract, the additional legal basis for processing is Art. 6 (1) sentence 1 lit. b GDPR. We process the data you provide in this context and which we may have access to in order to safeguard our legitimate interests in communicating with any person interested in our company. Our interest (or the purpose) is to offer interested parties a platform on which we can display current information and with the help of which people can address their concerns to us and we can deal with them as quickly as possible. In addition, we can process non-personal statistical data made available to us by the platform operator for our own statistical purposes. The legal basis is Article 6 Paragraph 1 Clause 1 Letter f GDPR.

Data processed and categories of data

We process all information that you make available to us of your own accord, but in principle no more. However, in addition to the content you submit, we may have access to information about your profile and your actions, depending on your privacy settings.

Information on the storage period

As far as possible, your data will be deleted when the operation of our presence in the respective social network is discontinued. If further storage of data is carried out by the platform operator, this is based exclusively on the provisions in its data protection guidelines and terms of use, which you agreed to when registering for the respective service.

Your rights regarding data protection

Right to information

According to Art. 15 Para. 1 GDPR, a data subject has the right to request confirmation from us as to whether we are processing his/her personal data. If this is not the case or if data has been processed anonymously, we will provide you with negative information (except in the case of abusive inquiries or if all information is already contained in this data protection declaration). On the other hand, a data subject can request very specific information about which personal data is being processed. To do this, we need specific information from you about which facts you would like information on. In addition, we must be able to clearly identify you. On request, we will be happy to provide you with the following information in accordance with Art. 15 (1) GDPR, unless this is evident from our data protection declarations:

Processing purpose
Categories of processed personal data
Past and future recipients or categories of recipients
Planned or specified storage period
Rights to rectification, erasure or restriction of processing
Right to object to data processing in accordance with Art. 21 GDPR
Right of appeal for the data subject to the supervisory authority
Origin of the data (if not collected by/from the data subject)
The existence of automated decision-making including profiling with meaningful information about the logic involved and the scope and intended effects of such procedures.
Data transfer to third countries and given guarantees according to Art. 46 DSGVO

There is no right to information if the provision of the requested information would violate a confidentiality obligation or the information must be kept secret for other reasons, in particular because of an overriding legitimate interest of a third party. Deviating from this, there may be an obligation to provide information if your interests outweigh the interest in secrecy, especially taking into account impending damage. The right to information is also excluded if the data is only stored because it may not be deleted due to legal or statutory retention periods or is used exclusively for data backup or data protection control purposes, provided that the provision of information would require a disproportionate amount of effort and processing for other purposes is excluded by appropriate technical and organizational measures.

Right to withdraw consent

As the data subject, you have the right to revoke your consent at any time with effect for the future. The revocation of consent can be communicated informally by telephone, e-mail or to our postal address. The revocation does not affect the legality of the data processing that has taken place on the basis of the consent up to the receipt of the revocation. After receipt of the revocation, the data processing, which was based exclusively on your consent, will be discontinued.

Right to object

In accordance with Art. 21 GDPR, you can object to the future processing of data concerning you at any time. The objection can be made in particular against processing for direct advertising purposes. If the processing is based on Art. 6 Para. 1 Sentence 1 Letter e) GDPR (performing a task in the public interest or in the exercise of official authority) or on Art. 6 Para. 1 Sentence 1 Letter f) GDPR (legitimate interest of the person responsible or a third party), you have the right to object to the processing of your personal data at any time for reasons that arise from your particular situation. This also applies to profiling based on Art. 6 Para. 1 Sentence 1 Letter e) or Letter f) GDPR. After you have exercised your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to Erasure and Restriction

According to Art. 17 GDPR, you have the right to erasure (“right to be forgotten”), provided that the processing is not necessary to exercise the right to freedom of expression, the right to information or to fulfill a legal obligation or to perform a task that is public interest is necessary and one of the following reasons applies:

The personal data are no longer necessary for the purposes for which they were processed.
The sole justification for the processing was your consent, which you revoked.
You have objected to the processing of your personal data, which we have made public.
You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing.
Your personal data has been processed unlawfully.
The deletion of the personal data is necessary to fulfill a legal obligation to which we are subject.

There is no right to deletion if, in the case of lawful, non-automated data processing, deletion is not possible or only possible with disproportionate effort due to the special type of storage and your interest in deletion is low.

In this case, the restriction of processing in accordance with Art. 18 GDPR takes the place of deletion. You can ask us to restrict processing if one of the following reasons applies:

You contest the accuracy of the personal data. In this case, the restriction can be requested for a period of time that enables us to verify the accuracy of the data.
The processing is unlawful and you request the restriction of the use of your personal data instead of deletion. We no longer need your personal data for the purposes of processing that you need to assert, exercise or defend legal claims.
You have lodged an objection in accordance with Article 21 (1) GDPR. The restriction of processing can be requested as long as it is not yet clear whether our legitimate reasons outweigh your reasons.

Restriction of processing means that the personal data will only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest. Before we lift the restriction, we have a duty to let you know.

Right to Rectification

In accordance with Art. 16 GDPR, you have the right to request the completion of the data concerning you or the correction of incorrect data concerning you.

Right to Complaint

If you believe that the processing of your personal data is unlawful, you can contact us or, in accordance with Art. 77 GDPR, a data protection supervisory authority responsible for your place of residence, your place of work or the place of the alleged infringement (addresses), lodge a complaint.

Right to export or portability of your data

You have the right to data portability if the processing is based on your consent (Art. 6 Para. 1 Sentence 1 Letter a) or Art. 9 Para. 2 Letter a) GDPR) or on a contract to which you are a party and the processing is carried out using automated procedures. In this case, the right to data portability includes the following rights, provided this does not affect the rights and freedoms of other persons: You can request that we receive the personal data that you have provided to us in a structured, common and machine-readable format . You have the right to transmit this data to another responsible person without hindrance on our part. As far as technically feasible, you can request that we transmit your personal data directly to another person responsible.

Definitions/Glossary

With regard to the terms used, such as “processing”, “person responsible” or “processor”, we also refer to the official definitions, in particular in Article 4 of the GDPR, despite our definitions below.

The following terms are used in our data protection information:

a) Personal data

This means all information that relates to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified (directly or indirectly) by means of assignment to identifiers such as name, customer or identification number, location data, online identifier (e.g. cookie) or special features. Special features are, for example, information on the physical, physiological, genetic, psychological, economic, cultural or social identity of natural persons.

b) Data subject

A data subject is any identifiable or identified natural person whose personal data is processed by the (processing) controller.

c) Processing

Processing activities can be: collection, recording, organisation, ordering, storage, adaptation or modification, reading, querying, use, disclosure through transmission, distribution or another form of provision, comparison or linking, restriction, deletion or destruction. Processing is any process (carried out with or without the use of automated processes) or any such series of processes in connection with personal data.

d) Restriction of processing

If processing is restricted, personal data will be marked with the aim of restricting future processing. The marking is particularly useful if the data cannot be deleted due to legal obligations (e.g. retention periods).

e) Profiling

The term profiling describes automated processing of personal data, which consists of using personal data to evaluate and analyze certain personal aspects of a natural person or, for example, to predict behavior. Aspects are, for example, work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or change of location.

f) Pseudonymization

Personal data is processed anonymously through pseudonymization, so that this data can no longer be assigned to a specific data subject without additional information. If suitable technical and organizational measures ensure the separation of the respective information, the personal data can neither be assigned to an identified nor an identifiable natural person.

g) Responsible body, person responsible or responsible for processing

Responsible body, person responsible or person responsible for processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the person responsible or the specific criteria for his naming can be provided for by Union law or the law of the Member States.

h) Processors

Processor is a natural or legal person (e.g. company), authority, institution or other body that processes personal data on behalf of the person responsible.

i) Recipient

The recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed (including third parties, see below). Public authorities receiving personal data under Union or Member State law are not considered recipients when carrying out an investigation.

j) Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct responsibility of the controller or processor, are authorized to process the personal data.

k) Consent

Consent is a voluntary, informed and unequivocal expression of will given by the data subject for a specific purpose in the form of a declaration or other clear affirmative action, with which the data subject indicates that they consent to the processing of their personal data agrees.

l) Cookies

“Cookies” are files that are stored by the operator of an online service on the user’s device in the browser. Cookies can contain different information. A cookie is primarily used to store information about a visitor (or the device on which the cookie is stored) during or after their visit to an online offer. “Session cookies” are temporary cookies. These are deleted after a user has left an online offer and closes his browser. In such a cookie, for example, the content of a shopping cart in an online shop or a login status can be saved. Permanent cookies, on the other hand, remain stored even after the browser is closed. The interests of visitors can be stored in a cookie, which can be used for range measurement or marketing purposes. These can also be cookies from providers other than the person responsible for operating the online offer.

More information

Relevant legal bases

In accordance with Art. 13 GDPR, we will inform you of the legal basis for our data processing. If the legal basis is not mentioned in the data protection declaration, the following applies: The legal basis for obtaining consent is Article 6 (1) (a) and Article 7 GDPR and Section 25 (1) TTDSG, the legal basis for processing for fulfilment of our services and implementation of contractual measures as well as answering inquiries is Article 6 Paragraph 1 Letter b GDPR, the legal basis for processing to fulfill our legal obligations is Article 6 Paragraph 1 Letter c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 Paragraph 1 lit. d GDPR serves as the legal basis.

Mandatory notices

In principle, there is no transfer of data to third countries, profiling or automated decision-making. If so, the exceptions/individual cases are described in the respective data protection declaration.

Cooperation with processors and third parties

If, as part of our processing, we disclose data to other people and companies (contract processors or third parties), transmit it to them or otherwise grant them access to the data, this is only done on the basis of legal permission (e.g. if the data is transmitted to third parties, as to payment service providers, pursuant to Art. 6 (1) (b) GDPR is required for the fulfillment of the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 DSGVO.

Transfers to third countries

If we process data in a third country (outside the EU/EEA) or if this happens as part of the use of third-party services or disclosure or transmission of data to third parties, this only takes place if it is necessary to fulfill our (pre)contractual obligations, based on your consent, based on a legal obligation or based on our legitimate interests. Subject to legal or contractual permissions, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR are met. This means that the processing takes place e.g. B. on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to that of the EU (e.g. for the USA through the “Privacy Shield”) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

Notes on Consents

Granting consent to us is always voluntary. Failure to grant consent or its later revocation can nevertheless have consequences, about which we will inform you before granting consent. You can revoke your consent given to us at any time with future effect, e.g. by sending a message by post, fax or e-mail to the above address.

Data security

All data transmitted by you personally is encrypted using generally accepted and secure standards. In addition, we have taken appropriate technical and organizational security measures to protect your data against manipulation, loss, destruction or unauthorized access. Our security measures are continuously improved.

Actuality and change

Due to the further development of our offers or due to changed legal or official requirements, it may become necessary to adapt this data protection information. You can access and print out the current data protection information from this website at any time.

Severability Clause

Should individual provisions of this data protection declaration be or become invalid or unenforceable in whole or in part, this shall not affect the effectiveness of the remaining provisions. The same applies in the case of incomplete content.