Privacy Policy

1. At a glance

General
This page explains what happens to your personal data when you use this website. Personal data means any information relating to an identified or identifiable person. Details follow below.

Who is responsible?
Data processing is carried out by the website operator. See “Controller” below for contact details.

How do we collect data?

• Data you provide (e.g. via a contact form).
• Other data are collected automatically or based on your consent when visiting the site (e.g. browser, OS, time of access).

What do we use your data for?

• To provide a fault-free website.
• To analyze usage.
• If contracts can be initiated/concluded via the website: to handle offers, orders or related requests.

Your rights
You have rights of access, rectification, erasure, restriction of processing, data portability, withdrawal of consent, and the right to lodge a complaint with a supervisory authority.

2. Hosting

All-Inkl
Provider: ALL-INKL.COM – Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany. Details: https://all-inkl.com/datenschutzinformationen/.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable presentation). Where consent is requested, processing additionally relies on Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG (e.g. for cookies/device access). Consent can be withdrawn at any time.

Data Processing Agreement
We have a DPA with the provider to ensure GDPR-compliant processing on our instructions.

3. General information & mandatory disclosures

Data protection
We treat your personal data confidentially and in accordance with the law and this policy. Note: internet data transmission (e.g. email) may have security gaps.

Controller
Studio LUX
Fabienne Freymadl
Tempelhofer Damm 145, 12099 Berlin, Germany
Phone: 030 / 7544 3143
Email: info@bdsm-studio-lux.de

Storage period
Unless stated otherwise below, data are stored until the purpose no longer applies. After a deletion request or consent withdrawal, we delete data unless legal retention duties require longer storage.

Legal bases
Depending on purpose: Art. 6(1)(a) (consent), (b) (contract/pre-contract), (c) (legal obligation), (f) GDPR (legitimate interests). For third-country transfers based on consent: Art. 49(1)(a) GDPR. For device access/cookies: Sec. 25(1) TDDDG (consent).

Recipients
We share data with external parties only if necessary for contract performance, if legally required, if we have a legitimate interest (Art. 6(1)(f) GDPR), or if another legal basis applies. DPAs are in place with processors; joint controllership agreements where applicable.

Right to withdraw consent
You may withdraw consent at any time with future effect.

Right to object (Art. 21 GDPR)
If processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions.
If your data are processed for direct marketing, you have the right to object at any time; this also applies to profiling related to such marketing.

Right to lodge a complaint
You may lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or the place of the alleged infringement.

Data portability
For automated processing based on consent or contract, you may receive data in a machine-readable format or—where technically feasible—request direct transfer to another controller.

Access, rectification, erasure
You may request free information about your stored personal data and, where applicable, rectification or erasure.

Restriction of processing
You may request restriction, e.g.

• while we verify contested data,
• instead of erasure where processing was unlawful,
• when we no longer need data but you need them for legal claims,
• pending the outcome of a balancing test after an objection under Art. 21(1) GDPR.
  Where restricted, data (apart from storage) are processed only with consent, for legal claims, to protect third-party rights, or for important public interests.

TLS/SSL encryption
This site uses HTTPS. You can recognize an encrypted connection by “https://” and the lock icon in your browser.

4. Data collection on this website

Cookies
We may use session cookies (deleted after the session) and persistent cookies. Cookies can be first-party or third-party and serve various purposes (e.g. cart, embeds, audience measurement).
Necessary cookies: Art. 6(1)(f) GDPR.
Where consent is required: Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG.
You can configure your browser to inform you about cookies, allow them only in specific cases, or block them entirely. Functionality may be limited if cookies are disabled.

Contact form
If you send requests via the contact form, we store the data you enter, including contact details, to process your request and for follow-ups. We do not share them without consent.
Legal basis: Art. 6(1)(b) GDPR (contract-related) or Art. 6(1)(f) GDPR (legitimate interest), or Art. 6(1)(a) GDPR (consent).
Data are retained until purpose ceases/you request deletion/withdraw consent; statutory retention remains unaffected.

Requests by email/phone/fax
We store and process your inquiry and related personal data to handle your request. No sharing without consent.
Legal basis as above (Art. 6(1)(b)/(f) or (a) GDPR).
Deletion after purpose ceases/withdrawal; statutory retention remains unaffected.

5. Analytics and advertising

Matomo
We use Matomo (open-source web analytics) to measure site usage (e.g. page views, regions, truncated IP, referrers, browsers/OS, actions such as clicks).

• IP anonymization: IPs are truncated before analysis.
• Cookieless analytics: Matomo is configured to set no cookies.
• Do Not Track: Respected.
• Hosting: Matomo runs exclusively on our own servers; analytics data are not shared.
• Retention: Raw data are kept for 12 months.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in optimization). Where consent is requested, additionally Art. 6(1)(a) GDPR and Sec. 25(1) TDDDG. Consent can be withdrawn at any time.

6. Newsletter

If you subscribe to a newsletter, we require your email address and confirmation (double opt-in). Additional data are voluntary. No sharing with third parties.

Legal basis: Art. 6(1)(a) GDPR (consent). You can unsubscribe at any time via the “unsubscribe” link.

Data are stored until you unsubscribe or the purpose no longer applies. We may, in our legitimate interest (Art. 6(1)(f) GDPR), block/delete email addresses to prevent future mailings (blacklist). Storage on such a blacklist is not time-limited. You may object if your interests override ours.

Source: https://www.e-recht24.de