Comforters
1) Information Collection and Data Controller Contact Details
1.1
We appreciate your visit to our website and your interest in our services. This document outlines how we handle your personal data when you use our website. Personal data encompasses all information that can be used to identify you personally.
1.2
Lulu Linens serves as the data controller for all processing activities on this website under the General Data Protection Regulation (GDPR). The data controller is defined as the natural or legal person who, either independently or in conjunction with others, determines the purposes and methods of personal data processing.
1.3
This website employs SSL or TLS encryption to ensure security and protect the transmission of personal data and other confidential information, including orders and inquiries submitted to the data controller. You can identify an encrypted connection by the "https://" prefix and the lock symbol displayed in your browser's address bar.
2) Data Collection During Website Visits
When you visit our website solely for informational purposes without registering or providing additional information, we collect only the data that your browser automatically transmits to our server, commonly referred to as "server log files." Upon accessing our website, we gather the following technically necessary data required to display the website properly:
- Website pages you accessed
- Date and time of each access
- Volume of data transmitted in bytes
- Source or referral site from which you arrived
- Browser type and version
- Operating system information
- IP address (anonymized when necessary)
This processing occurs under Article 6(1)(f) GDPR, based on our legitimate interest in maintaining and improving our website's stability and functionality. We do not share this data with third parties or use it for other purposes. However, we reserve the right to review server log files retroactively if concrete evidence suggests illegal activity.
3) Cookie Usage
We utilize cookies on various pages to enhance your website experience and enable specific functionalities. Cookies are small text files stored on your device during your visit. Some cookies expire when you close your browser session (session cookies), while others remain on your device and allow us or our partner companies to recognize your browser during future visits (persistent cookies). When cookies are activated, they collect and process individual user information, including browser data, location information, and IP address values. Persistent cookies automatically delete after a predetermined timeframe.
We use cookies to streamline the ordering process by preserving settings such as virtual shopping cart contents for subsequent visits. When our cookies process personal data, such processing occurs under Article 6(1)(b) GDPR for contract execution or Article 6(1)(f) GDPR to optimize website functionality and ensure user-friendly, efficient site navigation.
Cookie Management Instructions: You can configure your browser to notify you when cookies are set and make individual decisions about accepting them. You may choose to exclude cookies for specific cases or entirely. Each browser manages cookie settings differently, and specific instructions can be found in your browser's help menu. Reference links for cookie management are available for major browsers including Internet Explorer, Firefox, Chrome, Safari, and Opera.
Please note that disabling cookies may limit certain website functionalities.
4) Contact Communications
When you contact us through our contact form or email, we collect personal data as indicated on the respective contact form. We store and utilize this data exclusively for responding to your inquiry, maintaining contact with you, and managing associated technical administration tasks.
The legal basis for processing this data is our legitimate interest in responding to your request under Article 6(1)(f) GDPR. When your contact relates to contract conclusion, Article 6(1)(b) GDPR provides additional legal basis for processing. We delete your data following complete resolution of your inquiry, determined when circumstances indicate the matter has been conclusively addressed.
5) Account Creation and Contract Processing
Under Article 6(1)(b) GDPR, we continue to collect and process personal data when you provide it for contract execution or customer account creation. The specific data collected is clearly indicated on the respective input forms. You may delete your customer account at any time by sending a request to the data controller address specified above. We store and use your provided data for contract processing purposes. Following complete contract fulfillment or customer account deletion, we block your data in accordance with tax and commercial retention requirements and delete it after these retention periods expire.
6) Single Sign-On Services
Facebook Connect: You may access our website using the "Facebook Connect" social plugin provided by Facebook, Inc. This service utilizes "single sign-on" technology, allowing users with Facebook profiles to log in using their Facebook credentials without creating separate accounts. The "Facebook Connect" button is identifiable by the Facebook logo. When you use this feature, your browser establishes direct communication with Facebook servers, and Facebook transmits the button content directly to your browser for website integration.
By using "Facebook Connect," you consent to using your Facebook profile data for website login purposes, subject to your Facebook privacy settings. This may include your user ID, name, profile picture, age, and gender information. Changes to Facebook's privacy policy or terms of use may affect data transfer arrangements. You may revoke your consent at any time by contacting the data controller specified at the beginning of this document.
Facebook Inc. maintains certification under the US-European data protection agreement "Privacy Shield," ensuring compliance with EU data protection standards.
Additional information regarding Facebook's privacy practices is available in Facebook's Privacy Policy. To prevent Facebook from associating data collected through our website with your Facebook profile, you must log out of Facebook before visiting our site. You can also prevent Facebook plugin loading entirely using browser add-ons such as "Adblock Plus."
7) Direct Marketing Data Usage
Email Newsletter Registration: By subscribing to our newsletter, you consent to receive information about our products and services. Your email address is the only required information for newsletter receipt. Additional data provision is voluntary and enables personalized communication. We employ a double opt-in procedure for newsletter distribution, meaning we send newsletters only after you explicitly confirm your consent to receive them. We will send a confirmation email requesting that you click a link to verify your desire to receive future newsletters.
By clicking the confirmation link, you provide consent for us to use your personal data under Article 6(1)(a) GDPR. We store your Internet Service Provider (ISP) IP address along with registration date and time to prevent potential email address misuse. Data collected during newsletter registration is used exclusively for newsletter promotional communication. You may unsubscribe at any time using the link provided in newsletters or by contacting the person mentioned above. Following unsubscription, we immediately delete your email address from our newsletter distribution list.
8) Order Processing Data Handling
8.1
We share collected personal data with delivery companies commissioned for goods shipment when necessary for delivery completion. We transmit payment data to designated credit institutions during payment processing when required for transaction handling. When we utilize payment service providers, we provide explicit information below. The legal basis for data transfer is Article 6(1)(b) GDPR.
8.2
To fulfill contractual obligations to customers, we collaborate with external shipping partners. We share your name and delivery address with selected shipping partners exclusively for goods delivery purposes, in accordance with Article 6(1)(b) GDPR.
8.3 Payment Service Provider Usage
Amazon Pay: When you select "Amazon Pay" as your payment option, Amazon Payments Europe sca, 5 Rue Plaetis, L-2338 Luxembourg processes the payment. We transmit data provided during ordering along with order information to Amazon Payments under Article 6(1)(b) GDPR. Your data is transmitted solely for payment processing purposes with Amazon Payments and only as necessary. Additional information about Amazon Payments' privacy policies is available in their Privacy Policy.
PayPal: For payments via PayPal, credit card via PayPal, direct debit via PayPal, or available "purchase on account" or "installment payment" options via PayPal, we transmit payment details to PayPal (Europe) SÃ rl et Cie, SCA, 22-24 Boulevard Royal, L-2449 Luxembourg. This transfer occurs under Article 6(1)(b) GDPR and only when necessary for payment processing.
PayPal reserves the right to conduct credit checks for specific payment methods including credit card via PayPal, direct debit via PayPal, or available "purchase on account" or "installment payment" options. Your payment data may be shared with credit agencies based on PayPal's legitimate interest in determining creditworthiness under Article 6(1)(f) GDPR. PayPal uses credit check results regarding statistical payment default probability for payment method provision decisions. Credit information may include probability values (score values). When score values appear in credit reports, they are based on scientifically recognized mathematical-statistical procedures. Address data is included in score value calculations among other factors. Additional data protection information, including credit agencies used, is available in PayPal's Privacy Policy.
You may object to this data processing at any time by contacting PayPal. However, PayPal may retain the right to process your personal data when necessary for contractual payment processing.
SOFORT: When you choose "SOFORT" payment method, SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany processes the payment. We transmit ordering process data along with order information to SOFORT under Article 6(1)(b) GDPR. Your data is shared solely for SOFORT payment processing purposes and only when necessary. Additional information about SOFORT's data protection provisions is available in their Privacy Policy.
Stripe: When you select a Stripe payment method, Stripe Payments Europe Ltd, Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland processes the payment. We transmit ordering process information along with order details to Stripe in accordance with Article 6(1)(b) GDPR. Your data is transmitted solely for payment processing with Stripe Payments Europe Ltd and only to the necessary extent. Additional information about Stripe's data protection practices is available in their Privacy Policy.
9) Data Subject Rights
9.1
Applicable data protection law grants you comprehensive information and intervention rights regarding your personal data processing, which we outline below:
Right of Access under Article 15 GDPR: You have the right to access your personal data processed by us, including processing purposes, categories of processed personal data, recipients or recipient categories to whom your data has been or will be disclosed, planned storage periods or storage period determination criteria, rights to correction, deletion, processing limitation or objection, complaint filing rights, data sources when not collected from you, automated decision-making existence including profiling and meaningful information about involved logic and scope and intended effects of such processing, and information about Article 46 GDPR guarantees when data is transferred to third countries.
Right to Rectification under Article 16 GDPR: You have the right to immediate correction of incorrect data concerning you and completion of incomplete data stored by us.
Right to Erasure under Article 17 GDPR: You have the right to demand deletion of your personal data when Article 17(1) GDPR requirements are met. However, this right does not exist when processing is necessary for exercising freedom of expression and information rights, fulfilling legal obligations, serving public interest reasons, or asserting, exercising, or defending legal claims.
Right to Restriction of Processing under Article 18 GDPR: You have the right to demand processing restriction of your personal data during correctness verification of disputed data, when you refuse data deletion due to unauthorized processing and instead demand processing restriction, when you need data for asserting, exercising, or defending legal claims after we no longer need the data following purpose achievement, or when you have lodged objection for special situation reasons pending determination of whether our legitimate reasons prevail.
Right to be Informed under Article 19 GDPR: When you assert rectification, erasure, or processing restriction rights to the controller, they must inform all recipients to whom your personal data was disclosed about this rectification, data erasure, or processing restriction, unless this proves impossible or involves disproportionate effort. You have the right to information about these recipients.
Right to Data Portability under Article 20 GDPR: You have the right to receive your personal data provided to us in structured, commonly used, and machine-readable format or request transmission to another controller when technically feasible.
Right to Withdraw Consent under Article 7(3) GDPR: You have the right to withdraw your data processing consent at any time with future effect. Upon withdrawal, we immediately delete concerned data unless further processing can be based on legal grounds for processing without consent. Consent withdrawal does not affect processing lawfulness based on consent before withdrawal.
Right to Lodge a Complaint under Article 77 GDPR: If you believe your personal data processing violates GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in your habitual residence Member State, workplace, or alleged infringement location.
9.2 Right to Object
When we process your personal data based on our overriding legitimate interest, you have the right to object to this processing with future effect for reasons arising from your particular situation.
When you exercise your objection right, we will cease processing the affected data. However, we reserve the right to continue processing when we can demonstrate compelling legitimate grounds for processing that outweigh your interests, fundamental rights and freedoms, or when processing serves to assert, exercise, or defend legal claims.
When we process your personal data for direct advertising operations, you have the right to object at any time to personal data processing for such advertising purposes. You can exercise this objection as described above.
When you exercise your objection right, we will cease processing relevant data for direct advertising purposes.
10) Personal Data Storage Duration
Personal data storage duration is determined by respective legal retention periods, including commercial and tax retention requirements. Following these period expirations, corresponding data is routinely deleted, provided it is no longer necessary for contract fulfillment or initiation and no legitimate interest exists on our part for continued storage.