Privacy Policy
1) Information on the Collection of Personal Data and Contact Details of the Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. This Privacy Policy explains how we handle your personal data when you use our website. Personal data is any data with which you can be personally identified.
1.2 The controller responsible for data processing on this website under the General Data Protection Regulation (GDPR) is: Luna and Rose. The controller is the individual or legal entity that determines the purposes and means of the processing of personal data.
1.3 To protect your personal data and other confidential content (e.g. orders or inquiries), this website uses SSL or TLS encryption. You can recognize an encrypted connection by βhttps://β and the lock icon in your browser.
2) Data Collection When Visiting Our Website
When you visit our website without registering or otherwise providing information, we collect only the data your browser transmits to our server (βserver log filesβ), including:
- Visited website
- Date and time of access
- Data volume sent (in bytes)
- Referrer (source)
- Browser and operating system
- IP address (possibly in anonymized form)
This processing is based on Art. 6 para. 1 lit. f GDPR our legitimate interest in website stability and functionality. We may check server log files later if there's evidence of unlawful use.
3) Cookies
We use cookies to make your visit more pleasant and enable certain functions. These small text files are stored on your device.
- Session cookies: deleted after closing your browser.
- Persistent cookies: remain on your device to recognize your browser on future visits.
Cookies may collect browser, location, and IP information. Persistent cookies are deleted automatically after a set time.
Cookies also help simplify orders by remembering settings (e.g., shopping cart contents). Where personal data is processed, itβs based on Art. 6 para. 1 lit. b or f GDPR.
We may use third-party cookies from advertising partners to enhance our offerings. You will be informed separately about those.
You can configure your browser to notify you about cookies, allow them individually, or block them. Blocking cookies may limit website functionality.
4) Contacting Us
When contacting us (e.g. via form or email), we collect the data you provide to respond to your inquiry. Processing is based on Art. 6 para. 1 lit. f GDPR. If your inquiry relates to a contract, Art. 6 para. 1 lit. b GDPR also applies. Your data is deleted once your inquiry is resolved unless legal obligations require retention.
5) Customer Account & Contract Fulfillment
When you open an account or place an order, we collect personal data as shown in the forms. Data processing is based on Art. 6 para. 1 lit. b GDPR.
You may request deletion of your account at any time. After contract fulfillment or account deletion, your data will be blocked and deleted after tax/commercial retention periods, unless you consent to further use.
6) Use of Data for Direct Marketing
6.1 Newsletter Subscription
If you subscribe to our newsletter, we will send you regular promotional emails. Only your email address is required. We use a double opt-in process. Consent is given under Art. 6 para. 1 lit. a GDPR. You can unsubscribe anytime via the link in the email or by contacting us.
6.2 Newsletter for Existing Customers
If you provided your email during a purchase, we may email you offers for similar products under Art. 6 para. 1 lit. f GDPR. You can object at any time.
7) Order Processing
7.1 Your personal data will be passed to the delivery service or payment provider as needed to fulfill your order (Art. 6 para. 1 lit. b GDPR).
7.2 Payment Services
- PayPal: Data shared with PayPal Europe for payments. PayPal may run credit checks (Art. 6 para. 1 lit. f GDPR). Privacy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- SOFORT: Payments via SOFORT GmbH (part of Klarna). Privacy: https://www.klarna.com/sofort/datenschutz
8) Review Reminders
We may email you once to remind you to leave a product review, if you consented under Art. 6 para. 1 lit. a GDPR. You may withdraw consent anytime.
9) Use of Social Media Plugins
We use Shariff social media integrations for Facebook, Google+, and Instagram. This prevents direct connections to third-party servers unless you click the plugin. Privacy policies:
- Facebook: https://www.facebook.com/policy.php
- Google: https://www.google.com/policies/privacy/
- Instagram: https://help.instagram.com/155833707900388/
10) Online Marketing
10.1 DoubleClick by Google
Cookies used to prevent repeat ads and measure conversions. Processing is based on Art. 6 para. 1 lit. f GDPR. Privacy: https://www.google.de/policies/privacy/
10.2 Google AdWords Conversion Tracking
Cookies track ad performance and conversions. If you do not wish to be tracked, you can block cookies in your browser.
11) Web Analytics
Google Analytics (Universal Analytics)
Used to analyze user behavior. IPs are anonymized. Processing is based on Art. 6 para. 1 lit. f GDPR. Opt-out:
https://tools.google.com/dlpage/gaoptout?hl=de
Cross-device tracking is done using a pseudonymized user ID.
12) Retargeting/Remarketing
- Facebook Pixel: Tracks effectiveness of Facebook ads. Data is anonymous to us. Consent required under Art. 6 para. 1 lit. a GDPR. Privacy: https://www.facebook.com/about/privacy/
- Google AdWords Remarketing: Enables interest-based ads. If logged in to Google, cross-device tracking may apply. Privacy: https://www.google.com/policies/technologies/ads/
13) Data Subject Rights
You have the following rights under the GDPR:
- Access (Art. 15)
- Correction (Art. 16)
- Erasure (Art. 17)
- Restriction (Art. 18)
- Data portability (Art. 20)
- Withdraw consent (Art. 7(3))
- Lodge a complaint (Art. 77)
- Right to object (Art. 21)
If your personal data is used for direct marketing, you can object at any time.
14) Data Retention
Personal data is stored according to statutory retention periods (e.g. tax or commercial law). After the deadline, data is deleted unless needed for contract fulfillment or justified interests.