Privacy

This privacy policy informs you about the nature, scope and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the websites, functions and content associated with it, as well as external online presences such as our social media profiles (hereinafter collectively referred to as the “online offering”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).

Lunatx Special Effects GmbH
Am Trippelsberg 105
40589 Düsseldorf
Germany

Phone: +49 211 41671230
Email: info(at)lunatx.de
Managing Directors: Frank Lohse, Stefan Howe

– Inventory data (e.g. names, addresses).
– Contact data (e.g. email addresses, telephone numbers).
– Content data (e.g. text entries, photographs, videos).
– Usage data (e.g. websites visited, interest in content, access times).
– Meta/communication data (e.g. device information, IP addresses).

Visitors and users of the online offering (hereinafter collectively referred to as “users”).

– Provision of the online offering, its functions and content.
– Responding to contact requests and communicating with users.
– Security measures.
– Reach measurement / marketing.

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier such as a cookie, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and covers virtually any handling of data.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not attributed to an identified or identifiable natural person.

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

In accordance with Art. 13 GDPR, we inform you about the legal bases of our data processing. Unless the legal basis is specified in this privacy policy, the following applies: the legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR; the legal basis for processing for the fulfilment of our services, the implementation of contractual measures and responding to enquiries is Art. 6 para. 1 lit. b GDPR; the legal basis for processing for compliance with our legal obligations is Art. 6 para. 1 lit. c GDPR; and the legal basis for processing to safeguard our legitimate interests is Art. 6 para. 1 lit. f GDPR. In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

In accordance with Art. 32 GDPR, taking into account the state of the art, implementation costs and the nature, scope, context and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

These measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, transfer, securing availability and separation. Furthermore, we have established procedures to ensure the exercise of data subject rights, deletion of data and response to data threats. We also take the protection of personal data into account during the development and selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Art. 25 GDPR).

If, in the course of our processing, we disclose data to other persons or companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only take place on the basis of a legal permission, if you have given your consent, if a legal obligation requires it or on the basis of our legitimate interests, for example when using service providers or hosting providers.

If we commission third parties to process data on the basis of a so-called data processing agreement, this is done on the basis of Art. 28 GDPR.

If we process data in a third country, i.e. outside the European Union (EU) or the European Economic Area (EEA), or if this occurs in the context of using third-party services or disclosing or transferring data to third parties, this will only take place if it is necessary for the fulfilment of our contractual or pre-contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have data processed in a third country only if the special requirements of Art. 44 et seq. GDPR are met. Processing may therefore take place, for example, on the basis of adequacy decisions of the European Commission or standard contractual clauses.

You have the right to request confirmation as to whether data concerning you is being processed and to obtain information about this data as well as further information and a copy of the data in accordance with Art. 15 GDPR.

In accordance with Art. 16 GDPR, you have the right to request the completion of data concerning you or the correction of inaccurate data concerning you.

In accordance with Art. 17 GDPR, you have the right to request that data concerning you be deleted without undue delay, or alternatively, in accordance with Art. 18 GDPR, to request restriction of the processing of the data.

You have the right to receive the data concerning you that you have provided to us in accordance with Art. 20 GDPR and to request its transfer to other controllers.

You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

You have the right to withdraw consent granted in accordance with Art. 7 para. 3 GDPR with effect for the future.

You may object to the future processing of data concerning you at any time in accordance with Art. 21 GDPR. The objection may in particular be made against processing for direct marketing purposes.

Cookies are small files that are stored on users’ computers. Different information can be stored within cookies. A cookie primarily serves to store information about a user or the device on which the cookie is stored during or after a visit to an online offering. Temporary cookies, also known as session cookies or transient cookies, are deleted after a user leaves an online offering and closes the browser. Persistent cookies remain stored even after the browser is closed. Third-party cookies are cookies offered by providers other than the controller operating the online offering.

We may use temporary and persistent cookies and provide information about this within this privacy policy.

If users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in their browser settings. Stored cookies can be deleted in the browser settings. Excluding cookies may result in functional limitations of this online offering.

A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via http://www.aboutads.info/choices/ or http://www.youronlinechoices.com/. In addition, cookies can be prevented from being stored by disabling them in the browser settings. Please note that in this case not all functions of this online offering may be available.

The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and no statutory retention obligations prevent deletion. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.

In accordance with legal requirements in Germany, retention is generally 10 years pursuant to Sections 147 para. 1 AO and 257 para. 1 no. 1 and 4, para. 4 HGB, and 6 years pursuant to Section 257 para. 1 no. 2 and 3, para. 4 HGB.

In addition, we process contract data (e.g. subject matter of the contract, term, customer category) and payment data (e.g. bank details, payment history) from our customers, prospective customers and business partners for the purpose of providing contractual services, customer service, customer relationship management, marketing, advertising and market research.

We process the data of our contractual partners and interested parties as well as other clients, customers or business partners (collectively referred to as “contractual partners”) in accordance with Art. 6 para. 1 lit. b GDPR in order to provide our contractual or pre-contractual services. The processed data, the type, scope and purpose of processing as well as the necessity of processing are determined by the underlying contractual relationship.

The processed data includes master data of our contractual partners, contact data, contract data and payment data.

We generally do not process special categories of personal data unless these are part of commissioned or contractual processing.

We process data required for establishing and fulfilling contractual services and point out the necessity of providing such data where this is not obvious to the contractual partners. Disclosure to external persons or companies only takes place if required within the framework of a contract.

When processing data provided to us within the scope of an order, we act in accordance with the instructions of the client and legal requirements.

Within the scope of using our online services, we may store the IP address and the time of the respective user action. Storage is based on our legitimate interests as well as the interests of users in protection against misuse and other unauthorised use.

The data is deleted when it is no longer required for the fulfilment of contractual or legal obligations. Statutory retention obligations remain unaffected.

We process data within the scope of administrative tasks, organisation of our business operations, financial accounting and compliance with legal obligations, such as archiving. In this context, we process the same data that we process in the course of providing our contractual services. The legal bases are Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR.

We disclose or transmit data to tax authorities, consultants such as tax advisors or auditors, as well as other fee offices and payment service providers where necessary.

Furthermore, based on our business interests, we store information about suppliers, organisers and other business partners, for example for future contact purposes. This predominantly company-related data is generally stored permanently.

In order to operate our business economically and identify market trends, wishes of contractual partners and users, we analyse data available to us regarding business transactions, contracts and enquiries. We process inventory data, communication data, contract data, payment data, usage data and metadata on the basis of Art. 6 para. 1 lit. f GDPR.

The analyses are carried out for business evaluations, marketing and market research purposes. They serve to improve user-friendliness, optimise our offering and support business operations. The analyses are used by us only and are not disclosed externally unless they are anonymous analyses with aggregated values.

Where analyses or profiles are personal, they are deleted or anonymised when they are no longer required. General business analyses and trend assessments are created anonymously wherever possible.

When contacting us, for example by contact form, email, telephone or social media, the information provided by users is processed for handling the contact request and its processing in accordance with Art. 6 para. 1 lit. b GDPR. User information may be stored in a customer relationship management system or comparable enquiry organisation.

We delete enquiries if they are no longer required. We review the necessity every two years; statutory archiving obligations also apply.

The hosting services we use serve to provide infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services for the operation of this online offering.

In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data and meta/communication data of customers, interested parties and visitors on the basis of our legitimate interests in the efficient and secure provision of this online offering pursuant to Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR.

We or our hosting provider collect data on every access to the server on which this service is located (server log files) on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR. Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user’s operating system, referrer URL, IP address and the requesting provider.

Log file information is stored for security reasons for a maximum period of 7 days and then deleted. Data whose further retention is required for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.

We maintain online presences within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and privacy policies of their respective operators apply.

Unless otherwise stated in this privacy policy, we process user data if users communicate with us within social networks and platforms, for example by writing posts on our online presences or sending us messages.

Within our online offering, we use content or service offerings from third-party providers on the basis of our legitimate interests in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f GDPR, in order to integrate their content and services, such as videos or fonts.

This always requires that the third-party providers of such content receive the IP address of users, as they cannot send the content to the user’s browser without the IP address. The IP address is therefore required for the display of this content. Third-party providers may also use so-called pixel tags or web beacons for statistical or marketing purposes.

We may embed videos from the Vimeo platform, provided by Vimeo Inc., Attention: Legal Department, 555 West 18th Street, New York, New York 10011, USA. Privacy policy: https://vimeo.com/privacy. Please note that Vimeo may use Google Analytics and we refer to Google’s privacy policy (https://www.google.com/policies/privacy) as well as Google’s advertising settings (https://adssettings.google.com/).

We embed videos from the YouTube platform, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.

Where Google Fonts are used, we endeavour to integrate them in a privacy-friendly manner, for example by local hosting where technically possible. If external Google Fonts are loaded, data such as the user’s IP address may be transmitted to Google. Privacy policy: https://www.google.com/policies/privacy/.

We may use external Adobe Typekit fonts on the basis of our legitimate interests in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f GDPR. The provider is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland. Further information can be found in Adobe’s privacy policy.

Where the appropriate consent has been granted, we use functions and content provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (“Meta”), in particular Facebook and Instagram features as well as Meta Pixel or comparable tracking technologies where applicable.

In this context, personal data of users may be processed, in particular IP address, device and browser information, user behaviour on our website and interactions with content and advertisements.

By integrating these services, Meta may receive information that users have accessed the relevant pages of our online offering. If users are simultaneously logged into Facebook or Instagram, Meta may associate the visit with the respective user profile.

Processing is carried out exclusively on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR. Consent can be withdrawn or adjusted at any time via the cookie settings.

Further information on data processing by Meta:
https://www.facebook.com/privacy/policy/

Information on advertising settings at Meta:
https://www.facebook.com/adpreferences/ad_settings

Our website uses a consent management tool to obtain and document users’ consent for the storage of certain cookies and the use of certain technologies in compliance with data protection regulations.

The management of consent is carried out via the tool “Complianz”. Users may withdraw or adjust their consent at any time via the cookie settings on our website.

The legal basis for processing personal data in connection with obtaining and managing consent is Art. 6 para. 1 lit. c GDPR and Art. 6 para. 1 lit. f GDPR.

We use the so-called “Google Consent Mode V2” on our website. This is a Google function that enables the processing of data and the use of cookies depending on users’ consent decisions.

Depending on the consent granted, consent signals such as ad_storage, analytics_storage, ad_user_data and ad_personalization may be transmitted to Google.

These signals control processing in connection with Google Analytics, Google Ads and conversion tracking functions in particular.

Where the appropriate consent has been granted, we use Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyse the use of our website and evaluate visitor interactions. In this context, information such as visited pages, duration of visit, technical information about browser and device, visitor origin, interactions on the website and IP address may be processed. IP addresses are processed in shortened or anonymised form where applicable.

Google Analytics 4 uses cookies and similar technologies to recognise users. Use is carried out exclusively on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR.

Further information: https://policies.google.com/privacy

Where the appropriate consent has been granted, we use Google Ads Conversion Tracking. This allows us to determine whether users perform certain actions on our website after clicking on a Google advertisement, such as submitting a contact request.

Google may use cookies or similar technologies for this purpose. The data is used exclusively for statistical evaluation and optimisation of our advertising measures.

Processing is carried out on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR.

Further information: https://policies.google.com/privacy

We use Google Tag Manager provided by Google Ireland Limited. Google Tag Manager is used to manage and deploy website tags via a user interface.

Google Tag Manager itself generally does not process personal data, but may trigger other tags that collect data.

Further information: https://support.google.com/tagmanager

Where the appropriate consent has been granted, we use the LinkedIn Insight Tag provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

The LinkedIn Insight Tag enables us to statistically evaluate visitor interactions and measure the effectiveness of our LinkedIn campaigns. In this context, data such as URL, referrer URL, device information, browser information, timestamp and IP address may be processed.

The data is transmitted in encrypted form and pseudonymised within seven days where applicable. Processing is carried out exclusively on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR.

Further information: https://www.linkedin.com/legal/privacy-policy

When using services provided by Google, LinkedIn, Meta or other international providers, the transfer of personal data to third countries, in particular to the USA, cannot be excluded.

Data transfers take place on the basis of the applicable legal requirements, in particular on the basis of adequacy decisions of the European Commission or standard contractual clauses.

Users may withdraw or adjust consent granted at any time with effect for the future via the cookie settings on our website.

The lawfulness of processing carried out on the basis of consent before its withdrawal remains unaffected.