LuminaX DigitalLuminaX Digital

Privacy Policy

Last updated: September 28, 2025

1. Introduction

Welcome to LuminaX Digital ('we,' 'our,' or 'us'). We respect your privacy and are committed to protecting your personal data. This privacy policy informs you about how we handle your personal data when you visit our website and tells you about your privacy rights according to the EU General Data Protection Regulation (GDPR) and German data protection laws, particularly the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

2. Controller Information

The controller responsible for the processing of your personal data under applicable data protection laws is:

LuminaX Digital
Represented by: Fabian Faraz Farid
Friedrich-Ebert-Straße 65
41236, Mönchengladbach
Germany
Email: [email protected]
Phone: +49 152 22485035

3. Data Protection Officer

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact our DPO at:

[DPO Name]
Email: [email protected]
Address: [DPO Address]

4. Personal Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you which we have grouped as follows:

  • Identity Data includes first name, last name, username or similar identifier.
  • Contact Data includes email address, telephone numbers, and postal address.
  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
  • Usage Data includes information about how you use our website, products, and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

For B2B direct marketing and lead generation, we typically collect professional Identity Data (first name, last name, job title) and professional Contact Data (corporate email address, company phone number, company name, and company address).

5. How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

  • Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email, or otherwise.
  • Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns.
  • Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources. Specifically, for B2B direct marketing purposes, we may collect professional contact information (such as name, job title, company name, and corporate email address) from publicly available sources including company websites, professional networking platforms (e.g., LinkedIn), and public business registers.

6. Legal Basis for Processing Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

Where we need to perform a contract we are about to enter into or have entered into with you.

Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Where we need to comply with a legal obligation.

Where you have given consent to the processing of your personal data for one or more specific purposes.

7. Purposes for Which We Use Your Personal Data

We have set out below a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so:

  • To conduct B2B direct marketing and lead generation activities (legitimate interests). This includes sending relevant email communications to potential business clients whose professional roles align with our services, based on our assessment that they would have a legitimate interest in receiving information about our digital marketing, web design, or AI solutions that can benefit their business.
  • To register you as a new customer (performance of a contract).
  • To process and deliver services (performance of a contract, legitimate interests).
  • To manage our relationship with you (performance of a contract, legal obligation, legitimate interests).
  • To enable you to participate in a survey or feedback (consent, legitimate interests).
  • To administer and protect our business and this website (legal obligation, legitimate interests).
  • To deliver relevant website content to you (legitimate interests).
  • To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences (legitimate interests).

7a. Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC ("Google"). Here we explain how we handle your data when using this service:

About the service

Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.

Data collected

Google Analytics collects the following types of data:

  • • User behavior data (page views, referral sources, navigation paths)
  • • Device and network information (IP address, browser information, device type)
  • • Geographic data (country, region, city)
  • • Interaction data (clicks, scrolls, form completions)

Legal basis

We process this data based on Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest lies in analyzing, optimizing, and maintaining the functionality and user-friendliness of our website, as well as in the economic operation of our online presence.

Data protection measures

We have taken the following measures to protect your privacy:

  • • IP anonymization: We have activated IP anonymization, so your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before transmission to the USA
  • • Data processing agreement: We have concluded a data processing agreement with Google for the use of Google Analytics
  • • Storage limitation: Your data will be deleted after 26 months

Your rights

You can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by:

  • • Refusing the use of cookies by selecting the appropriate settings on your browser
  • • Installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout
  • • Setting your cookie preferences in our cookie consent manager that appears when you first visit our website

Third country transfer

By using Google Analytics, your data may be transferred to Google servers in the United States. The European Court of Justice has ruled that the USA does not offer an adequate level of data protection. This transfer is based on appropriate safeguards, namely standard contractual clauses approved by the European Commission.

For more information about how Google Analytics handles user data, please see Google's privacy policy: https://policies.google.com/privacy

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

9. Your Rights Under Data Protection Laws

Under certain circumstances, you have rights under data protection laws in relation to your personal data:

Right to access

You have the right to request access to your personal data.

Right to rectification

You have the right to request correction of your personal data.

Right to erasure

You have the right to request erasure of your personal data.

Right to restrict processing

You have the right to request restriction of processing of your personal data.

Right to data portability

You have the right to request the transfer of your personal data.

Right to object

You have the right to object to processing of your personal data.

Right to withdraw consent

You have the right to withdraw consent where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

10. Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

11. International Transfers

We share your personal data within our group, including with entities that may be based outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or transfers to countries deemed adequate. Additionally, certain third-party services we use, such as Google Analytics, involve transfers to the United States under these Standard Contractual Clauses, as described in Section 7a.

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

12. Changes to the Privacy Policy

We may update our privacy policy from time to time. We will notify you of any changes by posting the new privacy policy on this page. We will let you know via email and/or a prominent notice on our website, prior to the change becoming effective and update the 'last updated' date at the top of this privacy policy.

13. Contact

Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to our Data Protection Officer or to us using the contact details provided above.

14. Complaints

You have the right to make a complaint at any time to the Federal Commissioner for Data Protection and Freedom of Information (BfDI) or to the respective state data protection authority in Germany, the supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.