B2B
Search
CART(0)

Currently, your bag is empty.

Privacy policy

Introduction and Controller

This privacy policy applies to the website of Lupine lighting systems GmbH at lupinelights.com. We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and the Telecommunications Digital Services Data Protection Act (TDDDG).

Lupine lighting systems GmbH
Im Zwiesel 9
92318 Neumarkt
Germany
Email: info@lupinelights.com

Categories of Personal Data

When visiting and using our website, we process the following categories of personal data:

  • IP address and device information
  • Browser, access, and usage data
  • Contact data, such as name, email address, postal address, and phone number
  • Order and payment data, such as billing address, shipping address, and purchase history
  • Communication content, such as messages via contact forms or email
  • Consent preferences, such as cookie and consent settings
  • Conversion and interaction data in the context of analytics and advertising services
  • Hashed identifiers where processed for enhanced conversions or customer matching and only with consent

We process personal data for the following purposes and based on the following legal grounds:

  • Provision, security, and technical optimization of the website
    Legal basis: Art. 6(1)(f) GDPR
  • Order processing and contract fulfillment
    Legal basis: Art. 6(1)(b) GDPR
  • Communication and inquiries
    Legal basis: Art. 6(1)(b), (f), or (a) GDPR
  • Compliance with legal obligations
    Legal basis: Art. 6(1)(c) GDPR
  • Web analytics, reach measurement, conversion tracking, and marketing
    Legal basis: Art. 6(1)(a) GDPR in conjunction with § 25 TDDDG
  • Assertion, exercise, or defense of legal claims
    Legal basis: Art. 6(1)(f) GDPR

Cookies and Tracking Technologies

We use cookies and similar technologies on our website. Where information is stored on or accessed from your device, this is done on the basis of § 25 TDDDG.

  • Technically necessary technologies are used for website operation, shopping cart functions, security, load balancing, and consent management.
  • Analytics, marketing, and personalization technologies are only used with your explicit consent in accordance with Art. 6(1)(a) GDPR in conjunction with § 25 TDDDG.

You can adjust or withdraw your consent at any time with effect for the future via our consent management tool. The legality of processing carried out before withdrawal remains unaffected.

Cookiebot (Consent Management)

We use the consent management tool “Cookiebot” to obtain, manage, and document your consent for cookies and other technologies. Cookiebot sets a technically necessary cookie to store your preferences and provide proof of consent.

In this context, your IP address, browser and device information, consent status, and timestamp may be processed.

Legal basis:
Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR

Provider:
Usercentrics A/S
Havnegade 39
1058 Copenhagen
Denmark
https://www.cookiebot.com/de/privacy-policy/

Third-Party Services

Google Tag Manager

We use Google Tag Manager to manage website tags. The tool itself does not set cookies or process personal data for its own purposes but controls the loading of other scripts.

Provider:
Google Ireland Limited
Dublin, Ireland
https://policies.google.com/privacy

Google Analytics 4

We use Google Analytics 4 to analyze website usage. Data such as page views, interactions, device information, and approximate location may be processed. IP anonymization is enabled. Data may be transferred to servers in the USA.

Legal basis:
Art. 6(1)(a) GDPR in conjunction with § 25 TDDDG

Google Ads

We use Google Ads for advertising and conversion tracking. Remarketing may be used to display personalized ads.

With consent, hashed customer data may be processed for enhanced conversions and customer matching.

Microsoft Advertising

We use Microsoft Advertising (UET) to analyze ad performance and build remarketing audiences.

Microsoft Clarity

We use Microsoft Clarity for behavioral analytics (heatmaps, session recordings). Sensitive data is masked.

Server-Side Tracking (Stape)

Tracking requests may be processed via our own server before being forwarded to third parties.

ClickCease

We use ClickCease to detect invalid clicks on ads and prevent fraud.

Embedded Content

Embedded content (e.g., YouTube, Vimeo, Google Maps, Meta plugins) may process IP addresses and technical data when loaded.

International Data Transfers

Data may be transferred to countries outside the EEA, including the USA. Transfers are based on Standard Contractual Clauses or adequacy decisions such as the EU-US Data Privacy Framework.

Retention Periods

  • Order data: 10 years
  • Communication data: 3 years
  • Account data: until deletion
  • Consent records: according to legal requirements

Your Rights

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)
  • Withdrawal of consent (Art. 7(3) GDPR)

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority.

Changes

We may update this privacy policy at any time. The current version is available on our website.

Status: April 14, 2026