1. General Provisions
LUMINUS MOD d.o.o., headquartered at Dankovečka 12, Zagreb, Republic of Croatia, registered in the Commercial Court in Zagreb under MBS number: 080811826 (hereinafter: “LUMINUS MOD”), is the controller of the personal data collection of Users processed under these general terms.
LUMINUS MOD has processed users’ personal data in accordance with the Personal Data Protection Act (Official Gazette No. 103/03, 118/06, 41/08, 130/11, 106/12; hereinafter: “PDPA”). LUMINUS MOD has made necessary adjustments in its operations and processes personal data of Users in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation”) and will process personal data in accordance with the Act on the Implementation of the General Data Protection Regulation, which will replace the currently valid PDPA.
2. What Personal Data is Processed?
The personal data processed includes information obtained from Users when ordering our products through the webshop, registering an account on the LUMINUS MOD website, and registering as a Hug Loyalty customer on the LUMINUS MOD website. This personal data includes name and surname, email address, phone number, street and house number, postal code, and city.
3. Why is Personal Data Processed?
LUMINUS MOD processes Users’ personal data for the following purposes:
a) Processing personal data to deliver the ordered product to the User via webshop
The processing of the following personal data of the User: name and surname, email address, street and house number, postal code, and city, is necessary to conclude and execute the Contract (delivery of ordered products via webshop) between the User and LUMINUS MOD. In addition to the mentioned data, LUMINUS MOD also processes the phone number and email address if the User has provided such data for administration and communication with the User regarding the Contract.
Providing this personal data by the User is voluntary but is a prerequisite for concluding the Contract between the User and LUMINUS MOD and for delivering the ordered product to the User. If the User does not provide personal data, LUMINUS MOD will not be able to execute the Contract and deliver the ordered product to the User.
b) Processing personal data for marketing purposes
The following personal data: User’s name and surname, email address, phone number provided during registration or registration as a Hug Loyalty member or order via webshop, may be processed for direct advertising via email or SMS about LUMINUS MOD products, including: sending newsletters, sending SMS messages, sending emails containing customer satisfaction surveys, remarketing on social networks in cooperation with third-party media service providers such as Meta, TikTok, or Google;
When processing personal data for direct marketing purposes, LUMINUS MOD asks for the User’s explicit consent to process their personal data for marketing purposes. The User can withdraw consent at any time by sending an email to: info@luminusmod.hr or using the unsubscribe link related to receiving marketing information contained in each SMS or each email from LUMINUS MOD that contains marketing communication. Withdrawal of consent by the User will not adversely affect the execution of the Contract by LUMINUS MOD, i.e., delivery of ordered products to the User and will not affect the lawfulness of processing based on consent before its withdrawal.
c) Processing personal data to fulfill legal obligations
LUMINUS MOD may process Users’ personal data during the validity or after the termination of the Contract to fulfill legal obligations imposed by public authorities. This includes, in particular (i) processing information related to the payment of the delivered product under the Contract to meet tax and accounting obligations and (ii) disclosing information requested by public authorities, including courts, based on and within the general applicable provisions (e.g., for the rights of LUMINUS MOD, other Users, or third parties, including intellectual property rights).
d) Processing of Personal Data for the Purpose of Legitimate Interests of LUMINUS MOD or a Third Party Provided Such Legitimate Interests Do Not Override the Interests or Fundamental Rights and Freedoms of the User
LUMINUS MOD may process Users’ personal data during the validity or after the termination of the Contract for the purpose of achieving or executing legal claims of LUMINUS MOD or defending LUMINUS MOD against legal claims or assertions, protecting the rights or safety of LUMINUS MOD, other Users, or third parties, or for the purpose of reorganization, including mergers, acquisitions, and other changes in LUMINUS MOD’s business, in whole or in part.
4. To Whom Do We Disclose Personal Data?
LUMINUS MOD may disclose Users’ personal data to:
a) Service providers that provide services to LUMINUS MOD, enabling LUMINUS MOD to deliver products to Users. Services that may be required include infrastructure and IT services, customer support, website optimization, payment processing by credit cards or other payment methods of Users. Unless required or mandatory under compelling regulations, such service providers are not authorized to disclose or use Users’ personal data for their own purposes and will act on behalf of and according to LUMINUS MOD’s instructions.
b) Service providers that provide services to LUMINUS MOD, enabling LUMINUS MOD to perform marketing activities, including direct marketing about LUMINUS MOD products, product review opportunities, abandoned cart reminders on the webshop, conducting market research and statistical analysis, and remarketing through social media platforms such as Meta, TikTok, and Google. Unless required or mandatory under compelling regulations, such service providers are not authorized to disclose or use Users’ personal data for their own purposes and will act on behalf of and according to LUMINUS MOD’s instructions.
c) Authorities, including courts, regulatory bodies, and other public authorities, to the extent required: (a) to fulfill legal obligations applicable to LUMINUS MOD; (b) to protect and enforce the rights of LUMINUS MOD, other Users, or third parties, including intellectual property rights; (c) to protect the security of LUMINUS MOD, other users, or third parties;
d) Legal advisors provided that they are obligated to comply with the general terms of personal data protection ensuring an appropriate level of protection of Users’ personal data at least equal to these General Terms.
5. User Rights Regarding Personal Data
Users can make requests to LUMINUS MOD to exercise the following rights:
a) Right to access and correct their personal data;
b) Right to object to the processing of their personal data for marketing purposes;
c) Right to object to the processing of personal data if the personal data are processed for the purpose of legitimate interests pursued by LUMINUS MOD or third parties, provided that such legitimate interests do not override the interests or fundamental rights and freedoms of the User;
d) Right to erasure of personal data in case:
– personal data are no longer necessary for the purposes outlined in point 3;
– the User withdraws consent upon which the processing is based, and there is no other legal basis for processing;
– the User objects to the processing, and there are no overriding legitimate grounds for the processing;
– personal data are processed unlawfully;
e) Right to restriction of processing in cases where:
– the accuracy of personal data is contested by the User, for a period enabling LUMINUS MOD to verify the – accuracy of personal data;
– the processing is unlawful, but the User opposes the erasure of personal data and requests the restriction of their use instead;
– LUMINUS MOD no longer needs the personal data for the purposes outlined in point 3, but the User requires them for the establishment, exercise, or defense of legal claims.
These requests and/or notices are provided by mail, telephone, and/or email marked “Data Protection Officer” to:
Luminus Mod d.o.o.
Dankovečka 12
10000 Zagreb
Croatia
Email: hug@luminusmod.hr
Tel: +385 1 2984 432
6. Duration of Data Processing
Personal data of Users will be processed during the term of the Agreement. After the termination of the Agreement, personal data may be processed as follows:
a) for the purpose of establishing or defending legal claims by LUMINUS MOD, without affecting point d) of this article;
b) for direct marketing purposes – until withdrawal of consent for such processing by the User or objection to the processing of personal data for marketing purposes;
c) for compliance with legal obligations applicable to LUMINUS MOD;
d) for legal, regulatory, or administrative proceedings, including enforcement of decisions or orders of competent courts or administrative or governmental bodies, to the extent permitted by law.
After the expiry of the above periods, personal data of Users will be erased.
7. Cookies
LUMINUS MOD uses so-called cookies on its Websites to ensure User access to certain functionalities and to obtain data regarding the visit to the Website.
For more information about cookies, please refer to our cookie policy.
8. Data Security
Maintaining data security means ensuring the confidentiality, integrity, and availability (for authorized purposes) of personal data. Confidentiality means that only those persons who are authorized to use the data can access it. Integrity means that personal data must be accurate and suitable for the purpose for which they are processed. Availability means that authorized users must be able to access the data if needed for authorized purposes. Furthermore, LUMINUS MOD takes appropriate measures against unlawful or unauthorized processing of personal data, as well as against accidental loss or damage to personal data. These principles will be implemented by ensuring appropriate protective measures, both in terms of hardware and software (including physical access controls, locks, alarms, firewalls, etc.).
9. Rights and Legal Remedies
In case of violation of rights related to the processing of personal data, you may lodge a complaint with the Croatian Personal Data Protection Agency (Agencija za zaštitu osobnih podataka). In any case, to resolve any privacy-related issue as quickly and efficiently as possible, it is advisable to submit complaints or requests to LUMINUS MOD before contacting the relevant public authorities.
10. Statement on Protection and Collection of Personal Data and Their Use
LUMINUS MOD d.o.o. commits to protecting the personal data of customers by collecting only necessary, essential data about customers/users required to fulfill our obligations; informing customers about the use of collected data; regularly providing customers with the choice regarding the use of their data, including the option to decide whether their name should or should not be removed from lists used for marketing campaigns. All customer data is strictly kept and accessible only to employees who require it for their job duties. All employees of LUMINUS MOD d.o.o. and business partners are responsible for adhering to privacy protection principles.
11. Statement on Protection of Personal Data Transfer
Protection of personal data in accordance with the General Data Protection Regulation of the European Parliament and Council No. 2016/679 Regulation and the implementation of the General Data Protection Regulation
Monri WSPay, as the executor of authorization and credit card payment processing, handles personal data as a data processor and processes personal data in accordance with the General Data Protection Regulation of the European Parliament and Council No. 2016/679 and according to strict PCI DSS L1 regulatory rules for protecting entry and data transfer.
Monri WSPay uses a 256-bit SSL certificate and TLS 1.2 cryptographic protocol as the highest levels of protection for data entry and transfer.
Personal data used for authorization and payment purposes or for the execution of obligations under a contract or based on a contract are considered confidential data.
The following personal data of the customer are necessary for the execution of the contract (authorization and payment):
- Name and surname
- Phone
- Address
- City
- Postal code
- Country
- Card type
- Card number
- Card expiration date
- CVV code of the card
Monri WSPay does not process or use these personal data for any purposes other than the execution of the authorization and payment contract.
Monri WSPay guarantees compliance with all conditions specified by applicable regulations on the protection of personal data for data processors, particularly by implementing all necessary technical, organizational, and security measures, as confirmed by the PCI DSS L1 certificate.
12. Statement on the Use of Monri WSPay
LUMINUS MOD d.o.o. uses Monri WSPay for online payments.
Monri WSPay is a secure system for online payments, real-time payment processing by credit and debit cards, and other payment methods. Monri WSPay ensures secure entry and transfer of card data for both the customer and the merchant, confirmed by the PCI DSS certificate held by Monri WSPay. Monri WSPay uses a 256-bit SSL certificate and TLS 1.2 cryptographic protocol as the highest levels of protection for data entry and transfer.