In all processing of personal data LULUROX complies with EU General Data Protection Regulation, the Data Protection Act and other applicable legislation.
If you do not agree to the following policy you may wish to cease from using/viewing this website.
The controller is LULUROX (Business ID: 2653859-7) and the user can contact LULUROX using the following contact information:
Phone: +358 451 057 998
Data provided to LULUROX by the user:
We collect information about the use of the Services, and about technical characteristics of devices used.
Other data than the data provided by the user:
We can combine data provided by the user and/or other data than the data provided by the user, and save it in the user segments e.g. according to the areas of interest concluded from the purchase history.
We collect personal data primarily from the user. Thus, by ordering products by registering as a user on LULUROX account, the user shares information with us. In addition, data is collected later during customer-ship, when the user contacts us or using our Services.
We can also receive personal data from third parties. Such third parties are:
We process personal data for the following purposes:
The basis to use personal data is primarily the agreement between LULUROX and the user, which is created when:
Processing personal data in orders and purchases is also based on legal obligations, among others, the Accounting Act.
Personal data is processed in order to take care of customer relations, and for direct marketing purposes, and is based on the legitimate interest of LULUROX.
Processing of personal data for direct marketing purposes can also be based on consent given by the user, meaning that the user can subscribe to the LULUROX newsletter without buying or ordering anything from LULUROX. In this case, the data is used solely for direct marketing.
We store personal data to provide and ensure the Services, as well as to fulfil the duties of accounting and reporting.
According to the Accounting Act, the storing period is six years after the end of the year. Thus, information about the order placed today will be removed after six years at the end of the year.
For direct marketing purposes, we can store personal data for more than six years, if during the last six months the user has opened at least one newsletter sent by LULUROX.
The user can at any time prohibit the use of personal data for marketing purposes.
In LULUROX, the personal data is processed by the employees of LULUROX and the offices. All who process data are bound by professional secrecy.
Personal data is properly protected with technical and organisational measures, including encryption and anonymization of personal data. We also ascertain fault tolerance and data recovery.
Protective measures include, among others, control of user rights, access control, firewalls and password protection.
We will immediately notify directly the authorities and the users concerned about the possible security breaches, in accordance with applicable legislation.
Cookies are text files that the browser saves on the user’s device. We can associate data collected by cookies to identified users and the data we have collected about them related to, among others, user ID, targeting and analysing.
Services may include cookies and similar technologies from third parties. These third parties are measuring and monitoring services, such as Google Analytics, and ad networks, such as Facebook, Instagram. These third parties can thus download cookies on the user’s device when our Services are being used.
The user can at any time empty or block cookies and all other tracking we are using in the settings of the browser or the device. Removal of cookies changes the user identifier, used by cookies to form a user profile. Removal of cookies will not entirely stop the collecting of data.
If the user does not want cookies to be saved on the device, the user can, before using LULUROX Services or at any time during the use, set the browser to disable cookies. These settings are called incognito or private browsing settings. The removal of cookies and tracking could affect the functionality of the Services.
Third parties, such as advertisers and ad networks, can benefit from cookies and similar tracking technologies to conclude the user’s probable areas of interest and to target advertising and marketing based on these conclusions.
We also benefit from this information in targeting our own advertising and marketing in third parties’ services.
LULUROX has made sure that the data is processed correctly with on data protection agreements.
Personal data is processed, among others
Personal data can also be disclosed for justified purposes, such as to our partners for customer communication. We aim to inform about the disclosures beforehand on the sales website of tickets, merchandise, artwork and services.
In disclosures, we always comply with existing legislation.
Personal data can be shared for marketing purposes, such as direct marketing, to target digital marketing, and for surveys and market studies, data updates and other such reports to our partners.
For marketing purposes, we disclose only information of such users, who have given their consent during an order or a purchase.
Personal data can be transferred within the same group.
Personal data concerning the production and offering of the Services may be transferred outside the EU or the EEA area. When we transfer personal data outside the EU of the EEA area, we will make sure all data is protected, among others, by agreeing on confidentiality of personal data and on all matters related to the processing the manner provided by the data protection legislation, and using standard contractual clauses approved by the European Commission.
The user has the right to check the collected user information.
The user can contact LULUROX and request to see all the data collected on the user.
The user has the right to ask the user information to be corrected or erased.
The user has the right to ask LULUROX to correct and to complete collected false information. The user has also the right to request LULUROX to erase all the user information.
LULUROX will erase the information upon request within reasonable time unless there is a legitimate obligation to keep the data in store or a legitimate right for the storage, e.g. related to the duties and obligations concerning the Services.
The user has the right to request transfer of personal data
The user has the right to request the stored user information LULUROX’s register to be transferred to another controller.
The user has the right to request limiting of the processing of personal data
The user can request LULUROX not to use the collected user data for certain purposes, such as direct marketing.
The user has the right to refuse direct marketing
The user can at any time cancel the sending of marketing messages either directly using a cancel link in the message or by informing LULUROX about the refusal. Refusing direct marketing will not block LULUROX from sending the user customer communication, such as emails concerning the user’s LULUROX account, Services offers or LULUROX business.
If processing of personal data is based on the user’s consent, such as ordering a newsletter without use of Services, direct marketing can be cancelled in the manner mentioned above.
Blocking the targeting of advertisement
The user can request LULUROX not to combine collected user information to create profiles and to use them for direct marketing and advertisement targeting. Profiling prohibition can be requested by contacting LULUROX.
The user can also block automatic advertisement targeting by changing the settings of the browser of mobile device. In applications, you can block advertisement targeting in application settings. In different applications and devices these settings are found in different places. More information from the developers of the applications and the devices.
The user can manage the third parties’ marketing and targeting related to browser use and cookies either as whole or by company on Your Online Choices site.
Disabling location data
The user can disable the use of the location data for targeted marketing in the settings of the applications used.
In situations where personal data suspected to be incorrect cannot be corrected or removed, or if the removal request is unclear, the company will limit the access to data.
From time to time, we may update this notice. We will notify you about any upcoming material changes by either sending you an email to the email address you most recently provided to us or by prominently posting a notice on our Services. We encourage you to periodically check back and review this notice so that you know what personal data we collect, how we use it, and with whom we share it.