Our Legal Framework

Our legal terms are organized to serve different aspects of our business:

• General Terms & Conditions – Foundation for all relationships
• B2B Terms & Conditions – For distributors and advertisers
• B2C Terms & Conditions – For magazine subscriptions and online shop
• Website Terms of Use – For using our websites
• Privacy Policy ← You are here (includes Cookie Policy in Section 6)

1. Introduction

1.1 Who We Are

We are a Luxembourg-based publishing company operating under EU law. This Privacy Policy explains how we collect, use, and protect your personal information.

1.2 What This Policy Covers

This policy applies to:

• All our websites (luxetastestyle.online, kachen.online, reesen.online, blogaward.lu)
• Magazine subscriptions (KACHEN, REESEN)
• Online shop purchases
• Email communications and newsletters
• All digital interactions with our services

1.3 GDPR Compliance

As an EU-based company, we process all personal data in accordance with the General Data Protection Regulation (GDPR), regardless of where you are located. This ensures the highest level of data protection globally.

2. Information We Collect

2.1 Information You Provide Directly

Contact and Account Information:

• Name, email address, phone number
• Mailing address (delivery and billing)
• Account username and password
• Communication preferences

Purchase Information:

• Magazine subscription details
• Order history and preferences
• Payment information (securely processed by third-party providers - we do not store complete credit card numbers)

Communications:

• Messages you send us
• Newsletter subscriptions
• Survey responses
• Contest or competition entries
• Comments on articles

2.2 Information Collected Automatically

Website Usage:

• Pages visited and time spent
• Referral sources (how you found us)
• Browser type, device type, operating system
• Screen resolution and language settings

Technical Data:

• IP address (anonymized after 7 days)
• Approximate geographic location (country/city level)
• Cookie identifiers
• Log files (access times, error messages)

Email Engagement:

• Email open rates
• Link clicks in newsletters
• Unsubscribe actions

2.3 Information from Third Parties

Payment Processors: Transaction verification (we do not receive complete payment details)

Social Media: If you interact with us via social platforms or use social login

Marketing Partners: If you opt-in through partner websites or events (always with your explicit consent)

3. How We Use Your Information

3.1 Core Business Functions

Legal basis: Contract performance and legitimate interest

• Process and fulfill magazine subscriptions and shop orders
• Manage your account and provide customer service
• Send order confirmations and shipping notifications
• Handle billing and payment processing
• Respond to inquiries and support requests

3.2 Communication and Marketing

Legal basis: Consent (you can withdraw anytime)

• Send newsletters and promotional content (only if you subscribe)
• Notify you about new magazines, special offers, and events
• Conduct surveys and gather feedback
• Provide personalized content recommendations

Important: You can unsubscribe from marketing emails at any time via the link in any email or by contacting us.

3.3 Website and Service Improvement

Legal basis: Legitimate interest

• Analyze website usage to improve user experience
• Conduct internal research and analytics
• Optimize content delivery and website performance
• A/B testing for website improvements
• Understand reader preferences and interests

3.4 Security and Legal Compliance

Legal basis: Legal obligation and legitimate interest

• Ensure website security and prevent fraud
• Detect and prevent abuse or policy violations
• Comply with legal obligations (tax records, consumer protection)
• Protect our rights and those of our users
• Respond to legal requests (court orders, regulatory inquiries)

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

Contract Performance (Art. 6(1)(b) GDPR):

• Fulfilling subscription services and orders
• Customer support and account management

Legitimate Interest (Art. 6(1)(f) GDPR):

• Business analytics and service improvement
• Fraud prevention and security
• Direct marketing to existing customers (with easy opt-out)

Consent (Art. 6(1)(a) GDPR):

• Newsletter subscriptions
• Optional marketing communications
• Non-essential cookies

You can withdraw consent anytime.

Legal Obligation (Art. 6(1)(c) GDPR):

• Tax and accounting records (7-year retention)
• Regulatory compliance

5. How We Share Your Information

5.1 Service Providers

We work with trusted third-party providers who help us operate our business:

Printing and Distribution:

• Magazine printing services (Luxembourg POST)
• Postal delivery services
• Only receive address information necessary for delivery

Payment Processing:

• Secure payment gateways (Stripe, PayPal)
• We do not receive or store complete payment card details

Email Services:

• Newsletter delivery platforms (Mailchimp, Sendinblue)
• Marketing automation tools

Website Hosting: Secure hosting providers; technical maintenance services

Analytics Providers:

• Matomo Analytics (preferred - privacy-focused, self-hosted when possible)
• Google Analytics (used selectively only when required for specific client needs)

All service providers: Process data only on our instructions; are bound by data protection agreements; located in the EU or provide adequate safeguards for data transfers.

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity. You will be notified of any such change.

5.3 Legal Requirements

We may disclose information when required by court order or legal process, law enforcement requests, to protect our rights/property/safety, users, or the public.

5.4 What We Do NOT Do

We do not sell, rent, or trade your personal information to other companies for their marketing purposes.

6. Cookie Policy

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit our websites. They help us provide you with a better browsing experience and allow certain website functions to work properly.

6.2 Types of Cookies We Use

6.2.1 Essential Cookies (Always Active)

Purpose: Necessary for website functionality

• Maintain security and prevent fraud
• Keep you logged in during your visit
• Remember cookie preferences
• Enable core website features (shopping cart, forms)
• Ensure optimal website performance (load balancing)

You cannot disable these cookies as they are essential for the website to function.

6.2.2 Analytics Cookies

Purpose: Understand how visitors use our websites

• Matomo Analytics (primary choice - privacy-focused, can be self-hosted) with IP anonymization enabled
• Google Analytics (used selectively when required), anonymized IP, data retention limited to 26 months

What we track: Pages visited, navigation paths, time on page, device/browser, geo (country/city), referral sources. You can opt out via cookie preferences or browser settings.

6.2.3 Marketing Cookies

Purpose: Show relevant content and measure marketing effectiveness

• Track newsletter engagement (open rates, clicks)
• Measure social media campaign performance
• Enable retargeting
• Personalize content recommendations

Third parties: Google Ads, Facebook Pixel, email service providers. You can opt out via cookie preferences or browser settings.

6.2.4 Functional Cookies

Purpose: Enhance your browsing experience

• Remember language preferences
• Save font size and display settings
• Store content personalization choices
• Provide location-relevant content

You can opt out via cookie preferences, but some features may not work properly.

6.3 Cookie Duration

• Session Cookies: Deleted when you close your browser (e.g., login sessions)
• Persistent Cookies: Remain on your device for a set period (analytics typically 26 months; marketing 1–2 years; functional 1–12 months)

6.4 Third-Party Cookies

• Matomo Analytics: privacy-focused; can be self-hosted; IP anonymization enabled
• Google Analytics: anonymized IP; 26-month retention; used selectively
• Google Ads and Facebook Pixel
• Email Service Providers (newsletter tracking)
• Payment Processors (secure transaction processing)

6.5 Managing Your Cookie Preferences

6.5.1 Cookie Banner

• Accept all cookies
• Reject non-essential cookies
• Customize preferences
• View detailed information

6.5.2 Browser Settings

• Chrome: Settings > Privacy and Security > Cookies and Other Site Data
• Firefox: Settings > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Manage Website Data
• Microsoft Edge: Settings > Cookies and Site Permissions > Cookies and Site Data

6.5.3 Opt-Out Links

Analytics: Matomo (built-in opt-out where enabled); Google Analytics Opt-out

Advertising: Google Ads Settings; Facebook Ad Preferences

6.5.4 Impact of Disabling Cookies

• Need to log in repeatedly
• Loss of personalized content recommendations
• Some forms may not function correctly
• Slower website performance
• Limited functionality for interactive features

6.6 Updates to Cookie Usage

When we make significant changes to our cookie usage:

• We’ll update this Privacy Policy
• You’ll see a new cookie banner on your next visit
• Active subscribers will be notified via email if changes significantly affect their experience

7. Data Security and Protection

7.1 Security Measures

Technical measures: SSL/TLS encryption; encryption at rest for sensitive data; secure password storage (hashed and salted); regular security updates; firewall and intrusion detection.

Organizational measures: Access controls; staff privacy/security training; confidentiality agreements; regular security audits; incident response procedures.

7.2 Data Breach Response

• Investigate and contain immediately
• Notify affected users within 72 hours (as required by GDPR)
• Report to Luxembourg data protection authority (CNPD) if required
• Implement measures to prevent recurrence

8. Data Retention

• Subscriptions: Duration of subscription + 7 years (tax/legal)
• Customer accounts: Until deletion request or 3 years of inactivity
• Order history: 7 years (accounting/tax)
• Marketing communications: Until you unsubscribe or object
• Suppression lists: Retained permanently to honor choices
• Website analytics: Anonymized data 26 months; raw logs 90 days
• Legal requirements: Financial records 7 years; tax documents 10 years
• After retention periods, data is securely deleted or anonymized

9. Your Privacy Rights (GDPR)

9.1 Right of Access

You can request a copy of your personal data and details on processing. Email: [email protected]. Response within 30 days.

9.2 Right to Correction

Request correction of inaccurate/incomplete data. Email us or update via your account.

9.3 Right to Deletion ("Right to be Forgotten")

Request deletion when data is no longer needed, consent withdrawn, you object, or processing is unlawful—subject to legal retention exceptions.

9.4 Right to Data Portability

Receive your data in machine-readable format (JSON/CSV) or request transfer where feasible. Email us.

9.5 Right to Object

Object to processing based on legitimate interest and to direct marketing (we will stop immediately).

9.6 Right to Restriction

Request restriction in specific cases (accuracy contested, unlawful processing, or for legal claims).

9.7 Right to Withdraw Consent

Withdraw consent at any time; past processing remains lawful. Use unsubscribe links or email us.

9.8 How to Exercise Your Rights

Email: [email protected] — Subject: “Privacy Rights Request - [Your Name]”. Include your name, email, description of request, and proof of identity if needed. We respond within 30 days.

10. International Data Transfers

10.1 Data Location

We primarily process data within the European Economic Area (EEA). Luxembourg is our primary data processing location.

10.2 Transfers Outside EEA

Where providers are outside the EEA, we use safeguards such as Standard Contractual Clauses, adequacy decisions, certifications, encryption, audits, and contractual protections.

11. Children’s Privacy

11.1 Age Restriction

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16.

11.2 Parental Notice

If you believe a child has provided personal information, contact [email protected]; we will delete it promptly.

12. Changes to This Policy

12.1 Updates

We may update this Privacy Policy to reflect changes in practices, legal requirements, technologies, or user feedback.

12.2 Notification

We will post the updated policy with a new “Last Updated” date, email active subscribers for significant changes, and display site notices. Continued use constitutes acceptance.

12.3 Review

We recommend reviewing this policy periodically to stay informed about how we protect your privacy.

13. Contact and Complaints

13.1 Data Controller

Data Protection Officer
Email: [email protected]
Phone: (+352) 621 311 274

13.2 Data Protection Authority

Commission Nationale pour la Protection des Données (CNPD)
Website: cnpd.public.lu
Email: [email protected]
Phone: (+352) 26 10 60 - 1
Address: 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg

13.3 Questions

For any questions about this Privacy Policy or our data practices: [email protected]. We aim to respond within 48 hours.

By using our services, you acknowledge that you have read, understood, and agree to this Privacy Policy, including our use of cookies as described in Section 6.