Privacy Policy

Privacy Policy

1) Information on the Collection of Personal Data and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when using our website. Personal data refers to any data that can be used to identify you personally.

1.2 The controller for data processing on this website, in accordance with the General Data Protection Regulation (GDPR), is Lumirah Highland. The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

1.3 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller). You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser’s address bar.

2) Data Collection When Visiting Our Website

When you use our website for informational purposes only, i.e., when you do not register or provide us with any other information, we only collect data that your browser transmits to our server (so-called "server log files"). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

  • The website visited
  • Date and time of access
  • Amount of data sent in bytes
  • Source/reference from which you accessed the page
  • Browser used
  • Operating system used
  • IP address used (possibly in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) of the GDPR, based on our legitimate interest in improving the stability and functionality of our website. There is no sharing or further use of the data. However, we reserve the right to review the server log files retroactively if there are concrete indications of unlawful use.

 

3) Cookies

To make your visit to our website more attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the browser session ends, i.e., after you close your browser (so-called session cookies). Other cookies remain on your device and allow us or our partner companies (third-party cookies) to recognize your browser on your next visit (persistent cookies).

When cookies are set, they collect and process specific user information, such as browser and location data, as well as IP address values. Persistent cookies are automatically deleted after a preset duration, which may vary depending on the cookie.

Some cookies are used to simplify the order process by storing settings (e.g., remembering the contents of a virtual shopping cart for a later visit to the website). If any of the cookies we implement process personal data, the processing is carried out in accordance with Art. 6(1)(b) of the GDPR either for the performance of the contract or in accordance with Art. 6(1)(f) of the GDPR to safeguard our legitimate interests in ensuring the best possible functionality of the website, as well as a customer-friendly and effective design of the website visit.

 

We may collaborate with advertising partners who help us make our online offerings more interesting for you. For this purpose, cookies from partner companies are also stored on your hard drive when you visit our website (third-party cookies). If we work with the aforementioned advertising partners, you will be individually and separately informed about the use of such cookies and the scope of the information collected in the following sections.

Please note that you can set your browser to be informed about the setting of cookies and decide individually whether to accept them, or you can exclude the acceptance of cookies for specific cases or generally. Each browser differs in how it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find this information for the respective browsers at the following links:

Internet Explorer:
https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Firefox:
https://support.mozilla.org/en/kb/enable-and-disable-cookies-website-preferences

Chrome:
https://support.google.com/chrome/answer/95647?hl=en

Safari:
https://support.apple.com/kb/ph21411?locale=en_US

Opera:
https://help.opera.com/en/latest/web-preferences/#cookies

Please note that if you do not accept cookies, the functionality of our website may be limited.

4) Contacting Us

When contacting us (e.g., via a contact form or email), personal data is collected. The data collected in the case of a contact form is evident from the respective contact form. This data is stored and used exclusively for the purpose of responding to your inquiry or for contacting you, as well as for the related technical administration. The legal basis for processing the data is our legitimate interest in responding to your inquiry, in accordance with Art. 6(1)(f) of the GDPR. If your contact is aimed at entering into a contract, the additional legal basis for processing is Art. 6(1)(b) of the GDPR. Your data will be deleted after the final processing of your request, which occurs when it is clear from the circumstances that the matter has been conclusively resolved, and provided no legal retention obligations are in place.

5) Data Processing When Opening a Customer Account and Contract Execution

In accordance with Art. 6(1)(b) of the GDPR, personal data is also collected and processed when you provide it to us for the performance of a contract or when opening a customer account. The data collected is evident from the respective input forms. Deletion of your customer account is possible at any time and can be requested by sending a message to the above address of the data controller. We store and use the data you provided for contract execution. After the complete execution of the contract or the deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and will be deleted after these periods expire, unless you have explicitly consented to further use of your data or if we have reserved the right to further use the data legally, of which we will inform you accordingly below.

 

6) Use of Your Data for Direct Marketing

6.1 Subscription to Our E-Mail Newsletter

When you subscribe to our e-mail newsletter, we regularly send you information about our offers. The only mandatory information required for sending the newsletter is your e-mail address. Providing additional data is voluntary and is used to address you personally. We use the so-called "Double Opt-in" procedure for sending the newsletter. This means that we will only send you the e-mail newsletter after you have explicitly confirmed that you consent to receiving the newsletter. We will then send you a confirmation e-mail, asking you to confirm by clicking a corresponding link that you wish to receive newsletters in the future.

By activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6(1)(a) of the GDPR. When subscribing to the newsletter, we store your IP address registered by your Internet Service Provider (ISP) as well as the date and time of the subscription to be able to trace any misuse of your e-mail address at a later point. The data we collect during the newsletter subscription will only be used for advertising purposes through the newsletter. You can unsubscribe from the newsletter at any time using the provided link in the newsletter or by sending an appropriate message to the data controller mentioned above. After unsubscribing, your e-mail address will be immediately deleted from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve the right to further use the data that is legally permitted, about which we inform you in this statement.

 

6.2 Sending the E-Mail Newsletter to Existing Customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services from our range via e-mail, based on your previous purchases. For this purpose, we do not need to obtain separate consent from you. The data processing is solely based on our legitimate interest in personalized direct advertising in accordance with Art. 6(1)(f) of the GDPR. If you initially objected to the use of your e-mail address for this purpose, we will not send any e-mails. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by sending a message to the data controller mentioned at the beginning. For this, you will only incur transmission costs according to the basic rates. Once we receive your objection, the use of your e-mail address for advertising purposes will be immediately discontinued.

7) Data Processing for Order Processing

7.1 The personal data we collect will be shared with the transport company responsible for the delivery as part of the contract execution, to the extent necessary for the delivery of the goods. Your payment data will be forwarded to the bank or financial institution responsible for the payment processing, if necessary for the payment transaction. If payment service providers are used, we will explicitly inform you below. The legal basis for the data transfer is Art. 6(1)(b) of the GDPR.

7.2 Use of Payment Service Providers (Payment Providers) - PayPal

When paying via PayPal, credit card via PayPal, direct debit via PayPal, or—if available—"Purchase on Account" or "Installment Payment" via PayPal, we will pass your payment data to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as "PayPal") as part of the payment processing. The data transfer occurs in accordance with Art. 6(1)(b) of the GDPR and only to the extent necessary for payment processing.

For the payment methods credit card via PayPal, direct debit via PayPal, or—if offered—"Purchase on Account" or "Installment Payment" via PayPal, PayPal reserves the right to perform a credit check. For this purpose, your payment data may be shared with credit agencies in accordance with Art. 6(1)(f) of the GDPR, based on PayPal's legitimate interest in assessing your creditworthiness.

The result of the credit check regarding the statistical probability of payment default is used by PayPal for the purpose of deciding on the provision of the respective payment method.
The credit report may include probability values (so-called score values). To the extent that score values are included in the credit report result, these are based on a scientifically recognized mathematical-statistical procedure. The calculation of the score values takes into account, among other things, but not exclusively, address data. For further data protection information, including the credit agencies used, please refer to PayPal's privacy policy:
https://www.paypal.com/de/webapps/mpp/ua/privacy-full

You can object to this processing of your data at any time by sending a message to PayPal. However, PayPal may still be entitled to process your personal data if this is necessary for the contractually required payment processing.

7.3 Use of Payment Service Providers (SOFORT)
If you select the payment method "SOFORT", the payment processing is handled by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter "SOFORT"). We will forward the information you provide during the order process, including details of your order, to SOFORT in accordance with Article 6(1)(b) GDPR, as it is necessary for the performance of the contract.

SOFORT GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The transfer of your data will only be made to SOFORT for the purpose of processing the payment and only to the extent necessary for this purpose.

For more information about the data protection practices of SOFORT, you can refer to their privacy policy here: https://www.klarna.com/sofort/datenschutz.

 

8) CONTACT FOR REVIEW REMINDER

Own Review Reminder (not sent via a third-party review system)
We use your email address to send you a one-time reminder to leave a review for your order in the review system we use, provided you have given us your explicit consent for this purpose in accordance with Article 6(1)(a) GDPR during or after your order.

You can withdraw your consent at any time by sending a message to the data controller responsible for processing the data.

 

9) USE OF SOCIAL MEDIA: SOCIAL PLUGINS

9.1 Facebook Plugins with Shariff Solution
Additional customs fees and/or import duties are not included in the price and are the responsibility of the customer.

On our website, we use so-called social plugins ("plugins") from the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook").

To increase the protection of your data while visiting our website, these buttons are not fully integrated as plugins. Instead, they are incorporated into the page using an HTML link.
This method ensures that when you visit a page on our website containing these buttons, no connection to Facebook's servers is established. Only when you click on the button will a new browser window open, directing you to Facebook’s website. There, you can interact with the plugins (possibly after entering your login credentials).

Facebook Inc., based in the USA, is certified under the U.S.-EU Privacy Shield framework, which ensures compliance with the data protection standards applicable in the EU.

For information about the purpose and scope of data collection, as well as the further processing and use of your data by Facebook, and your rights and privacy settings, please refer to Facebook's privacy policy:
https://www.facebook.com/policy.php

9.2 Google+ Plugins as Shariff Solution

On our website, we use so-called social plugins ("plugins") from the social network Google+, which is operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

To enhance the protection of your data when visiting our website, these buttons are not integrated as standard plugins but rather through an HTML link. This method ensures that when you visit a page on our website containing such buttons, no connection to Google's servers is made. When you click the button, a new browser window opens, leading to the Google+ page where you can interact with the plugins (possibly after entering your login details).

Google LLC, based in the USA, is certified under the US-EU Privacy Shield agreement, which ensures compliance with the level of data protection required in the EU.

For information about the purpose and scope of data collection, as well as the further processing and use of data by Google, and your rights and settings options for protecting your privacy, please refer to Google’s privacy policy:
https://www.google.com/intl/de/policies/privacy

9.3 Instagram Plugin as a Shariff Solution

On our website, we use so-called social plugins ("plugins") of the online service Instagram, operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA ("Instagram").

To enhance the protection of your data when visiting our website, these buttons are not fully implemented as plugins, but are simply integrated into the page using an HTML link. This method ensures that when you visit a page on our website containing such buttons, no connection to Instagram’s servers is established yet. When you click the button, a new browser window opens and redirects to Instagram’s page, where you can (if necessary, after entering your login data) interact with the plugins there.

Instagram LLC, based in the USA, is certified under the US-European privacy agreement “Privacy Shield,” which ensures compliance with the data protection standards applicable in the EU.

The purpose and scope of data collection, as well as the further processing and use of data by Instagram, and your related rights and options for protecting your privacy, can be found in Instagram's privacy policy: https://help.instagram.com/155833707900388/.

 

10) ONLINE MARKETING

10.1 DoubleClick by Google

This website uses the online marketing tool DoubleClick by Google, operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("DoubleClick").

DoubleClick uses cookies to display ads that are relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads multiple times. Through a cookie ID, Google tracks which ads are displayed in which browser, and can thus prevent them from being shown repeatedly. The processing is based on our legitimate interest in the optimal marketing of our website in accordance with Art. 6 para. 1 lit. f GDPR.

In addition, DoubleClick can use cookie IDs to track so-called conversions related to ad requests. This occurs, for example, when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and makes a purchase. According to Google, DoubleClick cookies do not contain personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection to Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool, and we therefore inform you according to our knowledge: Through the integration of DoubleClick, Google receives the information that you have accessed the corresponding part of our website or clicked on one of our ads. If you are registered with a Google service, Google can associate the visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

If you wish to object to participation in this tracking procedure, you can disable cookies for conversion tracking by adjusting your browser settings to block cookies from the domain www.googleadservices.com at https://www.google.de/settings/ads. Please note that this setting will be deleted if you delete your cookies. Alternatively, you can learn about cookie placement and make settings by visiting the Digital Advertising Alliance at www.aboutads.info. Finally, you can configure your browser to notify you when cookies are set, allowing you to decide individually whether to accept them, or to exclude the acceptance of cookies either for specific cases or in general. Please be aware that if you do not accept cookies, the functionality of our website may be limited.

Google LLC, based in the USA, is certified under the US-EU Privacy Shield agreement, which ensures compliance with the data protection level applicable in the EU.
You can find more information about the privacy policy of DoubleClick by Google at the following link:
https://www.google.de/policies/privacy/

10.2 Use of Google AdWords Conversion Tracking
This website uses the online advertising program "Google AdWords" and within Google AdWords, the conversion tracking provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). We use Google AdWords to draw attention to our attractive offers with the help of advertising materials (so-called Google AdWords) on external websites. In relation to the data from the advertising campaigns, we can determine how successful the individual advertising measures are. Our goal is to show you ads that are of interest to you, make our website more appealing to you, and achieve a fair calculation of advertising costs.

The conversion tracking cookie is set when a user clicks on an AdWords advertisement placed by Google. Cookies are small text files that are stored on your computer system. These cookies usually expire after 30 days and are not used for personal identification. If the user visits certain pages of this website and the cookie has not yet expired, Google and we can recognize that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of AdWords customers. The information collected through the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking.

The customers are informed about the total number of users who clicked on their ad and were redirected to a page equipped with a conversion tracking tag. However, they do not receive any information that could be used to personally identify users. If you do not wish to participate in tracking, you can block the use of the Google conversion tracking cookie by disabling it in your internet browser under user settings. You will then not be included in the conversion tracking statistics. We use Google AdWords based on our legitimate interest in targeted advertising according to Art. 6 para. 1 lit. f DSGVO.

Google LLC, based in the USA, is certified under the US-European Privacy Shield framework, which ensures compliance with the level of data protection applicable in the EU.

You can find more information about Google’s privacy policy at the following internet address: https://www.google.de/policies/privacy/.

You can permanently disable cookies for ad preferences by preventing them through an appropriate setting in your browser software or by downloading and installing the browser plugin available at the following link: https://www.google.com/settings/ads/plugin?hl=de.

Please note that certain features of this website may not be available or may be limited if you disable the use of cookies.

 

11) WEB ANALYTICS SERVICES
Google (Universal) Analytics – Google Universal Analytics

This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and enable an analysis of the website usage by you. The information generated by the cookie about your use of this website (including the anonymized IP address) is usually transferred to a Google server in the USA and stored there.

This website uses Google Analytics exclusively with the extension "_anonymizeIp()", which ensures anonymization of the IP address by shortening it and excludes direct personal identification. Through this extension, your IP address is truncated by Google within the member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. In these exceptional cases, this processing is carried out in accordance with Art. 6 (1) lit. f GDPR based on our legitimate interest in the statistical analysis of user behavior for optimization and marketing purposes.

On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide additional services related to website usage and internet usage. The IP address transmitted by your browser within the framework of Google Analytics will not be merged with other data from Google.
You can prevent the storage of cookies by adjusting the settings in your browser software; however, please note that in this case, you may not be able to use all features of this website to their full extent. Furthermore, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by downloading and installing the browser plugin available at the following link:

Google Analytics Opt-Out Plugin

 

Alternatively, instead of using the browser plugin or within browsers on mobile devices, please click the following link to set an opt-out cookie that will prevent the collection of data by Google Analytics on this website in the future (this opt-out cookie works only in this browser and only for this domain; if you delete your cookies in this browser, you will need to click this link again):

Deactivate Google Analytics

Google LLC, based in the USA, is certified under the US-EU Privacy Shield framework, which ensures compliance with the data protection standards applicable in the EU.

This website also uses Google Analytics for cross-device analysis of visitor flows, which is conducted via a User ID. When a page is first accessed, the user is assigned a unique, permanent, and anonymized ID that is set across devices. This allows interaction data from different devices and sessions to be attributed to a single user. The User ID does not contain any personal data and does not transmit such data to Google.

You can object to the collection and storage of data through the User ID at any time, with effect for the future. To do so, you need to disable Google Analytics on all systems you use, such as in another browser or on your mobile device. You can deactivate it using a browser plugin from Google (https://tools.google.com/dlpage/gaoptout?hl=en). Alternatively, for mobile browsers or within browsers, please click on the following link to set an opt-out cookie, which will prevent Google Analytics from collecting data on this website in the future (this opt-out cookie works only in this browser and only for this domain; if you delete your cookies in this browser, you will need to click this link again): Deactivate Google Analytics.

For further information about Universal Analytics, please refer to:
https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376

12) RETARGETING/REMARKETING/RECOMMENDATION ADVERTISING

Facebook Custom Audience via Pixel Method
This website uses the "Facebook Pixel" of Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA ("Facebook"). With explicit consent, this tool allows the tracking of user behavior after they have viewed or clicked on a Facebook ad. This method serves to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help optimize future advertising measures.

The data collected is anonymous to us, meaning it does not allow us to draw conclusions about the identity of the users. However, the data is stored and processed by Facebook, allowing the data to be linked to the respective user profile. Facebook can use this data for its own advertising purposes, in accordance with Facebook's Data Use Policy (https://www.facebook.com/about/privacy/).
You can allow Facebook and its partners to display ads on and outside of Facebook. For these purposes, a cookie may be stored on your computer. These processing activities only occur upon your explicit consent in accordance with Art. 6(1)(a) GDPR.

Consent to the use of the Facebook Pixel may only be given by users who are older than 13 years. If you are younger, we ask that you seek permission from your legal guardians.

Facebook Inc., based in the USA, is certified under the US-EU Privacy Shield Agreement, which ensures compliance with the level of data protection required in the EU.

To disable the use of cookies on your computer, you can configure your web browser so that no cookies can be stored on your computer in the future or delete cookies that have already been placed. However, disabling all cookies may result in some features on our websites no longer functioning. You can also disable the use of cookies by third parties, such as Facebook, on the following website of the Digital Advertising Alliance: https://www.aboutads.info/choices/

Google AdWords Remarketing

"Our website uses the features of Google AdWords Remarketing to advertise this website in Google search results as well as on third-party websites. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). For this purpose, Google sets a cookie in the browser of your device, which automatically enables interest-based advertising through a pseudonymous cookie ID and based on the pages you have visited. The processing is carried out based on our legitimate interest in optimal marketing of our website according to Article 6 (1) lit. f DSGVO.

Further data processing only occurs if you have given Google consent to link your internet and app browsing history with your Google account, and to use information from your Google account to personalize ads that you see on the web. In this case, if you are logged into Google during your visit to our website, Google uses your data together with Google Analytics data to create and define audience lists for cross-device remarketing. For this purpose, your personal data is temporarily linked with Google Analytics data to form target groups.

You can permanently disable the setting of cookies for ad preferences by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/. Alternatively, you can visit the Digital Advertising Alliance website at www.aboutads.info to learn about cookies and make adjustments. Lastly, you can configure your browser to notify you about cookies and decide individually whether to accept them, or block cookies for specific cases or altogether. Please note that refusing cookies may limit the functionality of our website.

Google LLC, based in the USA, is certified under the US-EU Privacy Shield agreement, which ensures compliance with the data protection standards applicable in the EU.

For more information on advertising and Google’s privacy policy, you can refer to the following link: https://www.google.com/policies/technologies/ads/.

 

 

13) RIGHTS OF THE DATA SUBJECT

13.1 The applicable data protection law grants you comprehensive rights as a data subject regarding the processing of your personal data (right to information and intervention). Below, we inform you about these rights:

  • Right to Information according to Fair Credit Reporting Act (FCRA)
  • Right to Information: Under the FCRA, consumers have the right to request and receive a free copy of their credit report from consumer reporting agencies once a year. This is a more specific right limited to credit and financial data, but it does align with the principle of access to personal data.
  • Limitations: This applies only to credit-related data and does not extend to broader personal data.
  • 4. Right to Know (Under Some State Laws)
  • State-Level Consumer Privacy Laws: Some states, beyond California, are considering or have passed their own consumer privacy laws that include a right to know what personal data is collected and how it is used. This would be a more limited application compared to the GDPR, but it aligns with some of the principles of accessing personal data.
  • Right to Rectification according to Fair Credit Reporting Act (FCRA): You have the right to immediate rectification of inaccurate data concerning you and/or the completion of incomplete data stored by us.
  • Right to Fair Credit Reporting Act (FCRA): Under the FCRA, consumers have the right to request the correction or deletion of inaccurate information in their credit reports. This is a type of erasure limited to credit reporting.

Right to Erasure in Credit Reporting: If information in a credit report is inaccurate or outdated, consumers have the right to have it deleted or corrected.

Fair Credit Reporting Act (FCRA): You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data is being verified, if you refuse the erasure of your data due to unlawful processing and instead request the restriction of processing, if you need your data for the assertion, exercise, or defense of legal claims, after we no longer need the data for the purpose for which it was processed, or if you have lodged an objection based on your particular situation, as long as it has not yet been determined whether our legitimate interests outweigh yours.

Fair Credit Reporting Act (FCRA):

Under FCRA, individuals have the right to dispute inaccuracies in their credit reports and to have those inaccuracies corrected. However, there is no direct requirement that the credit reporting agency notifies third-party users of the credit report (such as lenders) when the data is corrected.

  • Notification of corrections to third parties is generally handled internally by the credit reporting agency and the relevant parties involved in the transaction, but there is no general mandate to notify all recipients as under the GDPR.
  • Financial Privacy Laws (e.g., Gramm-Leach-Bliley Act - GLBA):

The Gramm-Leach-Bliley Act (GLBA) includes provisions for the protection of personal financial information but does not provide individuals with a right to transfer their data to other financial institutions in a structured and portable format. While it does grant consumers the right to access certain financial information, there is no specific right to data portability akin to what is provided by the GDPR.

Right to Withdraw Consent Given U.S. Laws:

  • Many U.S. privacy laws require companies to obtain consent for certain activities (e.g., marketing emails), and individuals can typically unsubscribe or opt-out from receiving marketing communications. However, there is no uniform requirement for businesses to allow individuals to withdraw consent for all forms of data processing as broadly and systematically as the GDPR mandates.

How to Exercise the Right to Withdraw Consent:

  • Online Platforms:
    • If consent was given on an online platform (e.g., a social media account), users can usually withdraw consent through account settings or by contacting customer support.
  • Marketing Communications:
    • If consent was given for marketing communications (e.g., via email or SMS), the data subject can usually withdraw consent by clicking on an unsubscribe link in the communication or adjusting preferences in their account settings.
  • Other Services:
    • For other types of consent, the individual can contact the organization directly to withdraw their consent, either by using the communication methods provided during the consent process or by following instructions on the website.

Right to Lodge a Complaint according to Civil Rights Laws (e.g., Fair Credit Reporting Act - FCRA)

  • Complaint Process: Individuals can lodge complaints under laws such as the Fair Credit Reporting Act (FCRA) if they believe their credit or financial data is being mishandled. Complaints may be filed with the Consumer Financial Protection Bureau (CFPB) or directly with the Federal Trade Commission.
  • Enforcement: Agencies like the CFPB and FTC can investigate and enforce actions to protect consumers from unfair or inaccurate credit reporting practices.

 

13.2 Right to Object

If we process your personal data based on our legitimate interest in the context of a balancing of interests, you have the right to object to such processing at any time, on grounds arising from your particular situation, with effect for the future.

If you exercise your right to object, we will cease processing the affected data. However, further processing may still be permitted if we can demonstrate compelling legitimate grounds for the processing that override your interests, fundamental rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for such marketing purposes. You can exercise the objection as described above.

If you exercise your right to object, we will cease processing the affected data for direct marketing purposes.

 

14) DURATION OF STORAGE OF PERSONAL DATA
The duration of the storage of personal data is determined based on the respective legal retention period (e.g., commercial and tax retention periods). After the expiration of the retention period, the relevant data will be routinely deleted, unless they are no longer required for contract fulfillment or contract initiation and/or there is no legitimate interest on our part in continuing to store them.