Last revised and updated 04 October 2022
Last revised and updated 04 October 2022
CONTROLLER luca system
The controller for the processing of personal data collected directly by us is:
CONTACT DETAILS DATA PROTECTION OFFICER (DPO) OF THE CONTROLLER
You can reach our DPO at our Berlin location as follows:
Data Protection Officer
How do we collect your data?
Your data is collected automatically by the IT systems used when you visit the website. This is mainly technical data (e.g., internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website. Other data is collected when you provide it to us. This can be, for example, data that you enter in a contact form.
What do we use your data for?
Some of the data is collected to ensure the error-free provision of the website. We explain further details in the following sections.
Analysis tools and third-party tools
When visiting our website, your surfing behaviour may be statistically analysed. This is done with so-called analysis programs. The analysis of your surfing behaviour is anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration.
You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration.
This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If TLS encryption is activated, the data you send to us cannot be read by third parties.
Some of the web pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g., shopping cart function) are stored based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. As far as other cookies (e.g., cookies for the analysis of your surfing behaviour) are stored, these are treated separately in this data protection declaration.
Server log files
The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The data in the log files include:
These log files are stored for 24 hours from the time they are created, then archived for 30 days, and then automatically deleted.
If you send us requests via the contact form, your details from the request form, including the contact details you provide there, will be stored by us for the purpose of processing the request and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of the data entered in the contact form is based on Art. 6 para. 1 lit. b GDPR (fulfilment of a contract to which the data subject is a party, or necessary for the implementation of pre-contractual measures taken at the request of the data subject).
The data you enter in the contact form will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g., after processing your request has been completed). Mandatory legal provisions – in particular retention periods – remain unaffected.
Login area – luca Locations – for operators
In this area, you can register as an operator for luca Pay in order to make our payment system available in your company. In addition, documents such as an order processing contract are provided. In further steps, you can set up your offer and, for example, set up your tables. The legal basis for the processing is Art. 6 lit. b GDPR. The storage period of your data concerns the duration of your use as well as the legal storage obligations. In addition, you can activate location services in order to be found as a location in the customer app. The legal basis for this processing is your consent pursuant to Art. 6 lit. a GDPR, which you can revoke at any time. When location services are activated, an entry is made for you in Google Maps. In the process, the location data you enter is sent directly via a so-called proxy and thus your own IP address is not transmitted to Google.
If you would like to receive the newsletter offered on the website, we require an email address from you. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.
The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the email address, and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing procedures already carried out remains unaffected by the revocation.
The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g., email addresses for the member area) remain unaffected by this.
Registration takes place via the so-called “double opt-in” procedure. After registering for the newsletter, you must confirm your entry into the subscriber list in a second step. For this purpose, an email message with a request for confirmation will be sent to the contact address entered. Registration for the newsletter is therefore only effective once it has been confirmed.
We operate publicly accessible social media pages on the following platforms:
Explanation of the processing operations
Regarding the processing of personal data (e.g., name, photos, email addresses and IP addresses, etc.) initiated by your visit to these pages, we are jointly responsible with the operators of the social media platforms. In addition, the responsible persons of the social media operators are listed below, and the data protection declarations of the respective operators also apply.
The operators of the social media platforms also carry out data processing. The individual data processing and its scope differ depending on the operator of the respective social media platform and are not necessarily comprehensible for us. For details about the collection and storage of your personal data as well as the type, scope and purpose of its use by the respective operator, please refer to the listed data protection declarations. We have only very limited influence on the individual data processing. As far as it is possible for us to influence the data processing, we work within the scope of the possibilities available to us to ensure that the data is handled in accordance with data protection regulations. We can neither influence nor switch off certain statistics that the operators of social media platforms compile and make available to us in anonymised form. However, we do not use any optional statistics.
Data processing by us
Data processing is carried out in the interest of our public relations and communication. The legal basis for the processing of your personal data is our legitimate interest according to Art. 6 (1) 1 f) GDPR to present our company.
You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our pages on social media platforms (e.g. the comment function is often only available to users registered on the respective platforms). These functionalities will not be available to you or only to a limited extent if you do not provide us or the respective platform operator with your personal data.
The data you enter on our social media sites, such as comments, videos, photos, likes, public messages, etc. are published by the respective social media platform. If you use our social media sites to contact us, the personal data you provide us with will only be processed by us for the purpose of contacting you (Art. 6 (1) 1 a) and b) GDPR). If messages or comments are addressed to us as a question or a request consisting of the exercise of your rights, we will forward this request internally for processing if necessary (exclusively by providing mandatory data). Alternatively, you can contact our data protection officer directly (the contact details can be found at the top of this statement). We do not process your data for any other purposes than those mentioned above and delete the personal data at the end of each processing operation. We only store the content if this is necessary, for example, to comply with legal requirements or because it is clearly discriminatory, offensive or obscene content. The legal basis for this is Art. 6 (1) 1 c) GDPR.
Facebook Ireland Limited (hereafter “Facebook Ireland”)
4 Grand Canal Square
Grand Canal Harbour
Facebook Ireland Limited (hereafter “Facebook Irland”)
4 Grand Canal Square
Grand Canal Harbour
Google Ireland Limited
Gordon House, Barrow Street
LinkedIn Ireland Unlimited Company
This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. In order to ensure data protection on this website, we only use YouTube together with a so-called “pre-click” solution. A plugin prevents data from being transmitted to YouTube the first time you enter the page.
Activating the video via the button provided constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time with validity for the future.
In addition, we use YouTube in extended data protection mode. This mode means that only minimal data is sent to YouTube to establish the connection when you start the video. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence. You can find more information about data protection at YouTube in their data protection declaration.
If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account.
The use of Vimeo only takes place with your consent by click (Art. 6 para. 1 lit. a GDPR).
This website uses the open-source software Matomo to measure reach. Matomo is configured so that no cookies are placed on the computer. Instead, we use various device data to analyse the behaviour of our visitors for the purpose of optimising our website. The legal basis for the processing is our legitimate interest as a website operator according to Art. 6 (1) lit. f of the GDPR. The weighing of the legitimate interests has been documented.
The following data is collected: IP address = anonymised, pseudonymised visitor ID, location, date, time, browser, operating system/software, screen resolution, device type, device model, device brand, visits, converted destinations to understand the use and navigation on our pages. The IP address is anonymised directly when collected. The above measures do not allow us to draw any conclusions about the identity of individual visitors. For the provision of Matomo, we have chosen a German hosting provider and secured it with an order processing contract. The storage period is 14 months.
You can also object to the range measurement by Matomo directly here:
You have the option to prevent actions you take here from being analysed and linked. This will protect your privacy but will also prevent the owner from learning from your actions and improving usability for you and other users.
Opt-out complete; your visits to this website will not be collected by the web analytics tool. Please note that the Matomo deactivation cookie of this website will also be deleted if you remove the cookies stored in your browser. In addition, if you use a different computer or a different web browser, you will need to complete the deactivation procedure again.
Your visit to this website is currently collected by Matomo web analytics. De-select this checkbox to opt out.
If deactivated, an opt-out cookie will be placed in your browser to prevent Matomo from storing usage data. If you delete your cookies, this will also delete the Matomo opt-out cookie. The opt-out must be reactivated when you visit our site again. Matomo adheres to the “do-not-track” function of your browser.
For more information, please see: Matomo – Privacy User Guide.
Regarding the processing of your personal data, you have the following rights provided for by the GDPR, which you can exercise against us for all processing:
You may also contact our data protection officer to exercise these rights against us.
Notwithstanding the above rights, you have the right to lodge a complaint with a supervisory authority for data protection and freedom of information, for example, the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg:
Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, Postfach 10 29 32, 70025 Stuttgart.
Tel.: +49 711/615541-0
Fax: +49 711/615541-15