Privacy Policy luca website

Last revised and updated 04 October 2022

When you visit our website, various data, including personal data, is collected. We treat your personal data (definition according to Art. 4 (1) GDPR) confidentially and in accordance with the legal data protection regulations. This privacy policy explains what data we collect on our website, what we use it for, how and for what purpose. This is done primarily to provide you with convenient and secure access to our information and offers. Of course, we also pursue economic interests with our website, with which we want to strengthen both our image and our sales. For reasons of fairness and transparency, we are happy to inform you about this in detail below in accordance with the EU Data Protection Regulation: 

CONTROLLER luca system 

The controller for the processing of personal data collected directly by us is: 

culture4life GmbH 

Mörikestrasse 67 

70199 Stuttgart 




You can reach our DPO at our Berlin location as follows: 

culture4life GmbH 

Data Protection Officer 

Charlottenstraße 59 

10117 Berlin 



How do we collect your data? 

Your data is collected automatically by the IT systems used when you visit the website. This is mainly technical data (e.g., internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website. Other data is collected when you provide it to us. This can be, for example, data that you enter in a contact form. 


What do we use your data for? 

Some of the data is collected to ensure the error-free provision of the website. We explain further details in the following sections. 


Analysis tools and third-party tools 

When visiting our website, your surfing behaviour may be statistically analysed. This is done with so-called analysis programs. The analysis of your surfing behaviour is anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection declaration. 

You can object to this analysis. We will inform you about the possibilities of objection in this data protection declaration. 


TLS encryption 

This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If TLS encryption is activated, the data you send to us cannot be read by third parties. 


Some of the web pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser. 

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit. 

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited. 

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g., shopping cart function) are stored based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. As far as other cookies (e.g., cookies for the analysis of your surfing behaviour) are stored, these are treated separately in this data protection declaration. 


Server log files 

The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. The data in the log files include: 

  • the referrer URL (the website you came from), 
  • the browser type, browser version and language, 
  • the operating system used and its interface, 
  • the IP address (anonymised), 
  • the time of the server request, 
  • the Http status code – access status, 
  • the amount of data transferred. 

These log files are stored for 24 hours from the time they are created, then archived for 30 days, and then automatically deleted. 

Contact form 

If you send us requests via the contact form, your details from the request form, including the contact details you provide there, will be stored by us for the purpose of processing the request and in the event of follow-up questions. We do not pass on this data without your consent. 

The processing of the data entered in the contact form is based on Art. 6 para. 1 lit. b GDPR (fulfilment of a contract to which the data subject is a party, or necessary for the implementation of pre-contractual measures taken at the request of the data subject). 

The data you enter in the contact form will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g., after processing your request has been completed). Mandatory legal provisions – in particular retention periods – remain unaffected. 


Login area – luca Locations – for operators 

In this area, you can register as an operator for luca Pay in order to make our payment system available in your company. In addition, documents such as an order processing contract are provided. In further steps, you can set up your offer and, for example, set up your tables. The legal basis for the processing is Art. 6 lit. b GDPR. The storage period of your data concerns the duration of your use as well as the legal storage obligations. In addition, you can activate location services in order to be found as a location in the customer app. The legal basis for this processing is your consent pursuant to Art. 6 lit. a GDPR, which you can revoke at any time. When location services are activated, an entry is made for you in Google Maps. In the process, the location data you enter is sent directly via a so-called proxy and thus your own IP address is not transmitted to Google. 

If you would like to receive the newsletter offered on the website, we require an email address from you. Further data will not be collected or will only be collected on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties. 

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the email address, and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing procedures already carried out remains unaffected by the revocation. 

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g., email addresses for the member area) remain unaffected by this. 

Registration takes place via the so-called “double opt-in” procedure. After registering for the newsletter, you must confirm your entry into the subscriber list in a second step. For this purpose, an email message with a request for confirmation will be sent to the contact address entered. Registration for the newsletter is therefore only effective once it has been confirmed. 

We operate publicly accessible social media pages on the following platforms: 


Explanation of the processing operations 

Regarding the processing of personal data (e.g., name, photos, email addresses and IP addresses, etc.) initiated by your visit to these pages, we are jointly responsible with the operators of the social media platforms. In addition, the responsible persons of the social media operators are listed below, and the data protection declarations of the respective operators also apply. 

The operators of the social media platforms also carry out data processing. The individual data processing and its scope differ depending on the operator of the respective social media platform and are not necessarily comprehensible for us. For details about the collection and storage of your personal data as well as the type, scope and purpose of its use by the respective operator, please refer to the listed data protection declarations. We have only very limited influence on the individual data processing. As far as it is possible for us to influence the data processing, we work within the scope of the possibilities available to us to ensure that the data is handled in accordance with data protection regulations. We can neither influence nor switch off certain statistics that the operators of social media platforms compile and make available to us in anonymised form. However, we do not use any optional statistics. 


Data processing by us 

Data processing is carried out in the interest of our public relations and communication. The legal basis for the processing of your personal data is our legitimate interest according to Art. 6 (1) 1 f) GDPR to present our company. 

You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our pages on social media platforms (e.g. the comment function is often only available to users registered on the respective platforms). These functionalities will not be available to you or only to a limited extent if you do not provide us or the respective platform operator with your personal data. 

The data you enter on our social media sites, such as comments, videos, photos, likes, public messages, etc. are published by the respective social media platform. If you use our social media sites to contact us, the personal data you provide us with will only be processed by us for the purpose of contacting you (Art. 6 (1) 1 a) and b) GDPR).  If messages or comments are addressed to us as a question or a request consisting of the exercise of your rights, we will forward this request internally for processing if necessary (exclusively by providing mandatory data). Alternatively, you can contact our data protection officer directly (the contact details can be found at the top of this statement). We do not process your data for any other purposes than those mentioned above and delete the personal data at the end of each processing operation. We only store the content if this is necessary, for example, to comply with legal requirements or because it is clearly discriminatory, offensive or obscene content. The legal basis for this is Art. 6 (1) 1 c) GDPR. 


Corporate addresses 



Facebook Ireland Limited (hereafter “Facebook Ireland”) 

4 Grand Canal Square 

Grand Canal Harbour 

Dublin 2 


Privacy Policy: 



Facebook Ireland Limited (hereafter “Facebook Irland”) 

4 Grand Canal Square 

Grand Canal Harbour 

Dublin 2 


Privacy Policy: 



Google Ireland Limited 

Gordon House, Barrow Street 

Dublin 4 


Privacy Policy: 



LinkedIn Ireland Unlimited Company
Wilton Place
Dublin 2 


Privacy Policy: 


This website embeds videos from the YouTube website. The operator of the pages is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. In order to ensure data protection on this website, we only use YouTube together with a so-called “pre-click” solution. A plugin prevents data from being transmitted to YouTube the first time you enter the page. 

Activating the video via the button provided constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time with validity for the future. 

In addition, we use YouTube in extended data protection mode. This mode means that only minimal data is sent to YouTube to establish the connection when you start the video. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. 

If necessary, further data processing operations may be triggered after the start of a YouTube video, over which we have no influence. You can find more information about data protection at YouTube in their data protection declaration. 


On our website, we also show you content from the video platform Vimeo. Vimeo is operated by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. When you visit one of our pages designed with a Vimeo video, a plugin prevents an immediate connection to the Vimeo servers from being established. I.e., the so-called “iframes” for Vimeo are blocked and provided with an automatic button. Only with your consent by clicking on this button is the connection to Vimeo made possible. The server is then informed of your IP address and which of our pages you have visited. Vimeo sets cookies and works with advertising networks. You can find more information about this here under “Cookies” and in the Vimeo privacy policy. 

If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your Vimeo account. 

The use of Vimeo only takes place with your consent by click (Art. 6 para. 1 lit. a GDPR). 

You can find more information on the handling of user data in the Vimeo privacy policy. 




This website uses the open-source software Matomo to measure reach. Matomo is configured so that no cookies are placed on the computer. Instead, we use various device data to analyse the behaviour of our visitors for the purpose of optimising our website. The legal basis for the processing is our legitimate interest as a website operator according to Art. 6 (1) lit. f of the GDPR. The weighing of the legitimate interests has been documented. 

The following data is collected: IP address = anonymised, pseudonymised visitor ID, location, date, time, browser, operating system/software, screen resolution, device type, device model, device brand, visits, converted destinations to understand the use and navigation on our pages. The IP address is anonymised directly when collected. The above measures do not allow us to draw any conclusions about the identity of individual visitors. For the provision of Matomo, we have chosen a German hosting provider and secured it with an order processing contract. The storage period is 14 months. 

You can also object to the range measurement by Matomo directly here: 

You have the option to prevent actions you take here from being analysed and linked. This will protect your privacy but will also prevent the owner from learning from your actions and improving usability for you and other users. 

Opt-out complete; your visits to this website will not be collected by the web analytics tool. Please note that the Matomo deactivation cookie of this website will also be deleted if you remove the cookies stored in your browser. In addition, if you use a different computer or a different web browser, you will need to complete the deactivation procedure again. 

Your visit to this website is currently collected by Matomo web analytics. De-select this checkbox to opt out. 

If deactivated, an opt-out cookie will be placed in your browser to prevent Matomo from storing usage data. If you delete your cookies, this will also delete the Matomo opt-out cookie. The opt-out must be reactivated when you visit our site again. Matomo adheres to the “do-not-track” function of your browser. 

For more information, please see: Matomo – Privacy User Guide. 

Regarding the processing of your personal data, you have the following rights provided for by the GDPR, which you can exercise against us for all processing: 

  • The right to obtain a statement as to whether your personal data are being processed and, where this is the case, the right to access those data. This information includes, among other things, the purposes of processing, the categories of personal data processed, and the recipients or categories of recipients to whom the personal data have been or will be disclosed (Art. 15 GDPR). 
  • The right, under certain conditions, to demand that your personal data be deleted immediately (so-called “right to be forgotten”) (Art. 17 GDPR). The deletion of your data can be carried out accordingly, if there is no justified interest or legal retention period to the contrary. 
  • The right to request the restriction of the processing of your personal data under certain conditions (Art. 18 GDPR). 
  • The right to revoke the consent given to us regarding the processing of your personal data at any time. Such a revocation is valid for the future and does not affect the lawfulness of the processing that took place until your revocation. 

You may also contact our data protection officer to exercise these rights against us. 

Notwithstanding the above rights, you have the right to lodge a complaint with a supervisory authority for data protection and freedom of information, for example, the State Commissioner for Data Protection and Freedom of Information of Baden-Württemberg: 

Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, Postfach 10 29 32, 70025 Stuttgart. 

Tel.: +49 711/615541-0 

Fax: +49 711/615541-15 


This is the current version of our privacy policy (valid as of 04.10.2022). We reserve the right to adapt this privacy policy (in particular in the event of changes in the legal situation or changes to our services). For this reason, it is recommended that you check this privacy statement at regular intervals.