Privacy policy

Privacy Policy

We appreciate your interest in our webshop (https://fragralux.com/) ("webshop" or "website"). This privacy policy is designed to give you a clear overview of how we process your personal data.

  1. Who is responsible for processing my data, and who is the data protection officer?

Responsible for data processing in accordance with Art. 4 No. 7 General Data Protection Regulation (GDPR) is:

TRADE PEAK LIMITED

ID: 15596647 

Email: support@fragralux.com

Managing Director: Daniel Vasilev Stefanov

262 Uxbridge Road, London, Greater London, England, HA5 4HS 

  1. What is the subject of data protection?

Data protection law regulates the handling of personal data. Personal data refers to information related to an identified or identifiable natural person ("data").

  1. Which categories of data do we process, and where do these come from?

Through your use of our webshop, we process the following categories of data:

Data you provide: When placing an order, contacting us (e.g., via contact form or email), or opening a customer account, you provide us with data. The specific data provided can be seen in the respective input forms. This may include your name, email address, telephone number, other contact details including your address, or your payment data.

You can see from the input form whether you are obliged to provide us with the respective data. Further information can also be found under section 4 of this privacy policy.

When you visit our website, we may also store access data in so-called server log files.

Data we collect from third parties: If you order in our webshop, we may also collect data about you from third parties, such as credit agencies and payment service providers.

Cookies: To make the visit to our website attractive and to enable the use of certain functions, we use so-called cookies or similar technologies on our website, including for advertising and analysis purposes. Further information can be found under section 4 below as well as in our cookie settings. You can change your cookie preferences there at any time.

Special categories of personal data: We do not collect and process any special categories of personal data.

  1. For what purposes and on what legal basis are my data processed?

We process your data for the purposes mentioned below. Generally, you are neither legally nor contractually obliged to provide us with your data for these purposes. Without your data, however, we may not be able to offer you our website and services.

Contract-related processing purposes based on the legal basis of Art. 6 Para. 1 S. 1 lit. b) GDPR:

Opening a customer account: To open a customer account, you must first register with us. During this registration, we process certain data from you, such as your name and email address. What data we collect exactly can be seen from the respective input form. We collect this data to establish a customer account for you.

Data collection and use for contract processing: We collect and process data when you provide it to us as part of your order. What data is collected can be seen from the respective input forms. We use the data you provide to fulfil our contractual obligations towards you and to process your inquiries, especially to process your order, handle your payment, and for contract-related communication with you, such as answering questions and complaints. Therefore, your data is necessary for contract execution, especially to carry out your order. The input forms indicate which information is required and which additional information you can optionally provide.

Data processing based on consents under the legal basis of Art. 6 Para. 1 S. 1 lit. a) GDPR:

Use of your data for advertising and analysis purposes: We use your data based on your consent to contact you for advertising purposes (newsletters, customer satisfaction surveys, availability notifications) by email. If you give us your consent, we personalise the content of the newsletters according to your interests. Additionally, we use your data, based on your consent, to display interest-based advertising to you based on the cookies or similar technologies we use on our website and the websites of our advertising partners. We also use, with your consent, cookies or similar technologies that enable us to offer you certain convenience functions as well as to analyse website usage so we can measure and improve its performance. Further information on the use of cookies and similar technologies can be found in our cookie settings.

You can revoke your consent to the use of your data for advertising and analysis purposes at any time with effect for the future. For email advertising, you can click the unsubscribe link included in the respective advertising messages or contact us at support@fragralux.com or via the address mentioned in section 1 of this privacy policy. You can revoke your consent to the use of cookies and similar technologies in our cookie settings.

Data processing to fulfil legal obligations based on the legal basis of Art. 6 Para. 1 S.1 lit. c) GDPR:

Data security: When operating the webshop, we must fulfil legal obligations. This includes, among other things, the obligation to ensure the security of your data when using the webshop. For this purpose, we may process your data as part of measures to ensure data security.

Record-keeping obligations: Furthermore, we must retain certain data (e.g., commercial letters and receipts) for a legally prescribed period. Such data may only be deleted after the legally prescribed retention periods have expired, even in the presence of deletion requests.

Data processing based on legitimate interest under the legal basis of Art. 6 Para. 1 S. 1 lit. f) GDPR:

Below, you will find information on data processing, including transmissions, that we carry out based on the legal basis of our legitimate interest in the respective purpose of processing, as described in more detail below. Processing only takes place to the extent necessary to pursue our legitimate interests or those of a third party and not overridden by your interests, fundamental rights, and freedoms. If you need further information on the interest balancing test conducted, please contact us at the address mentioned in section 1 of this privacy policy.

Storage of access data in server log files: When you visit our webshop, we store access data in so-called server log files, such as the name of the requested file, date and time of access, the amount of data transferred, and the requesting provider. Insofar as personal data is processed, this processing is based on our predominant legitimate interest in ensuring the smooth operation of the website and improving our offer.

Country and language preference: When you first access our webshop or if you delete our country preference cookie, you will be asked to select the country relevant to your order and possibly a language for that country so we can display prices in our webshop in the relevant currency. Based on your IP address, we can also suggest suitable countries via a pop-up window, which our service provider determines as the likely delivery region based on your IP address. The data processing is based on our predominant legitimate interest in providing a user-friendly website. 

Product recommendations: If you order goods from us, we can use your data to send you product information on similar products. This is based on our legitimate interest in making suitable product recommendations to you. You can object to the use of your data for these advertising purposes at any time with effect for the future. For this purpose, you can click the unsubscribe link included in the respective advertising messages or contact us at support@fragralux.com or via the address mentioned in section 1 of this privacy information.

Credit check and fraud prevention: We use your data to reduce the risk of payment defaults and fraud in online orders and the operation of our online webshop, especially if you choose payment by invoice. This is based on our legitimate interest in protecting ourselves and our customers and other users from the misuse of your data, especially through fraudulent orders. For this purpose, we process, in particular, device and access data as well as purchase and payment data. We work with credit and fraud prevention service providers who provide us with credit data, such as information on the risk assessment determined by our service providers for your person. The processing of your data for the mentioned purposes is necessary for contract execution, and without the data, we may not be able to fulfil your order. You can object to the use of your data for these purposes at any time with effect for the future, citing the reasons arising from your particular situation. For this purpose, you can contact us at support@fragralux.com or via the address shown in section 1 of this privacy information.

  1. With whom is my data shared?

Even when we share your data with service providers, we ensure that your data is processed, protected, and transmitted in compliance with the applicable legal requirements.

We transmit your data to the following parties for the respective purposes:

Shipping

As part of fulfilling your order and for the purpose of package delivery, we pass on your data to shipping or transport companies, as far as this is necessary for the delivery of your ordered goods.

The data transfer is necessary for processing your order and thus for fulfilling our contractual obligations, and therefore takes place on the basis of Art. 6 Para. 1 S. 1 lit. b) GDPR.

Credit check

If you decide to purchase on account, we have a legitimate interest in being able to assess the associated economic risks before concluding the contract. If you select the payment method "purchase on account," we therefore transmit your data (name, address, and possibly date of birth) for the purpose of credit assessment, to assess the risk of payment default based on mathematical-statistical procedures using address data and to verify your address (check for deliverability) to a financial service provider. The legal basis for these transmissions is Art. 6 Para. 1 S. 1 lit. f) GDPR. The transmission is based on our legitimate interest in ensuring your ability to pay when purchasing our products on account.

Fraud prevention

We conduct a fraud check for orders and transmit your order data to our service providers for this purpose. If an order is classified as risky based on the check, it may be cancelled.

For a purchase on account or payment via Stripe, we transmit your order data (name, address, gender, date of birth, cart value, order time, IP address, payment method) to a service provider based in Europe for fraud prevention purposes.

If you select the payment method credit card, we transmit your order data to a service provider based in the Europe. In the fraud check by this service provider, probability values are used, based on which orders that contain a fraud risk for us are recognized. Further information on how our service provider processes personal data can be obtained from us at any time using the contact details shown in section 1 of this privacy information. If you do not agree to data transmission to this service provider, please use another payment method.

The legal basis for these transmissions is our legitimate interest in preventing fraud cases at your or our expense, Art. 6 Para. 1 S. 1 lit. f) GDPR.

Debt collection

If there are outstanding claims from your orders, we will contact you by email with a new payment request. Should you not comply with this request despite the existence of a legitimate claim, we may hand over the enforcement of the claim to our debt collection service provider, to whom we pass on your order and contact data for this purpose.

The legal basis for transmitting your data to this service provider is its necessity for contract execution, Art. 6 Para. 1 S. 1 lit. b) GDPR.

Newsletter, personal product recommendations, and surveys

A service provider is used for the technical handling of the newsletter dispatch and personal product recommendations as well as personalised messages based on usage behaviour via email.

We also use a service provider to conduct customer satisfaction surveys to obtain customer feedback, e.g., regarding awareness of our brand and our products.

Our partners process your data exclusively according to our instructions and on our behalf. We have contractually ensured that our partners comply with all data protection regulations. The scope of the transmitted data is limited to the necessary minimum. The data transfer takes place on the basis of Art. 28 Para. 1 GDPR.

Furthermore, as part of the use of tracking functions on our website, we transmit further data for advertising purposes to third parties. More information on this, including your setting options, can be found in our cookie settings.

  1. Will my data be transferred to a third country?

Some of our service providers and group companies to whom we transmit your data are located outside the European Economic Area (EEA). In these countries, the protection of your personal data may not be comparable to that under the GDPR. In particular, government authorities there may have the right to access your data without you having effective legal remedies to defend against it. Such a transfer, therefore, only takes place if the third country has been confirmed by the EU Commission to have an adequate level of data protection (Art. 45 Para. 1 GDPR) or if you have given us your explicit consent to transfer your data to recipients outside the EEA (Art. 49 Para. 1 lit. a) GDPR). Otherwise, we ensure that an adequate level of data protection is maintained through appropriate contractual, technical, and/or organisational measures (in particular by agreeing to the EU standard contractual clauses as well as additional measures and recurring reviews). Further information and copies of the EU standard contractual clauses can be obtained from us using the contact details given in section 1 of this privacy information.

  1. How long will my data be stored?

Your data will be stored in accordance with Art. 5 Para. 1 lit. e) GDPR for as long as we are legally required to do so or we need your data for the purposes mentioned under section 4. Subsequently, the processing of your data will be restricted or your data will be deleted to comply with the principles of data minimization and storage limitation.

If you need more information regarding our deletion and retention periods, please contact us using the address shown in section 1 of this privacy information.

  1. What data protection rights can I assert as a data subject?

You can assert your rights as a data subject, as described in more detail below. For this purpose, you can reach us using the contact details provided in section 1 of this privacy information.

Right to information

You can request information in accordance with Art. 15 GDPR about your personal data processed by us. In your request for information, you should specify your concerns to facilitate the compilation of the necessary data. Please note that your right to information may be restricted under certain circumstances according to the statutory provisions (in particular § 34 BDSG).

Right to rectification

If the information concerning you is not (or no longer) accurate, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request its completion.

Right to deletion

You can request the deletion of your personal data under the conditions of Art. 17 GDPR. Your right to deletion depends, among other things, on whether the data concerning you is still needed by us to fulfil our contractual or legal obligations.

Right to restriction of processing

You have the right under the provisions of Art. 18 GDPR to request a restriction on the processing of the data concerning you.

Right to object

You have the right under Art. 21 GDPR to object at any time to the processing of data concerning you for reasons arising from your particular situation. However, we may not always be able to comply with this, e.g., if legal provisions oblige us to process the data. If we process your data for direct marketing purposes, you can object to the processing at any time (Art. 21 Para. 2 GDPR).

Right to lodge a complaint with a data protection supervisory authority

We commit to working with you to find a fair solution to any complaints regarding data protection.

Regardless, you have the right to lodge a complaint with a data protection supervisory authority, especially in the EU member state of your residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data by us violates applicable data protection law.

Email: support@fragralux.com