FERME-LUX Sàrl

Privacy Policy

Privacy Statement

The following data protection declaration applies to the use of our online service https://fermelux.lu/ (“site web”). We attach great importance to data protection. The collection and processing of your personal data is carried out in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR). We collect and process your personal data in order to be able to offer you the above mentioned portal. This declaration describes how and for what purpose your data is collected and used and what options you have regarding your personal data.

By using this website, you consent to the collection, use and transfer of your data in accordance with this privacy policy.

1. Person in charge
The person responsible for the collection, processing and use of your personal data in accordance with art. 4 no. 7 of the GDPR is

FERMÉ-LUX Sàrl

Zone Industrielle Rolach, Hall 1,

L-5280 Sandweiler

Phone : +352 35 53 78

GSM 7 days a week : +352 691 545 407

Email : info@fermelux.lu

If you wish to object to the collection, processing or use of your data by us in accordance with these data protection provisions in whole or in part or for individual measures, you can contact the person responsible. You can save and print this data protection declaration at any time.

2. General use of the website

2.1 Accommodation

The hosting services we use are used to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services as well as technical maintenance services that we use for the operation of the website.

We, or our host, process inventory data, contact data, content data, contract data, usage data, metadata and communication data of customers, interested parties and visitors to this online service on the basis of our legitimate interests in the efficient and secure provision of this online service in accordance with Art. 6, Paragraph 1 (f) RGPD in connection with Art. 28 RGPD.

2.2 Access data

We collect information about you when you use this site and automatically collect information about your usage patterns and interactions with us and store information on your computer or mobile device. We collect, store and use data about each access to our online services (server log files). This includes access data:

  • Name and URL of the recovered file
  • Date and time of extraction
  • volume of data transferred
  • Message about successful recovery (HTTP response code)
  • Browser type and version
  • operating system
  • Referrer URL (i.e. the previously visited page)
  • The web pages accessed by the user’s system through our website
  • User’s Internet Service Provider
  • IP address and requesting provider

We use this log data without assigning it to your person or other profiles for statistical evaluation, for the operation, security and optimization of our online services, as well as for anonymous recording of the number of visitors to our website (traffic) and the extent and type of use of our site and services, and for billing purposes. This information allows us to provide personalized, location-based content, analyze traffic, troubleshoot and correct errors, and improve our services.

This is also our legitimate interest within the meaning of Article 6(1)(f) GDPR.

We reserve the right to subsequently check the log data if there is a justified suspicion of illegal use based on concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security reasons or for the provision of services or billing of a service, for example if you use one of our offers. After the order process has been terminated or after payment has been received, we delete the IP address if it is no longer required for security reasons. We also record IP addresses if we have concrete suspicions of a criminal offence in connection with the use of our website. We also record the date of your last visit to your account (e.g. when registering, logging in, clicking on links, etc.).

2.3 Cookies

We use session cookies to optimize our online services. A session cookie is a small text file sent by the respective servers when you visit a website and stored temporarily on your hard drive. This file contains a session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. These cookies are deleted when you close your browser. They are used, for example, to enable you to use the shopping cart function on multiple pages.

When the cookie is set, it is assigned an ID number and your personal data is not assigned to the ID number. Your name, IP address or similar data that would allow the cookie to be attributed to you will not be placed in the cookie. Based on cookie technology, we only receive pseudonymized information, such as which pages of our store have been visited, which products have been viewed, etc. We do not use cookies to identify you.

You can set your browser so that you are informed in advance of the setting of cookies and can decide in individual cases whether you wish to exclude the acceptance of cookies in certain cases or in general, or whether cookies are prohibited altogether. This may limit the functionality of the website.

2.4 Contact form and email

When you contact us (e.g. via the contact form or by e-mail), we save your data for the processing of your request and in case of further questions.

This is also our legitimate interest within the meaning of Article 6(1)(f) GDPR.

When sending the contact form, the following data is also saved:

Date and time of the request
We only store and use other personal data if you give us your consent or if the law allows it without special permission.

You can also contact us at the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

2.5 Privacy Policy for the use of Google Maps

We use the Google Maps API on this site. Google Maps is an online map service that visually displays geographic information.

This is also our legitimate interest within the meaning of Article 6(1)(f) GDPR.

Google Remarketing services are operated by Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Each call to one of the individual pages of our website, on which a Google Maps component has been integrated, establishes a connection with the Google server in order to download a display of the corresponding Google Maps component from Google. This allows Google to obtain information about the specific sub-page of our website that you are visiting.

If you are logged into Google at the same time, Google recognizes the specific page of our website that you visit each time you visit our website and for the duration of your stay on our website. This information is collected by the Google component and assigned to your Google Account by Google. You can prevent the transmission of this information to Google by logging out of your Google Account before accessing our website.

You can find more detailed information about the processing of data by Google in the Google’s data protection information. You can also change your privacy settings in the Data Protection Center.

Here you will find detailed instructions for managing your own data in connection with Google products.

2.6. Duration of storage

Unless otherwise specified, we will retain personal data only as long as necessary to fulfill the purposes for which it was collected.

2.7 Data protection for applications

In order to process applications, we collect and process the personal data of applicants. This can also be done electronically, in particular if the application documents are sent to us by e-mail or via an online form on the website. If an employment contract is concluded with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in accordance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted two months after the notification of the rejection decision, provided that there are no other legitimate interests of the data controller that oppose such deletion. Other legitimate interests in this sense include, for example, the obligation to provide evidence in the context of the procedures provided for by the law on equal treatment.

2.8 Legal basis and retention period

The legal basis for the data processing according to the above paragraphs is Art. 6, paragraph 1, points a), b) and f) of the GDPR. Our interests in data processing are in particular the initiation, conclusion and performance of contracts as well as direct advertising and product information.

Unless otherwise specified, we keep personal data only for as long as necessary or legally required to fulfill the purposes for which it was collected.

3. Your rights as a data subject

Under applicable law, you have various rights with respect to your personal information. If you wish to exercise these rights, please send your request by e-mail or by mail, clearly identifying yourself, to the address indicated in Section 1.

Below is an overview of your rights.

3.1 Right to confirmation and information

You have the right at any time to receive confirmation from us about the processing of your personal data. If this is the case, you have the right to ask us for free information about the personal data stored about you and a copy of this data. In addition, you are entitled to the following information:

  • the purposes of the processing
  • the categories of personal data processed
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
  • if possible, the period of time for which the personal data will be kept or, if not possible, the criteria for determining this period
  • the existence of a right to rectify or erase personal data concerning you or to limit the processing by the data controller or to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • if personal data is not collected from you, all available information on the origin of the data
  • The existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) of the GDPR and, at least in these cases, useful information about the logic involved and the scope and expected impact of such processing on you.
  • If personal data is transferred to a third country or international organization, you have the right to be informed of the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer.

3.2 Right of rectification

You have the right to request that we correct incorrect personal data about you immediately. In view of the purposes of the processing, you have the right to request that incomplete personal data be completed – also by means of an additional declaration.

3.3 Right of withdrawal (“right to be forgotten”)

Pursuant to Art. 17(1) GDPR, you have the right to demand that we immediately delete your personal data, and we are obliged to immediately delete personal data if any of the following reasons apply:

  • Personal data are no longer necessary for the purposes for which they were collected or processed.
  • You revoke your consent on which the processing was based in accordance with Art. 6(1)(1)(a) GDPR or Art. 9(2)(a) GDPR and there is no other legal basis for this processing.
  • You object to the processing in accordance with Art. 2, paragraph 1 GDPR and there are no compelling and legitimate reasons for the processing or you object to the processing in accordance with Art. 21, paragraph 2 GDPR.
  • Personal data has been processed illegally.
  • The erasure of personal data is necessary to fulfill a legal obligation under Union or Member State law to which we are subject.
  • The personal data were collected in connection with the information society services offered in accordance with Article 8, paragraph 1, of the GDPR.

If we have made personal data public and are required to delete it in accordance with Art. 17(1) GDPR, we will take appropriate measures, including technical measures, taking into account the available technology and the costs of implementation, to inform the data controllers of the personal data that you have requested them to delete any links to such personal data or copies or reproductions of such personal data.

3.4 Right to limit processing

You have the right to require us to restrict processing if any of the following conditions are met:

  • the accuracy of personal data is challenged by you for a period of time that allows us to verify the accuracy of the personal data,
  • the processing is unlawful and you have refused to erase the personal data and have instead requested that the use of the personal data be restricted;
  • we no longer need the personal data for processing, but you need it to assert, exercise or defend legal claims, or
  • you have objected to the processing in accordance with Art. 21, para. 1 GDPR, as long as it has not yet been established whether the legitimate reasons of our company outweigh yours.

3.5 Right to data portability

You have the right to receive the personal data about you that you have provided to us in a structured, common, machine-readable format, and you have the right to transfer that data to another responsible person without our intervention, provided that

  • the processing is based on consent within the meaning of Art. 6(1)(1)(a) of the GDPR or Art. 9(2)(a) of the GDPR or on a contract within the meaning of Art. 6(1)(b) of the GDPR and
  • processing is done using automated procedures.

When you exercise your right to transfer data in accordance with paragraph 1, you have the right to have the personal data transferred directly by us to another responsible person, to the extent that this is technically possible.

3.6 Right to object

You have the right, for reasons relating to your particular situation, to object at any time to the processing of your personal data on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. We no longer process personal data unless we can prove that the processing is worth protecting for compelling reasons that outweigh your interests, rights and freedoms, or that the processing serves to assert, exercise or defend legal claims.

If we process personal data for the purpose of direct advertising, you have the right to object at any time to the processing of your personal data for the purpose of direct advertising; this also applies to profiling insofar as it is related to such direct advertising.

You have the right to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes within the meaning of Art. 89, paragraph 1 GDPR on grounds arising from your particular situation, unless such processing is necessary for the performance of a task in the public interest.

3.7 Automated decisions, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, that has a legal effect on you or similarly affects you.

There will be no automated decision making based on the personal data collected.

3.8 Right to revoke consent under the Data Protection Act

You have the right to revoke your consent to the processing of personal data at any time.

3.9 Right of appeal to a supervisory authority

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you are staying, at your place of work or at the place of the alleged infringement, if you believe that the processing of your personal data is unlawful.

4. Data security
We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data will be transmitted encrypted. This applies to your orders as well as to the customer login. We use the SSL (Secure Socket Layer) encryption system, but we would like to point out that data transmission over the Internet (e.g. during e-mail communication) can have security gaps. A complete protection of the data against access by third parties is not possible.

In order to secure your data, we apply technical and organizational security measures in accordance with Art. 32 GDPR, which we continuously adapt to the state of the art.

Furthermore, we do not guarantee that our services will be available at certain times; disruptions, interruptions or failures cannot be excluded. The servers we use are regularly and carefully backed up.

5. Transfer of data to third parties, no transfer of data to third countries

In principle, we only use your personal data within our company.

If and insofar as we involve third parties in the execution of contracts (such as logistics service providers), such personal data will only be provided to the extent that the transmission is necessary for the respective service.

If we outsource parts of the data processing (“order processing”), we contractually oblige the subcontractors to use the personal data only in accordance with the requirements of the data protection laws and to ensure the protection of the data subject’s rights.

Data will not be transferred to entities or individuals outside the EU other than as described in this statement in Section 2.