Not all privacy is created equal. At Luxador, we design our products to protect your personal data at all costs. We do it because it’s the right thing to do.
Luxador is committed to protecting your personal data.
Luxador is committed to protecting your personal data. This policy sets out how Luxador protects your personal data and advises you on your privacy rights and how the law protects you.
Use of this corporate website and Luxadors partner sites, including the websites of the companies that Luxador invests in, results in the company collecting and processing personal data of our customers and suppliers.
The European Unions General Data Protection Regulations (GDPR) describe individuals who have provided personal data to an organisation (either directly or indirectly) as “data subjects”.
As a data subject, as per the law, users have rights in respect of how their personal data is processed.
- Under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, rectify or erase your personal data and the right to restrict the processing of your personal data.
- Where applicable, you also have the right to object to the processing or the right to data portability.
- You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a).
- You have the right to withdraw previous consent. You can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you withdraw your consent.
- You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor.
The Data Controller: If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, contact the Data Controller Unit G2, Directorate G, Directorate-General for Communications Networks, Content and Technology (DG CNECT) of the European Commission at: CNECT-G2@ec.europa.eu
The European Data Protection Supervisor (EDPS): You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor (firstname.lastname@example.org) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.
Luxador collects and processes digital information in line with the requirements of the GDPR.
We are committed to:
- Processing your data in a lawful, fair, and transparent way.
- To collect data only for definitive and legitimate purposes.
- Collecting data that is relevant and limited to purposes you have been informed of.
- Ensuring that personal data is current and accurate.
- Ensuring that data is kept only as long as necessary for the purpose you have been informed of.
- Ensuring personal data is stored securely.
As a resident of Europe, you have the right to make a complaint to the relevant regulator in your location. However, we would like the opportunity to deal with any concerns you may have before you approach regulators. So please contact us first to resolve any issues.
What data does Luxador collect?
Luxador does not collect any Special Categories of Personal Data. This refers to and includes details on:
- Race or Ethnicity
- Religious or Philosophical Beliefs
- Sexual Orientation
- Health and Genetic Biometric Data
- Or Criminal History
Luxador collects information that can identify an individual but only as it relates to the relationship between the company and the individual. To understand what type of personal data the company collects, uses, and securely stores we have grouped them into these groups:
Identity data: This includes first and last names, username or a similar identifier, company name and position, date of birth and gender.
Contact data: This includes billing address, delivery address, email address, and telephone number.
Financial data: This includes company registration details, bank account and payment card details.
Luxador collects data from and about our customers in various ways that include:
Direct interaction where customers give the company their identity, contact details and financial data. This information is collected through correspondence with the company and/or by filling in forms to access services or purchase goods.
Third party or publicly available sources.
Providers of technical and payment services. For example, the company will data from credit reference agencies.
How will data be used?
Luxador is guided by the law when it comes to use of personal data.
Generally, data is used when:
- We need to service contracted services or prior to entering into a contract.
- Where necessary to act in legitimate interests of the company (or a third party) or the customers interests and where fundamental rights do not override that need.
- Where there is a need to comply with legal or regulatory obligations.
Luxador may process client data for more than one lawful purpose depending on the specific circumstances of the company’s relationship with the client. It is also essential that the data we hold is accurate and current. Clients are encouraged to notify Luxador of any changes that affect information relevant to the relationship between Luxador and the client.
Who Will Have Access to Your Data?
Client data will be used during day to day business activities where required and appropriate and fulfils the needs of the business relationship between Luxador and its client.
Luxador will not sell or disclose personal data to third parties unless required by regulation or to improve the business relationship between Luxador and the client.
How long does luxador retain personal data?
Luxador retains data only as long as the business relationship between the company and client exists. This ensures that Luxador can meet its legal and regulatory obligations.
The amount, nature and sensitivity of personal data, as well as the potential risk from unauthorised usage or breaches are also considered when deciding on how long we retain data. If it is possible to service the business relationship and meet applicable legal requirements without retaining client supplied data, Luxador will choose this option.
By law, Luxador has to retain basic client information to meet tax obligations.
Disclosure of your personal data
For business and/or regulatory reasons Luxador may need to share personal data. Below we have listed the parties that may
have access to your data.
Internal Third Parties: Companies in the Luxador Group
External Third Parties: Can include service providers who provide financial or IT administration services operating in the EU, US, Africa or elsewhere.
Specific Categories: This can include payment service providers or courier companies.
Luxador requires all third party partners to respect data and treat it in accordance with this policy and to follow all legal and regulatory requirements. Third party partners are prohibited from using data for their own purposes and require them to
process personal data for specific and specified purposes in according to Luxadors instructions.
Luxador is cognizant of the fact that the transmission of information via digital channels is not completely secure. We take measures to protect all data, but we cannot issue a blanket guarantee that the data transmitted over digital channels is 100% secure.
We do commit to use strict and enforced procedures and the highest security protocols to protect all data that remains under our control.
We take our role as guardian of our client’s data seriously. We have put in place security to safeguard against the loss, use or unauthorized access of all data we hold. Our security measures prevent the alteration, disclosure, and unauthorized sharing of all data. In addition, we limit access of all personal data to employees and other third party partners on a need to know basis. When shared, personal data will only be processed as per our instructions.
Data breaches as a result of employee carelessness or misconduct will be dealt with through the company’s internal disciplinary procedures. Clients will be notified of any breaches of their personal data and applicable regulators will be notified where we are legally required to do so.
Individual rights of clients
Right of Access: Clients have a right to request a copy of all information the company has on them.
Right of Rectification: Clients have the right to correct any inaccuracies or incomplete data to be updated held by the company.
Right to Restriction of Processing: Under pre-set conditions, clients can demand a restriction on the processing of personal data.
Right to be Forgotten: Under certain circumstances, clients can apply to have data held by the company to be erased from our records.
Right to Judicial Review: If the company refuses any Rights of Access request, it will provide our reasoning and the client has the right to lodge a complaint with the relevant regulator.