Privacy policy

General Information

Compliance with data protection laws is not only a legal obligation for Luamira, owner Amelie Hemberger, but also an important factor of trust. With the following privacy provisions, we aim to inform you transparently about the nature, scope and purpose of the personal data we collect and process in connection with this website, as well as about your rights.

Web Storage

What Web Storage Is
Web storage is a web application technology that stores data in a web browser. Web storage can be regarded as a further development of cookies, but differs in some respects.
Unlike cookies, which can be accessed by both server and client, web storage is entirely controlled by the client. This means that data is not transmitted to the server with every website access. Access takes place exclusively locally via scripts on the website. Specifically, this means that third party access to the information stored via the website is excluded. Only you and we can access the locally stored data.
Legal Basis
The legal basis for the use of web storage that is strictly necessary for the operation of the website is Art. 6(1) sentence 1 lit. f GDPR (legitimate interests) and Section 25(2) no. 2 TDDDG, strict necessity to provide a digital service expressly requested by the user. Our legitimate interest arises from our need to provide you with a functioning website. Web storage is necessary because it is an integral part of current internet technology, and without it many functions of modern websites would not be available. We therefore need web storage to provide the website to you upon your request.
You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.
We note, however, that processing in web storage may be mandatory within the meaning of Art. 21(1) GDPR, since the website otherwise cannot be operated and we do not have the technical possibility to prevent its use on specific individual devices. You may be able to do this yourself in your browser. For further information, please consult your browser instructions.

Contact

Our website offers options to contact us directly.
We process the data you transmit to us only until the respective purpose of your contact request has been achieved, unless statutory retention periods prevent deletion. If the purpose of your contact is the assertion of data subject rights, the provisions under “Your Rights as a Data Subject” apply.
The following data are processed in the context of the contact form:
Name, email address, subject of the enquiry, referrer, where applicable event related information, and the content of the message.
The legal basis for using the data transmitted by you in the context of contractual or pre contractual relationships, or for answering (pre)contractual enquiries, is Art. 6(1) sentence 1 lit. b GDPR (processing for the performance of a contract and for the implementation of pre contractual measures).
The legal basis for processing the data transmitted by you in other cases, that is not for contractual or pre contractual purposes or enquiries, is Art. 6(1) sentence 1 lit. f GDPR (legitimate interests). Our legitimate interest arises from our interest in responding to enquiries and maintaining user relationships.
You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.

Newsletter

We offer you the option of receiving regular updates via our newsletter and information about special offers. To subscribe to the newsletter, you can enter your email address into our distribution list. You must then confirm the subscription again (double opt in procedure). We use the data you provide to us solely for sending the newsletter and do not pass it on to third parties for other purposes.
Further information on data disclosure can be found below under “Third Party Services, External Newsletter Service”.
Our newsletter uses so called web beacons or tracking pixels to analyse your reading behaviour. Tracking pixels are extremely small image files integrated into the newsletter email and enable log file recording and analysis.
When you open the newsletter email, the tracking pixel is loaded from the server of the newsletter service provider and, at the same time, certain information about you is transmitted, such as whether the email was opened, the time of access and the associated IP address.
In addition, links in the email can indicate which products were of greater interest, meaning clicked more frequently than others.
Both the respective web beacon or tracking pixel and the links in the email can be uniquely assigned to the email address used for sending, and thus allow conclusions to be drawn about the individual newsletter recipient.
The legal basis for the use of your email address is Art. 6(1) sentence 1 lit. a GDPR (consent). You can withdraw your consent at any time with effect for the future. Please use the link in each newsletter email or contact us using the contact details provided in the legal notice.

Use of Our Webshop

If you wish to place an order in our webshop, it is mandatory for the conclusion of the contract and the processing of your order that you provide certain data. Information that is indispensable for processing is marked as such, all further information is voluntary. We process the data provided by you during the ordering process only for processing your order. If you do not provide the required data, your order cannot be processed.
Furthermore, it may be necessary to disclose your data to third parties for the purpose of processing the order, for example banks or payment service providers, logistics companies, etc. Further information can be found in our Terms and Conditions, above under “Disclosure of Data”, and below under “Third Party Services”.
The legal basis for processing your data to handle the order is Art. 6(1) sentence 1 lit. b GDPR (processing for the performance of a contract). The legal basis for the voluntary data you provide during the ordering process is Art. 6(1) sentence 1 lit. f GDPR (legitimate interests). Our legitimate interest arises from our need to offer you the possibility to accelerate order processing through additional information and to provide further contact options for quick and efficient customer service. It is also in our interest to allow you to provide further information that we process in the interest of user friendliness. You may object at any time to processing of your data for direct marketing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.
We are obliged under commercial and tax law requirements to store your address, payment and order data for ten years. However, after two years we restrict processing, meaning your data is used only to comply with statutory obligations.
To prevent unauthorised access by third parties to your personal data, in particular financial data, the ordering process is encrypted using TLS technology.
We may also process the data you provide in order to inform you about other interesting products from our portfolio or to send you emails with technical information.
The legal basis for this use of your contact data is Art. 6(1) sentence 1 lit. f GDPR (legitimate interests). Our legitimate interest arises from our need to provide you with interesting information about our offering and our company (direct marketing).
You may object at any time to processing of your data for direct marketing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.

Hosting Services

Our website is hosted on servers of ALL INKL.COM, Neue Medien Münnich, proprietor René Münnich, Hauptstraße 68, 02742 Friedersdorf, Germany, in order to ensure efficient and secure provision of the website.
We have concluded a data processing agreement with the provider to ensure that your data is processed only in accordance with our instructions.
Each time the website is accessed, general information is automatically transmitted from your browser to the server (server log files). For further information, see “Server Log Files” above.
The legal basis for the use of hosting services and the associated processing of your data is Art. 6(1) sentence 1 lit. f GDPR (legitimate interests). Our legitimate interest arises from our need for a technically flawless presentation of our website without requiring in depth knowledge of website programming and IT system maintenance. You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice. We note, however, that processing in this context may be mandatory within the meaning of Art. 21(1) GDPR, since the website otherwise cannot be operated at all without disproportionate effort.

Third Party Services

To simplify our data processing and to expand the functional scope of our website, we use services and resources from third parties, for example plugins, external content, software or other external service providers (services). Personal data may be transferred to the service provider in the process. To protect your data, we have, where necessary, contractually obliged the service providers pursuant to Art. 28 GDPR to process your data only in accordance with our instructions.
We expressly point out that, as a rule, we are responsible under the GDPR only for the collection and transfer of data by the service, but not for any subsequent processing carried out by the respective service provider.

In detail, we use the following services:

External Newsletter Service

We use external service providers that enable us to provide you with a newsletter containing current information and offers. These services are generally cloud based services for newsletter delivery. This allows newsletters to be created, sent and managed. The software is provided via the internet, so that we use the service via a web interface on an external server of the respective provider. This means that data processing can also take place outside the EU. In particular, it may be necessary to transfer the data you provide when subscribing to the newsletter to the respective provider. We have concluded a data processing agreement with the respective provider to ensure that your data is processed only in accordance with our instructions.
Because we request your consent before sending our newsletter, the legal basis for data processing for newsletter delivery is Art. 6(1) sentence 1 lit. a GDPR (consent). You can withdraw this consent at any time with effect for the future. Please use the unsubscribe link in the newsletter or contact us.
The legal basis for the disclosure of data in the context of using cloud based newsletter software is Art. 6(1) sentence 1 lit. f GDPR (legitimate interests), unless otherwise stated for the respective service. Our legitimate interest arises from our need to simplify and relieve our data processing. You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.

Substack
We use the newsletter service “Substack” provided by Substack Inc., 548 Market St, PMB 72296, San Francisco, CA 94104, USA.
If you subscribe to our newsletter, the data you enter, in particular your email address and, where applicable, your name, is transferred to Substack and stored there. Substack handles the technical delivery of the newsletter and the administration of subscriptions for us.
Substack enables us to determine whether a newsletter message was opened and which links were clicked, if any. Substack also allows us to track other statistical data such as bounce rates and unsubscribe rates.
If you do not want Substack to analyse your behaviour, you must unsubscribe from the newsletter. Please use the unsubscribe link in the newsletter or contact us.
Substack Inc. complies with the requirements of the EU U.S. Data Privacy Framework. The Data Privacy Framework governs the protection of personal data transferred from a Member State of the European Union to the United States. It ensures that the transferred data is subject to a level of protection in the United States that is comparable to that of the European Union. A list of certified companies can be accessed here: https://www.dataprivacyframework.gov/s/participant-search.

Further information on the handling of user data can be found in Substack’s privacy policy: https://substack.com/privacy

Website Builders and Hosting Services

Our website is based on a website builder. This is a service that enables us to provide a website without in depth knowledge of website programming by simplifying the creation and maintenance of the website via a cloud based user interface.
“Cloud based” means that the administration interface is provided to us by a third party provider on their servers. When using this application, personal data may arise at the third party provider, who may process it on our behalf in accordance with our and their privacy provisions. At the same time, the provider generally provides the infrastructure required for operating the website.
Each time the application is accessed, general information is automatically transmitted from your browser to the server (server log files). For further information, see “Server Log Files” above.
The legal basis for the use of cloud based website builders together with hosting services and the associated processing of your data is Art. 6(1) sentence 1 lit. f GDPR (legitimate interests), unless otherwise stated for the respective service. Our legitimate interest arises from our need for a technically flawless presentation of our website without requiring in depth knowledge of website programming and IT system maintenance. You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.

We use:
WordPress.com
WordPress.com is a service provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA.
Automattic Inc. complies with the requirements of the EU U.S. Data Privacy Framework. The Data Privacy Framework governs the protection of personal data transferred from a Member State of the European Union to the United States. It ensures that the transferred data is subject to a level of protection in the United States that is comparable to that of the European Union. A list of certified companies can be accessed here: https://www.dataprivacyframework.gov/s/participant-search.
More information on Automattic’s handling of user data can be found in Automattic’s privacy policy:
https://automattic.com/de/privacy/.

Cloud Applications

Our website uses cloud based applications. Cloud based applications are software solutions that do not need to be installed locally on your device, but are provided and operated by a third party provider via the internet on their servers. Maintenance, updates and data storage are carried out centrally by the provider. When you use these applications, personal data may arise at the third party provider, who may process it on our behalf in accordance with our and their privacy provisions.
Each time the application is accessed, general information is automatically transmitted from your browser to the server (server log files). For further information, see “Server Log Files” above.
The legal basis for the use of cloud applications and the transfer of your data to them is Art. 6(1) sentence 1 lit. f GDPR (legitimate interests), unless otherwise stated for the respective service. Our legitimate interest arises from our need for a technically flawless and fast presentation of our website and to relieve our IT infrastructure. You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.

We use:
hCaptcha
Our website uses the abuse protection “hCaptcha” provided by Intuition Machines, Inc., 350 Alabama St. 10, San Francisco, California, 94110, USA.
hCaptcha is used to prevent cyber attacks and harassment by so called bots (artificial website users) by checking via an input field whether the website is being visited by a real person. This service enables us to operate our website reliably and protect it from misuse. For this purpose, the data entered is generally transmitted to a server of Intuition Machines in the United States and processed there for verification. As part of this request, the following information is transmitted to Intuition Machines’ server and stored there: your input into the input field, your IP address, product and version information about the browser and operating system used (user agent), the website from which your access originated (referrer), the date and time of the request and, where applicable, your internet service provider.
This service uses your browser’s web storage. For further information, see “Web Storage” above. The service and storage operations are strictly necessary for providing our webshop.
Intuition Machines Inc. complies with the requirements of the EU U.S. Data Privacy Framework. The Data Privacy Framework governs the protection of personal data transferred from a Member State of the European Union to the United States. It ensures that the transferred data is subject to a level of protection in the United States that is comparable to that of the European Union. A list of certified companies can be accessed here: https://www.dataprivacyframework.gov/s/participant-search.
The legal basis for the use of hCaptcha is Art. 6(1) sentence 1 lit. f GDPR (legitimate interests). Our legitimate interest arises from our need for a technically flawless and secure website. You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.
More information on how Intuition Machines handles user data can be found in their privacy policy: https://www.imachines.com/privacy

Media Services

We use certain services to fill and supplement our website with digital content. For this purpose, we generally use embedding functions of external platforms. By retrieving content from the provider’s server, data is transmitted to the provider and generally stored there, for example your IP address, product and version information about the browser and operating system used (user agent), the website from which your access originated (referrer), the date and time of the request and, where applicable, your internet service provider. For further information, see “Server Log Files” above.

We use:
Zoom
We use the cloud based communication and video conferencing service “Zoom” provided by Zoom Communications, Inc., 55 N Almaden Blvd, 6th Floor, San Jose, California, USA, to conduct telephone conferences, online meetings, video conferences and or webinars (hereinafter: “online meetings”).
We have concluded a data processing agreement with Zoom that meets the requirements of Art. 28 GDPR.
An adequate level of data protection is ensured, on the one hand, by the conclusion of the so called EU Standard Contractual Clauses. In addition, Zoom Communications, Inc. complies with the requirements of the EU U.S. Data Privacy Framework. The Data Privacy Framework governs the protection of personal data transferred from a Member State of the European Union to the United States. It ensures that the transferred data is subject to a level of protection in the United States that is comparable to that of the European Union. A list of certified companies can be accessed here https://www.dataprivacyframework.gov/s/participant-search.

As an additional safeguard, we have configured Zoom so that only data centres in the EU, the EEA or safe third countries such as Canada or Japan are used for conducting online meetings.
If you access Zoom’s website, Zoom is responsible for data processing. Accessing the Zoom website is only required to download the software for using Zoom.
You can also use Zoom by entering the meeting ID and, where applicable, further access data directly in the Zoom app.
If you do not wish to use the Zoom app, the basic functions can also be used via a browser version available on Zoom’s website.
Processed Data and Data Disclosure
When using Zoom, various types of data are processed. The scope depends on the data you provide before or during participation in an online meeting.
The following personal data may be processed:
User information: first name, last name, telephone number (optional), email address, password (if single sign on is not used), profile picture (optional), department (optional). Meeting metadata: topic, description (optional), participant IP addresses, device or hardware information.
Recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
Dial in by telephone: incoming and outgoing phone number, country name, start and end time. Further connection data such as the IP address of the device may be stored.
Text, audio and video data - You may have the option to use chat, Q and A, or polling functions. Text inputs are processed to display them in the online meeting and, where applicable, to log them. To enable video display and audio playback, the data from your device microphone and, where applicable, camera is processed for the duration of the meeting. You can deactivate the camera or mute the microphone at any time via the Zoom applications.
To participate in an online meeting or enter the meeting room, you must at least provide your name.
Zoom necessarily obtains knowledge of the above data to the extent provided for in our data processing agreement.
Scope of Processing
We use Zoom to conduct online meetings. If we intend to record online meetings, we will inform you transparently in advance and, where required, request your consent. The fact of recording is also displayed in the Zoom app.
If it is necessary for documenting results of an online meeting, we may log chat contents, although this will generally not be the case.
In the case of webinars, we may also process questions posed by webinar participants for the purposes of recording and follow up.
If you are registered with Zoom as a user, reports on online meetings (meeting metadata, telephone dial in data, Q and A in webinars, polling function in webinars) may be stored by Zoom for up to twelve months.
Automated decision making within the meaning of Art. 22 GDPR is not used.
Legal Basis
The legal basis for data processing in the context of online meetings is Art. 6(1) sentence 1 lit. b GDPR (processing for the performance of a contract and for the implementation of pre contractual measures).
If no contractual relationship exists, the legal basis is Art. 6(1) lit. f GDPR. In this case as well, our interest lies in the effective conduct of online meetings. You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.
More information on the handling of user data can be found in AWS EU’s privacy information at:
https://aws.amazon.com/de/privacy/?nc1=f_pr.

Service Providers for Processing Your Order

We may disclose the personal data collected from you in the context of contract performance to third parties, for example to a transport company commissioned with delivery or to the payment service used, insofar as this is necessary for contract performance.
The legal basis for the transfer of data required for processing the order is Art. 6(1) sentence 1 lit. b GDPR (processing for the performance of a contract). Providing and transferring your data is necessary, as your order cannot otherwise be processed.
The legal basis for the voluntary data transfer selected by you in the ordering process, for example shipping status by email, is Art. 6(1) sentence 1 lit. a GDPR (consent). You may withdraw your consent at any time with effect for the future. Please use the contact details provided in the legal notice.

We use the following service providers:
Stripe
We use Stripe for payment processing, provided by Stripe Payments Europe, Limited (SPEL), 1 Grand Canal Street Lower, D02 H210 Dublin, Ireland. Stripe Payments Europe, Limited is a subsidiary of Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.
This service enables us to offer various payment methods in our webshop. By completing an order, data is transmitted from our website to Stripe, in particular your payment data (for example your bank account number or credit card number), your IP address, product and version information about the browser and operating system used (user agent), the website from which your access originated (referrer), date and time of the request and, where applicable, your internet service provider. In addition, the status and the amount of data transmitted as part of this request are recorded.
It cannot be ruled out that Stripe may also transfer your data to the United States and process it there. Stripe, Inc. complies with the requirements of the “EU U.S. Data Privacy Framework”. This framework governs the protection of personal data transferred from a Member State of the European Union to the United States. It ensures that the data transferred is subject to a level of protection in the United States that is comparable to that of the European Union. You can access the list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search.
The legal basis for Stripe’s processing of your data in cases other than contractual processing of your order is Art. 6(1) sentence 1 lit. f GDPR (legitimate interests). Our legitimate interest arises from our need to provide secure, efficient and user friendly payment methods and to technically process transactions. You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.
Details on the data collected and how Stripe processes the collected data can be found in Stripe’s privacy policy: https://stripe.com/de/privacy

Social Media Fan Pages

In addition to our website, we maintain online presences on social platforms in order to communicate with customers, interested parties and users active there, and to inform them about our services.
When you visit our presence on a social platform, your data is generally processed by the respective platform provider for market research and advertising purposes. The provider may also process the data for its own purposes. Usage profiles may be created based on your user behaviour and resulting interests. These usage profiles can then be used to place advertisements within and outside the platforms that presumably match your interests. For these purposes, cookies are generally stored on your device in which your user behaviour and interests are stored. In particular, if you are a member of the platforms and logged in there, additional data can be stored in the usage profiles independently. For a detailed description of the respective data processing and objection options, we refer to the information linked below from the providers, as only they are familiar with the exact processes of their data processing.
We point out that your data may also be processed outside the European Union. This may entail risks, for example because enforcing your rights could be more difficult.
The legal basis for using our online presences and the associated processing of data is generally Art. 6(1) sentence 1 lit. f GDPR (legitimate interests). Our legitimate interest arises from our need to present ourselves to visitors and users of the social networks and to contribute statements of all kinds to the media and opinion market. You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.
The use of statistical data of all visitors to our social media presences, which are collected, processed and made available to us by the respective page operators, is based on Art. 6(1) sentence 1 lit. f GDPR (legitimate interests). Our legitimate interest arises from our need to anonymously evaluate visitor and usage behaviour on our web presences to improve the design of our online offering in a user oriented manner and to optimise our communication with interested parties. You may object at any time to processing based on our legitimate interests under the conditions of Art. 21 GDPR. Please use the contact details provided in the legal notice.
If you are asked by the respective providers to consent to data processing, the legal basis for processing is Art. 6(1) sentence 1 lit. a GDPR (consent). You can withdraw this consent at any time with effect for the future. Please contact the provider that requested your consent.
If you wish to exercise your rights listed above, we point out that, despite any joint controllership, these rights can be exercised most effectively with the providers. As a rule, only the providers have direct access to your data and can take appropriate measures and provide information directly. If you nevertheless require assistance, you can contact us and we will support you to the extent possible.

We are present on:
Instagram
Instagram is a social network of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. This company is the European subsidiary of Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA.
Meta Platforms, Inc. complies with the requirements of the “EU U.S. Data Privacy Framework”. This framework governs the protection of personal data transferred from a Member State of the European Union to the United States. It ensures that the data transferred is subject to a level of protection in the United States that is comparable to that of the European Union. You can access the list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search.
Further information on data protection at Instagram can be found at: http://instagram.com/about/legal/privacy/.
Further information on data protection at Facebook can be found at: https://www.facebook.com/about/privacy/.

Substack
Substack is a social network of Substack Inc., 548 Market St, PMB 72296, San Francisco, CA 94104, USA.
Substack Inc. complies with the requirements of the EU U.S. Data Privacy Framework. The Data Privacy Framework governs the protection of personal data transferred from a Member State of the European Union to the United States. It ensures that the transferred data is subject to a level of protection in the United States that is comparable to that of the European Union. A list of certified companies can be accessed here: https://www.dataprivacyframework.gov/s/participant-search.

Further information on data protection at Substack can be found at: https://substack.com/privacy

LinkedIn
LinkedIn is a professional network of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. This company represents LinkedIn Corporation, 1000 W. Maude Ave., Sunnyvale, California 94085, USA, within the EU.
LinkedIn Corporation complies with the requirements of the “EU U.S. Data Privacy Framework”. This framework governs the protection of personal data transferred from a Member State of the European Union to the United States. It ensures that the data transferred is subject to a level of protection in the United States that is comparable to that of the European Union. You can access the list of certified companies here: https://www.dataprivacyframework.gov/s/participant-search.

Further information on data protection at LinkedIn can be found at: https://www.linkedin.com/legal/privacy-policy.
You can configure LinkedIn data collection at; https://www.linkedin.com/psettings/guest-controls/

Version of this Privacy Policy: 30.01.2026
Source: Süddeutsche Datenschutzgesellschaft mbH