Last Updated: 10/09/2024
LumenHaus GmbH ("LumenHaus," "we," "our," or "us") is dedicated to safeguarding your privacy.
This Privacy Policy describes how we collect, use, and share your information through our platforms, mobile apps, customer support, and other services (collectively "Services"). It applies to all Services unless a specific Privacy Policy governs them, in which case that policy takes precedence.
By using our Services, you agree to this Privacy Policy and consent to our use of your information as described. We may update this policy periodically, so please review it regularly. If we make significant changes, we'll notify you by posting a notice on our platforms. Continuing to use our platforms indicates your acceptance of the updated policy. If you disagree with the changes, stop using our platforms and inform us that you no longer consent to the use of your information under the new terms.
You are not required to provide the personal data that we have requested. However, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to requests you may have. When you access our websites, applications, or online services (collectively, "Online Offerings"), we may collect and process the following types of personal data:
● Contact Information: We may collect data, such as name, phone number, and email address;
● Profile: For account infomation, we may collect data such as country of residency, contact telephone number, email address, username, passwords, social media account, photo, and third-party avatar. If you are an installer, we additionally collect your company name and address. For job applicants, we may collect data such as job position, company name, employment history, education history, resume, educational transcripts, job qualifications, and background check information subject to applicable law, etc.
● Geolocation Information. We may need your location information for on-site installation, activating, setting and managing your LumenHaus products, such as time zone setting, etc., and providing personalized services and better marketing promotion services.
● User-Provided Information: Data submitted via support requests, surveys, forms, comments, or forum posts, and sensitive personal data that you provide voluntarily or which we request on a non-mandatory basis in order to comply with applicable law.
● Business Relationship Data: We may collect information related to orders, payments, requests, and project milestones.
● Publicly Available Information: We may collect data from public sources, integrity databases, and credit agencies.
● Compliance Information: We may need data required for legal compliance, such as date of birth, nationality, place of residence, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings.
● Interaction Information: We may need Information on your interaction with the Online Offering, including your device and user identifier.
● Device Information: We may collect information about your visits to our Online Offerings, including traffic data, location data, weblogs, and other communication data such as IP address, Wi-Fi list, MAC address, CPU details, memory information, SD card data, and operating system version, etc. We may need permission to access your device's camera, and the ability to write files, when you scan or add engery products, or require to download your personal data. We may also collect IoT products data, including the serial number, location, logs, usage, and status.
● Electricity Usage Information: We may collect energy data such as solar power generation and the flow of energy between the grid, your home, and the LumenHaus energy products.
To the extent you voluntarily provide any sensitive categories of personal data, as those terms are defined in applicable laws, you consent (to the extent permitted or required under applicable laws) to our processing of such information as described in this Notice. Depending on your region or the region where an opportunity is located, we may be required to process certain sensitive personal data to comply with applicable local law.
When visiting our external and internal websites or using our applications, or online services (each an “Online Offering”), we may process your personal data as necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract, including but not limited to:
● To verify your identity;
● To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving, personalizing and developing our Online Offerings;
● To provide customized home energy product solutions;
● To provide access to certain features of our Services, such as monitoring your IoT device real-time usage and controlling your devices via your mobile phone;
● On-site installation and maintenance services for home energy products;
● To process orders and payments, as well as shipment and delivery of goods.
● To bill your use of the Online Offering;
● To contact you with information and offers concerning our products and services, to send you further marketing information or to contact you in the context of customer satisfaction surveys as explained in Section 3.4;
● To communicate with you about your account, activities on our Services, and policy changes;
● To answer and fulfill your requests or instructions; and
● As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems.
Online Offerings Provided by Your Organization
Our Online Offerings may be provided to you for your use by the organization to which you belong, such as our enterprise customers. If your organization provides you with access to an Online Offering, our processing of personal data provided by or collected from you or your organization in connection with the Online Offering’s content is performed under the direction of your organization and is subject to a data processing agreement between your organization and us. In such instance, your organization is responsible for any personal data contained in such content and you should direct any questions about how personal data contained in such content is used to your organization.
When visiting our online stores and marketplaces (each a “Marketplace”), we may process your data for the following purposes:
● Communicating with you about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products;
● Planning, performing and managing the (contractual) relationship with customers, e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
● Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 4;
● Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
● Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, customer compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
● Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
In the context of the business relationship with us, We may process the personal data for the following purposes:
● Communicating with Business Partners about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products;
● Planning, performing and managing the (contractual) relationship with Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
● To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you;
● Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events;
● Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 4;
● Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
● Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
● Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
Where and as permitted under applicable law, we may process your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys, in each case also by e-mail. You may object to the processing of your contact data for these purposes at any time by writing to hallo@lumenhaus.com or by using the opt-out mechanism provided in the respective communication you received.
When you apply for a job, we process your personal data as set out in the privacy notice of the Recruiting Portal or of the respective other recruiting platform you may use.
We only collect personal data that is necessary for the purposes described in this notice. We encourage you to only provide relevant information and we will not process any data that is not relevant to the recruitment process. We process personal data for the sole purpose of conducting recruitment activities and related lawful purposes. We will not use your personal data for any other purpose without your explicit consent or as required by law.
Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary for the purposes for which they were collected or otherwise processed, or to comply with legal obligations (such as retention obligations under tax or commercial laws).
All personal data collected is stored and processed within Europe. We take stringent measures to ensure the security and privacy of your data, preventing any unauthorized access or transfer.
We may transfer your personal data to:
● other affiliated companies or third parties - e.g. sales partners, suppliers, or installers - in connection with your use of the Online Offerings or our business relationship with you;
● third parties which provide IT services to us and which process such data only for the purpose of such services (e.g., hosting or IT maintenance and support services); and
● third parties in connection with complying with legal obligations or establishing, exercising or defending rights or claims (e.g., for court and arbitration proceedings, to regulators, law enforcement and government authorities, to attorneys and consultants).
The recipients of your personal data may be located outside of the country in which you reside. Personal data published by you on Online Offerings (such as chat rooms or forums) may be globally accessible to other registered users of the respective Online Offering.
The data protection laws in the jurisdiction in which you reside may entitle you to specific rights in relation to your personal data.
In particular, and subject to the legal requirements, you may be entitled to:
● Obtain from us confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
● Obtain from us the correction of inaccurate personal data concerning you;
● Obtain from us the erasure of your personal data;
● Obtain from us restriction of processing regarding your personal data;
● Data portability concerning personal data, which you actively provided;
● Object, on grounds relating to your particular situation, to further processing of personal data concerning you;
● Withdraw your consent to our processing of your personal data.
To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.
As further described in our Cookie Policy, we may use cookies and similar technologies (e.g., pixels and ad tags) to collect data (e.g., device IDs) to recognize you and your device(s) on, off and across different services and devices where you have engaged with our Services. We also allow some others to use cookies as described in our Cookie Policy (https://www.lumenhaus.com/category/cookie-notice.html). You can opt out from our use of data from cookies and similar technologies that track your behavior on the sites of others for ad targeting and other ad-related purposes.
LumenHaus’s services are not intended for children, and we do not knowingly collect personal information from children under the age of 16 in the European Union, or under 14 in the United States (or the age specified by local law). If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately.
By using our site, you affirm that you are at least 18 years old. We are not responsible for any damages resulting from a user’s misrepresentation of their age. Parents or legal guardians of children under 18 cannot agree to these terms on their behalf.
If we discover that a child has provided us with personal information in violation of applicable laws, we will take steps to delete that information from our servers, unless a legal obligation requires us to retain it.
We encourage parents and guardians to observe, participate in, and/or monitor and guide their children's online activities.
Changes to the Privacy Policy apply to your use of our Services after the "effective date".
We reserve the right to amend this Privacy Policy, and if we make significant changes, we will send notice through our Services or by other means to give you the opportunity to review the changes before they take effect. If you disagree with any of the changes, you may close your account.
By continuing to use our Services after we publish or send notice of these changes, you acknowledge that the collection, use, and sharing of your personal data will be governed by the revised Privacy Policy as of its effective date.
Our Data Privacy Organization provides support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. The Data Privacy Organization may be contacted at: hallo@lumenhaus.com.
The Data Privacy Organization will always use reasonable efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint.
This section applies and provides you with further information if your personal data is processed by one of our companies located in the European Economic Area.
Data Controller
Online Offerings
The specific company identified in the Online Offering as being the operator of the Online Offering is the data controller in the meaning of the General Data Protection Regulation for the processing activities described in this Privacy Notice.
Marketplaces
The specific company identified on the Market Place as being the operator of the Marketplace is the data controller.
Business Partner personal data in Customer Relationship Systems
In the course of our business relationship with you, we may share Business Partner contact information with affiliated companies. We and these affiliated companies are jointly responsible for the proper protection of your personal data (Art. 26 General Data Protection Regulation).
To exercise your rights, you may reach out to: hallo@lumenhaus.com.
Legal basis of the processing
The General Data Protection Regulation requires us to provide you with information on the legal basis of the processing of your personal data.
The legal basis for our processing data about you is that such processing is necessary for the purposes of exercising our rights and performing our obligations under any contract we make with you (Article 6 (1) (b) General Data Protection Regulation) (“Contract Performance”);
Compliance with our legal obligations (Article 6 (1) (c) General Data Protection Regulation) (“Compliance with Legal Obligations”); and/or
Legitimate interests pursued by us (Article 6 (1) (f) General Data Protection Regulation) (“Legitimate Interest”). Generally, the legitimate interest pursued by us in relation to our use of your personal data is the efficient performance or management of (i) your use of the Online Offerings, and/or (ii) our business relationship with you. Where the below table states that we rely on our legitimate interest for a given purpose, we are of the opinion that our legitimate interest is not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, including our Binding Corporate Rules on the Protection of Personal Data, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact our Data Privacy Organization at: hallo@lumenhaus.com.
In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) General Data Protection Regulation) (“Consent”).
Processing of personal data in the context of Online Offerings - Purpose and Legal Basis
To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings
Contract Performance (Article 6 (1) (b) General Data Protection Regulation)
Legitimate Interest (Article 6 (1) (f) GDPR)
To bill your use of the Online Offering
Contract Performance (Article 6 (1) (b) General Data Protection Regulation)
Legitimate Interest (Article 6 (1) (f) GDPR
To verify your identity
Contract Performance (Article 6 (1) (b) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
To answer and fulfill your requests or instructions
Contract Performance (Article 6 (1) (b) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
To process your order or to provide you with access to specific information or offers
Contract Performance (Article 6 (1) (b) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
To send you marketing information or to contact you in the context of customer satisfaction surveys as further explained in Section 4
Consent, if voluntarily provided (Article 6 (1) (a) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems
Compliance with Legal Obligations (Article 6 (1) (c) GDPR
Legitimate Interest (Article 6 (1) (f) GDPR)
Processing of personal data related to your use of marketplaces and/or business relationship with us - Purpose and Legal Basis
Communicating about our products, services and projects, e.g. by responding to inquiries or requests or providing you with technical information about purchased products
Contract Performance (Article 6 (1) (b) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
Planning, performing and managing the (contractual) relationship; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services
Contract Performance (Article 6 (1) (b) GDPR)
Compliance with Legal Obligations (Article 6 (1) (c) GDPR)
To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you
Legitimate Interest (Article 6 (1) (f) GDPR)
Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events;
Consent, if voluntarily provided (Article 6 (1) (a) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
Conducting customer satisfaction surveys and direct marketing activities as further explained in Section 4;
Consent, if voluntarily provided (Article 6 (1) (a) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
Legitimate Interest (Article 6 (1) (f) GDPR)
Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, business partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
Compliance with Legal Obligations (Article 6 (1) (c) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
Compliance with Legal Obligations (Article 6 (1) (c) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
Processing of personal data for customer satisfaction surveys and for direct marketing
Processing of your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys
Consent, if voluntarily provided (Article 6 (1) (a) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
International data transfers
In the event that we transfer your personal data outside the European Economic Area, we ensure that your data is protected in a manner which is consistent with the General Data Protection Regulation.