General requirements for the protection of personal data

1. GENERAL PROVISIONS

LUMINUS MOD d.o.o. with registered office at Dankovečka 12, Zagreb, Republic of Croatia, registered in the court registry of the Commercial Court in Zagreb under MBS number: 080811826 (hereinafter: “LUMINUS MOD”) is the controller of the user data collection processed under these optional conditionalities.LUMINUS MOD processed personal data of users in accordance with the Personal Data Protection Act (NN No. 103/03, 118/06, 41/08, 130/11, 106/12; hereinafter: “ZZOP”). LUMINUS MOD has made the necessary adjustments in its operations and processes the User’s personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 /EZ (the “General Data Protection Regulation”) and will process personal data in accordance with the Law on the Implementation of the General Regulation on Personal Data Protection which will replace the ZZOP.

2. WHAT PERSONAL DATA IS PROCESSED?

The personal data that are processed are information obtained from the User when ordering our products through the web shop, by registering an account on the LUMINUS MOD website and by registering as a Hug Loyalty customer on the LUMINUS MOD website. Personal data includes name and surname, e-mail address, telephone number, street and house number, postal code, city.

3. WHY IS PERSONAL DATA PROCESSED?

LUMINUS MOD processes the User’s personal data for the following purposes:a) Processing of personal data in order to deliver the product to the postal address of the User who ordered the product through the web shopThe processing of the following personal data of the User: names and surnames, e-mail addresses, street and house number, postal code, city, is required for the purpose of concluding and executing the Agreement (delivery of ordered products via web shop) between the User and LUMINUS MOD. In addition to the above data, LUMINUS MOD also processes the telephone number and e-mail address if the User has provided such data for administration and communication with the User in matters related to the Agreement.The provision of this personal data by the User is voluntary, however, it is a prerequisite for the conclusion of the Agreement between the User and LUMINUS MOD and for the delivery of the ordered product to the User. If the User does not provide personal data, LUMINUS MOD will not be able to execute the Agreement and deliver the ordered product to the User.b) Processing of personal data for marketing purposesThe following personal data: The user’s name and surname, e-mail address given during registration, registration as a Hug Loyalty customer and order through the web shop can be processed for the purpose of direct advertising by e-mail about LUMINUS MOD products, including: sending newsletters, sending e-mails containing product satisfaction surveys, remarketing on social media in collaboration with third-party media service providers such as Facebook or Google;When processing personal data for the purpose of direct marketing, LUMINUS MOD requests from the User explicit consent for the processing of his / her personal data for marketing purposes. The user can withdraw consent at any time by sending an e-mail to the e-mail address: info@luminusmod.hr or by using the unsubscribe link regarding the receipt of marketing information contained in each LUMINUS MOD e-mail containing marketing communication. Withdrawal of consent by the User will not have an adverse effect on the execution of the Agreement by LUMINUS MOD or delivery of ordered products to the User and will not affect the legality of processing based on consent before withdrawal.c) Processing of personal data for the purpose of fulfilling legal obligationsLUMINUS MOD may process the User’s personal data during the validity or after the termination of the Agreement for the purpose of fulfilling legal obligations imposed by the public authority. This includes in particular (i) processing information related to the payment of the delivered product under the Contract in order to meet tax and accounting obligations and (ii) disclosing information requested by public authorities, including courts, on the basis of and within generally applicable provisions (e.g. for the purpose of the rights of LUMINUS MOD, other Users or third parties, including intellectual property rights).d) Processing of personal data for the purpose of realizing the legitimate interest of LUMINUS MOD or a third party, provided that such legitimate interests do not interfere with the interests or fundamental rights and freedoms of the UserLUMINUS MOD may process the User’s personal data during the validity or termination of the Agreement for the purpose of fulfilling or executing the legal requirements of LUMINUS MOD or defending LUMINUS MOD from legal claims, protection of the rights or security of LUMINUS MOD, other Users or third parties., or for the purpose of reorganization, including mergers, acquisitions and other changes in the operations of LUMINUS MOD, in part or in full.

4. TO WHOM DO WE GIVE PERSONAL DATA?

LUMINUS MOD may provide personal data of the User:a) service providers that provide services to LUMINUS MOD, which enable LUMINUS MOD to deliver products to Users. Services that may be required are, for example, the provision of infrastructure and IT services, the provision of customer support, website optimization, the processing of credit card payments or other payments by the User. Unless necessary or required by cogent regulations, they are not authorized to disclose or use the User’s personal data for their own purposes and will act in the name and according to the instructions of the LUMINUS MOD.b) service providers that provide services to LUMINUS MOD, and enable it to perform marketing activities, including direct marketing of LUMINUS MOD products, the possibility of product reviews, a reminder of an abandoned web shop cart, conducting market research and statistical analysis and remarketing through social media, such as Facebook and Google. Unless necessary or required by cogent regulations, they are not authorized to disclose or use the User’s personal data for their own purposes and will act on behalf of and in accordance with the instructions of the LUMINUS MOD.c) the authorities, including the courts, regulatory authorities and other public authorities, to the extent required for the purpose of: (a) fulfilling the legal obligation relating to LUMINUS MOD; (b) protect and exercise the rights of LUMINUS MOD, other Users or third parties, including intellectual property rights; (c) protect the security of LUMINUS MOD, other users or third parties;d) legal advisers, provided that third parties are obliged to comply with the general conditions of personal data protection by ensuring an appropriate level of protection of personal data of the User at least equal to these General Terms and Conditions.

5. RIGHTS OF THE USER IN RELATION TO PERSONAL DATA

The user can place requests to the LUMINUS MOD in order to achieve the following rights:a) the right to access and correct his / her personal data;b) the right to stop the processing of his / her personal data for marketing purposes;c) the right to object the processing of personal data if the personal data is processed in order to achieve the legitimate interests LUMINUS MOD or third parties, provided that such legitimate interests do not affect the interests or fundamental rights and freedoms of the User;d) the right to delete personal data if:– Personal data are no longer required for the purposes specified in point 3;– The user withdraws the consent on which the processing is based, and there is no other legal basis for the processing;– The user objects to the processing, and there are no legitimate interests due to which the processing should be performed;– Personal data are processed without a legal basis;e) the right to limit processing in cases where:– the accuracy of personal data disputed by the User, for the period in which he willLUMINUS MOD check the accuracy of personal data;– the processing has no legal basis, but the User opposes the deletion of personal data and instead requests a restriction on use;– LUMINUS MOD no longer needs the User’s personal data for the purposes stated in point 3, but the data is requested by the User for the purpose of realizing or executing legal requirements or defending against legal requirements.These requests and / or notices are given by mail, telephone and / or e-mail marked “Personal Data Protection Officer” to:Luminus Mod d.o.o. Dankovečka 12, 10000 Zagreb, CroatiaE-mail: info@luminusmod.hr Phone: +385 1 2984 432

6. DURATION OF DATA PROCESSING

The User’s personal data will be processed for the duration of the Agreement. Upon termination of the Agreement, personal data may be processed as follows:a) for the purpose of realizing or executing the legal requirements of LUMINUS MOD or defending LUMINUS MOD from legal claims or claims, without prejudice to item d) of this Articleb) for the purposes of direct marketing – until the revocation of consent for such processing by the User or an objection to the processing of personal data for marketing purposes;c) for the purpose of fulfilling legal obligations related to LUMINUS MOD;d) for the purpose of legal, regulatory or administrative proceedings, including the execution of decisions or orders of competent courts or administrative or state bodies, to the extent permitted by law.After the expiration of the above deadlines, the User’s personal data will be deleted.

7. COOKIES

LUMINUS MOD uses so-called cookies on the Website to provide the User with access to certain functionalities and for the purpose of obtaining information related to the visit to the Website.For more information on cookies, please see our cookie policy.

8. DATA SECURITY

Maintaining data security means ensuring the confidentiality, integrity and availability (for permitted purposes) of personal data. Confidentiality means that only those persons who have the authority to use the data can access it. Integrity means that personal data must be accurate and appropriate for the purpose for which it is processed. Availability means that authorized users must be able to access the data if they need it for permitted purposes. Furthermore, LUMINUS MOD takes appropriate measures against unlawful or unauthorized processing of personal data, as well as against accidental loss of personal data or damage caused in relation to personal data. These principles will be implemented in such a way as to provide appropriate safeguards, both in relation to hardware and software (including physical entry and access control system, locks, alarms, firewall, etc.).

9. RIGHTS AND REMEDIES

In case of violation of the rights related to the processing of personal data, you can file a complaint to the Agency for Personal Data Protection. In any case, in order to resolve any privacy issue as quickly and easily as possible, it is advisable to send complaints or requests to LUMINUS MOD before contacting the competent public authorities.