Privacy Policy

1. Introduction

The purpose of this privacy policy (the “Privacy Policy”) is to set out how your personal data (the “Personal Data”) is collected, processed and used by Alois Auer S.à r.l (hereinafter the “Company” or the “Data Controller”), a company incorporated in Luxembourg and whose registered office is at 7 rue Robert Stümper, L-2557 Luxembourg, Grand-Duchy of Luxembourg registered on the Luxembourg Trade and Companies Register under the number B260661. The Data Controller is the founder of an innovative service allowing the digitisation and reproduction of works of art available at the following address: https://www.lito.io of the website and the online shop related (hereinafter together referred as the “Website”).

The Company is committed to handling Personal Data in compliance with the applicable laws to the processing of Personal Data and, in particular, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter the “General Data Protection Regulation" or the “GDPR”) and national relevant legislations, in particular, the Luxembourg law of 1 August 2018 on the organization of the Commission Nationale pour la Protection des Données (hereinafter the “CNPD”) and on the general system of data protection as well as all other national laws or regulations implementing the GDPR that may be applicable, as the case may be (hereinafter the “Data Protection Laws”).

2. Scope

This Privacy Policy applies whenever you make use of the present Website. The Company is committed to safeguard the privacy of visitors to its Website. In this regard, please read the following Privacy Policy to understand how your information will be processed. This Privacy Policy may vary from time to time so please check it regularly. Any significant changes to this Privacy Policy will be clearly indicated on our home page.

The Privacy Policy applies to:

  • all visitors of the Website available at the following address: https://www.lito.io

  • all persons fulfilling the contact form available on the Website at the following address: https://www.lito.io

  • all persons using the Website online shop available at the following address: https://www.lito.io

(hereinafter together referred to as the “User(s)” or “You”).

The Company is the data controller for all the processing of Personal Data described hereunder.

3. Exclusions and links to third-party websites

This Privacy Policy does not apply to websites owned by third-parties or associated websites available through a link mentioned on the Website.

Links or pointers to third party web sites on the Website are provided solely as a convenience to the Users. If Users use these links, Users will leave the Website.

The Company has not reviewed these third party web sites, does not control them and is not responsible for any of these websites or their content.

4. Characteristics of the main processing of Personal Data

Personal Data are processed for the following purposes:

  • for analytical purposes so that the Company can optimize our Website;

  • for processing and answering messages that You send us via the contact form;

  • for processing the orders made through the online shop of the Website.

For each of the above-mentioned purposes, the Personal Data collected are the following:

A) Personal Data related to the processing for analytical purposes:

  • IP Address;

  • Data on the usage of the Website, traffic data;

  • Cookies, data entered in web forms or submitted as URL parameters, URLs and content of unprotected browsing activity, time of Users’ connections;

  • User’s web browser information i.e. operating system and device;

  • User marketing profiles will be created and stored;

  • Advertisements sent to the User as the basis of data.

Profiling Data derive from the analysis of Personal Data collected.

Such processing is based on the legitimate interest of the Company to optimize his Website. Profiling and cookies are based on the consent of the User. For these purposes, data shall be processed for a duration of 13 moths from the collection of the data.

B) Personal Data related to the processing and answering of messages:

  • First Name / Last Name;

  • Contact details (such as email address);

  • Content of the message.

Such processing is based on the legitimate interest of the Company to know who is contacting it and in being able to respond to the message. For these purposes, data shall be processed for a duration of 3 years from the last contact with you. If you are not identified with name and contact details, the message cannot be sent.

C) Personal Data related to the processing of the orders made through the online shops :

  • First Name / Last Name;

  • Contact and Account details;

  • Address of Delivery;

  • Means of Payment;

  • Content of the order.

Such processing is necessary for the performance of a contract to which the User is a party. For these purposes, data will be processed for the duration of the order process and for a period equivalent to the legal prescription period (10 years). The Company may not process an order where such information are not provided.

D) The Company does not collect, process sensitive data i.e. religious or philosophical beliefs, health or sex life, racial or ethnic origins, political opinions.

5. Personal Data necessary for the operation of the Website

The Company will also collect and process your Personal Data to the extent of what is necessary to deliver the content of the Website correctly. Thus, it is based on the legitimate interests of the Company to provide You with a correct-functioning Site.

For such Personal Data processing, the following Personal Data may be processed: 13 moths from the collection of the data and other relevant data. Such Personal Data will be kept for, at the maximum, the duration of your visit on the Website.

In this context, aggregate data is data that does neither identify you nor can identify you, nor can be linked to you i.e. navigational data.

6. Use of Cookies

The Company uses cookies on the Website. For further details, please see our Cookies Policy.

7. Rights of Users

You have the rights to access to your Personal Data collected and processed by the Company, to have any Personal Data about you rectified, and to have incomplete Personal Data about you completed.

You have the right to request your Personal Data to be deleted, if the requirements of the Data Protection Laws are met.

You have also the right to object to the processing, request it to be limited and request the portability of your Personal Data in accordance with the Data Protection Laws.

In case of Personal Data processing based on your consent, you have the right to withdraw, at any time, the given consent.

You have also the right to lodge a complaint with a supervisory authority, in particular the supervisory authority of your habitual residence, place of work or place of alleged infringement, if you consider that the processing of Personal Data relating to you infringes the Data Protection Laws. In Luxembourg, the relevant supervisory authority is the CNPD.

To exercise these rights, please send a written and signed request to the Company at the address referred below.

8. Security

The Company has implemented up-to-date data storage and security measures to protect your Personal Data from unauthorised access, improper use or disclosure, unauthorised modification or unlawful alteration, destruction or accidental loss. All our employees and any third parties are subject to confidentiality policy.

The Company will not make your Personal Data available to the general public and safeguards your Personal Data by implementing recognized industry standard practices and policies infrastructure and tools.

9. Transfer of Personal Data

Upon specific consent, the Company may transfer Personal Data to third parties within the EU. If data transfer involves countries which do not ensure with an adequate level of protection, the Company will implement adequate measures in the EU in compliance with the standards in force.

10. Questions, concerns and enquiries

If questions arise concerning the processing of Personal Data carried out by the Company, this Privacy Policy or if there is any concern that Personal Data are not processed in compliance with this Privacy Policy or the Data Protection Laws, you can ask the question/concern to the Company at the following https://www.lito.io/support, without prejudice for your right to lodge a complaint to the relevant supervisory authority (i.e. the CNPD in Luxembourg).

Alois Auer S.à r.l Address: 7 rue Robert Stümper, L-2557 Luxembourg, Grand-Duchy of Luxembourg Email: contact@lito.io