Privacy Policy

Privacy Policy

Privacy Policy (DE)

Last updated: 11.02.2025

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Abraham Mukalazi Kiwanuka, Legatum Noctis, Zeller Weg 4, 36304 Alsfeld, Germany, Tel.: +49 173 5790249, E-Mail: contact@legatumnoctis.com. The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.2) Data Collection When Visiting Our Website

2.1 During the merely informative use of our website, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website

  • Date and time at the time of access

  • Amount of data sent in bytes

  • Source/reference from which you reached the page

  • Browser used

  • Operating system used

  • IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.3) Hosting & Content Delivery Network

For the hosting of our website and the display of the page content, we use a provider who provides its services itself or through selected sub-contractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded an order processing agreement (Data Processing Agreement) with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.4) Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), some of these cookies remain on your end device longer and allow the saving of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

Insofar as personal data is also processed by individual cookies used by us, processing takes place either in accordance with Art. 6(1)(b) GDPR for the execution of the contract, in accordance with Art. 6(1)(a) GDPR in the event of granted consent, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.5) Contacting Us5.1 LiveChat

This website uses a live chat system from the following provider: LiveChat Software S.A., al. Dębowa 3, 53-134 Wrocław, Poland.

The processing of personal data transmitted via the chat is carried out either in accordance with Art. 6(1)(b) GDPR because it is necessary for the initiation or execution of a contract, or in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the effective support of our site visitors. Your data transmitted in this way will be deleted subject to conflicting statutory retention periods if the matter in question has been finally clarified.

Additionally, for the purpose of creating pseudonymized usage profiles using cookies, further information may be collected and evaluated, which, however, does not serve your personal identification and is not merged with other data sets. Insofar as this information has a personal reference, processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes.

The setting of cookies can be prevented by appropriate browser settings. In this case, however, the functionality of our website may be limited. You can object to the collection and storage of data for the purpose of creating a pseudonymized usage profile at any time with effect for the future.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.5.2 Calendly

For the provision of an online appointment booking function, we use the services of the following provider: Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA.

For the purpose of making appointments, first and last names as well as email addresses (and if applicable the telephone number, if a telephone appointment is requested) are collected in accordance with Art. 6(1)(b) GDPR and transmitted to the provider in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for appointment organization.

After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by the provider.

We have concluded a data processing agreement with the provider. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision of the European Commission.5.3 Google Calendar

For the provision of an online appointment booking function, we use the services of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data can also be transferred to: Google LLC, USA.

The legal basis and procedure are identical to the process described under Section 5.2.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.5.4 WhatsApp Business

You have the opportunity to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business version" of WhatsApp.

If you contact us via WhatsApp on the occasion of a specific transaction (for example, an order placed), we store and use the mobile phone number you use on WhatsApp as well as – if provided – your first and last name in accordance with Art. 6(1)(b) GDPR to process and answer your request. On the basis of the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address, or email address) in order to be able to assign your request to a specific transaction.

If you use our WhatsApp contact for general inquiries, we store and use your data in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in efficient and timely communication.

Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transmits phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. We use a dedicated device where only the contact details of users who have actively contacted us via WhatsApp are stored.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.5.5 General Contact

In the context of contacting us (e.g., via contact form or email), personal data is processed – exclusively for the purpose of processing and answering your concern and only to the extent required for this. The legal basis is Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR if the contact aims at a contract.6) Use of Customer Data for Direct Advertising6.1 E-mail Newsletter Subscription

If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information is your e-mail address. We use the Double Opt-in procedure. By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6(1)(a) GDPR. You can unsubscribe at any time via the link in the newsletter.6.2 Newsletter Service Provider: Kit (formerly ConvertKit)

The distribution of our newsletter is carried out by: Kit, Inc., 750 W Bannock Street 761, Boise, ID 83702, USA. This is based on our legitimate interest in effective marketing (Art. 6(1)(f) GDPR). We have a data processing agreement with the provider. The provider is certified under the EU-US Data Privacy Framework.6.3 WhatsApp Newsletter

If you register for our WhatsApp newsletter, you give us your consent according to Art. 6(1)(a) GDPR. You can unsubscribe at any time by sending the message "Stop" via WhatsApp.6.4 & 6.5 Availability and Cart Reminders

We offer one-time reminders via email for stock availability or abandoned shopping carts using the Double Opt-in procedure based on your consent (Art. 6(1)(a) GDPR).7) Data Processing for Order Fulfillment

7.1 Insofar as necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.7.2 Shipping Service Providers

  • DHL / DHL Express: We pass on your email address/phone number to DHL only if you have given express consent (Art. 6(1)(a) GDPR) for the purpose of delivery coordination. Otherwise, only the name and address are shared (Art. 6(1)(b) GDPR).

7.3 Payment Service Providers

We use the following providers for payment processing (Art. 6(1)(b) GDPR):

  • Apple Pay

  • Google Pay

  • PayPal

  • Shopify Payments

  • Stripe

For payment methods involving credit risk (e.g., purchase on account), data may be sent for credit checks to the respective provider based on Art. 6(1)(f) GDPR (legitimate interest in verifying solvency).8) Web Analytics Services8.1 Google Analytics 4

This website uses Google Analytics 4. This service is used only if you have given your express consent according to Art. 6(1)(a) GDPR. IP addresses are truncated to prevent direct personal identification. Data is stored for two months. We have a data processing agreement with Google. The provider is certified under the EU-US Data Privacy Framework.8.2 Google Tag Manager

Used for managing website tags. Processing occurs only with your consent (Art. 6(1)(a) GDPR).9) Retargeting / Remarketing and Conversion Tracking

Meta Pixel (with Advanced Matching):

Used to analyze the effectiveness of our ads on Facebook/Instagram. Processing takes place only with your express consent (Art. 6(1)(a) GDPR). Data may be transferred to Meta Platforms Inc. in the USA (EU-US Data Privacy Framework).10) Site Functionalities

We use the following plugins and services based on your consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR):

  • Vimeo / YouTube: For video display.

  • Spotify: For audio content.

  • Apple / Google Single Sign-On: For user registration.

  • n8n / Zapier: For internal workflow automation and database synchronization.

  • Google Meet / Zoom: For video conferences and webinars.

  • Typeform: For online forms and surveys.

11) Tools and Miscellaneous

  • Accountable: We use Accountable SA (Belgium) for cloud-based accounting based on our legitimate interest in efficient business organization (Art. 6(1)(f) GDPR).

12) Rights of the Data Subject

12.1 Applicable data protection law grants you the following rights:

  • Right to information (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to notification (Art. 19 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR)

  • Right to lodge a complaint (Art. 77 GDPR)

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

13) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).

Unless otherwise stated in this policy, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.

Privacy Policy (DE)

Last updated: 11.02.2025

Privacy Policy

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about the handling of your personal data when using our website. Personal data is all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is Abraham Mukalazi Kiwanuka, Legatum Noctis, Zeller Weg 4, 36304 Alsfeld, Germany, Tel.: +49 173 5790249, E-Mail: contact@legatumnoctis.com. The controller for the processing of personal data is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data.2) Data Collection When Visiting Our Website

2.1 During the merely informative use of our website, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the page server (so-called "server log files"). When you call up our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website

  • Date and time at the time of access

  • Amount of data sent in bytes

  • Source/reference from which you reached the page

  • Browser used

  • Operating system used

  • IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. The data will not be passed on or used in any other way. However, we reserve the right to check the server log files retrospectively if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string "https://" and the lock symbol in your browser line.3) Hosting & Content Delivery Network

For the hosting of our website and the display of the page content, we use a provider who provides its services itself or through selected sub-contractors exclusively on servers within the European Union.

All data collected on our website is processed on these servers.

We have concluded an order processing agreement (Data Processing Agreement) with the provider, which ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.4) Cookies

In order to make the visit to our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your end device. Some of these cookies are automatically deleted after closing the browser (so-called "session cookies"), some of these cookies remain on your end device longer and allow the saving of page settings (so-called "persistent cookies"). In the latter case, you can find the storage duration in the overview of the cookie settings of your web browser.

Insofar as personal data is also processed by individual cookies used by us, processing takes place either in accordance with Art. 6(1)(b) GDPR for the execution of the contract, in accordance with Art. 6(1)(a) GDPR in the event of granted consent, or in accordance with Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of the site visit.

You can set your browser so that you are informed about the setting of cookies and can decide individually on their acceptance or exclude the acceptance of cookies for certain cases or in general.

Please note that if you do not accept cookies, the functionality of our website may be limited.5) Contacting Us5.1 LiveChat

This website uses a live chat system from the following provider: LiveChat Software S.A., al. Dębowa 3, 53-134 Wrocław, Poland.

The processing of personal data transmitted via the chat is carried out either in accordance with Art. 6(1)(b) GDPR because it is necessary for the initiation or execution of a contract, or in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the effective support of our site visitors. Your data transmitted in this way will be deleted subject to conflicting statutory retention periods if the matter in question has been finally clarified.

Additionally, for the purpose of creating pseudonymized usage profiles using cookies, further information may be collected and evaluated, which, however, does not serve your personal identification and is not merged with other data sets. Insofar as this information has a personal reference, processing is carried out in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in the statistical analysis of user behavior for optimization purposes.

The setting of cookies can be prevented by appropriate browser settings. In this case, however, the functionality of our website may be limited. You can object to the collection and storage of data for the purpose of creating a pseudonymized usage profile at any time with effect for the future.

We have concluded a data processing agreement with the provider, which ensures the protection of the data of our site visitors and prohibits unauthorized disclosure to third parties.5.2 Calendly

For the provision of an online appointment booking function, we use the services of the following provider: Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA.

For the purpose of making appointments, first and last names as well as email addresses (and if applicable the telephone number, if a telephone appointment is requested) are collected in accordance with Art. 6(1)(b) GDPR and transmitted to the provider in accordance with Art. 6(1)(f) GDPR on the basis of our legitimate interest in effective customer management and efficient appointment management and stored there for appointment organization.

After the appointment has been held or after the agreed appointment period has expired, your data will be deleted by the provider.

We have concluded a data processing agreement with the provider. For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with the European data protection level on the basis of an adequacy decision of the European Commission.5.3 Google Calendar

For the provision of an online appointment booking function, we use the services of the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Data can also be transferred to: Google LLC, USA.

The legal basis and procedure are identical to the process described under Section 5.2.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.5.4 WhatsApp Business

You have the opportunity to contact us via the WhatsApp messaging service of WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For this purpose, we use the so-called "Business version" of WhatsApp.

If you contact us via WhatsApp on the occasion of a specific transaction (for example, an order placed), we store and use the mobile phone number you use on WhatsApp as well as – if provided – your first and last name in accordance with Art. 6(1)(b) GDPR to process and answer your request. On the basis of the same legal basis, we may ask you via WhatsApp to provide further data (order number, customer number, address, or email address) in order to be able to assign your request to a specific transaction.

If you use our WhatsApp contact for general inquiries, we store and use your data in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in efficient and timely communication.

Please note that WhatsApp Business gains access to the address book of the mobile device we use for this purpose and automatically transmits phone numbers stored in the address book to a server of the parent company Meta Platforms Inc. in the USA. We use a dedicated device where only the contact details of users who have actively contacted us via WhatsApp are stored.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework.5.5 General Contact

In the context of contacting us (e.g., via contact form or email), personal data is processed – exclusively for the purpose of processing and answering your concern and only to the extent required for this. The legal basis is Art. 6(1)(f) GDPR or Art. 6(1)(b) GDPR if the contact aims at a contract.6) Use of Customer Data for Direct Advertising6.1 E-mail Newsletter Subscription

If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information is your e-mail address. We use the Double Opt-in procedure. By activating the confirmation link, you give us your consent for the use of your personal data in accordance with Art. 6(1)(a) GDPR. You can unsubscribe at any time via the link in the newsletter.6.2 Newsletter Service Provider: Kit (formerly ConvertKit)

The distribution of our newsletter is carried out by: Kit, Inc., 750 W Bannock Street 761, Boise, ID 83702, USA. This is based on our legitimate interest in effective marketing (Art. 6(1)(f) GDPR). We have a data processing agreement with the provider. The provider is certified under the EU-US Data Privacy Framework.6.3 WhatsApp Newsletter

If you register for our WhatsApp newsletter, you give us your consent according to Art. 6(1)(a) GDPR. You can unsubscribe at any time by sending the message "Stop" via WhatsApp.6.4 & 6.5 Availability and Cart Reminders

We offer one-time reminders via email for stock availability or abandoned shopping carts using the Double Opt-in procedure based on your consent (Art. 6(1)(a) GDPR).7) Data Processing for Order Fulfillment

7.1 Insofar as necessary for the execution of the contract for delivery and payment purposes, the personal data collected by us will be passed on to the commissioned transport company and the commissioned credit institution in accordance with Art. 6(1)(b) GDPR.7.2 Shipping Service Providers

  • DHL / DHL Express: We pass on your email address/phone number to DHL only if you have given express consent (Art. 6(1)(a) GDPR) for the purpose of delivery coordination. Otherwise, only the name and address are shared (Art. 6(1)(b) GDPR).

7.3 Payment Service Providers

We use the following providers for payment processing (Art. 6(1)(b) GDPR):

  • Apple Pay

  • Google Pay

  • PayPal

  • Shopify Payments

  • Stripe

For payment methods involving credit risk (e.g., purchase on account), data may be sent for credit checks to the respective provider based on Art. 6(1)(f) GDPR (legitimate interest in verifying solvency).8) Web Analytics Services8.1 Google Analytics 4

This website uses Google Analytics 4. This service is used only if you have given your express consent according to Art. 6(1)(a) GDPR. IP addresses are truncated to prevent direct personal identification. Data is stored for two months. We have a data processing agreement with Google. The provider is certified under the EU-US Data Privacy Framework.8.2 Google Tag Manager

Used for managing website tags. Processing occurs only with your consent (Art. 6(1)(a) GDPR).9) Retargeting / Remarketing and Conversion Tracking

Meta Pixel (with Advanced Matching):

Used to analyze the effectiveness of our ads on Facebook/Instagram. Processing takes place only with your express consent (Art. 6(1)(a) GDPR). Data may be transferred to Meta Platforms Inc. in the USA (EU-US Data Privacy Framework).10) Site Functionalities

We use the following plugins and services based on your consent (Art. 6(1)(a) GDPR) or legitimate interest (Art. 6(1)(f) GDPR):

  • Vimeo / YouTube: For video display.

  • Spotify: For audio content.

  • Apple / Google Single Sign-On: For user registration.

  • n8n / Zapier: For internal workflow automation and database synchronization.

  • Google Meet / Zoom: For video conferences and webinars.

  • Typeform: For online forms and surveys.

11) Tools and Miscellaneous

  • Accountable: We use Accountable SA (Belgium) for cloud-based accounting based on our legitimate interest in efficient business organization (Art. 6(1)(f) GDPR).

12) Rights of the Data Subject

12.1 Applicable data protection law grants you the following rights:

  • Right to information (Art. 15 GDPR)

  • Right to rectification (Art. 16 GDPR)

  • Right to erasure (Art. 17 GDPR)

  • Right to restriction of processing (Art. 18 GDPR)

  • Right to notification (Art. 19 GDPR)

  • Right to data portability (Art. 20 GDPR)

  • Right to withdraw consent (Art. 7(3) GDPR)

  • Right to lodge a complaint (Art. 77 GDPR)

12.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA WITHIN THE FRAMEWORK OF A BALANCING OF INTERESTS BASED ON OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT AT ANY TIME TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, FURTHER PROCESSING REMAINS RESERVED IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS.

13) Duration of Storage of Personal Data

The duration of the storage of personal data is determined by the respective legal basis, the purpose of processing and – if relevant – additionally by the respective statutory retention period (e.g., commercial and tax law retention periods).

Unless otherwise stated in this policy, stored personal data will be deleted if it is no longer necessary for the purposes for which it was collected or otherwise processed.