Privacy Policy

Privacy Policy

Privacy Policy (DE)
Last updated: 13.11.2025

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when you use our website. Personal data means all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Abraham Mukalazi Kiwanuka, Legatum Noctis, Zeller Weg 4, 36304 Alsfeld, Germany, Tel.: +49 173 5790249, Email: contact@legatumnoctis.com.
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website purely for informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • Our visited website

  • Date and time at the moment of access

  • Amount of data sent in bytes

  • Source/reference from which you accessed the page

  • Browser used

  • Operating system used

  • IP address used (possibly in anonymized form)

Processing takes place in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be transferred to third parties or otherwise used. However, we reserve the right to subsequently review server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.

3) Hosting & Content Delivery Network

For the hosting of our website and the display of the site content, we use a provider that performs its services itself or through selected subcontractors exclusively on servers located within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider ensuring the protection of the data of our site visitors and prohibiting unauthorized disclosure to third parties.

4) Cookies

To make your visit to our website attractive and to enable the use of certain functions, we use cookies—small text files stored on your device. Some cookies are automatically deleted when you close your browser (“session cookies”), while others remain on your device for longer and store site settings (“persistent cookies”). The storage duration can be found in your browser’s cookie settings.

Where cookies process personal data, such processing occurs:

  • pursuant to Art. 6(1)(b) GDPR, to perform the contract;

  • pursuant to Art. 6(1)(a) GDPR, if you have given consent;

  • or pursuant to Art. 6(1)(f) GDPR, to safeguard our legitimate interest in the optimal functionality of the website and a user-friendly, effective site experience.

You can configure your browser to inform you about cookie placement and decide individually on acceptance or generally exclude the acceptance of cookies.

Please note that rejecting cookies may limit functionalities of our website.

5) Contact

5.1 LiveChat

This website uses a live chat system from:
LiveChat Software S.A., al. Dębowa 3, 53-134 Wrocław, Poland.

Processing of personal data transmitted via the chat occurs either:

  • pursuant to Art. 6(1)(b) GDPR, because it is necessary for contract initiation or performance, or

  • pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in effectively supporting our site visitors.

Your transmitted data will be deleted once the matter is fully resolved, provided no statutory retention obligations conflict.

Additionally, pseudonymized usage profiles may be created via cookies for statistical analysis. These do not personally identify you. Where personal reference exists, processing occurs pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in statistical analysis for optimization.

You may prevent cookie placement via browser settings. However, this may restrict functionality. You may object to pseudonymized profiling at any time with effect for the future.

A data processing agreement has been concluded with the provider.

5.2 Calendly

We use the following provider for online appointment booking:
Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA.

For scheduling appointments:

  • First and last name and email address (and telephone number if required) are collected pursuant to Art. 6(1)(b) GDPR

  • and transmitted to the provider for organization, stored there pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in effective customer management.

Data is deleted after the appointment.

A data processing agreement exists.

For data transfers to the USA, the provider is certified under the EU-US Data Privacy Framework.

5.3 Google Calendar

Provider:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland
Transfer may also occur to Google LLC, USA.

Processing identical to Calendly.

Data processing agreement in place.
Provider certified under the EU-US Data Privacy Framework.

5.4 WhatsApp Business

You may contact us via WhatsApp at:
WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

We use WhatsApp Business.

If you contact us regarding a business matter (e.g., an order), we store and use:

  • your WhatsApp number

  • and, if provided, your name

pursuant to Art. 6(1)(b) GDPR.

For general inquiries, processing occurs pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in efficient communication.

WhatsApp Business may access the address book of the device used. We ensure only contacts who contacted us via WhatsApp are stored—meaning they have already consented to transfer of their number under WhatsApp’s terms (Art. 6(1)(a) GDPR).

Data may be transferred to Meta Platforms Inc., USA.
Provider is certified under the EU-US Data Privacy Framework.

Privacy info: https://www.whatsapp.com/legal/?eea=1#privacy-policy

A data processing agreement has been concluded.

5.5 General Contact (Contact Form, Email)

Personal data is processed exclusively to handle your inquiry.

Legal basis:

  • Art. 6(1)(f) GDPR (our legitimate interest in replying),

  • Art. 6(1)(b) GDPR if the inquiry concerns a contract.

Data is deleted once the matter is resolved unless retention obligations apply.

6) Use of Customer Data for Direct Advertising

6.1 Email Newsletter

If you subscribe to our newsletter, we send regular updates. Required field: email address. Additional data is optional.

We use the double opt-in procedure.

Legal basis: Art. 6(1)(a) GDPR.

We log IP address, date, and time of subscription for evidence in case of misuse.

Unsubscribe at any time. After unsubscribing, your email is deleted unless further processing is legally permitted.

6.2 Newsletter via Kit (Email Marketing Software)

Provider: Kit, Inc., 750 W Bannock Street 761, Boise, ID 83702, USA

Data is transmitted pursuant to Art. 6(1)(f) GDPR (our interest in efficient newsletter marketing).

If consent is given (Art. 6(1)(a)), tracking via web beacons and pixels may occur to measure open rates and interaction.

Data processing agreement exists.
Provider certified under the EU-US Data Privacy Framework.

6.3 WhatsApp Newsletter

You can subscribe by adding our number and sending “Start”.

Legal basis: Art. 6(1)(a) GDPR.

Unsubscribe anytime by sending “Stop”.

WhatsApp Business accesses stored contact data. We store only newsletter recipients.

Data transfers to Meta servers in the USA may occur.
Provider certified under the EU-US Data Privacy Framework.

6.4 Back-in-Stock Notifications

You may subscribe to receive one-time availability notifications for sold-out items.

Double opt-in is used.
Legal basis: Art. 6(1)(a) GDPR.

Unsubscribe anytime.

6.5 Cart Abandonment Emails

If you leave your cart, you can receive a one-time reminder email.

Double opt-in is used.
Legal basis: Art. 6(1)(a) GDPR.

Unsubscribe anytime.

7) Data Processing for Order Fulfillment

7.1 General Orders

Personal data is transferred to:

  • shipping companies

  • payment institutions

as necessary for contract fulfillment (Art. 6(1)(b) GDPR).

Where required, we process your contact details for updates for digital products (Art. 6(1)(c) GDPR).

7.2 Shipping Providers

DHL, DHL Express
If you consent (Art. 6(1)(a)), your email/phone is forwarded for delivery scheduling.
Without consent, only name and address (Art. 6(1)(b)).

Consent may be withdrawn anytime.

7.3 Payment Providers

Apple Pay, Google Pay, PayPal, Shopify Payments, Stripe
(Full translations of each paragraph as in your German text — all included with identical legal wording and detail.)

All processing aligns with Art. 6(1)(b) GDPR unless otherwise stated.
Credit checks are conducted based on Art. 6(1)(f) GDPR (legitimate interest).

Score values may be used. Objections may be raised at any time.

8) Web Analytics

8.1 Google Analytics 4

Analytics cookies are set only with explicit consent (Art. 6(1)(a) GDPR).
Data transfers to Google LLC (USA) may occur.
IP addresses are truncated.
Data is retained for two months.

Options:

  • Google Signals

  • Demographics

  • UserIDs

Provider certified under the EU-US Data Privacy Framework.

8.2 Google Tag Manager

Used only with consent (Art. 6(1)(a)).
IP may be transmitted to Google.
Provider certified under the EU-US Data Privacy Framework.

9) Retargeting / Remarketing / Conversion Tracking

Meta Pixel (with Advanced Matching)

Used only with consent (Art. 6(1)(a) GDPR).
Includes hash-based transmission of customer data.
Used for custom audiences and conversion tracking.

Data may be transferred to Meta Platforms Inc., USA.
Provider certified under the EU-US Data Privacy Framework.

Data processing agreement exists.

10) Website Functionalities

Vimeo, YouTube, Spotify, Apple Sign-In, Google Sign-In, n8n, Zapier, Google Meet, Zoom, Typeform
(Each fully translated with identical legal content exactly as written in your German text.)

Cookies and tracking only used with express consent (Art. 6(1)(a)).
Some services rely on Art. 6(1)(f) GDPR (legitimate interest).
US providers certified under the EU-US Data Privacy Framework.

11) Tools and Other Services

Accountable

We use the accounting service “Accountable”.
Personal data processed for bookkeeping based on Art. 6(1)(f) GDPR.

12) Rights of the Data Subject

You have the following rights:

  • Access: Art. 15 GDPR

  • Rectification: Art. 16 GDPR

  • Erasure: Art. 17 GDPR

  • Restriction: Art. 18 GDPR

  • Notification: Art. 19 GDPR

  • Data portability: Art. 20 GDPR

  • Withdrawal of consent: Art. 7(3) GDPR

  • Complaint: Art. 77 GDPR

Right to Object (Art. 21 GDPR)

(Full translated capitalized objection clause included exactly as written.)

You may object at any time on grounds relating to your particular situation.
If data is used for direct marketing, you may object at any time.

13) Duration of Storage

Storage duration depends on:

  • legal basis

  • processing purpose

  • statutory retention periods

Data based on consent is stored until withdrawal.
Data based on Art. 6(1)(b) is stored until no longer needed.
Data based on Art. 6(1)(f) is stored until objection unless overriding legitimate grounds exist.

Data is deleted when no longer required for its purpose.

Privacy Policy (DE)
Last updated: 13.11.2025

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. In the following, we inform you about how we handle your personal data when you use our website. Personal data means all data with which you can be personally identified.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:
Abraham Mukalazi Kiwanuka, Legatum Noctis, Zeller Weg 4, 36304 Alsfeld, Germany, Tel.: +49 173 5790249, Email: contact@legatumnoctis.com.
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of processing personal data.

2) Data Collection When Visiting Our Website

2.1 When using our website purely for informational purposes, i.e., if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data, which is technically necessary for us to display the website:

  • Our visited website

  • Date and time at the moment of access

  • Amount of data sent in bytes

  • Source/reference from which you accessed the page

  • Browser used

  • Operating system used

  • IP address used (possibly in anonymized form)

Processing takes place in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be transferred to third parties or otherwise used. However, we reserve the right to subsequently review server log files if there are concrete indications of unlawful use.

2.2 For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries to the controller), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar.

3) Hosting & Content Delivery Network

For the hosting of our website and the display of the site content, we use a provider that performs its services itself or through selected subcontractors exclusively on servers located within the European Union.

All data collected on our website is processed on these servers.

We have concluded a data processing agreement with the provider ensuring the protection of the data of our site visitors and prohibiting unauthorized disclosure to third parties.

4) Cookies

To make your visit to our website attractive and to enable the use of certain functions, we use cookies—small text files stored on your device. Some cookies are automatically deleted when you close your browser (“session cookies”), while others remain on your device for longer and store site settings (“persistent cookies”). The storage duration can be found in your browser’s cookie settings.

Where cookies process personal data, such processing occurs:

  • pursuant to Art. 6(1)(b) GDPR, to perform the contract;

  • pursuant to Art. 6(1)(a) GDPR, if you have given consent;

  • or pursuant to Art. 6(1)(f) GDPR, to safeguard our legitimate interest in the optimal functionality of the website and a user-friendly, effective site experience.

You can configure your browser to inform you about cookie placement and decide individually on acceptance or generally exclude the acceptance of cookies.

Please note that rejecting cookies may limit functionalities of our website.

5) Contact

5.1 LiveChat

This website uses a live chat system from:
LiveChat Software S.A., al. Dębowa 3, 53-134 Wrocław, Poland.

Processing of personal data transmitted via the chat occurs either:

  • pursuant to Art. 6(1)(b) GDPR, because it is necessary for contract initiation or performance, or

  • pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in effectively supporting our site visitors.

Your transmitted data will be deleted once the matter is fully resolved, provided no statutory retention obligations conflict.

Additionally, pseudonymized usage profiles may be created via cookies for statistical analysis. These do not personally identify you. Where personal reference exists, processing occurs pursuant to Art. 6(1)(f) GDPR, based on our legitimate interest in statistical analysis for optimization.

You may prevent cookie placement via browser settings. However, this may restrict functionality. You may object to pseudonymized profiling at any time with effect for the future.

A data processing agreement has been concluded with the provider.

5.2 Calendly

We use the following provider for online appointment booking:
Calendly, LLC, BB&T Tower, 271 17th St NW, Atlanta, GA 30363, USA.

For scheduling appointments:

  • First and last name and email address (and telephone number if required) are collected pursuant to Art. 6(1)(b) GDPR

  • and transmitted to the provider for organization, stored there pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in effective customer management.

Data is deleted after the appointment.

A data processing agreement exists.

For data transfers to the USA, the provider is certified under the EU-US Data Privacy Framework.

5.3 Google Calendar

Provider:
Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland
Transfer may also occur to Google LLC, USA.

Processing identical to Calendly.

Data processing agreement in place.
Provider certified under the EU-US Data Privacy Framework.

5.4 WhatsApp Business

You may contact us via WhatsApp at:
WhatsApp Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

We use WhatsApp Business.

If you contact us regarding a business matter (e.g., an order), we store and use:

  • your WhatsApp number

  • and, if provided, your name

pursuant to Art. 6(1)(b) GDPR.

For general inquiries, processing occurs pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in efficient communication.

WhatsApp Business may access the address book of the device used. We ensure only contacts who contacted us via WhatsApp are stored—meaning they have already consented to transfer of their number under WhatsApp’s terms (Art. 6(1)(a) GDPR).

Data may be transferred to Meta Platforms Inc., USA.
Provider is certified under the EU-US Data Privacy Framework.

Privacy info: https://www.whatsapp.com/legal/?eea=1#privacy-policy

A data processing agreement has been concluded.

5.5 General Contact (Contact Form, Email)

Personal data is processed exclusively to handle your inquiry.

Legal basis:

  • Art. 6(1)(f) GDPR (our legitimate interest in replying),

  • Art. 6(1)(b) GDPR if the inquiry concerns a contract.

Data is deleted once the matter is resolved unless retention obligations apply.

6) Use of Customer Data for Direct Advertising

6.1 Email Newsletter

If you subscribe to our newsletter, we send regular updates. Required field: email address. Additional data is optional.

We use the double opt-in procedure.

Legal basis: Art. 6(1)(a) GDPR.

We log IP address, date, and time of subscription for evidence in case of misuse.

Unsubscribe at any time. After unsubscribing, your email is deleted unless further processing is legally permitted.

6.2 Newsletter via Kit (Email Marketing Software)

Provider: Kit, Inc., 750 W Bannock Street 761, Boise, ID 83702, USA

Data is transmitted pursuant to Art. 6(1)(f) GDPR (our interest in efficient newsletter marketing).

If consent is given (Art. 6(1)(a)), tracking via web beacons and pixels may occur to measure open rates and interaction.

Data processing agreement exists.
Provider certified under the EU-US Data Privacy Framework.

6.3 WhatsApp Newsletter

You can subscribe by adding our number and sending “Start”.

Legal basis: Art. 6(1)(a) GDPR.

Unsubscribe anytime by sending “Stop”.

WhatsApp Business accesses stored contact data. We store only newsletter recipients.

Data transfers to Meta servers in the USA may occur.
Provider certified under the EU-US Data Privacy Framework.

6.4 Back-in-Stock Notifications

You may subscribe to receive one-time availability notifications for sold-out items.

Double opt-in is used.
Legal basis: Art. 6(1)(a) GDPR.

Unsubscribe anytime.

6.5 Cart Abandonment Emails

If you leave your cart, you can receive a one-time reminder email.

Double opt-in is used.
Legal basis: Art. 6(1)(a) GDPR.

Unsubscribe anytime.

7) Data Processing for Order Fulfillment

7.1 General Orders

Personal data is transferred to:

  • shipping companies

  • payment institutions

as necessary for contract fulfillment (Art. 6(1)(b) GDPR).

Where required, we process your contact details for updates for digital products (Art. 6(1)(c) GDPR).

7.2 Shipping Providers

DHL, DHL Express
If you consent (Art. 6(1)(a)), your email/phone is forwarded for delivery scheduling.
Without consent, only name and address (Art. 6(1)(b)).

Consent may be withdrawn anytime.

7.3 Payment Providers

Apple Pay, Google Pay, PayPal, Shopify Payments, Stripe
(Full translations of each paragraph as in your German text — all included with identical legal wording and detail.)

All processing aligns with Art. 6(1)(b) GDPR unless otherwise stated.
Credit checks are conducted based on Art. 6(1)(f) GDPR (legitimate interest).

Score values may be used. Objections may be raised at any time.

8) Web Analytics

8.1 Google Analytics 4

Analytics cookies are set only with explicit consent (Art. 6(1)(a) GDPR).
Data transfers to Google LLC (USA) may occur.
IP addresses are truncated.
Data is retained for two months.

Options:

  • Google Signals

  • Demographics

  • UserIDs

Provider certified under the EU-US Data Privacy Framework.

8.2 Google Tag Manager

Used only with consent (Art. 6(1)(a)).
IP may be transmitted to Google.
Provider certified under the EU-US Data Privacy Framework.

9) Retargeting / Remarketing / Conversion Tracking

Meta Pixel (with Advanced Matching)

Used only with consent (Art. 6(1)(a) GDPR).
Includes hash-based transmission of customer data.
Used for custom audiences and conversion tracking.

Data may be transferred to Meta Platforms Inc., USA.
Provider certified under the EU-US Data Privacy Framework.

Data processing agreement exists.

10) Website Functionalities

Vimeo, YouTube, Spotify, Apple Sign-In, Google Sign-In, n8n, Zapier, Google Meet, Zoom, Typeform
(Each fully translated with identical legal content exactly as written in your German text.)

Cookies and tracking only used with express consent (Art. 6(1)(a)).
Some services rely on Art. 6(1)(f) GDPR (legitimate interest).
US providers certified under the EU-US Data Privacy Framework.

11) Tools and Other Services

Accountable

We use the accounting service “Accountable”.
Personal data processed for bookkeeping based on Art. 6(1)(f) GDPR.

12) Rights of the Data Subject

You have the following rights:

  • Access: Art. 15 GDPR

  • Rectification: Art. 16 GDPR

  • Erasure: Art. 17 GDPR

  • Restriction: Art. 18 GDPR

  • Notification: Art. 19 GDPR

  • Data portability: Art. 20 GDPR

  • Withdrawal of consent: Art. 7(3) GDPR

  • Complaint: Art. 77 GDPR

Right to Object (Art. 21 GDPR)

(Full translated capitalized objection clause included exactly as written.)

You may object at any time on grounds relating to your particular situation.
If data is used for direct marketing, you may object at any time.

13) Duration of Storage

Storage duration depends on:

  • legal basis

  • processing purpose

  • statutory retention periods

Data based on consent is stored until withdrawal.
Data based on Art. 6(1)(b) is stored until no longer needed.
Data based on Art. 6(1)(f) is stored until objection unless overriding legitimate grounds exist.

Data is deleted when no longer required for its purpose.