PRIVACY POLICY

  • about this policy
    • Lulutox is committed to protecting our customer's privacy. Please take the time to review this Privacy Policy (the “Policy”) which explains what information we collect about you, how we use it, and your rights. This Policy provides important information and you should not use any services on https://lulutox.com/ (the “Website”) without priorly reading this Policy.
    • Fonslife Trading FZCO, trading as Lulutox, (“Lulutox”, “we” or “us”) is the data controller and processor of the personal data collected via or in connection with the Website.
    • This Policy is prepared in accordance to Regulation EU 2016/679 known as General Data Protection Regulation and California Consumer Privacy Act (CCPA) of 2018. Please be noted, that depending on the place of your residence some rules of this Policy might not apply to you, as you will find furtherly explained in this Policy.
  • what information we collect about you and why
    Why do you collect information about me? Which information do you collect about me? Why are you legally allowed to collect my information? How long do you keep information about me?
    2.1. For processing your purchase requests on the Website; First name, last name, delivery address, telephone number, email address, information about your paid purchase price and currency. We conclude and execute a contract with you (Art. 6 (1) (b) of the General Data Protection Regulation – GDPR). 1 year after you make a purchase on our website.
    2.2. To process payments on the Website; First name, last name, delivery address, telephone number, email address, information about your paid purchase price and currency, your credit card brand, type, BIN number, and credit card issuer country. We conclude and execute a contract with you (Art. 6 (1) (b) of the GDPR) upon which we need to collect payments from you. As long as you have a subscription for our Services and 1 month after you terminate your subscription.
    2.3. To process recurring purchase requests on the Website; Unique data “token” identification number; You agreed to that (Art. 6 (1) (a) of the GDPR) 1 year after you make a purchase on our website.
    2.4. To provide you with personalized offers, marketing materials, and special discounts; IP address, email address, telephone number. You agreed to that (Art. 6 (1) (a) of the GDPR) 1 month after you visit the Website.
    2.5. To ensure security of the Website; IP address or other device address or ID, web browser and/or device type, hardware and software settings and configurations, the web pages or sites that you visit just before or just after visiting the Site, the pages you view on the Site, your actions on the Site, and the dates and times that you visit, access, or use the Services. When you use the Site on a mobile device, we may also collect the physical location of your device by, for example, using satellite, cell phone tower or wireless local area network signals. We have a legitimate interest (to ensure security of our website) (Art. 6 (1) (f) of the GDPR). 1 month after you visit the Website.
    2.6 To manage our accounts on social media - where you interact with us via our social media accounts Name and surname, e-mail address, gender, country, picture, message, time and date the message was received, content of the message, message attachments, response to the message, time of response to the message, information about our rating, comments on a post, post shares, information about post reactions. You agreed to that (Art. 6 (1) (a) of the GDPR) 2 years
    2.7. To manage our services and product customer reviews, testimonials and other feedback. Name, surname, e-mail address, image/picture associated with your account, time and date when the message was received, the content of the message. You agreed to that (Art. 6 (1) (a) of the GDPR) 2 years after receiving your feedback or message.
    2.8. To handle queries, requests and complaints submitted by you – where you submit one. Firs name, last name, e-mail address, country, telephone number, subject of your inquiry, date of your inquiry, content of your inquiry, attachments to your inquiry, reply to your inquiry You agreed to that (Art. 6 (1) (a) of the GDPR)
    and
    We have a legitimate interest to do that (to handle your queries) (Art. 6 (1) (f) of the GDPR)
    2 years from the moment your last inquiry was received.
    2.9. To contact you in case of unfinished order, or when your order or payment was not successfully processed due to technical errors. First name, last name, email, telephone number, contents of the abandoned cart We conclude and execute a contract with you (Art. 6 (1) (b) of the GDPR)
    and
    We have a legitimate interest to do that (to process orders and payments) (Art. 6 (1) (f) of the GDPR)
    1 month after unsuccessful purchase order is placed on the Website
    2.10. To protect our rights and interests in legal proceedings Information listed under Paragraph 2.1 above, documents and attachments sent to you, documents and attachments submitted by you, procedural documents, court rulings, resolutions, decisions We have a legitimate interest (to defend our rights in legal proceedings) (Art. 6 (1) (f) of the GDPR) 10 years following the termination or your account with our website or, in case legal processes were initiated, following termination of such legal processes
    To protect our rights and interests in criminal proceedings If a criminal case arises we can collect information about criminal offenses and convictions of the offender Data is necessary for the establishment, exercise or defense of legal claims (Art. 9 (2) (f) of the GDPR) 10 years following the termination or your account with our website or, in case legal processes were initiated, following termination of such legal processes
  • which information do you have to provide us with
    Please refer to Section 2 above - you have to provide us with the information which we need to process your orders that you submit on the Website, as well as to handle your inquiries, requests, claims, etc. In case you do not provide us with this information, we will not be able to provide you services and handle your orders.
  • what do we do with your personal data
    • We use your information for the purposes specified in Section 2 above. These are the main group of actions that we do with your personal information:
      • We use your information to process your purchase request and deliver your purchases to you;
      • We use your information to send you marketing and promotional materials;
      • We use your information to contact you from time to time to inform you about discounts, specials deals, or offers, or to provide general information about our products and service;
      • We transfer your personal information to third parties that are our service providers or business partners, when that is needed for fulfilling your orders, or when that is necessary for protecting our rights, or when our partners have specific products that we think might be interesting to you;
      • We may use your payment information “token” described in Section 2.3 above and transfer it to our partner companies if you ask us to save your payment information for future purchases.
    • If you agree to receive marketing SMS, we may also transfer your phone number details to our partners or companies that belong to our companies’ group. Neither we, neither our partners will not send you any marketing SMS if we don’t have your permission to do that.
      We may send you short marketing messages to your phone (SMS) if you will agree to that on the Website. You can cancel your permission to receive marketing SMS anytime by sending a word “STOP” as a reply to the SMS that you will receive from us. We will not send you marketing SMS’ more often than 3 times per week. Our marketing SMS’ are free of carrier costs and fees, thus you will not be charged for any SMS that you will receive from us.
  • Sharing your personal information
    • We share your personal information with the following subjects:
      • Financial institutions that handle payment processing and banks to which your paid amounts are transferred for us;
      • attorneys, attorney's assistants, notaries, bailiffs, auditors, consultants, IT service providers, electronic communications service providers, insurance companies, archiving services, and other subjects that provide services to us;
      • courts, law enforcement, and other state institutions, when we are required by law to do so, or if you violate this Policy or Terms of Service of the Website;
      • third party partners to verify your identity in connection with your use of certain aspects of the Website;
      • Our marketing partners to deliver you with personalized marketing content;
      • Our shipping services partners to deliver your purchases to you;
      • Our Website online store management system service provider;
      • Our group companies if you decide to make a purchase with them and we have received your permission to do that prior;
      • Analytical tools service providers (such as Google Analytics).
    • If you choose a direct payment gateway to complete your purchase, then our payment processor stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
    • In general, the third-party providers used by us will only collect, use, and disclose your information to the extent necessary to allow them to perform the services they provide to us. However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies for the information we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so you can understand how your personal information will be handled by these providers.
    • We may share your data with third-party marketing partners for advertising purposes. Certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located. As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act. Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service. When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.
  • information security
    • To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered, or destroyed.
    • If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL). Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
    • In most cases personal data are processed and transmitted in the territory of the European Union and the European Economic Area, however sometimes it is necessary for us to transfer your details to our service providers that are located outside European Union. We always make sure to have appropriate agreements covering data processing provisions and we perform regular audits to make sure that the third parties, located outside of the EU, are following GDPR rules. When this is permitted by law and is required for the reasons given in this policy, we may disclose information about you to third parties that are located in the United States and are compliant with EU-U.S. Privacy Shield Framework. You may download a copy of the EU-U.S. Privacy Shield Framework at https://www.privacyshield.gov/EU-US-Framework.
  • selling/buying personal information
    • If you are a resident of United States, we may "sell" (as sell is defined in CCPA) or purchase the following categories of personal information:
      • Identifiers data;
      • Characteristics of protected classifications under California and federal law;
      • Internet/electronic activity;
      • Commercial information; and
      • Inferences are drawn from the categories described above to create a profile about you to reflect your preferences, characteristics, preferences, behavior, and attitudes.
    • We only "sell" or “buy” your personal information to or from thoroughly selected trustful partners and/or digital advertising networks. We do not sell or buy any personal information of minors under the age of 16.
  • california residents rights under the ccpa
    • If you are a California resident, you have the rights set forth below in this section under the CCPA. Please see the sections below for a description of your rights under CCPA and instructions regarding how to exercise these rights. If there are any conflicts between this section and any other provision of this Privacy Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at [email protected].
    • Right to opt-out from the sale of information
      You have the right to request that we would not sell your personal data. Your request to opt-out from the sale oy our personal data will be effective for 12 months, after which we might ask you to opt-in to the sale of personal data.
      You can opt-out from selling your personal data by emailing us at [email protected].
      We will comply with your opt-out request within 15 business days from receiving your request.
      We may refuse to stop selling your data if a sale is necessary for us to comply with legal obligations, exercise legal claims or rights, or defend legal claims, or if the personal information is related to certain medical information, the consumer credit reporting information, or other types of information exempt from the CCPA.
    • Right to know
      You have the right to request that we would disclose to you what personal information we have collected, used, shared, or sold about you, during the last 12 months of your inquiry. Specifically, you have the right to request disclosure of the following data related to you personally:
      - The categories of personal information collected;
      - Specific pieces of personal information collected;
      - The categories of sources from which the business collected personal information;
      - The purposes for which the business uses personal information;
      - The categories of third parties with whom the business shares the personal information;
      - The categories of information that the business sells or discloses to third parties.
      You can provide your "Right to Know" request by emailing us at [email protected].
      We will respond to your "Right to Know" request within 45 calendar days. If necessary, we have the right to extend our response deadline by another 45 days (90 days total) by notifying you about that.
      We may refuse to accept your "Right to Know" request and not disclose your personal information, if:
      - We are unable to verify your request;
      - The request is manifestly unfounded or excessive, or we have already provided personal information to you more than twice in a 12-month period;
      - We cannot disclose certain sensitive information, such as your social security number, financial account number, or account passwords, but we must tell you if we’re collecting that type of information;
      - Disclosure would restrict our ability to comply with legal obligations, exercise legal claims or rights, or defend legal claims;
      - If the personal information is certain medical information, consumer credit reporting information, or other types of information exempt from the CCPA;
      - For other reasons specified in Civil Code section 1798.145.
    • Right to delete
      You may request that we would delete your personal information that we have collected from you and tell our service providers to do the same. However, many exceptions allow us to keep your personal information.
      You can provide your request to delete your information by emailing us at [email protected].
      We will respond to your "Right to Know" request within 45 calendar days. If necessary, we have the right to extend our response deadline by another 45 days (90 days total) by notifying you about that.
      We may refuse to accept your "Right to Know" request and not disclose your personal information, if:
      - We are unable to verify your request;
      - The request is manifestly unfounded or excessive, or we have already provided personal information to you more than twice in a 12-month period;
      - We cannot disclose certain sensitive information, such as your social security number, financial account number, or account passwords, but we must tell you if we’re collecting that type of information;
      - Disclosure would restrict our ability to comply with legal obligations, exercise legal claims or rights, or defend legal claims;
      - If the personal information is certain medical information, consumer credit reporting information, or other types of information exempt from the CCPA;
      - For other reasons specified in Civil Code section 1798.145.
    • Right to not be discriminated
      We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services only because you are a California resident or if you exercise your rights under the CCPA.
    • Our right to ask for additional information
      Whenever we receive your request under the provisions of this Section 8 above, we will have to verify your identity to determine if the request is provided by the consumer about whom we have personal information and to determine that you are a Californian resident.
      Accordingly, we might ask you for additional information for verification purposes and we would use such information for this verification purpose only.
  • EURopean union residents rights
    • GDPR and other laws provide you with certain rights, procedures for implementation of and exceptions to these rights. When allowed by law, you can:
      • Submit a request for confirmation that we are processing the data related to you. If we process data related to you, request access to the data processed and related information;
      • Submit a request to correct inaccurate or incorrect information used or to supplement it when it is not complete;
      • Submit a request to delete the information we have about you if we use it illegally;
      • Submit a request to restrict the processing of your information – if you dispute the accuracy of the data or object to the processing of the data, if you do not accept that your data would be deleted which was illegally processed, or if you need the data to claim, execute or defend legal claims;
      • Object to collection, use and storage of your information – when we process data based on our and / or third party interests;
      • Submit a request to transfer (receive) the data that you provided to us under the contract or giving the consent and which we process by automated means, generally using electronic form;
      • To withdraw any consents given to us regarding information used about you - when we use the data based on your consent;
      • To lodge a complaint with a supervisory authority and seek a judicial remedy.
    • Whenever we receive your request to exercise any of the rights specified above we may need to verify your identity in order to determine if the request is provided by the person about whom we have personal information and in order to determine your identity. Accordingly, we might ask you for additional information for verification purposes and we would use such information for this verification purpose only.
    • If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. Our data processing is supervised by Lithuanian State Data Protection Inspectorate, L. Sapiegos g. 17, Vilnius 10312, Lithuania, email [email protected], +370 5 279 1445, https://www.vdai.lrv.lt/.
  • age of consent
    • By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.
    • We do not process any personal data of minors that are 16 years old or younger. If you are a minor as specified herein, we request that you would stop using the Website immediately. We have a right to delete your personal data without separate notification if we have a reason to believe that you are younger than 16 years old.
  • cookies
    • Cookies are small text files that are stored by your browser on your device (e.g. computer, mobile phone, tablet) when you browse websites. Other technologies, including data we store on your web browser or device, identifiers associated with your device, and other software, are used for similar purposes. They are widely used to make websites work or work in a better, more efficient way. In this policy, we refer to all of these technologies as cookies.
    • Our website uses cookies as described in the table below:
      Cookie name Cookie purpose Cookie expiry
      Stored Cookies
      _fbp Advertisement cookie. This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website. 3 months
      fr Advertisement cookie. Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin. 3 months
      _vwo_uuid_v2 Analytical cookie. This cookie is set by Visual Website Optimiser and calculates unique traffic on a website. 1 year
      _vis_opt_s Analytical cookie. Visual Website Optimiser sets this cookie to track the session created for a visitor, i.e., the number of times the browser was closed and reopened. 3 months 8 days
      _ga Analytical cookie. The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. 2 years
      omnisendAnonymousID Analytical cookie. This cookie is set by the provider Omnisend. This cookie is used for storing the user action on the website with a unique ID. The cookie encrypts the visitor data for the security of user data. 1 year
      _hjSessionUser_ Statistics cookie. Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. 1 year
      _vwo_uuid Performance cookie. Visual Website Optimizer sets this cookie to generate a unique id for every visitor and for its report segmentation feature. The cookie also allows to view data in a more refined manner. 10 years
      Session Cookies
      soundestID Analytical cookie. This cookie is set by the provider Omnisend. This cookie is used for determining if a visitor is new to the website or the visitor had visited before. session
      omnisendSessionID Analytical cookie. This cookie is set by the provider Omnisend. This cookie is used for setting a unique ID for the session. The cookie collects information on visitor behaviour on the website for statistical purposes. 30 minutes
      _hjFirstSeen Analytical cookie. Hotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user. 30 minutes
      _hjIncludedInSessionSample Analytical cookie. Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit. 2 minutes
      _hjIncludedInPageviewSample Analytical cookie. Hotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit. 2 minutes
      _hjAbsoluteSessionInProgress Analytical cookie. Hotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie. 30 minutes
      _gat_UA Analytical cookie. A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to. 1 minute
      _vis_opt_test_cookie Functional cookie. Visual Website Optimiser sets this cookie to detect if cookies are enabled on the browser of the user or not. session
      _hjSession_ Statistics cookie. Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID. 30 minutes
      soundest-views Functional cookie. Omnisend cookies are designed to enable the site to provide services and ensure their proper functioning Session
      _vwo_sn Performance cookie. This cookie stores session-level information. 30 minutes
    • You can configure your browser to decline some or all cookies or to ask for your permission before accepting them. Please note that by deleting cookies or disabling future cookies you may be unable to access certain areas or features of our website. For information on how to adjust or change your browser settings, visit www.aboutcookies.org or www.allaboutcookies.org. For information on, policy and control options for third-party cookies, please read cookie policies of such third parties.
  • CHANGES TO THIS PRIVACY POLICY
    We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.
  • contact information
    Please contact Customer Support if you have any questions concerning your purchase by completing this Contact Us form, or [email protected] or +1 (888) 828-8952.
    Address FOR CORRESPONDENCE ONLY:
    Lulutox, 3979 Albany Post Road ste 2, Unit #2277, Hyde Park, NY 12538