Privacy Policy
1. Controller
LEPAGE MANUEL JEAN-PAUL
Groussgaass, 10
L-8523 Beckerich, Luxembourg
Email: contact@lepage.expert
Website: www.lepage.expert
No separate Data Protection Officer has been appointed. The controller is also the contact point for data protection matters.
2. Scope and Legal Basis
This Privacy Policy explains how personal data are processed when you visit this website, use the online shop, contact us, use a customer account, the contact form or the website chat, and — where enabled — when using Google Analytics 4 and Google Maps.
The legal basis for such processing is, in particular, the General Data Protection Regulation (GDPR), the applicable Luxembourg data protection laws, including the Loi du 1er août 2018, as well as the ePrivacy rules governing cookies and similar technologies. Non-essential cookies may only be set once valid consent has been obtained.
3. Hosting and Data Processing (Wix)
This website is operated using the Wix platform. Wix provides official GDPR/privacy information, documentation relating to data processing agreements for users, and an up-to-date list of its subprocessors.
Wix processes data for the purpose of providing the platform and may use its affiliated companies as well as third-party subprocessors for that purpose. Where required for our use of the platform, a data processing agreement has been concluded with Wix.
Transfers of personal data to third countries take place only in accordance with the GDPR, in particular on the basis of Standard Contractual Clauses (SCCs) and, where applicable, adequacy decisions.
4. Specific Processing Activities
4.1 Accessing the Website (Server Logs)
When you access this website, technically necessary data are processed, including in particular your IP address, the date and time of access, the pages accessed, referrer URL, browser type, operating system and error codes.
These data are processed for the purposes of providing the website, ensuring stability and security, analysing errors, and detecting and preventing misuse and attacks.
The legal basis is our legitimate interest pursuant to Article 6(1)(f) GDPR.
4.2 Cookies and Consent Banner
This website uses a consent banner. Non-essential cookies and similar technologies — for example for statistics/analytics or embedded map services — are only set or loaded after you have given your consent.
You may withdraw or amend your consent at any time via the cookie settings.
Essential cookies required for the operation, security, shopping basket functionality or technical provision of the shop may be used without separate consent where this is legally permitted.
The current list of cookies, including their purpose, provider and storage period, is available in the banner and/or the cookie settings.
4.3 Customer Account
If you create a customer account, we process the data you provide, in particular your name, email address, password, billing and delivery addresses, order history and, where applicable, stored company details.
The purposes of processing are the creation and administration of your customer account, facilitating future orders, and providing you with an overview of your orders.
The legal basis is Article 6(1)(b) GDPR.
4.4 Online Shop / Order Processing
In connection with the online shop, we process the personal data required to handle orders and fulfil contracts. This includes, in particular, your name, billing and delivery address, email address, telephone number (where required), ordered products, order status, payment information, communication content and transaction-related data.
Such processing is carried out for the purposes of taking pre-contractual steps, performing the contract, delivering goods, handling enquiries, returns, complaints and warranty claims, and complying with legal obligations, in particular under commercial and tax law.
The legal basis is Article 6(1)(b) and Article 6(1)(c) GDPR. Where necessary, certain data may also be processed on the basis of Article 6(1)(f) GDPR for the prevention of misuse, IT security and the efficient organisation of internal processes.
4.5 Payment Processing
For the purpose of processing payments, we process the transaction and order data required for payment handling. Depending on the payment method selected, these data may be transmitted to the payment service provider used for the respective transaction. Such providers may include, in particular, providers for PayPal payments, credit card payments and bank transfers. The specific payment service provider used will be displayed during the checkout process.
The purposes of processing are payment handling, accounting, fraud prevention, refunds, and compliance with statutory documentation and retention obligations.
The legal basis is Article 6(1)(b), Article 6(1)(c) and, where applicable, Article 6(1)(f) GDPR.
4.6 Shipping and Logistics
For the purpose of delivering ordered goods, we transmit the data necessary for shipping and delivery to the appointed shipping and logistics provider. These providers may include, in particular, Post Luxembourg, DHL and other shipping or logistics companies engaged for the respective delivery. The data transferred may include in particular your name, delivery address and, where applicable, your email address, telephone number and order-related information, insofar as this is necessary for delivery, delivery notification or shipment tracking.
The legal basis is Article 6(1)(b) GDPR. In individual cases, Article 6(1)(f) GDPR may also apply for organisational purposes.
4.7 Contact Form
If you contact us via the contact form, we process the data you provide, in particular your name, email address, message, optionally your telephone number, and any other information you choose to submit.
The purposes of processing are handling your enquiry, responding to follow-up questions, communicating in relation to offers or orders, and initiating or managing a business relationship.
The legal basis is Article 6(1)(b) and Article 6(1)(f) GDPR.
4.8 Website Chat
If you use the website chat, we process chat content, timestamps and, where applicable, voluntarily provided contact details and technical metadata.
The purposes of processing are direct communication, the prompt handling of product or order-related enquiries, and general customer support.
The legal basis is Article 6(1)(b) and Article 6(1)(f) GDPR.
4.9 Email and Telephone
If you contact us by email or telephone, we process communication data and metadata, in particular sender details, time of contact, contact details and the content of your message or enquiry.
The legal basis is Article 6(1)(b) and Article 6(1)(f) GDPR.
4.10 Google Analytics 4 (If Enabled; Only with Consent)
Where Google Analytics 4 is used on this website, it is only activated with your consent via the cookie banner. The provider is Google Ireland Limited, Dublin, Ireland.
The data processed may include, in particular, online identifiers, device and browser information, page views, events, approximate location and referrer information.
The purposes of processing are audience measurement, statistical analysis and the improvement of our online offering.
The legal basis is Article 6(1)(a) GDPR. Google Analytics is not loaded without your consent.
For standard GA4 properties, retention periods for user-level and event-level data can typically be set to 2 or 14 months; aggregated reports may remain available beyond those periods. Google also states that, for EU users, individual IP addresses are not logged or stored.
You may withdraw your consent at any time via the cookie settings.
4.11 Google Maps (If Enabled; Only with Consent)
Where Google Maps is embedded on this website, the map is only loaded after you have given your consent. The provider is Google Ireland Limited, Dublin, Ireland.
When the map is loaded, technical data such as your IP address, browser and device information, and usage data may be transmitted to Google.
The purpose of processing is to display interactive maps and to facilitate directions.
The legal basis is Article 6(1)(a) GDPR. Transfers to third countries cannot be excluded and take place in accordance with the requirements of the GDPR.
5. Recipients of Personal Data
Recipients of personal data include, in particular, Wix as hosting and platform provider, including its subprocessors, payment service providers, shipping and logistics companies, IT and support service providers, and public authorities where there is a legal obligation to disclose data.
We do not disclose personal data for our own marketing purposes. Wix publishes an up-to-date list of its subprocessors.
6. Transfers to Third Countries
Where necessary for hosting, operation of the shop, communication, analytics or embedded third-party content, personal data may be transferred to countries outside the EEA.
Such transfers take place only in compliance with the applicable legal requirements, in particular on the basis of Standard Contractual Clauses and, where applicable, adequacy decisions.
For data transfers to participating companies in the United States, the EU-U.S. Data Privacy Framework adequacy decision may also apply.
7. Retention Period
We store personal data only for as long as necessary for the respective purposes or as long as statutory retention obligations apply.
Server logs are generally stored for up to 30 days. In the event of security-related incidents, they may be stored longer where necessary for investigation and defence.
Data relating to orders, invoices and commercial or tax-related processing are stored in accordance with statutory retention requirements, generally for up to 10 years.
Contact enquiries, support requests and chat histories are stored until the matter has been fully resolved and thereafter only where required for documentation purposes, the defence of legal claims or compliance with legal obligations; as a rule, for up to three years after the last contact.
Cookies are stored in accordance with the retention periods indicated in the banner or until you withdraw your consent. For Google Analytics, the settings described in section 4.10 apply.
8. Security
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These measures include, in particular, encrypted transmission via TLS/HTTPS, access restrictions, authorisation concepts, and measures designed to ensure the integrity, availability and confidentiality of personal data.
Wix also applies additional security measures at infrastructure and application level.
9. Obligation to Provide Data
The provision of certain technical data is necessary in order to operate the website.
Data you provide in the context of an order, enquiry or contact request are required to the extent that we would otherwise be unable to process your order, respond to your enquiry or perform the relevant contract.
As a rule, there is no further statutory or contractual obligation to provide personal data.
10. Automated Decision-Making
No automated decision-making, including profiling within the meaning of Article 22 GDPR, takes place.
11. Rights of Data Subjects
Subject to the applicable legal requirements, you have the right to access, rectify and erase your personal data, to restrict processing, to data portability, and to object to certain processing activities.
Any consent you have given may be withdrawn at any time with effect for the future.
To exercise your rights, an informal notification to the contact details set out above is sufficient.
You also have the right to lodge a complaint with a supervisory authority. The competent supervisory authority in Luxembourg is:
Commission nationale pour la protection des données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux
Luxembourg
Email: info@cnpd.lu
12. No Intended Processing of Special Categories of Personal Data via the Website
This website and online shop are not intended for the submission of special categories of personal data.
Please do not send us any sensitive personal data via contact forms, chat or general email communication unless this is exceptionally necessary and has been expressly agreed in advance.
13. Updates to This Privacy Policy
We reserve the right to amend this Privacy Policy where the functionality of this website, the services used, the legal framework or internal processes change.