Privacy Policy


Purpose of this policy

At Luzern eCommerce we take the protection of our customers' personal data seriously. This Privacy and Data Protection Policy is a statement of Luzern Technology Solutions Ltd (Luzern eCommerce) commitment to protecting the rights and privacy of individuals in accordance with Data Protection Acts and the EU General Data Protection Regulations (GDPR).

Collecting information: Luzern collect, process and use consumer personal information to provide the following services:

  • To fulfil contracts of sale to consumers who purchase products from webstores operated by Luzern and where Luzern is deemed to be Seller/Merchant of Record, particularly personal details are required to fulfil orders.
  • To perform direct marketing to those consumers who have explicitly given their consent to such activity. Consent to receive marketing will be obtained through active opt-in from the consumer, their consent will be recorded, and consumers will have the ability to withdraw their consent easily and at any time.
  • Use of name and address data for identity verification, anti-fraud and money laundering activities

Data Protection Principles

Luzern shall perform our data protection responsibilities in accordance with the following 6 Guiding Principles from the GDPR:

  • Lawfulness, fairness and transparency: We shall obtain and process personal data lawfully, fairly and in a transparent manner.
  • Purpose Limitation: We shall collect personal data for purposes that are specific, explicit and for legitimate purposes, and this data will not be further processed in a manner incompatible with these purposes.
  • Data Minimisation: We shall only collect personal data that is adequate, relevant and limited to what is necessary.
  • Accuracy: We will adopt procedures that ensure high levels of data accuracy, completeness, and that data is kept up-to-date, and have a process in place to rectify inaccuracies when notified of them.
  • Storage Limitation: We will not keep customer personal data any longer than necessary, in a form which permits the identification of a data subject. For financial compliance purposes, we must retain a record of sales invoices for a minimum of 7 years – this is a statutory requirement we are obliged to adhere to. Please note that this data is held for compliance purposes, it will not be used for any other purposes, and it is not shared with any other organisations unless required for the purpose of order fulfilment. Reference links for retention periods:
  • Integrity and Confidentiality: We will take appropriate technical and organisational security measures to ensure protection against unauthorised or unlawful processing and against accidental loss, destruction or damage of personal data.

Disclosure of Information to 3rd Parties

We may provide non-personal data to third parties, where such information is combined with similar information of other users of our website. For example, we might inform third parties regarding the number of unique users who visit our website, the demographic breakdown of users, or the activities that visitors to our website engage in while on our website. The third parties to whom we may provide this information may include partners, clients or potential clients. We will not disclose your personal data to third parties unless you have consented to this disclosure. We will disclose your personal data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirements.

Third-Party Processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below:

“Digital Marketing Service Providers: We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.

Our appointed data processors include: (i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here:

Sopro is registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at:”

Data Breaches

Luzern will notify the Data Protection Officer promptly – within a maximum of 72 hours – in the event of a personal data breach, and take reasonable steps to minimize harm and secure customer data. Additionally, notifications will be made as soon as possible to individuals impacted by the breach where the impact of the breach is deemed a serious risk to their rights and freedoms.

Data Subject Rights

We acknowledge individuals' rights over the personal data provided to Luzern, we are fully committed to complying with these, and have processes in place to allow individuals to exercise those rights through submitting Subject Access Requests.

These rights cover the areas below:

  • The right to be informed about the collection and use of your personal data
  • The right to access the personal data we hold on you
  • The right to have inaccurate/incomplete data corrected
  • The right – in certain circumstances – to have your information deleted
  • The right to object to a particular use of your personal data for our legitimate business interests or direct marketing purposes
  • The right to withdraw consent at any time where processing is based on consent
  • The right to receive a copy of your data (in a common machine-readable format, to the extent it is required by applicable law);

Subject Access Requests in relation to the above areas – or other questions in relation to the protection of the personal data you have provided Luzern – should be submitted by sending a Subject Access Request to us at the below email address.

We will endeavour to acknowledge a request as soon as possible and provide a full and final response within 1 month of the request: 


Overall responsibility for ensuring compliance with GDPR rests with Luzern. However, our responsibility varies depending upon whether we are acting as either a data controller or a data processor. All employees and contractors of Luzern who separately collect, control or process the content and use of personal data are individually responsible for compliance with the GDPR. The Data Protection Co-ordinator is Luzern’s Data Protection Officer, and in this role coordinates the provision of support, assistance, advice, and training within Luzern to ensure that the company – and individuals within it – are in a position to comply with the legislation.

The Data Protection Officer can be contacted at the below email address:

Procedures and Guidelines

Luzern is firmly committed to ensuring personal privacy and compliance with Data Protection Acts including the GDPR, which includes the provision of best practice guidelines and procedures in relation to all aspects of Data Protection. All Luzern employees are briefed and trained on the importance and sensitivity of such data, are aware of the need to protect such data and their responsibilities when it comes to customer personal data, and uphold all of these principles.  

Review and Changes to This Policy

This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.

Any changes to the Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances if any, we disclose it.

Icon Use

All icons courtesy of