10% off everything | Code: WILLKOMMEN10

Go to homepage
Go to homepage
Go to homepage
Go to homepage
Go to homepage
Go to homepage

Privacy Policy

Last updated: 13.11.2025

LUGGO KG takes the privacy of its visitors and customers very seriously. This Privacy Policy explains which personal data we collect, the purposes for which it is processed, the legal bases for processing, and the safeguards we implement to protect personal data. It also describes the rights of data subjects under the European Union General Data Protection Regulation (GDPR) and applicable Austrian law. 

1. Controller

For the purposes of data protection law, the controller is:

LUGGO KG

Email: info@luggo.com

Business address: Krebsengartengasse 1/8, 1150 Wien, Austria

Questions regarding this Privacy Policy, requests to exercise data subject rights, or other data protection inquiries can be directed to the above email address.

2. Scope and Applicability

This Privacy Policy applies to personal data processed in connection with the use of our website, placing and fulfilling orders, account management, newsletter subscriptions, loyalty programs, and other services offered through our website.

Where certain processing is governed by separate notices (e.g., our Cookie Policy), such notice applies in addition to this privacy policy. 

3. Categories of Personal Data Processed

Depending on the type of your interaction with LUGGO KG, we may collect one or more of the following categories of personal data: 

Category of Data

Examples

Purpose of Processing

Legal Basis (GDPR)

Identity and Contact Details Name, postal address, email address, phone number To conduct communication with customers, process and deliver orders, and manage customer accountsPerformance of a contract (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR)
Account Information Username, securely stored password, order history, saved preferences To create and manage user accounts, provide access to order history, and enable personalized website features Performance of a contract (Art. 6(1)(b) GDPR); Legitimate interests (Art. 6(1)(f) GDPR)
Transaction Information Billing and shipping addresses, payment details (processed via third-party providers) To process and confirm payments securely, issue invoices, and fulfil orders Performance of a contract (Art. 6(1)(b) GDPR); Legal obligation (Art. 6(1)(c) GDPR)
Technical and Usage Information IP address, browser type, device identifiers, operating system, pages visited, and related analytical data To ensure website functionality and security, monitor performance, and analyze usage patterns Legitimate interests
(Art. 6(1)(f) GDPR); consent (Art. 6(1)(a) GDPR), for analytics and tracking where required
Marketing and Communication Data Newsletter subscription status, consent records, communication preferences, interactions with marketing messages To send newsletters and promotional messages, where consent is given, and managing related preferences Consent (Art. 6(1)(a) GDPR); legitimate interests (Art. 6(1)(f) GDPR), for non-promotional communications
Customer Service Correspondence Enquiries, complaints, communication records with customer support To respond to customer requests, resolve issues, and maintain service quality Performance of a contract (Art. 6(1)(b) GDPR); Legitimate interests(Art. 6(1)(f) GDPR)

We always balance our legitimate interests against the rights of individuals and provide opt-out mechanisms where required. 

When relying on legitimate interests for processing, those interests include the operation, security, and improvement of our website and business, and the protection of our customers and our business from fraud and misuse.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to ensure website functionality, for analytics, and for marketing purposes. Detailed information about the types of cookies we use and how to manage cookie settings can be found in our Cookie Policy. 

Where legally required, non-essential cookies are processed only after obtaining consent.  

5. Use of Third-Party Providers and Data Recipients


We engage trusted external service providers to support our business operations. These may include:

  • Analytics service providers
  • Advertising and measurement platforms
  • Email marketing providers
  • Payment service providers
  • Hosting and infrastructure providers
  • Logistics and shipping partners

When personal data is transferred to third parties, we enter into data processing agreements and implement appropriate contractual and technical safeguards in accordance with the GDPR.

For transfers to countries outside the European Economic Area (EEA), we rely on appropriate safeguards such as EU Standard Contractual Clauses or other legally permissible mechanisms to ensure an adequate level of data protection.

6. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, or resolve disputes. Typical retention periods include: 

  • Order and transaction data: According to tax and commercial law requirements (generally seven years in Austria).
  • Marketing consents and newsletter data: Until consent is withdrawn or the account is closed.
  • Account information: Until the account is deleted, unless longer retention is required to comply with legal obligations or for legitimate interests.

If you wish to request deletion of your data, refer to the section "Data Subject Rights" for more information. 

7. Data Security

We implement appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction.

These measures include access restrictions, encryption (where applicable), regular security checks, and procedures to ensure the confidentiality, integrity, and availability of personal data.

While we take reasonable steps to protect personal data, no system can guarantee absolute security. Therefore, sensitive data, such as payment information, are processed exclusively via trusted third-party providers adhering to high security standards.

8. Data Subject Rights

Under the GDPR, you have data subject rights in relation to your personal data. You may, subject to applicable legal requirements, exercise the following rights:

  • Right of access to the personal data we hold about you (Art. 15 GDPR);
  • Right to rectification of inaccurate or incomplete personal data (Art. 16 GDPR);
  • Right to erasure of personal data (Art. 17 GDPR) where there is no overriding legal basis for retention;
  • Right to restriction of processing in certain circumstances (Art. 18 GDPR);
  • Right to data portability where processing is based on consent or performance of a contract and processing is carried out by automated means (Art. 20 GDPR);
  • Right to object to processing based on legitimate interests or for direct marketing purposes (Art. 21 GDPR);
  • Right to withdraw consent at any time where processing is based on consent (Art. 7(3) GDPR).

To submit a request to exercise any of the above rights, please contact us at  info@luggo.com.

9. Changes to this Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices, services, or legal requirements. Changes will be published on this page with an updated "Last update" notice.

10. Contact

For questions about this Privacy Policy or to exercise your data subject rights, please contact:

LUGGO KG
Email: info@luggo.com
Business address: Krebsengartengasse 1/8, 1150 Wien, Austria

This website uses cookies to ensure the best experience possible. More information...