§ 1 Controller and Contact
The controller responsible for data processing on this website and within the web application ‘myelectricplan.com’ is: Lumiotechsolutions UG (haftungsbeschränkt), Hangstraße 20, 74743 Seckach, Germany, e-mail: contact@lumiotechsolutions.com. For any questions regarding data protection, please contact us via this e-mail address.
§ 2 Rights of Data Subjects
You have the following rights regarding your personal data: right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR), right to object (Art. 21 GDPR) and the right to lodge a complaint with a supervisory authority (Art. 77 GDPR). To exercise your rights, you can contact us at any time at datenschutz@lumiotechsolutions.com.
§ 3 Visit of the Website (Server Log Files, Hosting)
When you visit our website, the following data are automatically processed by our hosting provider Netcup GmbH: IP address, date and time of access, browser type and version, operating system, referrer URL, accessed page/file, HTTP status code, amount of data transferred. This data is processed to ensure stability and security, to fix technical issues and to protect against cyberattacks. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in IT security and technical optimisation). Server log files are stored for a maximum of 7 days and then automatically deleted. The servers are located exclusively in Germany, and a data processing agreement pursuant to Art. 28 GDPR has been concluded with Netcup GmbH.
§ 4 Registration and Use of the Web App
To use our web application, registration is required. The following data are processed: first name, last name, e-mail address, password (stored in encrypted form), IP address at registration, and timestamps of registration and last login. In addition, the application stores uploaded PDF floor plans, planning data, project-specific information as well as configuration and user settings. The data is processed for creating and managing the user account, providing the contractually agreed services, authenticating logins, personalising the application and communicating with users about technical issues or changes. The legal basis is Art. 6(1)(b) GDPR (performance of a contract). Registration data are stored as long as the user account is active; after account deletion, all data are fully deleted within 7 days (including backups, with a maximum delay of 7 days). Project data and PDF uploads are stored until actively deleted by the user or until the account is deleted. Passwords are stored using modern hashing algorithms (e.g. bcrypt), and all data transfers are encrypted via HTTPS/TLS.
§ 5 Payment Processing via Stripe
Payments are processed by Stripe Payments Europe Ltd., Beech House, Greenside, Dublin D04 AE57, Ireland. The following data are transmitted to Stripe: full name, billing address, e-mail address, payment information (e.g. credit card or bank details, depending on the payment method), order details (subscription type, billing period), transaction ID and amount. The data is processed for payment processing, invoice generation and fraud prevention. The legal basis is Art. 6(1)(b) GDPR (performance of the contract) and Art. 6(1)(c) GDPR (legal retention obligations). Stripe may transfer data to the USA and other countries and is certified under the EU–US Data Privacy Framework. Payment and invoicing data are stored for 10 years in accordance with tax and commercial law and then deleted. Further information: https://stripe.com/de/privacy
§ 6 Support and Contact via E-mail
If you contact us by e-mail, we process your name (if provided), your e-mail address, the content of your message, the time of contact and the communication history. The data is used to process your request, provide support, document enquiries and improve our services. The legal basis is Art. 6(1)(b) GDPR (fulfilment of contractual obligations and customer support) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication). Support enquiries are stored until they have been fully processed, but for no longer than 90 days after receipt, and are then deleted unless legal retention obligations require a longer storage period.
§ 7 Google Services (Analytics and reCAPTCHA)
Our website uses services of Google Ireland Ltd., Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland. With Google Analytics (with IP anonymisation), the following data are processed, among others: anonymised IP address, device type, operating system, browser, pages visited, time spent, interactions, approximate location, referrer source and cookie information. The purpose is to analyse usage and optimise our website. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in analysis and optimisation); if we obtain your consent via the cookie banner, the processing is based on Art. 6(1)(a) GDPR. Google reCAPTCHA is used to protect against spam and abuse and processes, among others, IP address, mouse movements, browser information, cookies and, if applicable, data from an existing Google account. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in IT security). Google may transfer data to the USA and other countries and is certified under the EU–US Data Privacy Framework. Further information: https://policies.google.com/privacy; opt-out for Google Analytics: https://tools.google.com/dlpage/gaoptout
§ 8 Contact Form
When you submit the contact form, we process your name (if provided), e-mail address, subject (optional), message content, IP address and the time of submission. The data is used to process your request, to communicate with you directly and to prevent misuse. The legal basis is Art. 6(1)(b) GDPR (provision of a service requested by the user) or Art. 6(1)(f) GDPR (legitimate interest in efficient communication and spam prevention). Data are stored until your request has been processed and answered, but for no longer than 90 days after submission, and then deleted unless another legal basis applies. The form may be protected by Google reCAPTCHA (see § 7).
§ 9 Cookies and Tracking Technologies
We use cookies and similar technologies to ensure the basic functionality of the website and to analyse its use. We distinguish between technically necessary cookies (e.g. for session management, logins, security tokens), which do not require consent and are used in accordance with § 25 TTDSG, and optional analytics and marketing cookies (e.g. Google Analytics), which are only set with your explicit consent pursuant to Art. 6(1)(a) GDPR. The legal basis for necessary cookies is Art. 6(1)(f) GDPR (legitimate interest in IT security and functionality). On your first visit we inform you via a cookie banner; you can choose between “only necessary cookies” and the use of additional analytics cookies. Your choice is stored for up to 12 months. You can also manage or delete cookies at any time in your browser settings, which may, however, limit the functionality of the website.
§ 10 Social Media Plugins and Embedded Content
Our website may embed content from Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin, Ireland) and YouTube (Google Ireland Ltd.). When such content is loaded, personal data such as IP address, browser and device data, cookies and, where applicable, a link to your Instagram or Google account may be transmitted to the providers. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in marketing, customer communication and attractive presentation of our content). Further information can be found in the providers’ privacy policies: Instagram: https://privacycenter.instagram.com/; YouTube/Google: https://policies.google.com/privacy. You can influence data processing by adjusting your browser settings (e.g. blocking cookies or tracking), and by configuring the privacy settings in your Instagram, Google or YouTube accounts.
§ 11 Supervisory Authority and Right to Lodge a Complaint
The competent supervisory authority for data protection matters and complaints is: Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg, Königstraße 10a, 70173 Stuttgart, Germany, e-mail: poststelle@lfd.bwl.de, phone: +49 (0)711 615541-0, website: https://www.baden-wuerttemberg.datenschutz.de/. You have the right to lodge a complaint with this or any other competent data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR.
§ 12 Storage Periods and Deletion
We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations. Registration data (name, e-mail, password) are stored as long as the user account exists and deleted within 7 days after account deletion (including backups, with a maximum delay of 7 days). Project data and PDF uploads are stored as long as the user account exists or until the user deletes them; after account deletion they are deleted together with the account. Support and contact enquiries are stored until fully processed, at most 90 days after receipt, and then deleted. Payment and invoicing data (via Stripe) are stored for 10 years due to statutory retention obligations. Server log files are stored for a maximum of 7 days and then automatically deleted. Google Analytics data are generally stored for 26 months and then anonymised or deleted by Google. Deletion takes place in accordance with Art. 17 GDPR (“right to be forgotten”) and Art. 18 GDPR (restriction of processing), unless other legal obligations require further storage.
§ 13 Data Security and Technical Measures
We implement appropriate technical and organisational measures to protect your personal data. Technical measures include encrypted data transmission via HTTPS/TLS, encrypted password storage (e.g. using bcrypt), firewalls and access restrictions to servers and databases, regular security updates and system hardening as well as regular security and malware scans where appropriate. Organisational measures include limited access rights for authorised personnel only, confidentiality agreements, regular data protection training, documentation of data processing activities and established procedures for dealing with data protection incidents (incident management).
§ 14 Exercising Your Rights as a Data Subject
To exercise your rights described in § 2, you can contact us at any time at datenschutz@lumiotechsolutions.com. Please provide your full name, your e-mail address (or the address associated with your account), the right you wish to exercise and, where applicable, additional information to help us identify you and process your request. We usually respond within 30 days; for particularly complex requests, this period may be extended by up to two further months, in which case we will inform you in time. You can object to the use of your data for marketing purposes (e.g. newsletters) at any time, for example by sending an e-mail to datenschutz@lumiotechsolutions.com or by using an unsubscribe link in such e-mails, where available.
§ 15 Changes to this Privacy Policy
We reserve the right to amend this privacy policy if our data processing activities change, if new legal requirements make this necessary or if technical developments require adjustments. We will indicate significant changes on our website and – where appropriate – inform you by e-mail. This version of the privacy policy has been valid since 25 November 2025 and replaces all previous versions.
Last updated: 25 November 2025