Privacy Policy

Last Updated: October 23, 2025

At Luxe Cheesecake, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your data when you visit our website or place an order with us.

1. Information We Collect

1.1 Information You Provide

When you place an order or contact us, we collect:

• Contact Information: Name, email address, phone number
• Delivery Information: Delivery address, location coordinates (when using our map selection feature)
• Order Details: Product selections, quantities, delivery preferences (pickup or delivery)
• Payment Information: Payment method selection (bank transfer or Payconiq references)
• Communication Content: Messages sent through our contact form

1.2 Automatically Collected Information

We may automatically collect certain technical information when you visit our website:

• Device Information: Browser type, operating system, screen resolution
• Usage Data: Pages visited, time spent on pages, navigation patterns
• Location Data: General geographic location (for delivery distance calculations)
• Cookies and Similar Technologies: See our Cookie Policy section below

2. How We Use Your Information

We use your personal information for the following purposes:

• Order Processing: To fulfill your cheesecake orders, calculate delivery fees, and arrange pickup or delivery
• Communication: To send order confirmations, updates, and respond to your inquiries
• Payment Processing: To facilitate payment verification and order confirmation
• Service Improvement: To understand customer preferences and improve our products and services
• Legal Compliance: To comply with Luxembourg and EU legal obligations, including food safety regulations
• Fraud Prevention: To detect and prevent fraudulent activities

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

• Contract Performance: Processing necessary to fulfill your order and deliver cheesecakes
• Legitimate Interest: Improving our services, preventing fraud, and business analytics
• Legal Obligation: Compliance with Luxembourg tax, accounting, and food safety laws
• Consent: For marketing communications (where applicable, with your explicit opt-in)

4. How We Share Your Information

We do not sell your personal information. We may share your data with:

• Service Providers: Trusted third parties who assist with payment processing, email delivery, website hosting, and map services (e.g., OpenStreetMap/Nominatim for address geocoding)
• Payment Processors: Banking institutions and Payconiq for payment verification
• Delivery Partners: If we use third-party delivery services (currently handled internally)
• Legal Authorities: When required by law or to protect our legal rights

5. Third-Party Services

Our website uses the following third-party services that may collect data:

• OpenStreetMap/Nominatim: For address geocoding and map display (subject to OpenStreetMap's privacy policy)
• Leaflet.js: Open-source mapping library (no data collection)
• Google Fonts: Font delivery service (subject to Google's privacy policy)
• Payment Processors: For secure payment handling

6. Cookies and Tracking Technologies

6.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. We use cookies to enhance your browsing experience and remember your preferences.

6.2 Types of Cookies We Use

• Essential Cookies: Necessary for website functionality, including shopping cart operations and form submissions
• Functional Cookies: Remember your preferences and selected delivery addresses
• Analytics Cookies: Help us understand how visitors use our website (if implemented)

6.3 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.

7. Data Retention

We retain your personal information only as long as necessary:

• Order Data: Retained for 10 years to comply with Luxembourg accounting and tax regulations
• Contact Form Messages: Retained for up to 2 years or until the inquiry is resolved
• Analytics Data: Anonymized and retained for statistical purposes

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (HTTPS)
• Secure server infrastructure
• Regular security assessments
• Access controls and authentication
• Employee training on data protection

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements)
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interest
• Right to Withdraw Consent: Withdraw consent for marketing communications
• Right to Lodge a Complaint: Contact the Luxembourg National Commission for Data Protection (CNPD)

To exercise these rights, contact us at contact@cheesecake.lu.

10. International Data Transfers

Your data is primarily processed within the European Union (Luxembourg). If we transfer data outside the EU, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for specific countries
• Service providers certified under recognized privacy frameworks

11. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately.

12. Marketing Communications

We will only send you marketing emails if you have explicitly consented to receive them. You can unsubscribe at any time by:

• Clicking the unsubscribe link in any marketing email
• Contacting us at contact@cheesecake.lu

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification for material changes (if you have an account or placed an order)

14. Contact Information

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

Luxe Cheesecake
162 Rue Waassertrap
Belvaux, Luxembourg
Email: contact@cheesecake.lu
Phone: +352 661 382 194
VAT Number: LU36965033

15. Data Protection Authority

You have the right to lodge a complaint with the Luxembourg supervisory authority:

Commission Nationale pour la Protection des Données (CNPD)
15, Boulevard du Jazz
L-4370 Belvaux, Luxembourg
Website: cnpd.public.lu
Email: info@cnpd.lu