Privacy Policy

Privacy policy concerning the processing of customer and website user personal data

LUXIFER (hereinafter ‘we’, ‘us’ and ‘our’) understands the importance of the privacy of its customers and users of its website visitors and the protection of their personal data. This policy sets out how we handle and process your personal data.

1. Scope

LUXIFER SRL, with its registered office at 73 Chaussée de Watermael 1160 Auderghem], KBO (Crossroads Bank for Enterprises) number 1010.419.997 manages this website. We act as the data controller when we process our customers’ and website users’ personal data. 

We believe it is important to create and maintain an environment where our customers can be confident that their data will not be misused. We comply with the regulations applicable to data protection such as the Regulation (EU) 2016/679 (also referred to as the General Data Protection Regulation, hereinafter “GDPR”) and the Belgian Data Protection Act. The aforementioned regulations concern the protection of personal data and provide you with rights over the said personal data.

The objective of this policy is to indicate what personal data we collect, how we use your data after you have visited our website and to assure you that we process your data appropriately. 

This privacy policy and the terms and conditions of use apply when you visit our website.  The application of terms and conditions other than those set out herein is explicitly prohibited unless we have provided express permission in writing in advance. In the latter case, this policy applies alongside the specific agreement. The use of this website, the platform and the content contained therein is only permitted subject to compliance with this policy. The use of this website, the platform and the content contained therein is only permitted subject to compliance with the full text of this policy.

2. What type of personal data do we collect? 

It is not necessary to provide personal data to use most of our website.

We collect and process the following categories of personal data for the purposes stated below:

• Name, form of address, address;
• Contact details (email, telephone number);
• Company;

Additional or optional data are provided by filling out forms on our website or when we contact you (by telephone, email or at trade fairs or events). 

We also collect and process data obtained via our website or the devices you use. The collected data may be:

• Login details (username and password) for the section of the website reserved for customers;

We do not use nor install cookies on your device to collect data from you.

3. Why do we collect this data and on what legal basis?

We collect the aforementioned data to create a profile in order to understand your needs and to provide better service, and for the following specific purposes: 

• To respond to your (online) questions regarding our products or services, to be able to provide information regarding our products and to follow up online offers.
• To supply the products and services you have ordered.
• To provide access to the online customer platform where you can:
  • Check the data generated by our software, available on our cloud platform. These data, related to the operations and performance of the website in order to optimize the digital products of our clients are available to you via a personalized account after logging onto the platform. 
• To improve our products or services.
• To investigate complaints on our products, services or website.
• To meet the legal and regulatory obligations as well as compliance requirements.
• To analyze and monitor the use of accounts to prevent, investigate or report fraud, terrorism, deception, security incidents and criminal activity to the relevant authorities. 
• To send periodic email messages with offers on our products and services, special offers or other information which we believe may be of interest to you.
• To contact you from time to time for the purposes of market research purposes. We may contact you by email or telephone.
• To process your personal data for specific purposes as indicated on specific forms on our website, by notification in writing or by email.

We process the aforementioned personal data based on various processing reasons, as listed in Articles 6.1 (a), (b), (c) and (f) of the GDPR. 

Processing of your personal data is required in order to meet contractual obligations for the purposes of delivering products or services in accordance with our agreements. Where personal data is processed (for example to create invoices or communicate with you) in the execution of the agreement, we will store the data for 10 years after the end of our commercial relationship in accordance with the applicable limitation period.

In some cases, it can be a legal requirement to process personal data and to share it with third parties such as government entities for the purposes of government business or anti-money laundering legislation.  

In these cases, we have a legitimate interest to process your personal data and to contact you to be able to perform our operations or provide you with information on our products, services, promotions and/or events. Your personal data is retained for up to two years after the termination of our commercial relationship.

If you are not a current customer, we will request your permission to provide you with information on our events, products and services for promotional purposes. In this case, we will retain your personal data for one year.

When providing services to our clients we may process the following personal data of users from our clients and their end-users: 

User-entered information

1. Personal information
   1. Name
   2. Company name & Job title
   3. Email address
   4. Country & City
   5. Optional profile image
   6. Language
2. Project information
   1. Main website URL & additional URLs associated with the project
   2. Project name
   3. Optional project logo
   4. Project industry
   5. Average purchase value & currency
3. Matomo metric names to query
4. Chat messages
   1. Any text sent as a message including URLs
   2. Any type of file uploaded to the chat
   3. Any messages sent or received from Luxifer AI and admin
5. Online/offline status
6. A/B test files
   1. Any text or images given
   2. Any tests created
7. Configurations
   1. Filters on features
   2. Disabled features
   3. Notification settings
   4. Roles of invited users

Metrics data from Matomo (aggregate non-public data)

1. Any metrics on this spreadsheet, with more info on official docs 

Website analysis data of any URLS provided

1. HTML, images, css, javascript, any resources present on the user-inputted URL at time of analysis. This includes external data linked by the webpage. We also save screenshots of the top 100 pages.

Usage statistics

1. Measurements of Luxifer usage. We measure usage of Luxifer, particularly metrics such as compute-capacity usage and external APIs usage. 

Data of your end-users (PII if you install the analytics script)

1. Behavior data
   1. Move moves, along with what was hovered over
   2. Mouse clicks (coordinates and elements)
   3. Pages visited
   4. Scrolling behavior
2. Demographic data
   1. Screen resolution
3. Matomo data (Full list of data here, below is only what Luxifer uses)
   1. User IP address (Last 3 digits anonymized)
   2. Date and time of the request
   3. Title of the page being viewed (Page Title)
   4. URL of page being viewed (Page URL)
   5. URL of page that was viewed prior to the current (Referrer URL)
   6. Screen resolution being used
   7. Time in local user’s timezone
   8. Files that were clicked and downloaded (Download)
   9. Links to an outside domain that were clicked (Outlink)
   10. Page loading time
   11. Country, region, city, approx. latitude and longitude (Geolocation)
   12. Main Language of the browser (Accept-Language header)
   13. User Agent of the browser being used (User-Agent header)
   14. Random unique Visitor ID
   15. Time of the first visit for this user
   16. Time of the previous visit for this user
   17. Number of visits for this user
   18. Site Search
   19. Viewing and clicking on Contents
   20. Form interactions
   21. Cookie information for sampling, tracking, recording (first party)
   22. Video and audio interactions (optional)
   23. Session recordings (optional)
4. Primary cookies
   1. luxiCtId – Random string based on current time
   2. luxiSample – Random number used to exclude certain traffic
5. Session Storage
   1. luxiClicks, luxiMoves, luxiScrolls, luxiHesitations, luxiFrustrations
   2. Contains mouse coordinates and scroll depth
6. Custom Matomo Events
   1. dataBridge – Used as an identifier with same value as luxiCtId
   2. luxiActivityData – same values as mentioned in session storage

Data retention periods

Any and all information can be deleted upon request. Below are the default retention periods.

1. User-entered information
   1. Personal information
      • Any files uploaded are retained indefinitely.
      • Text data is retained indefinitely until account deletion by user.
   2. Project information
      • Any files uploaded are retained indefinitely.
      • Text data is retained indefinitely until account deletion by user.
      • Deleting the project directly will not remove it from the system.
   3. Google Analytics/GA4 metric names to query
      • Retained indefinitely until account deletion by user.
   4. Google Tag Manager names to query
      • Retained indefinitely until account deletion by user.
   5. Chat messages
      • Retained indefinitely until manually deleted or edited by user or until account deletion.
   6. Online/offline status
      • Retained indefinitely
   7. A/B test files
      • Retained indefinitely
   8. Configurations
      • Retained indefinitely
2. Website analysis data, images of any websites provided
   1. Retained indefinitely until insight deletion by the user.
   2. image screenshots are retained indefinitely.
3. Usage statistics
   1. Retained indefinitely.
4. Data of your end-users (PII if you install the analytics script)
   1. Retained for 744 days.

4. How will your data be used and shared?

We can share your personal data with affiliate and subsidiary companies. 

Based on our legitimate interest, we may also share your personal data with third parties that assist us with our products and services. Some examples of third-party activities include the hosting of web servers, data analysis (Snowplow for analysis of data collected through cookies), marketing support providers (Mailchimp for e-mail automation) and customer service. These companies have access to your personal data but only when this is required to perform their activities. They are not permitted to use your data for any other purposes.

Your personal data may not be sold or leased to third parties. 

We may publish your personal data to enforce our policy, to comply with our legal obligations or in the interest of safety, in the public interest or for the purposes of legal enforcement in any country where we have entities or subsidiaries. We may follow up a request from a law enforcement agency, regulatory authority or government agency. We may also publish data for the purposes of current or scheduled court cases or to protect our property, safety, people or other rights and interests.

Should LUXIFER  be sold or merges with another company, your data will be accessible to the advisor of the potential buyer and transferred to the new company owners. In that case, we will take the appropriate measures to guarantee the integrity and confidentiality of your personal data. The use of your personal data will always be subject to this policy.

5. Transfer of your personal data outside the European Economic Area

We may transfer your personal data to third parties in third countries (outside the European Economic Area (EEA)), such as the United States of America (e.g. Mailchimp which is EU-US Data Privacy Framework certified). The said transfer of data outside the EEA is legal if the recipient of the data resides in a country with a level of protection deemed adequate by the European Commission. Some of these countries may not have enacted equivalent data protection legislation to protect the use of your personal data. In such cases, we have researched whether appropriate preventive measures similar to those implemented within the EU are possible, for example by adopting standard contractual clauses. In specific cases, we will request your prior consent to the transfer of your personal data outside the EEA. Please follow the procedure set out in Rights of the data subject for further information on data transfer.

1. PageSpeed Insights
   • User-provided URLs to web pages
2. ScrapingBee
   • User-provided URLs to web pages and pages retrieved by Matomo for analysis
3. ScreenshotOne
   • User-provided URLs to web pages and pages retrieved by Matomo for analysis
4. Mailchimp
   • Aggregate information, reports based on your data.
   • Project data and your name, when sending an email through Luxifer (e.g., inviting a collaborator, sharing an insight)

6. Rights of the data subject

Data protection legislation provides various rights for the data subject with regard to the processing of personal data to ensure the data subject has sufficient control over the processing of their personal data. 

You are entitled to inspect the data we hold on you and to request and receive a copy of the personal data on our records. You are entitled to request that we amend, add to or delete any outdated, incorrect or incomplete personal data relating to you when your personal details change. You are also entitled to limit the processing of your personal data and to object thereto. You are also entitled to receive the personal data you have provided to the data controller in a structured, commonly used, machine-readable format, and to transmit it to another data controller.

For further information on the processing of your personal data or if you wish to exercise your rights, please contact us at hello@luxifer.app

You are entitled to lodge a complaint with the competent supervising authority (for data protection). In Belgium, the Data Protection Authority, Drukpersstraat 35, 1000 Brussels (contact@apd-gba.be).

7. Security

We make every effort to guarantee the security of your data. We have implemented reasonable technical and organisational measures to guarantee your personal data against accidental or unlawful destruction, loss, modification, unauthorised disclosure and/or unauthorised access to the data transmitted, saved or otherwise processed. Please note that the internet is an open network; we cannot therefore guarantee that unauthorised third parties will not be able to circumvent these measures or use your personal data for inappropriate purposes.

This website may include links to third-party websites. We will not be held liable for the content of these websites, nor for the privacy standards and practices of the corresponding third party. You must read and understand the relevant third-party and website privacy policies before accepting cookies and visiting a website, to ensure your personal data is sufficiently protected.

8. Amendments to this policy

LUXIFER may amend or update this policy to ensure the provision of information on how we process your personal data at that time. The updated version of this policy is available on the same website and will take effect upon publication. Please visit this webpage regularly to ensure you remain up-to-date on how we collect and process personal data, how and under what circumstances we use your personal data and when we share your personal data with third parties.

Version	Changes
2025-09-02	Added HTML anchors
2025-07-19	– Updated data collection – Added data retention periods – Added websites of the third parties data may be transmitted to
2024-02-13	Initial version