Privacy policy

Privacy Policy

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

LMT Hospitality GmbH
Zur Alten Börse 79
12681 Berlin, Germany
E-mail: orders@lmt-hospo.com
Managing directors: Morgan Love, James Maguire

2. General Information on Data Processing

We process personal data of our users only insofar as this is necessary to provide a functional website and our content and services. Processing generally takes place only with the user's consent (Art. 6(1)(a) GDPR), for the performance of a contract or to carry out pre-contractual measures (Art. 6(1)(b) GDPR), to comply with a legal obligation (Art. 6(1)(c) GDPR), or on the basis of our legitimate interests (Art. 6(1)(f) GDPR).

Personal data is deleted as soon as the purpose of storage no longer applies and no statutory retention obligations (in particular commercial and tax retention obligations of up to ten years) prevent deletion.

3. Hosting and Provision of the Website (Shopify)

Our online shop runs on the platform of Shopify International Ltd., 2nd Floor, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (part of Shopify Inc., Canada). Shopify processes the data collected via the website on our behalf (in particular master data, contact data, order data and usage data). The legal basis is Art. 6(1)(b) and (f) GDPR (performance of the contract and our legitimate interest in a secure, efficient shop operation). A data processing agreement is in place with Shopify. Any transfer to third countries (in particular Canada and the USA) takes place on the basis of appropriate safeguards (EU Standard Contractual Clauses or the EU-US Data Privacy Framework).

When the website is accessed, information is automatically collected in server log files that your browser transmits (browser type and version, operating system, referrer URL, hostname of the accessing device, time of the server request, IP address). This data serves the technical provision, security and stability of the website. The legal basis is Art. 6(1)(f) GDPR.

4. Cookies and Consent Management

Our website uses cookies and comparable technologies. Technically necessary cookies are required for the operation of the website (e.g. shopping cart, login); the legal basis is Art. 6(1)(f) GDPR and section 25(2) TTDSG. We use non-essential cookies (in particular for analytics and map services) only with your prior consent in accordance with section 25(1) TTDSG and Art. 6(1)(a) GDPR.

To obtain and manage your consent we use a consent management tool (GDPR Cookie Bar, provider Bearfluent). Your selection is stored and can be revoked at any time with effect for the future via the cookie settings.

5. Contacting Us

If you contact us by e-mail or via a form, we process the data you provide (e.g. name, e-mail address, content of the enquiry) in order to handle your request. The legal basis is Art. 6(1)(b) GDPR where the enquiry relates to the conclusion or performance of a contract, and otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to enquiries). The data is deleted once your request has been dealt with conclusively and no retention obligations prevent deletion.

6. Customer Account and Order Processing

To open a (business) customer account and to process orders, we process the data required for this purpose (in particular company and contact-person details, delivery and billing address, e-mail address, order and payment data). Processing takes place for the performance of the contract under Art. 6(1)(b) GDPR and to comply with commercial and tax obligations under Art. 6(1)(c) GDPR.

To manage B2B access and the visibility of certain products and prices, we use access and order control applications (including Wholesale Lock / WSH Order Form by Wholesale Helper, Ymq B2B Login, Minmaxify Order Limits).

7. Payment Service Providers

To process payments, we pass on your payment data to the payment service provider you select. The legal basis is Art. 6(1)(b) GDPR. The payment service providers are independently responsible for the data they collect; their privacy notices apply. We use the following providers:

  • Klarna (Klarna Bank AB, Sveavägen 46, 111 34 Stockholm, Sweden). Klarna may carry out a credit and identity check for the purpose of payment processing and risk assessment.
  • PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg).
  • Shopify Payments / Shop Pay (Shopify International Ltd., Ireland) for credit card and SEPA direct debit payments.

8. Shipping and Delivery

To deliver the goods ordered, we pass on your delivery and contact data to the service providers and carriers entrusted with shipping. The legal basis is Art. 6(1)(b) GDPR. For this we use:

  • Packlink PRO (Auctane S.L.U., Spain) to create shipping labels and commission carriers.
  • Shipday (Shipday Inc.) to manage local delivery in the Berlin area.

9. Newsletter and E-mail / SMS Marketing

If you sign up for our newsletter, we process your e-mail address and any other data you voluntarily provide in order to send you information about our products and offers. Sign-up uses the double opt-in procedure. The legal basis is your consent under Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future, for example via the unsubscribe link in every newsletter e-mail.

For sending we use Mailchimp (Intuit Inc. / The Rocket Science Group LLC, USA). Mailchimp processes the data on our behalf; transfer to the USA takes place on the basis of appropriate safeguards (EU Standard Contractual Clauses or the EU-US Data Privacy Framework).

10. Web Analytics and Map Services (Google)

Where you have consented, we use services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland:

  • Google Analytics / Google Tag Manager to analyse usage behaviour and for statistical evaluation. Usage data (including a shortened IP address) is processed.
  • Google Maps to display maps and our location / stockist directory.

The legal basis is your consent under Art. 6(1)(a) GDPR and section 25(1) TTDSG. Any transfer to the USA takes place on the basis of appropriate safeguards (EU Standard Contractual Clauses or the EU-US Data Privacy Framework). You can withdraw your consent at any time via the cookie settings.

11. Customer Relationship Management (CRM) and Process Automation

To manage customer relationships and automate internal processes, we use HubSpot (HubSpot Ireland Ltd., Ireland / HubSpot Inc., USA) as well as integration services such as Zapier (Zapier Inc., USA) and Make (Celonis SE / Make). Contact and business data is processed in this context. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in efficient customer service and business operations) or Art. 6(1)(b) GDPR. Where data is transferred to the USA, appropriate safeguards apply (EU Standard Contractual Clauses or the EU-US Data Privacy Framework).

12. Subscriptions (Recurring Deliveries)

To manage recurring orders / subscriptions, we use the service Spurit (Spur IT SIA). The order and customer data required to handle the subscription is processed. The legal basis is Art. 6(1)(b) GDPR.

13. Accounting and Tax Obligations

To comply with commercial and tax obligations, we process order and invoice data and transmit it to the service providers and interfaces involved in accounting and tax (including DATEV, Lexware Office, QuickBooks). The legal basis is Art. 6(1)(c) GDPR in conjunction with the statutory retention obligations.

14. Recipients and Processing on Our Behalf

We pass on personal data only where this is necessary for the performance of the contract, where there is a legal obligation, where you have consented, or where a legitimate interest justifies disclosure. Where we engage service providers as processors, this takes place on the basis of a data processing agreement pursuant to Art. 28 GDPR. Where data is transferred to a third country outside the EU/EEA, we ensure an adequate level of data protection through appropriate safeguards (in particular EU Standard Contractual Clauses or certification under the EU-US Data Privacy Framework).

15. Storage Period

We store personal data only for as long as is necessary for the respective purposes. Data subject to statutory retention obligations (in particular under the German Commercial Code and the German Fiscal Code) is retained for the legally prescribed period, generally six or ten years. After the periods expire, the data is deleted.

16. Your Rights as a Data Subject

You have the following rights regarding your personal data:

  • the right of access (Art. 15 GDPR),
  • the right to rectification (Art. 16 GDPR),
  • the right to erasure (Art. 17 GDPR),
  • the right to restriction of processing (Art. 18 GDPR),
  • the right to data portability (Art. 20 GDPR),
  • the right to withdraw consent given, with effect for the future (Art. 7(3) GDPR).

To exercise your rights, a message to the contact details given under section 1 is sufficient.

17. Right to Object

Where we process personal data on the basis of legitimate interests under Art. 6(1)(f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to such processing (Art. 21 GDPR). Where data is processed for direct marketing purposes, you may object to the processing at any time without giving reasons.

18. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Alt-Moabit 59-61
10555 Berlin

19. Validity and Changes to this Privacy Policy

This privacy policy is currently valid. As our website and offers develop, or due to changed legal requirements, it may become necessary to amend this privacy policy.

Last updated: 1 June 2026