Privacy Policy
Last Updated: October 25, 2025
1. DATA CONTROLLER AND ROLES
1.1 Data Controller
For personal data processed through the Platform, the data controller is:
Vectre OÜ
Registry code: 16985736
Address: Narva mnt 7a, Kesklinna linnaosa, Tallinn 15172, Estonia
Email: business@luxorr.io
1.2 Client as Primary Controller for End Users
Where personal data relates to End Users (i.e. gift recipients such as customers, players, employees, or partners of the Client):
The Client is the primary Data Controller for such personal data.
Luxorr acts as a Data Processor or sub-processor, processing personal data strictly on documented instructions of the Client.
The Client confirms that it has a valid legal basis under GDPR (e.g. consent, legitimate interest, contractual necessity) to provide End User data to Luxorr.
Luxorr does not independently determine the purposes of processing End User data.
2. SCOPE OF THIS POLICY
This Policy applies to:
Client representatives and authorized users of the Platform
End User personal data submitted by the Client for the purpose of gift fulfillment
Website and platform usage data
This Policy does not govern how Clients collect data from their End Users. That responsibility lies entirely with the Client.
3. CATEGORIES OF PERSONAL DATA PROCESSED
3.1 Data Provided by Clients
We may process the following data provided directly by Clients:
Company name, registration number, VAT number
Business address and billing details
Contact person name, email address, phone number
Platform account credentials and access rights
Order instructions, gifting campaign parameters
3.2 End User Data Provided by Clients
Solely for execution of Client instructions, we may process:
Recipient name
Delivery address
Email address or phone number (if required for delivery)
Gift selection or preferences (if applicable)
Internal reference IDs or notes provided by the Client
Luxorr does not collect End User data directly from End Users.
3.3 Automatically Collected Data
When authorized users access the Platform, we may automatically collect:
IP address
Browser type and version
Device and operating system information
Date and time of access
Log files and security events
3.4 Cookies and Similar Technologies
We use cookies and similar technologies strictly for:
Platform functionality
Security
Performance monitoring
See Section 10 for details.
4. PURPOSES OF PROCESSING
Personal data is processed only for the following purposes:
Providing and operating the Luxorr Platform
Executing gifting, logistics, and coordination services as instructed by the Client
Communicating with Clients regarding orders and services
Issuing invoices and processing payments
Ensuring platform security and preventing fraud
Complying with legal, regulatory, and accounting obligations
We do not use personal data for advertising, profiling, or resale.
5. LEGAL BASES FOR PROCESSING (GDPR ART. 6)
Processing is carried out under one or more of the following legal bases:
Contractual necessity (Art. 6(1)(b)) – to perform services agreed with the Client
Legal obligation (Art. 6(1)(c)) – accounting, tax, regulatory compliance
Legitimate interests (Art. 6(1)(f)) – platform security, fraud prevention, service optimization
Consent (Art. 6(1)(a)) – only where explicitly required and obtained by the Client
Luxorr relies on the Client’s confirmation that End User data has been lawfully obtained.
6. DATA SHARING AND DISCLOSURE
6.1 Service Providers and Sub-processors
We may share personal data with trusted third parties strictly as necessary to perform services, including:
Logistics and courier companies
Fulfillment centers
Payment service providers
IT infrastructure and hosting providers
All such parties are bound by contractual data protection and confidentiality obligations.
6.2 Regulatory and Legal Disclosure
We may disclose data where required by:
Law
Court order
Regulatory authority
Tax or financial supervision bodies
6.3 No Sale or Commercial Use of Data
Luxorr does not sell, rent, trade, or monetize personal data in any form.
7. INTERNATIONAL DATA TRANSFERS
Where personal data is transferred outside the EU/EEA, Luxorr ensures appropriate safeguards, including:
EU Standard Contractual Clauses (SCCs)
Equivalent legal transfer mechanisms
Transfers occur only when necessary for service execution (e.g. international delivery).
8. DATA RETENTION
Personal data is retained only for as long as necessary:
Client account data: for the duration of the business relationship
Order and transaction data: in accordance with Estonian and EU accounting laws (typically 7 years)
Technical logs: limited retention for security and compliance
Upon termination, data is deleted or anonymized unless retention is legally required.
9. DATA SUBJECT RIGHTS
Where applicable under GDPR, data subjects may have the right to:
Access personal data
Rectify inaccurate data
Request erasure
Restrict processing
Object to processing
Data portability
⚠️ Important:
For End Users, such requests must be addressed primarily to the Client, not Luxorr. Luxorr will assist the Client where required under a Data Processing Agreement.
Requests may be submitted to: business@luxorr.io
10. COOKIES AND TRACKING
The Platform uses cookies for:
Authentication
Security
Performance
Users may manage cookies via browser settings. Disabling cookies may affect Platform functionality.
11. DATA SECURITY
We implement appropriate technical and organizational measures, including:
Encrypted data transmission (HTTPS)
Access controls and role-based permissions
Secure hosting infrastructure
Regular internal security reviews
No system is entirely risk-free, but we apply industry-standard safeguards.
12. END USER COMPLAINTS AND LIABILITY
Luxorr has no direct relationship with End Users.
Any complaints, claims, or inquiries from End Users must be handled by the Client
Luxorr is not responsible for Client-End User communication, consent collection, or disclosures
The Client indemnifies Luxorr against End User data protection claims
13. UPDATES TO THIS POLICY
We may update this Privacy Policy as required by law or operational changes.
Updates will be published on the Platform
Continued use constitutes acceptance of the updated Policy
14. CONTACT INFORMATION
For any privacy-related questions or requests:
Vectre OÜ
Narva mnt 7a, Tallinn 15172, Estonia
Registry code: 16985736
📧 business@luxorr.io
15. ACKNOWLEDGMENT
By using the Luxorr Platform, the Client confirms that it has read, understood, and accepted this Privacy Policy and that it has ensured lawful handling of End User data in accordance with GDPR.
1. DATA CONTROLLER AND ROLES
1.1 Data Controller
For personal data processed through the Platform, the data controller is:
Vectre OÜ
Registry code: 16985736
Address: Narva mnt 7a, Kesklinna linnaosa, Tallinn 15172, Estonia
Email: business@luxorr.io
1.2 Client as Primary Controller for End Users
Where personal data relates to End Users (i.e. gift recipients such as customers, players, employees, or partners of the Client):
The Client is the primary Data Controller for such personal data.
Luxorr acts as a Data Processor or sub-processor, processing personal data strictly on documented instructions of the Client.
The Client confirms that it has a valid legal basis under GDPR (e.g. consent, legitimate interest, contractual necessity) to provide End User data to Luxorr.
Luxorr does not independently determine the purposes of processing End User data.
2. SCOPE OF THIS POLICY
This Policy applies to:
Client representatives and authorized users of the Platform
End User personal data submitted by the Client for the purpose of gift fulfillment
Website and platform usage data
This Policy does not govern how Clients collect data from their End Users. That responsibility lies entirely with the Client.
3. CATEGORIES OF PERSONAL DATA PROCESSED
3.1 Data Provided by Clients
We may process the following data provided directly by Clients:
Company name, registration number, VAT number
Business address and billing details
Contact person name, email address, phone number
Platform account credentials and access rights
Order instructions, gifting campaign parameters
3.2 End User Data Provided by Clients
Solely for execution of Client instructions, we may process:
Recipient name
Delivery address
Email address or phone number (if required for delivery)
Gift selection or preferences (if applicable)
Internal reference IDs or notes provided by the Client
Luxorr does not collect End User data directly from End Users.
3.3 Automatically Collected Data
When authorized users access the Platform, we may automatically collect:
IP address
Browser type and version
Device and operating system information
Date and time of access
Log files and security events
3.4 Cookies and Similar Technologies
We use cookies and similar technologies strictly for:
Platform functionality
Security
Performance monitoring
See Section 10 for details.
4. PURPOSES OF PROCESSING
Personal data is processed only for the following purposes:
Providing and operating the Luxorr Platform
Executing gifting, logistics, and coordination services as instructed by the Client
Communicating with Clients regarding orders and services
Issuing invoices and processing payments
Ensuring platform security and preventing fraud
Complying with legal, regulatory, and accounting obligations
We do not use personal data for advertising, profiling, or resale.
5. LEGAL BASES FOR PROCESSING (GDPR ART. 6)
Processing is carried out under one or more of the following legal bases:
Contractual necessity (Art. 6(1)(b)) – to perform services agreed with the Client
Legal obligation (Art. 6(1)(c)) – accounting, tax, regulatory compliance
Legitimate interests (Art. 6(1)(f)) – platform security, fraud prevention, service optimization
Consent (Art. 6(1)(a)) – only where explicitly required and obtained by the Client
Luxorr relies on the Client’s confirmation that End User data has been lawfully obtained.
6. DATA SHARING AND DISCLOSURE
6.1 Service Providers and Sub-processors
We may share personal data with trusted third parties strictly as necessary to perform services, including:
Logistics and courier companies
Fulfillment centers
Payment service providers
IT infrastructure and hosting providers
All such parties are bound by contractual data protection and confidentiality obligations.
6.2 Regulatory and Legal Disclosure
We may disclose data where required by:
Law
Court order
Regulatory authority
Tax or financial supervision bodies
6.3 No Sale or Commercial Use of Data
Luxorr does not sell, rent, trade, or monetize personal data in any form.
7. INTERNATIONAL DATA TRANSFERS
Where personal data is transferred outside the EU/EEA, Luxorr ensures appropriate safeguards, including:
EU Standard Contractual Clauses (SCCs)
Equivalent legal transfer mechanisms
Transfers occur only when necessary for service execution (e.g. international delivery).
8. DATA RETENTION
Personal data is retained only for as long as necessary:
Client account data: for the duration of the business relationship
Order and transaction data: in accordance with Estonian and EU accounting laws (typically 7 years)
Technical logs: limited retention for security and compliance
Upon termination, data is deleted or anonymized unless retention is legally required.
9. DATA SUBJECT RIGHTS
Where applicable under GDPR, data subjects may have the right to:
Access personal data
Rectify inaccurate data
Request erasure
Restrict processing
Object to processing
Data portability
⚠️ Important:
For End Users, such requests must be addressed primarily to the Client, not Luxorr. Luxorr will assist the Client where required under a Data Processing Agreement.
Requests may be submitted to: business@luxorr.io
10. COOKIES AND TRACKING
The Platform uses cookies for:
Authentication
Security
Performance
Users may manage cookies via browser settings. Disabling cookies may affect Platform functionality.
11. DATA SECURITY
We implement appropriate technical and organizational measures, including:
Encrypted data transmission (HTTPS)
Access controls and role-based permissions
Secure hosting infrastructure
Regular internal security reviews
No system is entirely risk-free, but we apply industry-standard safeguards.
12. END USER COMPLAINTS AND LIABILITY
Luxorr has no direct relationship with End Users.
Any complaints, claims, or inquiries from End Users must be handled by the Client
Luxorr is not responsible for Client-End User communication, consent collection, or disclosures
The Client indemnifies Luxorr against End User data protection claims
13. UPDATES TO THIS POLICY
We may update this Privacy Policy as required by law or operational changes.
Updates will be published on the Platform
Continued use constitutes acceptance of the updated Policy
14. CONTACT INFORMATION
For any privacy-related questions or requests:
Vectre OÜ
Narva mnt 7a, Tallinn 15172, Estonia
Registry code: 16985736
📧 business@luxorr.io
15. ACKNOWLEDGMENT
By using the Luxorr Platform, the Client confirms that it has read, understood, and accepted this Privacy Policy and that it has ensured lawful handling of End User data in accordance with GDPR.
Gifting Platform
B2B-oriented gifting platform for global teams
VIP & Loyalty Gifting
Gifting programs for VIP and loyalty teams
Concierge
Premium concierge support for your clients
Event & Brand Merchandise
Merchandise and gifts for events and conferences
Employee Gifting
Employee gifts people actually appreciate
Smart Trigger Gifting
Automated gifting integrated with your CRM
