Privacy Policy

The data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws is:

REISERBANN PEINTURE ET DÉCORATION S.à r.l. 8, Zone Industrielle Am Bruch L-3327 Crauthem Grand Duchy of Luxembourg

Phone: +352 26 36 28 33 Email: reipeint@pt.lu

If you have any questions about the processing of your personal data or wish to exercise your rights as a data subject, you can contact us informally at any time. We will handle your enquiry promptly and at no additional cost to you.

When you visit our website and use our online services, we process personal data to varying extents. "Personal data" within the meaning of Art. 4 (1) GDPR refers to any information relating to an identified or identifiable natural person.

When you contact us via our enquiry form, we collect the following data that you actively provide: first and last name, email address, phone number, company name (optional), the services of interest and a free-text description of your project.

Every time you access the website, additional technically necessary data is processed which your browser automatically transmits to our server (see Server log files).

Providing your data is voluntary. However, without the mandatory information (name, email, phone, project description) we cannot handle your enquiry. There is no statutory or contractual obligation to provide this data.

When you visit our website, data is automatically stored in so-called server log files which your browser transmits to our server. The following data is recorded:

• IP address of the requesting device • Date and time of the request • Browser type and version • Operating system in use • Referrer URL (the page previously visited) • Host name of the accessing computer • Volume of data transferred and HTTP status code

This data is used exclusively for statistical purposes, to ensure trouble-free operation of the website and to improve our IT security. The data is not merged with other data sources or evaluated on a personal basis. Storage takes place for a maximum of 30 days; after that, the log files are automatically deleted.

We process your personal data exclusively for clearly defined purposes:

• Handling your enquiries and quote requests and communicating with you • Preparing and fulfilling contracts for our services • Compliance with statutory retention and documentation obligations • Ensuring the technical operation and security of our website

Your data is generally not passed on to third parties. Exceptions apply only where this is strictly necessary for the performance of a contract with you (e.g. to subcontractors we engage for parts of the work) or where we are legally required to disclose data.

The processing of your personal data is based on the following legal provisions:

• Art. 6 (1) (a) GDPR (consent): Where you have expressly consented to the processing of your data.

• Art. 6 (1) (b) GDPR (contract / pre-contractual measures): Where processing is necessary for the performance of a contract or to take pre-contractual steps, for example when handling your quote request.

• Art. 6 (1) (c) GDPR (legal obligation): Where processing is necessary to comply with a legal obligation to which we are subject, for example tax-related retention obligations.

• Art. 6 (1) (f) GDPR (legitimate interest): Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, and your interests, fundamental rights and freedoms do not override these, for example to ensure IT security.

We retain your personal data only for as long as is necessary to fulfil the respective purposes or as required by statutory retention obligations.

Enquiry data submitted via the contact form is stored for as long as necessary to handle your request and, where applicable, to perform any resulting contract. Where a business relationship is established, the retention periods under commercial and tax law apply, typically between six and ten years.

Server log files are stored for a maximum of 30 days. Data from pure enquiries that do not lead to a contract is deleted at the latest three years after the end of the correspondence, unless statutory obligations require otherwise.

Cookies are small text files stored on your device when you visit a website. They enable certain features of a website to function.

This website uses only technically necessary cookies that are required for the operation and functionality of the site. No tracking, analytics or marketing cookies are used. Your browsing behaviour is not analysed.

Most browsers accept cookies by default. You can restrict, refuse or delete cookies at any time in your browser settings. If cookies are completely disabled, the functionality of this website may be impaired.

For security reasons and to protect the transmission of confidential content (such as enquiries submitted via the contact form), this website uses SSL/TLS encryption.

You can recognise an encrypted connection by the fact that the address bar of your browser changes from "http://" to "https://" and a padlock symbol is displayed. When SSL/TLS encryption is active, the data you transmit to us cannot be read by third parties.

We use current, industry-standard encryption protocols and review them regularly for their security.

We generally do not transfer your personal data to countries outside the European Union or the European Economic Area (so-called third countries).

Should such a transfer be necessary in exceptional cases, it will be carried out exclusively on the basis of appropriate safeguards in accordance with Art. 44 et seq. GDPR. These may include EU standard contractual clauses, an adequacy decision by the European Commission or binding corporate rules.

We will inform you separately in advance of any intended transfer to a third country.

We take appropriate technical and organisational measures in accordance with Art. 32 GDPR to protect your personal data against accidental or deliberate manipulation, loss, destruction or unauthorised access by third parties.

Our security measures include encryption of data transmission, regular security updates of our systems, secure server locations, access restrictions for employees and regular data protection training for our team.

These measures are continuously reviewed and adapted to the advancing state of technology. However, absolute security in data transmission over the internet cannot be guaranteed based on the current state of technology.

You have the right at any time to obtain information free of charge about the personal data stored about you, as well as the right to rectification, erasure or restriction of processing. Specifically, you have the following rights:

• Information (Art. 15 GDPR): You can find out at any time what data we process about you. • Rectification (Art. 16 GDPR): You can request the correction of inaccurate data or the completion of incomplete data. • Erasure (Art. 17 GDPR): You can request the deletion of your data, unless statutory retention obligations apply. • Restriction (Art. 18 GDPR): You can request the restriction of processing. • Data portability (Art. 20 GDPR): You can receive your data in a structured, commonly used and machine-readable format. • Objection (Art. 21 GDPR): You can object to the processing of your data. • Withdrawal of consent: You can withdraw a given consent at any time with effect for the future.

To exercise these rights, simply contact us informally using the details listed in the "Data controller" section.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes the GDPR.

In Luxembourg, the competent supervisory authority is the Commission nationale pour la protection des données (CNPD):

Commission nationale pour la protection des données 15, Boulevard du Jazz L-4370 Belvaux Grand Duchy of Luxembourg

Phone: +352 26 10 60-1 Website: www.cnpd.lu

You may also contact the supervisory authority of your usual place of residence or work.

We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to reflect changes to our services in the privacy policy, for example when introducing new services.

The new privacy policy will then apply to your next visit. The current version is always available on this page. Where possible, we will inform you separately in advance of any significant changes, particularly those that materially affect your rights.

Status of this policy: May 2026.