GDPR Compliance Statement

Angstone B.V.
Willemsplein 4, 6811 KA, Arnhem
Date: 17/07/2025

1. Medical Device Data Processing
Our Class I medical device, Luna Glasses, does not collect, store, or process any personal data from users during normal operation. It functions independently of any data processing and does not transmit or record user information.

2. Company Data Processing Activities
While the device itself does not process data, Angstone B.V. may process personal data for the following purposes:
– Newsletter distribution
– Customer communication
– Pre-order campaign management
– General marketing and promotional activities

We process data such as names, email addresses, and country of residence (as applicable), which are voluntarily provided by individuals when they subscribe to our communications or participate in a pre-order.

3. Legal Basis for Processing
Processing is based on:

– Consent (Article 6(1)(a) GDPR): Individuals provide consent by opting into newsletters or campaigns. Individuals also explicitly accept terms and conditions before purchasing the pre-order, which state that their data can be used for fulfilling the contract.
– Contract performance (Article 6(1)(b)): For pre-order management and customer communication related to orders or inquiries.
– Legitimate interest (Article 6(1)(f)): For internal analytics and service improvement, where applicable.

4. Data Subject Rights
Data subjects have the right to:

– Access their personal data
– Rectify inaccurate data
– Withdraw consent at any time
– Request deletion of their data (“right to be forgotten”)
– Restrict or object to certain types of processing
– Lodge a complaint with a supervisory authority

All data requests can be directed to info@lunaglasses.nl.

5. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes stated above or to comply with legal requirements. Individuals can unsubscribe from marketing communications at any time.

6. Security and Third-Party Services
We implement appropriate technical and organizational measures to protect data, including secure mailing platforms and web forms. Any third-party service providers (e.g., email platforms or web hosts) are required to comply with GDPR through data processing agreements.

7. International Data Transfers
If personal data is transferred outside the European Economic Area (EEA), we ensure that adequate safeguards (such as standard contractual clauses) are in place in accordance with GDPR Chapter V.

Contact for Data Protection Matters
Angstone B.V.
Email: info@lunaglasses.nl