Privacy Policy

01

Information We Collect

When you visit our website or place an order, we may collect the following categories of personal information:

• Identity & Contact — full name, email address, phone number, billing and shipping address
• Payment Information — processed securely by our payment providers; we never store full card numbers on our servers
• Account Information — email address and password hash if you create a customer account
• Transaction Data — order history, items purchased, amounts paid, and returns or refund records
• Usage & Technical Data — IP address, browser type, device type, operating system, pages visited, referring URLs, and session duration
• Communications — messages, inquiries, and feedback you send us via email or contact forms
• Marketing Preferences — your opt-in or opt-out status for promotional communications

02

How We Use Your Data

We process your personal information for the following purposes:

• Order Fulfillment — processing payments, arranging shipping, and sending order confirmations and tracking updates
• Customer Support — responding to inquiries, handling returns, exchanges, and complaints
• Account Management — creating and maintaining your customer account
• Marketing & Communications — sending promotional emails, product updates, and special offers (only with your consent)
• Analytics & Improvement — understanding how visitors use our site to improve performance and product offerings
• Legal Compliance — meeting our obligations under applicable laws, including tax, customs, and consumer protection regulations
• Fraud Prevention — detecting and preventing fraudulent transactions and unauthorized access

03

Sharing & Disclosure

We do not sell, rent, or trade your personal data. We share your information only with trusted third-party service providers who help us operate our business, and only to the extent necessary:

• Shipping & Logistics — DHL, FedEx, local postal services, and customs brokers (for international orders)
• Payment Processors — Stripe, PayPal, and other PCI-DSS compliant payment gateways
• Email & Marketing Platforms — Klaviyo, Mailchimp, or similar tools for transactional and marketing emails
• Analytics Providers — Google Analytics and similar tools (data is anonymized or pseudonymized where possible)
• E-commerce Platform — Shopify or our hosting platform, which processes data on our behalf
• Legal Authorities — when required by law, court order, or to protect the rights and safety of Luminaren or others

All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

04

International Data Transfers

Luminaren serves customers worldwide. Your personal data may be transferred to and processed in countries outside your country of residence, including countries that may have different data protection standards.

Where required by law (e.g., transfers from the EU/EEA), we ensure appropriate safeguards are in place, such as:

• EU Standard Contractual Clauses (SCCs) with our data processors
• Transfers only to countries with an EU adequacy decision
• Use of service providers certified under recognised frameworks

05

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this policy, or as required by applicable law:

• Order & Transaction Records — retained for up to 7 years for accounting, tax, and legal compliance
• Customer Account Data — retained until you close your account, plus a 30-day deletion window
• Marketing Preferences — retained until you unsubscribe or request deletion
• Usage & Analytics Data — typically retained for 26 months in anonymized form

When data is no longer needed, it is securely deleted or anonymized.

06

Cookies & Tracking Technologies

We use cookies and similar technologies (pixels, local storage) to enhance your experience and gather analytics. The types we use:

• Essential Cookies — required for the website to function (shopping cart, session authentication, security)
• Analytics Cookies — track pages visited and user behaviour to help us improve the site (e.g., Google Analytics)
• Marketing Cookies — used to deliver personalised advertisements and measure ad performance (e.g., Facebook Pixel, Google Ads)
• Preference Cookies — remember your settings such as language and currency

You can manage or withdraw consent for non-essential cookies at any time via the cookie banner on our site, or through your browser settings. For full details, please see our Cookie Policy.

07

GDPR — EU & UK Residents

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

• Right of Access — request a copy of the personal data we hold about you
• Right to Rectification — request correction of inaccurate or incomplete data
• Right to Erasure — request deletion of your personal data ("right to be forgotten")
• Right to Restriction — request that we limit how we process your data
• Right to Data Portability — receive your data in a structured, machine-readable format
• Right to Object — object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent — where processing is based on consent, withdraw it at any time

Legal Bases for Processing

• Contract performance — processing necessary to fulfill your order
• Legitimate interests — fraud prevention, analytics, and business improvement
• Legal obligation — tax, accounting, and customs compliance
• Consent — marketing emails and non-essential cookies

To exercise your rights, contact us at support@luminaren.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national DPA in the EU).

08

CCPA / CPRA — California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you specific rights:

• Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you
• Right to Delete — request deletion of your personal information, subject to certain exceptions
• Right to Correct — request correction of inaccurate personal information
• Right to Opt-Out of Sale or Sharing — we do not sell or share personal information for cross-context behavioural advertising
• Right to Limit Use of Sensitive Information — limit how we use sensitive personal information
• Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights

To submit a verifiable consumer request, email us at support@luminaren.com. We will respond within 45 days.

09

Other Regional Privacy Rights

We respect the privacy rights of customers worldwide. Below is a summary of relevant rights by region:

Regardless of your location, you can always contact us to exercise any privacy rights applicable to you. We aim to respond to all requests within 30 days.

10

Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact our privacy team:

We aim to respond to all privacy-related inquiries within 5 business days, and to formal data subject requests within 30 days as required by applicable law.