Privacy Policy

1. Introduction

At Lumivora, we are committed to protecting your privacy and ensuring you have a positive experience on our website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our products and services. Please read this privacy policy carefully. If you do not agree with our policies and practices, please do not use our site.

We are a United Kingdom-based company operating under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. Your data protection rights are fundamental to our operations, and we take our responsibilities seriously. This policy is designed to be transparent about our data handling practices and to give you control over your personal information.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you voluntarily provide to us when you interact with our website and services. This includes:

• Account Registration: When you create an account, we collect your name, email address, password, phone number, and delivery address.
• Purchase Information: When you make a purchase, we collect billing address, payment card information (processed securely through third-party payment processors), order history, and product preferences.
• Communication: When you contact us via email, phone, or through our contact form, we collect your message content, contact details, and any attachments you provide.
• Newsletter Subscription: When you subscribe to our newsletter, we collect your email address and marketing preferences.
• Feedback and Reviews: When you leave product reviews or feedback, we collect your comments, ratings, and any personal information included in your submission.
• Survey Responses: When you participate in surveys or questionnaires, we collect your responses and demographic information.

2.2 Information Collected Automatically

When you visit our website, certain information is collected automatically through cookies, web beacons, and similar tracking technologies:

• Browser and Device Information: We collect information about your browser type, operating system, device type, and unique device identifiers.
• IP Address: Your Internet Protocol (IP) address is collected to determine your general geographic location and to prevent fraudulent activity.
• Browsing Activity: We track pages you visit, links you click, time spent on pages, and the sequence of pages you view.
• Search Queries: We log search terms you use within our website to improve our search functionality.
• Referral Information: We collect information about how you arrived at our website (e.g., through search engines or other websites).
• Cookies: We use cookies to remember your preferences, maintain your session, and track your activities. For detailed information, see our Cookie Policy.

2.3 Information from Third Parties

We may receive information about you from third parties in certain circumstances:

• Payment Processors: We receive confirmation of successful transactions and payment status from our payment service providers.
• Delivery Partners: Shipping and logistics providers may share delivery status and confirmation information.
• Social Media: If you interact with our social media accounts or log in through social media, we may receive profile information.
• Analytics Providers: Third-party analytics services provide us with aggregated data about website usage patterns.
• Marketing Partners: We may receive data from marketing and advertising partners about your interactions with our campaigns.

3. How We Use Your Information

We use the information we collect for various purposes, all of which are lawful under GDPR. Our use of your data is based on one or more of the following legal grounds: your consent, contract performance, legal obligation, vital interests, public task, or legitimate interests.

3.1 Service Delivery and Account Management

• Creating and maintaining your account
• Processing and fulfilling your orders
• Sending order confirmations and delivery updates
• Managing returns and refunds
• Providing customer support and responding to inquiries
• Verifying your identity for security purposes

3.2 Marketing and Communications

• Sending promotional emails about products, sales, and special offers (only with your consent)
• Delivering personalized product recommendations based on your browsing and purchase history
• Notifying you about updates to our policies or terms of service
• Conducting marketing campaigns and measuring their effectiveness
• Creating targeted advertising based on your interests

3.3 Website Improvement and Analytics

• Analyzing website usage patterns and user behavior
• Identifying technical issues and improving website performance
• Conducting A/B testing and user experience research
• Understanding customer preferences and needs
• Optimizing our product offerings and services

3.4 Fraud Prevention and Security

• Detecting and preventing fraudulent transactions
• Protecting against unauthorized access and data breaches
• Monitoring for suspicious activity and security threats
• Enforcing our terms of service and other agreements

3.5 Legal Compliance and Legitimate Interests

• Complying with legal obligations, court orders, and regulatory requirements
• Protecting our legal rights and the rights of our customers
• Establishing, exercising, or defending legal claims
• Maintaining business records and financial accounts

4. Legal Basis for Processing

Under the GDPR, we process your personal data only when we have a lawful basis to do so. The legal bases we rely upon are:

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. However, we may share your information in the following circumstances:

5.1 Service Providers

We share your information with trusted third-party service providers who perform services on our behalf, including payment processors, shipping companies, email service providers, and analytics platforms. These providers are contractually obligated to use your information only for the purposes specified and to maintain the confidentiality and security of your data.

5.2 Business Transfers

If Lumivora is involved in a merger, acquisition, bankruptcy, dissolution, reorganization, or similar transaction or proceeding, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

5.3 Legal Requirements

We may disclose your information when required by law or when we believe in good faith that such disclosure is necessary to comply with legal obligations, enforce our terms of service, protect our rights or the rights of others, or prevent fraud and security issues.

5.4 Aggregated and De-identified Data

We may share aggregated, anonymized data that cannot identify you with third parties for research, marketing, analytics, and other purposes. This data does not contain any personal information that could identify you.

5.5 International Transfers

As a UK-based company, we primarily process data within the UK and EU. If we transfer your personal data internationally, we implement appropriate safeguards, including Standard Contractual Clauses or adequacy decisions, to ensure your data receives the same level of protection.

6. Your Privacy Rights Under GDPR

Under the GDPR and UK Data Protection Act 2018, you have the following rights regarding your personal data:

6.1 Right of Access

You have the right to request access to the personal data we hold about you. We will provide you with a copy of your data in a structured, commonly used, and machine-readable format within 30 days of your request.

6.2 Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data. We will make the necessary corrections and inform you of the changes.

6.3 Right to Erasure ("Right to be Forgotten")

You have the right to request the deletion of your personal data, subject to certain exceptions. We will delete your data unless we have a legal obligation to retain it or a legitimate reason to keep it.

6.4 Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain circumstances, such as when you believe the data is inaccurate or when you object to our processing.

6.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another organization without hindrance.

6.6 Right to Object

You have the right to object to our processing of your personal data based on our legitimate interests or for direct marketing purposes. We will cease processing your data upon receipt of a valid objection, except where we have a compelling legitimate interest or legal obligation to continue.

6.7 Right to Withdraw Consent

If we process your data based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

6.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have violated your privacy rights. You can contact the ICO at ico.org.uk.

How to Exercise Your Rights

To exercise any of these rights, please submit a written request to our Data Protection Officer at:

We will respond to your request within 30 days. If your request is complex or requires further investigation, we may extend this period to 90 days, and we will notify you of the extension.

7. Data Security

We take the security of your personal data very seriously and implement comprehensive technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction.

7.1 Security Measures

• Encryption: We use SSL/TLS encryption to protect data transmitted between your browser and our servers.
• Secure Storage: Personal data is stored on secure servers with restricted access and regular security audits.
• Access Controls: Only authorized employees and contractors with a legitimate business need have access to your personal data.
• Firewalls: We maintain firewalls and intrusion detection systems to prevent unauthorized access.
• Regular Updates: We regularly update our security systems and patch vulnerabilities.
• Data Minimization: We collect and retain only the minimum personal data necessary for our purposes.

7.2 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and within the timeframes specified by GDPR (typically within 72 hours of becoming aware of the breach). Our notification will include information about the nature of the breach, the data affected, the likely consequences, and the measures we are taking to address the breach and mitigate harm.

7.3 Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law. Once your data is no longer needed, we securely delete or anonymize it. Retention periods vary depending on the type of data and its purpose:

• Account Data: Retained for the duration of your account and for 3 years after account closure for legal and tax purposes.
• Transaction Data: Retained for 7 years to comply with tax and accounting regulations.
• Marketing Data: Retained until you unsubscribe or withdraw consent.
• Website Analytics: Aggregated data retained for up to 26 months; individual tracking data deleted after 14 months.
• Support Communications: Retained for 2 years after the last interaction unless longer retention is required for dispute resolution.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content. For comprehensive information about our use of cookies, including how to manage your preferences, please refer to our Cookie Policy.

8.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality, security, and basic features.
• Performance Cookies: Track website performance and user behavior to improve our services.
• Functional Cookies: Remember your preferences and enable enhanced features.
• Marketing Cookies: Used for targeted advertising and measuring campaign effectiveness.

8.2 Managing Cookies

You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling cookies may affect the functionality of our website. For more information and to manage your cookie preferences, please visit our Cookie Policy.

9. Third-Party Links and Services

Our website may contain links to third-party websites and services that are not operated by Lumivora. This Privacy Policy does not apply to third-party websites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party websites before providing your personal information.

9.1 Social Media Integration

Our website may include social media buttons and widgets that allow you to share content or log in using your social media accounts. These features may collect your IP address and set cookies to enable the functionality. Your use of these features is governed by the privacy policies of the respective social media platforms.

9.2 Payment Processing

Payment processing is handled by third-party payment service providers. We do not store your complete credit card information on our servers. Payment information is transmitted securely to our payment processors, who are PCI-DSS compliant and maintain their own privacy and security policies.

10. Children's Privacy

Our website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete such information and terminate the child's account. If you believe we have collected information from a child under 13, please contact us immediately at [email protected].

For users between 13 and 18 years old, we provide additional privacy protections and encourage parental involvement in their online activities. Parents or guardians may request access to, or deletion of, a minor's personal information by contacting us.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this policy and, where appropriate, by sending you an email notification or displaying a prominent notice on our website. Your continued use of our website following the posting of changes constitutes your acceptance of the revised Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. If you do not agree with the revised policy, you may discontinue your use of our website.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us. We are committed to addressing your concerns and working with you to resolve any privacy issues.