Privacy Policy
# Privacy Policy
Lumi & Co. ("we", "us", "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use and protect your information in compliance with the **General Data Protection Regulation (GDPR)** and applicable data protection laws.
## 1. Who We Are
**Data Controller:** Lumi & Co.
**Contact:** hello@lumiandco.com
## 2. What Data We Collect
When you visit or make a purchase from our store, we may collect the following personal data:
- **Identity data:** name, username
- **Contact data:** email address, postal address, phone number
- **Financial data:** payment card details (processed securely â we never store full card details)
- **Transaction data:** details of products purchased
- **Technical data:** IP address, browser type, time zone, cookies
- **Usage data:** how you use our website
## 3. How We Collect Your Data
- When you create an account or place an order
- When you subscribe to our newsletter
- When you contact us by email or through our website
- Automatically via cookies and similar tracking technologies
## 4. How We Use Your Data
We use your data only where we have a lawful basis to do so:
| Purpose | Lawful Basis |
|---|---|
| Processing and fulfilling your order | Contract |
| Sending order confirmations and updates | Contract |
| Responding to your enquiries | Legitimate interest |
| Sending marketing emails (if opted in) | Consent |
| Improving our website and services | Legitimate interest |
| Complying with legal obligations | Legal obligation |
## 5. Marketing Communications
We will only send you marketing emails if you have opted in. You can unsubscribe at any time by clicking the **unsubscribe** link at the bottom of any marketing email or by contacting us at **hello@lumiandco.com**.
## 6. Sharing Your Data
We do not sell your personal data. We may share your data with trusted third parties only where necessary:
- **Payment processors** (e.g. Shopify Payments, PayPal) to process transactions
- **Shipping carriers** to fulfil and deliver your order
- **Email service providers** to send order confirmations and marketing (if opted in)
- **Legal authorities** where required by law
All third parties are required to keep your data secure and use it only for the specified purpose.
## 7. Cookies
We use cookies to improve your browsing experience and analyse site traffic. You can control cookie settings through your browser at any time. For more information, see our Cookie Policy.
## 8. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes it was collected for, including legal and accounting requirements â typically **6 years** for transaction records.
## 9. Your Rights Under GDPR
You have the right to:
- **Access** the personal data we hold about you
- **Correct** inaccurate or incomplete data
- **Erase** your data ("right to be forgotten")
- **Restrict** or **object** to our processing of your data
- **Data portability** â receive your data in a structured format
- **Withdraw consent** at any time where processing is based on consent
To exercise any of these rights, contact us at **hello@lumiandco.com**. We will respond within **30 days**.
You also have the right to lodge a complaint with your local data protection authority at any time.
## 10. Data Security
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, loss or destruction. All payment transactions are encrypted using SSL technology.
## 11. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.
## 12. Contact Us
For any questions or concerns regarding this Privacy Policy, please contact:
**Lumi & Co.**
Email: **hello@lumiandco.com**
---
*Last updated: May 2026*