Privacy Policy

Last Updated: December 23, 2025

 

1. INFORMATION ABOUT THE CONTROLLER AND DATA COLLECTION

1.1 Controller Information

We are pleased that you are visiting our website and thank you for your interest. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website or purchase our products.

Controller:

• Trade Name: Lumina Wear

• Legal Entity: Nexora

• Business Address: Elzenhoven 2, 3162 PJ Rhoon, Netherlands

• KVK Registration: 95810358

• VAT Number: NL005175229B84

• Email: support@luminahelp.com

• Phone: +1 (302) 329-5856 (SMS Only)

The controller is responsible for determining the purposes and means of processing personal data under the General Data Protection Regulation (GDPR), Privacy Act 1988 (Australia), PIPEDA (Canada), and other applicable data protection laws.

1.2 Secure Data Transmission

For security reasons and to protect the transmission of personal data and other confidential content (e.g., orders or inquiries), this website uses SSL/TLS encryption. You can recognize an encrypted connection by the "https://" prefix and the lock symbol in your browser's address bar.

 

2. DATA COLLECTION WHEN VISITING OUR WEBSITE

2.1 Server Log Files

When you visit our website purely for informational purposes without registering or providing other information, we automatically collect data that your browser transmits to our server ("server log files"). This technical data is necessary to display the website and includes:

• The webpage you visited

• Date and time of access

• Amount of data sent (in bytes)

• Referrer URL (source from which you accessed the page)

• Browser type and version

• Operating system used

• IP address (anonymized where possible)

Legal Basis: Article 6(1)(f) GDPR (legitimate interest in improving website stability and functionality). The data is not passed on to third parties or used for other purposes. We reserve the right to review server log files if there are specific indications of illegal use.

 

3. COOKIES AND TRACKING TECHNOLOGIES

3.1 What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us make our website more functional and user-friendly.

3.2 Types of Cookies We Use

• Essential Cookies: Necessary for basic website functionality (e.g., shopping cart)

• Functional Cookies: Remember your preferences and settings

• Performance Cookies: Analyze how you use our website (e.g., Google Analytics)

• Marketing Cookies: Track your browsing to show relevant ads (e.g., Facebook Pixel, Google Ads)

3.3 Cookie Duration

• Session Cookies: Deleted when you close your browser

• Persistent Cookies: Remain on your device for a predefined period (varies by cookie)

Legal Basis:

• Essential cookies: Article 6(1)(b) GDPR (performance of contract)

• Other cookies: Article 6(1)(a) GDPR (consent) or Article 6(1)(f) GDPR (legitimate interest)

3.4 Managing Cookies

You can configure your browser to:

• Be notified when cookies are set

• Accept or reject cookies on a case-by-case basis

• Block all cookies

Please note that disabling cookies may limit website functionality. You can also withdraw cookie consent at any time through our cookie banner or browser settings.

 

4. PERSONAL DATA WE COLLECT

4.1 Information You Provide to Us

When you create an account, place an order, or contact us, we collect:

Account & Order Information:

• Full name

• Email address

• Billing address

• Shipping address

• Phone number (optional)

• Payment information (processed by payment providers)

• Order history

• Product preferences

Contact Information:

• Name

• Email address

• Phone number (if provided)

• Message content

4.2 Information Collected Automatically

• IP address

• Browser type and version

• Device type and operating system

• Pages visited and time spent on pages

• Referral source

• Click patterns and interactions

 

5. HOW WE USE YOUR DATA

We collect and process your personal data for the following purposes:

5.1 Order Fulfillment (Legal Basis: Article 6(1)(b) GDPR - Performance of Contract)

• Process and fulfill your orders

• Manage payments and billing

• Arrange shipping and delivery

• Send order confirmations and shipping notifications

• Handle returns and refunds

• Provide customer support

5.2 Account Management (Legal Basis: Article 6(1)(b) GDPR)

• Create and maintain your customer account

• Remember your preferences

• Provide personalized shopping experience

5.3 Communication (Legal Basis: Article 6(1)(b) or (f) GDPR)

• Respond to inquiries and support requests

• Send transactional emails (order updates, shipping notifications)

• Handle complaints and disputes

5.4 Marketing (Legal Basis: Article 6(1)(a) GDPR - Consent)

• Send newsletters and promotional emails (only with your consent)

• Display personalized advertisements

• Send review reminders

• Inform you about new products and special offers

You can withdraw marketing consent at any time by clicking "unsubscribe" in emails or contacting us.

5.5 Legal Compliance (Legal Basis: Article 6(1)(c) GDPR)

• Comply with tax and accounting requirements

• Respond to legal requests

• Prevent fraud and abuse

• Enforce our Terms & Conditions

5.6 Website Improvement (Legal Basis: Article 6(1)(f) GDPR - Legitimate Interest)

• Analyze website usage and performance

• Improve user experience

• Test and develop new features

• Conduct research and analytics

 

6. WHO WE SHARE YOUR DATA WITH

We share your personal data only with trusted third parties necessary for our business operations:

6.1 Service Providers

Shopify Inc. (E-commerce Platform)

• Website hosting and management

• Order processing

• Payment gateway integration

• Location: Canada (adequate protection under GDPR)

• Privacy Policy: https://www.shopify.com/legal/privacy

Payment Processors

• PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg)

• Stripe, Inc. (USA - Standard Contractual Clauses)

• Credit card processors (PCI DSS compliant)

• Purpose: Secure payment processing

Shipping Carriers

• International courier services (FedEx, UPS, DHL, local postal services)

• Purpose: Deliver products to your address

• Data shared: Name, address, phone number, tracking details

Email Service Providers

• Purpose: Send transactional and marketing emails

• Data shared: Email address, name, order information

6.2 Marketing and Analytics

Google LLC (USA)

• Google Analytics (website analytics)

• Google Ads (advertising)

• Legal basis: Consent (Article 6(1)(a) GDPR)

• Privacy Policy: https://policies.google.com/privacy

Meta Platforms (Facebook/Instagram)

• Facebook Pixel (conversion tracking)

• Instagram integration

• Legal basis: Consent (Article 6(1)(a) GDPR)

• Privacy Policy: https://www.facebook.com/privacy/policy

6.3 Legal Requirements

We may disclose your data to:

• Law enforcement agencies (when legally required)

• Courts and regulatory authorities

• Legal advisors and accountants

• Fraud prevention services

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new owner. You will be notified of any such change.

 

7. INTERNATIONAL DATA TRANSFERS

As we operate internationally and use service providers in different countries, your data may be transferred outside the European Economic Area (EEA):

7.1 Adequate Protection Mechanisms

• Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions

• Adequacy Decisions: Canada (PIPEDA), Switzerland, New Zealand recognized by EU

• Privacy Shield/Data Privacy Framework: For US-based processors (where applicable)

7.2 Your Rights

You can request copies of the safeguards we use for international transfers by contacting us at support@luminahelp.com.

 

8. DATA RETENTION

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law:

8.1 Retention Periods

• Order data: 7 years (tax and accounting law requirements)

• Account data: Until account deletion + 30 days

• Marketing data: Until consent is withdrawn + 30 days

• Contact inquiries: 3 years after resolution

• Website analytics: 14-26 months (Google Analytics settings)

• Cookie data: As specified in cookie settings (varies by type)

8.2 Deletion

After retention periods expire, your data is securely deleted or anonymized unless:

• You have consented to further use

• We are legally required to retain it

• It is necessary for legal claims

 

9. YOUR RIGHTS UNDER DATA PROTECTION LAWS

Your rights vary depending on your location. Below are the rights applicable to each jurisdiction:

9.1 EU/EEA Customers (GDPR Rights)

• Right of Access (Article 15 GDPR): Request a copy of your personal data

• Right to Rectification (Article 16 GDPR): Correct inaccurate data

• Right to Erasure (Article 17 GDPR): Request deletion ("right to be forgotten")

• Right to Restriction (Article 18 GDPR): Limit how we use your data

• Right to Data Portability (Article 20 GDPR): Receive your data in a structured format

• Right to Object (Article 21 GDPR): Object to processing based on legitimate interests

• Right to Withdraw Consent (Article 7(3) GDPR): Withdraw consent at any time

• Right to Lodge a Complaint (Article 77 GDPR): File a complaint with your supervisory authority

Supervisory Authority (Netherlands): Autoriteit Persoonsgegevens (AP)
Website: https://autoriteitpersoonsgegevens.nl

9.2 UK Customers (UK GDPR & Data Protection Act 2018)

Same rights as EU customers, enforced by:
UK Information Commissioner's Office (ICO)
Website: https://ico.org.uk

9.3 Canadian Customers (PIPEDA)

• Right to access your personal information

• Right to correct inaccurate information

• Right to withdraw consent

• Right to file a complaint with the Privacy Commissioner of Canada
  Website: https://www.priv.gc.ca

9.4 Australian Customers (Privacy Act 1988)

• Right to access your personal information (Australian Privacy Principle 12)

• Right to correct inaccurate information (APP 13)

• Right to complain to the Office of the Australian Information Commissioner (OAIC)
  Website: https://www.oaic.gov.au

9.5 New Zealand Customers (Privacy Act 2020)

• Right to access your personal information (Principle 6)

• Right to correct inaccurate information (Principle 7)

• Right to complain to the Privacy Commissioner
  Website: https://www.privacy.org.nz

9.6 US Customers (State-Specific Rights)

California (CCPA/CPRA):

• Right to know what data is collected

• Right to delete personal information

• Right to opt-out of data sales (we do not sell data)

• Right to non-discrimination

Other US States: Similar rights may apply under state laws (Virginia, Colorado, Connecticut, etc.)

 

10. DIRECT MARKETING

10.1 Email Newsletter

When you subscribe to our newsletter, we send regular updates about products, offers, and promotions.

Process:

• Double opt-in: You must confirm your subscription via email

• Legal basis: Article 6(1)(a) GDPR (consent)

• Data collected: Email address, name (optional), subscription date, IP address

Unsubscribe: Click the unsubscribe link in any newsletter or email support@luminahelp.com.

10.2 Marketing to Existing Customers

If you've purchased from us, we may send marketing emails about similar products under Article 6(1)(f) GDPR (legitimate interest). You can opt out at any time.

 

11. SOCIAL MEDIA PLUGINS

11.1 Facebook

We use Facebook plugins with privacy protection. Data transfer occurs only when you click the plugin.
Privacy Policy: https://www.facebook.com/privacy/policy

11.2 Instagram

Instagram plugins are embedded using privacy-enhanced methods. Data transfer occurs only upon interaction.
Privacy Policy: https://help.instagram.com/155833707900388

 

12. WEB ANALYTICS

12.1 Google Analytics

We use Google Analytics to analyze website traffic and user behavior. Your IP address is anonymized.

Legal Basis: Article 6(1)(f) GDPR (legitimate interest) or consent

Opt-Out: Use the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout

 

13. ONLINE ADVERTISING

13.1 Google Ads & DoubleClick

We use Google Ads to display relevant advertisements based on your interests.

Legal Basis: Article 6(1)(a) GDPR (consent via cookie banner)

Opt-Out: Adjust your Google Ads settings: https://adssettings.google.com

13.2 Facebook Pixel

We use Facebook Pixel to track conversions and optimize ad campaigns.

Legal Basis: Article 6(1)(a) GDPR (consent)

Opt-Out: Adjust Facebook ad preferences: https://www.facebook.com/ads/preferences

 

14. SECURITY MEASURES

We implement industry-standard security measures to protect your data:

• SSL/TLS encryption for data transmission

• Secure servers with firewall protection

• PCI DSS compliance for payment processing

• Access controls limiting employee access to data

• Regular security audits and vulnerability assessments

• Data backup systems to prevent data loss

 

15. DATA BREACH NOTIFICATION

In the event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify affected individuals within 72 hours (GDPR requirement)

• Notify relevant supervisory authorities as required by law

• Provide information about the breach and remedial actions

 

16. CHILDREN'S PRIVACY

Our website and services are not directed to individuals under 18 years of age. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately at support@luminahelp.com.

 

17. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Updates will be posted on this page with a revised "Last Updated" date. Continued use of our website after changes constitutes acceptance of the updated policy.

 

18. CONTACT US & EXERCISE YOUR RIGHTS

To exercise any of your rights or if you have questions about this Privacy Policy, please contact us:

Email: support@luminahelp.com
SMS: +1 (302) 329-5856 (SMS only)
Mail: Nexora, Elzenhoven 2, 3162 PJ Rhoon, Netherlands
Business Hours: Monday – Saturday, 9:00 AM – 5:00 PM CET

We will respond to your request within:

• 30 days (GDPR/UK)

• 30 days (PIPEDA Canada)

• 30 days (Australia Privacy Act)

• 20 working days (New Zealand Privacy Act)

• 45 days (CCPA California)

 

19. SUPERVISORY AUTHORITIES

You have the right to lodge a complaint with the relevant data protection authority in your jurisdiction:

Netherlands: Autoriteit Persoonsgegevens - https://autoriteitpersoonsgegevens.nl
UK: Information Commissioner's Office - https://ico.org.uk
Canada: Privacy Commissioner of Canada - https://www.priv.gc.ca
Australia: OAIC - https://www.oaic.gov.au
New Zealand: Privacy Commissioner - https://www.privacy.org.nz
US (California): California Attorney General - https://oag.ca.gov