Privacy policy
Privacy Policy
At LumoLuxe, we take your privacy seriously. This policy explains what data we collect, why we collect it, and how we look after it.
We've tried to keep this clear and human. If you have any questions, email us at support@lumoluxe.store and we'll respond within one working day.
Last updated: 24/05/2026
The short version
- We collect only the information needed to process your order and improve your experience.
- We never sell your data — to anyone, ever.
- We comply with UK GDPR and the Data Protection Act 2018.
- Payments are processed securely by Shopify — we never see or store your card details.
- You can request to see, update, or delete your personal data at any time by emailing support@lumoluxe.store.
- We use cookies to keep the store running smoothly — you can manage these through the cookie banner on first visit.
- We retain your order information for 6 years (required by UK tax and accounting law).
You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk — though we hope you'd email us first so we can put it right.
1. Who we are
LumoLuxe is a sole trader business based in the United Kingdom. We are the data controller for personal information collected through this website.
Contact for privacy enquiries: support@lumoluxe.store
2. The personal data we collect
We collect the following types of information when you use our website:
Information you give us directly
- Name (for delivery and order confirmation)
- Delivery address
- Billing address
- Email address
- Phone number (optional, used only if we need to reach you about your order)
- Any messages or feedback you send us
Information collected automatically when you visit
- Device type, browser type, and operating system
- IP address (rough location only — country and city, not your specific address)
- Pages visited and time spent on the site
- The website that referred you to us (if any)
- Cookie data (see Section 8)
Information related to your order
- Order history
- Products viewed and added to basket
- Payment status (but not your card details — see Section 4)
Information from email signups
- Email address
- Consent timestamp
- Any preferences you set
3. Why we collect this data
We only collect personal data where we have a clear and lawful reason to do so. Our lawful bases under UK GDPR Article 6 are:
| Why we process your data | Lawful basis |
|---|---|
| To fulfil your order (delivery, payment, customer service) | Contract — necessary to deliver what you bought |
| To send you marketing emails (only if you've opted in) | Consent — you can withdraw any time |
| To improve our site and prevent fraud | Legitimate interests — running a safe, well-functioning business |
| To meet our tax and accounting obligations | Legal obligation — required by UK law |
4. Payment data
We do not see or store your debit/credit card details at any point.
All payments are processed securely by Shopify Payments (and any other payment processors you choose at checkout, such as PayPal, Apple Pay, or Google Pay). These providers are PCI-DSS compliant and handle your card details directly.
Shopify shares with us only:
- Confirmation that the payment was successful
- The amount paid
- The last 4 digits of the card used (for refund matching)
We never have access to your full card number, CVV, or PIN.
5. Who we share your data with
We share your data only with trusted third parties who help us run the store. These are all "data processors" — meaning they handle data on our behalf and cannot use it for their own purposes.
The third parties we share data with:
- Shopify Inc. — our e-commerce platform, hosting, order management, and payment processing
- Payment processors — Shopify Payments, and optionally PayPal, Apple Pay, or Google Pay (depending on your choice at checkout)
- Shipping carriers — to deliver your order (e.g. Royal Mail, Evri, DPD)
- Email service provider — Shopify Email (for transactional and marketing emails)
- Product review provider — Loox (if you choose to leave a review)
- Order fulfilment — DSers (for processing orders from our suppliers)
- Analytics — Shopify Analytics, and Google Analytics where enabled
Each of these providers has its own privacy policy and meets UK GDPR data protection standards.
We never sell your personal data to anyone for marketing purposes.
6. International data transfers
Some of our service providers are based outside the UK (notably Shopify, which is based in Canada with data centres globally). When data is transferred outside the UK, we rely on legal safeguards under UK GDPR — including the UK Government's adequacy decisions and Standard Contractual Clauses — to ensure your data remains protected to the same standards as within the UK.
7. How long we keep your data
We keep your data only as long as we genuinely need it:
| Data type | How long we keep it |
|---|---|
| Order records (including name, address, items, payment confirmation) | 6 years — required by UK tax and accounting law |
| Customer account information | Until you ask us to delete it, or 3 years of inactivity |
| Email marketing subscriptions | Until you unsubscribe |
| Website analytics data | Up to 26 months (Google Analytics default) |
| Customer service correspondence | 2 years from the date of the last interaction |
After these retention periods, your data is deleted or anonymised.
8. Cookies
We use cookies — small text files stored on your device — to help our website function and to understand how visitors use it.
Types of cookies we use:
Essential cookies — required for the site to work (e.g. remembering what's in your cart, keeping you logged in, secure checkout). These cannot be switched off.
Analytical cookies — help us understand which pages are popular and how visitors move around the site. We use Shopify Analytics, and Google Analytics if enabled. These can be disabled via the cookie banner.
Marketing cookies — used to show you relevant content and offers, and to measure ad performance. Only enabled if you give consent through the cookie banner.
When you first visit our site, a cookie banner asks for your preferences. You can change your cookie preferences at any time through the cookie banner.
9. Your rights under UK GDPR
You have the following rights regarding your personal data. To exercise any of them, email support@lumoluxe.store.
- Right of access — request a copy of the personal data we hold about you
- Right to rectification — ask us to correct any inaccurate or incomplete data
- Right to erasure ("right to be forgotten") — request deletion of your data, where there's no overriding legal reason for us to keep it
- Right to restrict processing — ask us to limit how we use your data
- Right to data portability — receive your data in a structured, machine-readable format
- Right to object — object to certain types of processing, including direct marketing
- Right to withdraw consent — where we rely on consent (such as marketing emails), you can withdraw it any time
We'll respond to all requests within 30 days, as required by UK GDPR.
10. Marketing emails
If you've subscribed to our newsletter, we'll send you occasional emails about new arrivals, styling ideas, and offers.
- You can unsubscribe at any time by clicking the unsubscribe link at the bottom of any email
- We never share your email with other businesses for their marketing
- We use Shopify Email to send these messages
Transactional emails (order confirmations, shipping updates, return information) are sent regardless of marketing preferences, as they're necessary to fulfil your order.
11. Children's privacy
LumoLuxe is intended for users aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided personal data through our site, please email support@lumoluxe.store and we'll delete it immediately.
12. Security
We take reasonable steps to protect your personal data, including:
- Hosting on Shopify's secure infrastructure (PCI-DSS compliant, ISO 27001 certified)
- HTTPS encryption across the entire site
- Limited access to personal data — only people who need it to do their job
- Regular security reviews of the third parties we work with
No system is ever 100% secure, but we treat your data with the care we'd want for our own.
13. Changes to this policy
We may update this policy from time to time — for example, if we add new tools to the store or if the law changes.
When we do, we'll update the "Last updated" date at the top. For significant changes, we'll notify subscribers by email. Please check back periodically for the most current version.
14. How to contact us
For any privacy-related questions, requests, or concerns, email us at:
We aim to respond within one working day and to resolve all privacy requests within 30 days.
15. Lodging a complaint
If you have a concern about how we've handled your personal data, please email us first at support@lumoluxe.store — we genuinely want the chance to put things right.
You also have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner's Office (ICO) Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF United Kingdom
Helpline: 0303 123 1113 Website: ico.org.uk
This Privacy Policy was last updated on 24/05/2026. LumoLuxe is a sole trader business operating in the United Kingdom.