Privacy Policy

(Last updated: 26th August 2023)

Luma Box (www.lumabox.com) (“We” or “Us” or “Our”) is a Site operated by Georgia Clegg (doing business as Luma Box, a registered sole trader in the United Kingdom) respects the privacy of our users (“user” or “You”). Our Site is governed by the Laws of England and Wales.

“Personal information” means information or an opinion about an identified individual, or an individual who is reasonably identifiable. This privacy policy explains how we collect, use, disclose, and safeguard your information when you visit our Site, including any other media form, media channel related or connected thereto. Please read this privacy policy carefully.  If you do not agree with the terms of this privacy policy, please do not access the Site. 

This policy also explains how we process ‘personal data’ about people in accordance with applicable privacy and data protection laws and regulations.

We reserve the right to make changes to this policy at any time and for any reason.  We will alert you about any changes by updating the “Last Updated” date of this policy.  Any changes or modifications will be effective immediately upon posting the updated policy on the Site, and you waive the right to receive specific notice of each such change or modification. 

You are encouraged to periodically review this policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised policy by your continued use of the Site after the date such revised policy is posted.  

In the course of collecting or processing user data, We ensure that at every point when consent is sought the user is made aware of:

  • What data will be gathered;
  • How their data will be used;
  • The nature and frequency of the communication they should expect to receive;
  • Steps they may take to later revoke that consent; and
  • An opportunity to read this privacy policy.

Any personal information we hold about you is stored and processed in accordance with the United Kingdom’s Data Protection Act 1998 and the General Data Protection Regulation (GDPR).


1. Collection of Your Information

We may collect information about you in a variety of ways which includes (but is not limited to) through log files, technological data (IP, browser used, device ID, Operating System , cookies and analytics services.

The information we collect on the Site may include:

1.1 Personal Data 

Personally identifiable information, such as your name, email address, physical address (or any other geographical location), wallet address,, internet service provider (ISP), log files, and telephone number, and demographic information, that you voluntarily give to us when you subscribe to use our service, or when you choose to participate in various activities related to the Site , such a purchase in our e-shop. You are under no obligation to provide us with personal information of any kind, however your refusal to do so may prevent you from using certain features of the Site.

1.2 Derivative Data 

Information our servers automatically collect when you access the Site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site. 

1.3 Financial Data 

Financial information, such as data related to your payment method that we may collect when you make a purchase, order, return, exchange, or request information about our services from the Site.  We accept payments through PayPal and Stripe (known as “payment gateways”). When processing payments, some of your data will be passed to PayPal and Stripe, including information required to process or support the payment.

1.4  Mobile Device Data 

Device information, such as your mobile device ID, model, and manufacturer, ISP (or service provider), and information about the location of your device, if you access the Site from a mobile device.


2. Use of Your Information

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience.  Specifically, we may use information collected about you via the Site to: 

  • Comply with relevant laws and regulations such as anti-money laundering laws concerning payments made on the Site.
  • Compile anonymous statistical data and analysis for use internally or with third parties. 
  • Create and manage your account.
  • Deliver targeted advertising, coupons, newsletters, and other information regarding promotions and the Site to you. 
  • Email you regarding your account or order.
  • Enable user-to-user communications, if applicable.
  • Fulfill and manage purchases, orders, payments, and other transactions related to the Site.
  • Generate a personal profile about you to make future visits to the Site more personalized.
  • Increase the efficiency and operation of the Site.
  • Monitor and analyze usage and trends to improve your experience with the Site.
  • Notify you of updates to the Site.
  • Offer new products, services, mobile applications, and/or recommendations to you.
  • Perform other business activities as needed.
  • Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
  • Process payments.
  • Request feedback and contact you about your use of the Site.
  • Resolve disputes and troubleshoot problems.
  • Respond to product and customer service requests.


3. Disclosure of Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:  

3.1 By Law or to Protect Rights 

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.  This includes exchanging information with other entities for fraud protection and credit risk reduction.

3.2 Third-Party Service Providers 

We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.  

Some of the third-party service providers  that we may use to process and store your data and information include (but are not limited to) the following:

i. Mailchimp

We use Mailchimp to manage email marketing subscriber lists and send emails to our subscribers. Read their Privacy Policy.

ii. Download Monitor

Download Monitor keeps logs that contain the IP address of a user who downloads anything for free on lumabox.com i.e. a download not requiring the user to go through the checkout process.

Read more about their Privacy Policy

iii. Google Analytics

When someone visits www.lumabox.com we use a third-party service, Google Analytics (GA4), to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

Learn more from their Terms of Service and Privacy Policy. Read more about how Google uses information from sites that use its services, including how you can control the information collected by Google here

Opt-out: Download the browser plugin “Google Analytics Opt-out Browser Add-on” here.

iv. WooCommerce

We collect information about you during the checkout process in our e-store.

What we collect and store

While you visit our site, we’ll track:

  • Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed;
  • Location, IP address and browser type: we’ll use this to better understand where in the world our customers are located in order to improve the website and customer experiences.
  • We’ll also use cookies to keep track of cart contents while you’re browsing our site.

We store information about you for as long as we need the information for the purposes for which we collect and use it.

Read more about privacy and the WooCommerce marketplace here and read WooCommerce’s Privacy Policy here

Payment Gateways

We use third-party services like PayPal and Stripe to process payments in our WooCommerce shop (known as “payment gateways”). Information shared with a payment gateway to process payments includes:

  • Name
  • Email
  • Address
  • Phone
  • City/State/Zip
  • Unique payment identifier
  • Payment provider identifier

While the activities of payment companies such as PayPal and Stripe are outside our control, you may apprise their privacy and data protection practices by reading the latest versions of their privacy policies.

Read PayPal’s Privacy Policy here. Read Stripe’s Privacy Policy here.

v. Amazon Affiliates – OneLink

This website contains Amazon Affiliate links. OneLink is a system by which, when a link is clicked, Amazon endeavours to direct you to your native storefront. In order to do this, a line of code has been placed on each page of the website known as oneTag. 

oneTag receives the following personal information:

IP address used for fraud detection and traffic quality; URL, clicks on and views of Amazon affiliate links, along with general information about browsers and OS. This information is used to create aggregate, user-anonymous reports for associates to help them create more useful and relevant content and measure the success of their affiliate marketing (“oneTag reporting”); A pseudonymised identifier (Cookie ID). This identifier is used by Amazon Associates systems to recognise users pseudonymously in order to maintain opt-out status.

oneTag does not associate user interactions on associates’ sites with personally identifiable information. OneTag only keeps personal information collected through oneTag for as long as required to provide oneTag reporting, in accordance with their Privacy Notice and applicable laws. No personal information is collected for oneTag automatic link tagging. OneTag does not provide any personal information to associates as part of oneTag reporting.

You can read oneTag’s Privacy Policy here

Opt-out of oneTag data reporting here.

vi. Wordfence 

The site uses Wordfence plugin for Woocommerce to protect it from security threats. The plugin uses cookies in order to perform this function. You can read about the cookies it uses here


3.4 Online Posting

When you post content on the Site, your posts may be viewed by all users and may be publicly distributed outside the Site in perpetuity without our influence. 


3.5 Affiliates 

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.


3.6  Sale or Bankruptcy 

If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity.  If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party.  You acknowledge that such transfers may occur, and that the transferee may decline honor commitments we made in this privacy policy.

We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations.  If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.


4. Tracking Technologies


4.1 Cookies and Web Beacons

We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Site to help customize the Site and improve your experience. When you access the Site, your personal information is collected through the use of tracking technology. Most browsers are set to accept cookies by default. Upon first visiting the site we ensure that a banner appears to make you aware of the cookies we are using (by linking to this Privacy Policy) and giving you the opportunity to reject or accept the cookies. Please be aware that rejecting cookies could affect the availability and functionality of the Site. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.

Please see Appendix 1.1 for a table of the cookies we use on this site and information about their origin, purpose, duration and type. 


5. Third-Party Websites

The Site may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Site, any information you provide to these third parties is not covered by this privacy policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices, if any, of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Site.


6. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information.  While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.  Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.


7. Data Subject Rights

Persons whose personal data are held by us are entitled to the following rights: 

(a) right to be informed of the processing of data;
(b) right to complain or send a request to us;
(c) right to obtain information about their data from us free of charge except as otherwise
(d) provided by regulation or public policy;
(e) right to withdraw consent;
(f) right to access their personal data;
(g) right to data portability;
(h) right to data rectification;
(i) right to restrict or object the processing of their data;
(j) right to be informed where their data is being processed for additional purposes;
(k) right to be informed about the transfer of their data to another country;
(l) right to complain to relevant authority; and
(m) right to data deletion.

You may exercise any of your rights by contacting us. For example, you may contact us to ask us what data we hold about you, who has access to it and how it is being used. We will also delete any data about you that we hold if you ask us to.


8. Contact Us

If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our privacy officer, Georgia Clegg, through our email address below.

By Email:



1.1 Cookies we use on this site 








MailChimp sets the cookie to record which page the user first visited.

1 Month




Youtube sets this cookie to track the views of embedded videos on Youtube pages.





Amazon Adsystem sets this cookie as part of its affiliate marketing programme.

7 Months




Google Analytics sets this cookie to store and count page views.

2 Years




Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.

2 Years




This cookie is used to detect and defend when a client attempts to replay a cookie.This cookie manages the interaction with online bots and takes the appropriate actions.

1 Year




This cookie is used by Akamai to optimize site security by distinguishing between humans and bots

2 Hours




This cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions

4 hours




PayPal sets this cookie to enable secure transactions through PayPal.

3 Years




PayPal sets this cookie to make safe payments through PayPal.

3 Years




PayPal sets this cookie to set user’s preferred language.

9 Hours




PayPal sets this cookie for secure transactions.

1 Year 




PayPal sets this cookie to enable the PayPal payment service on the website.





PayPal sets this cookie to enable the PayPal payment service on the website.

3 Days




PayPal sets this cookie to process payments on the site.





This cookie is necessary for the PayPal login function on the website.

30 Minutes




YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.

6 Months




YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.

2 Years




Managing cookies





This is a Mailchimp functionality cookie used to evaluate the UI/UX interaction with its platform

1 Year




This is a mailchimp functionality cookie used to evaluate the UI/UX interaction with its platform.



Scroll to Top