(Last updated: 26th August 2023)
Luma Box (www.lumabox.com) (“We” or “Us” or “Our”) is a Site operated by Georgia Clegg (doing business as Luma Box, a registered sole trader in the United Kingdom) respects the privacy of our users (“user” or “You”). Our Site is governed by the Laws of England and Wales.
This policy also explains how we process ‘personal data’ about people in accordance with applicable privacy and data protection laws and regulations.
We reserve the right to make changes to this policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this policy. Any changes or modifications will be effective immediately upon posting the updated policy on the Site, and you waive the right to receive specific notice of each such change or modification.
You are encouraged to periodically review this policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised policy by your continued use of the Site after the date such revised policy is posted.
In the course of collecting or processing user data, We ensure that at every point when consent is sought the user is made aware of:
- What data will be gathered;
- How their data will be used;
- The nature and frequency of the communication they should expect to receive;
- Steps they may take to later revoke that consent; and
Any personal information we hold about you is stored and processed in accordance with the United Kingdom’s Data Protection Act 1998 and the General Data Protection Regulation (GDPR).
1. Collection of Your Information
We may collect information about you in a variety of ways which includes (but is not limited to) through log files, technological data (IP, browser used, device ID, Operating System , cookies and analytics services.
The information we collect on the Site may include:
1.1 Personal Data
Personally identifiable information, such as your name, email address, physical address (or any other geographical location), wallet address,, internet service provider (ISP), log files, and telephone number, and demographic information, that you voluntarily give to us when you subscribe to use our service, or when you choose to participate in various activities related to the Site , such a purchase in our e-shop. You are under no obligation to provide us with personal information of any kind, however your refusal to do so may prevent you from using certain features of the Site.
1.2 Derivative Data
Information our servers automatically collect when you access the Site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site.
1.3 Financial Data
Financial information, such as data related to your payment method that we may collect when you make a purchase, order, return, exchange, or request information about our services from the Site. We accept payments through PayPal and Stripe (known as “payment gateways”). When processing payments, some of your data will be passed to PayPal and Stripe, including information required to process or support the payment.
1.4 Mobile Device Data
Device information, such as your mobile device ID, model, and manufacturer, ISP (or service provider), and information about the location of your device, if you access the Site from a mobile device.
2. Use of Your Information
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Site to:
- Comply with relevant laws and regulations such as anti-money laundering laws concerning payments made on the Site.
- Compile anonymous statistical data and analysis for use internally or with third parties.
- Create and manage your account.
- Deliver targeted advertising, coupons, newsletters, and other information regarding promotions and the Site to you.
- Email you regarding your account or order.
- Enable user-to-user communications, if applicable.
- Fulfill and manage purchases, orders, payments, and other transactions related to the Site.
- Generate a personal profile about you to make future visits to the Site more personalized.
- Increase the efficiency and operation of the Site.
- Monitor and analyze usage and trends to improve your experience with the Site.
- Notify you of updates to the Site.
- Offer new products, services, mobile applications, and/or recommendations to you.
- Perform other business activities as needed.
- Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
- Process payments.
- Request feedback and contact you about your use of the Site.
- Resolve disputes and troubleshoot problems.
- Respond to product and customer service requests.
3. Disclosure of Your Information
We may share information we have collected about you in certain situations. Your information may be disclosed as follows:
3.1 By Law or to Protect Rights
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.
3.2 Third-Party Service Providers
We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
Some of the third-party service providers that we may use to process and store your data and information include (but are not limited to) the following:
ii. Download Monitor
Download Monitor keeps logs that contain the IP address of a user who downloads anything for free on lumabox.com i.e. a download not requiring the user to go through the checkout process.
iii. Google Analytics
When someone visits www.lumabox.com we use a third-party service, Google Analytics (GA4), to collect standard internet log information and details of visitor behavior patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Opt-out: Download the browser plugin “Google Analytics Opt-out Browser Add-on” here.
We collect information about you during the checkout process in our e-store.
What we collect and store
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed;
- Location, IP address and browser type: we’ll use this to better understand where in the world our customers are located in order to improve the website and customer experiences.
We store information about you for as long as we need the information for the purposes for which we collect and use it.
We use third-party services like PayPal and Stripe to process payments in our WooCommerce shop (known as “payment gateways”). Information shared with a payment gateway to process payments includes:
- Unique payment identifier
- Payment provider identifier
While the activities of payment companies such as PayPal and Stripe are outside our control, you may apprise their privacy and data protection practices by reading the latest versions of their privacy policies.
v. Amazon Affiliates – OneLink
This website contains Amazon Affiliate links. OneLink is a system by which, when a link is clicked, Amazon endeavours to direct you to your native storefront. In order to do this, a line of code has been placed on each page of the website known as oneTag.
oneTag receives the following personal information:
IP address used for fraud detection and traffic quality; URL, clicks on and views of Amazon affiliate links, along with general information about browsers and OS. This information is used to create aggregate, user-anonymous reports for associates to help them create more useful and relevant content and measure the success of their affiliate marketing (“oneTag reporting”); A pseudonymised identifier (Cookie ID). This identifier is used by Amazon Associates systems to recognise users pseudonymously in order to maintain opt-out status.
oneTag does not associate user interactions on associates’ sites with personally identifiable information. OneTag only keeps personal information collected through oneTag for as long as required to provide oneTag reporting, in accordance with their Privacy Notice and applicable laws. No personal information is collected for oneTag automatic link tagging. OneTag does not provide any personal information to associates as part of oneTag reporting.
Opt-out of oneTag data reporting here.
3.4 Online Posting
When you post content on the Site, your posts may be viewed by all users and may be publicly distributed outside the Site in perpetuity without our influence.
3.6 Sale or Bankruptcy
We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.
4. Tracking Technologies
4.1 Cookies and Web Beacons
Please see Appendix 1.1 for a table of the cookies we use on this site and information about their origin, purpose, duration and type.
5. Third-Party Websites
6. Security of Your Information
We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.
7. Data Subject Rights
Persons whose personal data are held by us are entitled to the following rights:
(a) right to be informed of the processing of data;
(b) right to complain or send a request to us;
(c) right to obtain information about their data from us free of charge except as otherwise
(d) provided by regulation or public policy;
(e) right to withdraw consent;
(f) right to access their personal data;
(g) right to data portability;
(h) right to data rectification;
(i) right to restrict or object the processing of their data;
(j) right to be informed where their data is being processed for additional purposes;
(k) right to be informed about the transfer of their data to another country;
(l) right to complain to relevant authority; and
(m) right to data deletion.
You may exercise any of your rights by contacting us. For example, you may contact us to ask us what data we hold about you, who has access to it and how it is being used. We will also delete any data about you that we hold if you ask us to.
8. Contact Us
If you have an enquiry or a complaint about the way we handle your personal information, or to seek to exercise your privacy rights in relation to the personal information we hold about you, you may contact our privacy officer, Georgia Clegg, through our email address below.
1.1 Cookies we use on this site
MailChimp sets the cookie to record which page the user first visited.
Youtube sets this cookie to track the views of embedded videos on Youtube pages.
Amazon Adsystem sets this cookie as part of its affiliate marketing programme.
Google Analytics sets this cookie to store and count page views.
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
This cookie is used to detect and defend when a client attempts to replay a cookie.This cookie manages the interaction with online bots and takes the appropriate actions.
This cookie is used by Akamai to optimize site security by distinguishing between humans and bots
This cookie is set by the provider Akamai Bot Manager. This cookie is used to manage the interaction with the online bots. It also helps in fraud preventions
PayPal sets this cookie to enable secure transactions through PayPal.
PayPal sets this cookie to make safe payments through PayPal.
PayPal sets this cookie to set user’s preferred language.
PayPal sets this cookie for secure transactions.
PayPal sets this cookie to enable the PayPal payment service on the website.
PayPal sets this cookie to enable the PayPal payment service on the website.
PayPal sets this cookie to process payments on the site.
This cookie is necessary for the PayPal login function on the website.
YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
YouTube sets this cookie via embedded YouTube videos and registers anonymous statistical data.
This is a Mailchimp functionality cookie used to evaluate the UI/UX interaction with its platform
This is a mailchimp functionality cookie used to evaluate the UI/UX interaction with its platform.