Privacy Policy
Effective date: 1 February 2026
Last updated: 1 February 2026
1. Controller
Lumessentials, with its registered office at Via Verdinois 9, 80128 Napoli, Italy, is the data controller responsible for your personal data collected through the website lumessentials.skin (the “Site”).
Contact:
Email for Data protection inquiries: hello@lumessentials.skin
General contact: hello@lumessentials.skin
2. The data we collect and why
We only collect data necessary for specific, legitimate purposes, as outlined below.
| Category of data | Purpose of processing | Legal basis for processing (GDPR) |
| Identity & contact data (name, email, billing/shipping address, phone number). | To process and fulfil your order, manage your account, send transactional emails (order confirmations, shipping updates), and provide customer support. | Performance of a contract (to sell and deliver the goods you ordered). |
| Financial & transaction data (payment details, purchase history). Note: we do not store full payment card numbers; our secure payment processor does. | To process your payments and handle refunds or returns. | Performance of a contract. Legal obligation (for financial record-keeping). |
| Profile & communication data (account password, preferences, customer service queries). | To manage your account, personalise your experience, and resolve your inquiries. | Performance of a contract (account management). Legitimate interest (improving customer service). |
| Technical & usage data (IP address, browser type, device info, pages visited, via cookies). | To ensure the security and proper functioning of our Site, analyse usage to improve our services, and prevent fraud. | Legitimate interest (network security, site administration, and business improvement). Consent (for non-essential cookies). |
| Marketing & newsletter data (email address). | To send you marketing communications about our products, news, and offers (only if you explicitly opt-in). | Your consent. You can withdraw consent at any time by clicking “unsubscribe”. |
3. How we share your data
We do not sell your personal data. We only share it with trusted third-party service providers under strict agreements, and only as necessary for the purposes described above:
Payment processors: To securely handle payments.
Shipping & fulfilment partners (e.g., postal/courier services): To deliver your orders.
IT & hosting providers: To host our Site and manage our email services.
Professional advisors: Such as accountants or lawyers, where required by law.
Government/authorities: If required to comply with a legal obligation.
All third parties are contractually obligated to handle your data securely and only in accordance with our instructions.
4. International transfers
If we transfer your data outside the European Economic Area (EEA) (e.g., if a service provider is based in the US), we ensure an adequate level of protection is in place through either:
An adequacy decision by the European Commission for that country; or
Standard Contractual Clauses (SCCs) approved by the European Commission.
You can request details of these safeguards by contacting us.
5. Data retention
We retain your personal data only as long as necessary for the purposes it was collected:
Order data: For the duration of our contractual relationship and thereafter as required by tax and commercial law (typically 7-10 years).
Newsletter data: Until you unsubscribe.
Customer service inquiries: For a reasonable period after the inquiry is resolved.
We periodically review and securely delete or anonymise data that is no longer needed.
6. Your data protection rights
Under the GDPR, you have the following rights:
Right of access: To request a copy of your personal data we hold.
Right to rectification: To correct inaccurate or incomplete data.
Right to erasure (“Right to be Forgotten”): To request deletion of your data, subject to legal exceptions.
Right to restriction of processing: To request we temporarily stop processing your data in certain cases.
Right to data portability: To receive your data in a structured, machine-readable format.
Right to object: To object to processing based on our legitimate interests.
Right to withdraw consent: To withdraw consent for marketing at any time.
To exercise any of these rights, please contact us using the details in Section 1. We will respond within one month. You also have the right to lodge a complaint with your national Data Protection Authority.
7. Cookies and similar technologies
Our Site uses necessary cookies for basic functionality (e.g., shopping cart). For analytical or advertising cookies, we will request your consent via a cookie banner when you first visit our Site. You can manage your preferences at any time through your browser settings or our cookie consent tool.
8. Embedded content
Articles on this site may include embedded content (e.g. links to other pages or articles). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
9. Security
We implement appropriate technical and organisational measures (like SSL encryption on our Site and secure servers) to protect your data against unauthorised access, loss, or alteration. However, no internet transmission is 100% secure.
10. Policy updates
We may update this policy to reflect changes in our practices or the law. The Last updated date at the top will indicate when changes were made. We encourage you to review this page periodically.
11. Contact us
For any questions about this Privacy Policy or your personal data, please contact us at: hello@lumessentials.skin