Privacy policy

Privacy Policy

This policy was last modified on[].

This privacy policy describes how Lunette Sp. z.o.o. (hereinafter "Lunette", "we", "us", "our", etc.) collects, uses and protects the personal data of our customers and other website visitors on our website.

We are committed to respecting and protecting the privacy of our customers and to processing personal data in accordance with applicable data protection legislation, including but not limited to the General Data Protection Regulation (EU) 2016/679 ("GDPR") and good data protection practices.

Who is the data controller?

The controller for the processing of your personal data is

·      Lunette Sp. z.o.o., a corporation duly organized under the laws of Poland, with its registered address at ul. Marszałkowska 58 Lok. 15, Warszawa, 00-545, Poland

If you have any questions relating to the processing of your personal data, please contact info@lunette.com.

What information do we collect?

  • We collect information from you when you register on the site, place an order, enter a contest or sweepstakes, respond to a survey or communication such as e-mail, or participate in another site feature.
  • When ordering or registering, we may ask you for your name, e-mail address, mailing address, phone number, credit card information. You may, however, visit our site anonymously.
  • We also collect information about gift recipients so that we can fulfill the gift purchase. The information we collect about gift recipients, such as name, address and the gift itself is not used for marketing purposes.
  • We collect your consent when this is required under applicable law
  • Like many websites, we use "cookies" to enhance your experience and gather information about visitors and visits to our websites. Please refer to the "Do we use 'cookies'?" section below for information about cookies and how we use them.

How do we use your information and what is the legal basis for the processing?

We may use the information we collect from you when you register, purchase products, enter a contest or promotion, respond to a survey or marketing communication, browse our website, or use certain other site features, such as marketing programs, in the following ways:

  • To quickly process your transactions.
    • The legal basis for the processing is the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract;

·       To allow us to better service you in responding to your customer service requests.

    • The legal basis for the processing is our legitimate interest. It is in our legitimate interest as a business to ensure that our customers receive timely and accurate assistance. We consider that our interest is not overridden by your rights and freedoms, as the processing is limited to what is required to handle your request and is something you would reasonably expect when contacting our customer service team.

·       To administer a contest, promotion, survey or other site feature such as marketing programs.

o   The legal basis for this processing is the performance of a contract to which you are a party, namely the terms and conditions governing your participation in the contest or promotion. Where processing goes beyond what is strictly necessary for this purpose, we rely on our legitimate interests in operating and promoting our business. We consider that our legitimate interests are not overridden by your rights and freedoms, as the processing is limited to what is necessary to administer the contest or promotion and is something you would reasonably expect when choosing to participate.

·       If you have opted-in to receive our e-mail newsletter, we may send you periodic e-mails. If you would no longer like to receive promotional e-mail from us, please refer to the "What are your rights?" section below. If you have not opted-in to receive e-mail newsletters, you will not receive these e-mails. Personal data relating to visitors who register or participate in other site features such as marketing programs and 'members-only' content will only be processed if they consent  to beeing on our e-mail list and receive e-mail communications from us.

o   The legal basis for the processing is your consent

  • To personalize your site experience and to allow us to deliver the type of content and product offerings in which you are most interested.

o   The legal basis for the processing is your consent

·       Where you have given us consent for a specific processing activity, we are required by law to retain a record of that consent, including the date, time, and nature of the consent given, for as long as the relevant processing activity continues and for a reasonable period thereafter.

o   The legal basis for the processing is the compliance with a legal obligation

How do we protect personal information?

We implement a variety of security measures to maintain the safety of your personal information. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. When you place orders or access your personal information, we offer the use of a secure server. All sensitive/credit information you supply is transmitted via Secure Socket Layer (SSL) technology and then encrypted to be only accessed as stated above.

Do we use cookies?

Yes.. Cookies are small text files that are placed on your device by websites that you visit. They are stored in your browser and allow the website or its service providers to recognize your device and remember certain information about your visit. When visiting our website, you may either allow all cookies, select your preferred options, or disable non-essential cookies. Essential cookies must always be accepted.

For instance, we use cookies to identify you when you log in and help us remember and process the items in your shopping cart. These technical cookies are vital for the proper function of our online store, and they cannot be switched off

We also use cookies to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. For personalization of your site experiences a third-party cookie is installed in your browser.

Statistical cookies help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. Any data that can be linked to a certain customer in some ways are treated as personal information.




.

You can manage your cookie preferences at any time by clicking [Manage Cookie Preferences] on our website. You may choose to accept or reject cookies by category. Please note that strictly necessary cookies cannot be disabled, as they are essential for our store to function correctly. If you choose to disable analytics or other non-essential cookies, some features of our store may be less efficient, but you will retain full access to its core functionality. You may withdraw your consent at any time by adjusting your cookie preferences using the link above.

Details of all cookies used on our website are shown in Annex A to this policy below.Do we disclose the information we collect to outside parties?

We do not share your personal data with third parties except as described in this privacy policy and where there is a lawful basis for doing so.

We may share your personal data with trusted third-party service providers who assist us in operating our website, conducting our business, and servicing you. These include, for example, website hosting providers, IT service providers, and customer service platforms. Where we share your personal data with such parties, they act as data processors on our behalf and are bound by a written Data Processing Agreement in accordance with Article 28 of the GDPR. They are permitted to process your personal data only on our documented instructions and are not authorized to use it for their own purposes.

·      The third-party service providers we currently use include:

o   Shopify — the e-commerce platform that powers our online store. Shopify processes data such as your browsing activity, order information, and payment details (please see below) on our behalf.

o   Yotpo — our product review platform. If you choose to leave a product review, your name and email address will be shared with Yotpo for this purpose.

o   Zendesk — our customer support and feedback platform. If you contact us or submit feedback, your personal data will be stored and managed through Zendesk.

o   HubSpot — our newsletter platform. If you subscribe to our newsletter, your name and email address will be processed by HubSpot on our behalf.

 

·      Payment Processors

When you make a purchase from our webstore, your payment is processed through one of the following payment options. We do not receive or store your full payment card details.

o   Shopify Payments — If you complete your purchase using Shopify’s payment solution, your payment information is processed securely by Shopify International Ltd and its authorized payment service providers. Payment data is encrypted and handled in accordance with applicable payment industry security standards (e.g. PCI DSS). For further information about how Shopify processes your payment data, please refer to Shopify's Privacy Policy.

 

o   Google Pay — if you choose to pay using Google Pay, your payment is processed by Google Payment Ireland Limited. Google Pay uses tokenization technology, meaning your actual card details are not shared with us. Google processes your payment data as an independent data controller in accordance with its own privacy policy and applicable financial regulations. For further information, please refer to Google's Privacy Policy.

The payment providers adhere to applicable security standards, including PCI-DSS compliance, and are independently responsible for the security and processing of your payment data. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

Please note that in the above arrangements, the characterization of each service provider's role differs depending on the nature of the processing activity. Shopify International Ltd acts primarily as a data processor, processing your personal data on our behalf and only in accordance with a Data Processing Agreement entered into with us and our instructions and applicable data protection laws. Google Payment Ireland Limited acts as an independent data controller with respect to your payment data from the outset of the transaction. In certain circumstances, service providers who primarily act as data processors may also process your personal data as independent data controllers for their own purposes. This includes, for example, processing carried out for the purposes of possible additional services offered by the provider, fraud prevention, security, and compliance with the service providers' own legal obligations. Where the service providers act as independent data controllers, they do so under their own privacy policies and are independently responsible for compliance with applicable data protection laws. For further information, please refer to the privacy policies of the service providers (links below):

·      Yotpo

·      Zendesk

·      Hubspot

·      Shopify privacy policy

·      Google payments

 

·      Other

We may also share your personal data with our affiliated entities for the purposes set forth in this privacy policy.

We may further disclose your personal data to competent authorities, courts, or other third parties where we are required to do so by applicable law.

Is your data sent to recipients outside of the EU/EEA?

Personal data processed in accordance with this privacy policy may be transferred outside the European Union or the European Economic Area ("EU/EEA"). Where personal data is transferred outside the EU/EEA, such transfers will be made to a country for which the European Commission has issued a decision on the adequacy of the level of data protection, or the transfers are carried out using appropriate safeguards, such as standard contractual clauses approved by the European Commission. Further information on the transfer of personal data is available on request.




What are your rights?

As a data subject, you have the following rights under the GDPR:

·      Access — You may request a copy of the personal data we hold about you

·      Rectification and erasure — You may ask us to correct inaccurate or incomplete personal data, or to erase your personal data where, for example, it is no longer necessary for the purposes for which it was collected or the processing is unlawful

·      Restriction — You may request that we restrict the processing of your personal data, for example whilst we verify its accuracy or where you require it for the establishment, exercise or defence of legal claims

·      Objection — You may object to certain processing of your personal data, including processing based on our legitimate interests or for direct marketing purposes

·      Data portability — Where processing is based on your consent or a contract and carried out automatically, you may request that your personal data be provided in a structured, commonly used and machine-readable format, or transmitted directly to another controller

·      Withdrawal of consent — Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

·      To unsubscribe from direct marketing, please email info@lunette.com or click the "unsubscribe" link in any of our communications

·      Complaints — If you believe we are not processing your personal data in accordance with applicable law, you may lodge a complaint with the Office of the Data Protection Ombudsman (tietosuoja@om.fi)

Please contact info@lunette.com if you wish to exercise any of your rights.

How long do we store your information?

We store your information only for as long as it is necessary for performing the task for which the information is collected and processed:

·      Transaction data: Personal data related to transactions is retained at least for the duration of the statutory limitation period for contractual claims, which is generally three years from the date the claim became due or from the date we became aware, or should have become aware, of the claim. Where a claim relates to a defect in goods sold to a consumer, personal data may be retained for a longer period in accordance with our obligations under the Finnish Consumer Protection Act.

·      Customer service requests: Personal data related to customer service enquiries is retained for up to one year from the closure of the request

·      Contest, promotion and survey related data: Personal data is retained for the duration of the contest, promotion or survey and, where applicable, for a reasonable period thereafter not exceeding two months to administer prize delivery or fulfil related obligations.

·      Marketing communications data: Personal data processed for marketing purposes is retained for as long as you have not withdrawn your consent or objected to such processing, as applicable. We may retain a record of your opt-out request for a longer period (e.g. three years) to demonstrate compliance with our legal obligations and to ensure that you are not contacted again.

Your personal data may be stored longer when it is needed for lawful obligations such as accounting, record keeping or performing the responsibilities in consumer sales.

Information necessary for customer-related services

The provision of personal data is required in order to enter into and perform a purchase agreement with us (e.g. processing your order and delivery). Certain personal data may also be required to comply with our legal obligations, such as accounting and consumer protection laws. You are not obliged to provide your personal data; however, if you choose not to provide the data required for these purposes, we will not be able to process your order, deliver products, or provide related customer services.

Where we request personal data that is not strictly necessary for these purposes (such as marketing communications, or improving our services), the provision of such data is voluntary. Choosing not to provide voluntary data will not affect your ability to make purchases, although certain features or services may not be available.

Third party links

In an attempt to provide you with increased value, we may include third party links on our site. These linked sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these linked sites (including if a specific link does not work).

Age of consent

Our website and services are not directed at children under the age of 13. We do not knowingly collect personal data from children under the age of 13 without the consent of a parent or guardian. If you are under the age of 13, please do not use our website or provide us with your personal data without the consent of your parent or guardian. If we become aware that we have collected personal data from a child under the age of 13 without appropriate consent, we will take steps to delete that data as soon as possible. If you believe we may have collected personal data from a child under the age of 13, please contact us at [contact details]

Changes to our policy

If we decide to change our privacy policy, we will post those changes on this page. Policy changes will apply only to information collected after the date of the change. 

Questions and feedback

We welcome your questions, comments, and concerns about privacy. Please send us any and all feedback pertaining to privacy, or any other issue to the following email address: info@lunette.com.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Annex A     Cookies we use

Please note that the cookies on our site are set by Shopify, the e-commerce platform that powers our store. Whilst these cookies are technically set on our domain, they are created and controlled by Shopify. For further information about how Shopify uses cookies, please refer to Shopify's Privacy Policy.

Cookie name

_session_id

Category

Necessary

Type

Sessional

Purpose

Allows Shopify to store information about your browsing session in our webstore

Collected data

It stores a unique session token and basic session information, such as the page you first visited and how you arrived at our store

Expiry date/time

N/A (sessional)

Set by

Set by Shopify. Please visit Shopify's privacy policy for information on how they process your personal data:

https://www.shopify.com/legal/privacy

 

Cookie name

shopify_visit

Category

Analytics/performance

Type

Sessional

Purpose

To record visits to our webstore and provide us with analytics data about how visitors find and interact with our store

Collected data

Unique visit identifier, referrer information (e.g. the website or search engine you visited us from), landing page, timestamp of visit and traffic source data

Expiry date/time

30 minutes from last webpage visit

Set by

Set by Shopify. Please visit Shopify's privacy policy for information on how they process your personal data:

https://www.shopify.com/legal/privacy

 

 

Cookie name

shopify_uniq

Category

Analytics/performance

Type

Persistent

Purpose

Counting unique visitors to our store

Collected data

A unique identifier linked to your device and browser, and a timestamp recording when the visit took place

Expiry date/time

Expires at midnight on the day of the visit

 

Set by

Set by Shopify. Please visit Shopify's privacy policy for information on how they process your personal data:

https://www.shopify.com/legal/privacy

 

Cookie name

cart

Category

Necessary

Type

Persistent

Purpose

To store the contents of your shopping basket and ensure they are retained as you browse our store and on return visits within the cookie's lifetime

Collected data

A unique identifier linked to your device and browser, and the contents of your shopping basket including product selections, quantities, and prices

Expiry date/time

14 days

Set by

Set by Shopify. Please visit Shopify's privacy policy for information on how they process your personal data:

https://www.shopify.com/legal/privacy

 

Cookie name

secure_session_id

Category

Necessary

Type

Sessional

Purpose

To maintain a secure session over an encrypted HTTPS connection, protecting sensitive interactions such as login and checkout from security threats

Collected data

A unique secure session token linked to your device and browser, used to maintain and authenticate your secure browsing session

Expiry date/time

When the browser is closed

Set by

Set by Shopify. Please visit Shopify's privacy policy for information on how they process your personal data:

https://www.shopify.com/legal/privacy

 

Cookie name

storefront_digest

Category

Necessary

Type

Persistent

Purpose

To remember that you have entered the correct password to access our store, so that you do not need to re-enter it on return visits

Collected data

A unique token linked to your device and browser, confirming that you have been granted access to our password-protected store or page

 

Expiry date/time

No fixed expiry, it will remain on your device until you choose to clear your browser cookies

Set by

Set by Shopify. Please visit Shopify's privacy policy for information on how they process your personal data:

https://www.shopify.com/legal/privacy