top of page

Privacy Policy

LUMUNO CIC — PRIVACY POLICY
===========================

Last updated: 17/11/2025

Lumuno CIC (“Lumuno”, “we”, “us”, “our”) is a Community Interest Company registered in Scotland (Company No. SC850019). We are committed to protecting your privacy and handling your data with transparency, dignity, and care.

This Privacy Policy explains how we collect, use, store, and protect your information when you:

-   Visit our website
    
-   Purchase a Lumuno box
    
-   Complete our personalisation questionnaires
    
-   Join our workshops, community spaces, or mailing lists
    
-   Contact us through email or social media
    

By using our services, you agree to the terms set out here.

1. What Information We Collect
------------------------------

### A. Information you provide to us

-   Name and contact details
    
-   Shipping and billing address
    
-   Order details
    
-   Questionnaire responses
    
-   Emails, messages, or enquiries
    
-   Workshop or event sign-up details
    

### B. Sensitive data

Some information you share with us may relate to health or mental well-being.
We collect this only with your explicit consent and only to personalise your box or provide relevant resources.

We do not provide clinical diagnosis or treatment.

### C. Automatically collected information

-   IP address
    
-   Device type
    
-   Browser type
    
-   Pages viewed
    
-   Cookies and analytics data (Google Analytics, Shopify/WooCommerce analytics)
    

2. How We Use Your Information
------------------------------

We use your information to:

-   Personalise your Lumuno box based on your questionnaire
    
-   Process and deliver your orders
    
-   Email you order confirmations and updates
    
-   Improve our products and services
    
-   Provide customer support
    
-   Share relevant educational or community resources
    
-   Carry out internal research to improve accessibility and mental health support
    
-   Maintain legal and financial records
    

We never sell your data.
We never use your questionnaire responses for marketing without your permission.

3. Legal Basis for Processing (GDPR)
------------------------------------

We rely on the following legal grounds:

-   Consent — for questionnaires and sensitive data
    
-   Contract — to fulfil your purchases
    
-   Legitimate interest — to improve services, prevent fraud, and analyse website performance
    
-   Legal obligation — accounting, tax, and regulatory requirements
    

You may withdraw your consent at any time.

4. How We Store & Protect Your Information
------------------------------------------

-   Encrypted databases
    
-   Secure cloud storage with restricted access
    
-   Password-protected systems
    
-   Staff trained in data protection
    

We keep data only as long as necessary:

-   Order data: 6 years (legal requirement)
    
-   Questionnaire data: 12 months unless you renew consent
    
-   Email subscriptions: until you unsubscribe
    

5. Sharing Your Information
---------------------------

We only share data with:

-   Payment processors (Stripe, PayPal, Shopify Payments)
    
-   Delivery companies (Royal Mail, DHL)
    
-   Website providers (Shopify/WooCommerce/Wix)
    
-   IT and security service providers
    

All third-party services comply with GDPR.

We never share mental health-related data outside the Lumuno team.

6. Your Rights
--------------

You have the right to:

-   Access your data
    
-   Correct inaccurate data
    
-   Request deletion (“right to be forgotten”)
    
-   Restrict processing
    
-   Object to marketing
    
-   Withdraw consent
    
-   Receive a copy of your data (“data portability”)
    

To exercise your rights, email:

7. Cookies
----------

We use cookies to:

-   Improve website performance
    
-   Remember your preferences
    
-   Track analytics for service improvement
    

You may disable cookies in your browser settings.

bottom of page