Effective Date: 03.01.2025
Last Updated: 03.01.2025
Introduction
LUXEARTISANS LTD (trading as iLucious) respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, store, and share your information in strict compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws.
By using our website, www.iLucious.com, you agree to the terms of this policy. If you do not agree, please refrain from using our services.
1. Information We Collect
Personal Data:
We may collect the following personal information:
Name
Email address
Phone number
Billing and shipping addresses
Payment details (e.g., card type, last 4 digits, billing address)
Non-Personal Data:
IP address
Browser type and version
Device information
Cookies and usage data (see Section 7 for details)
We do not collect special category data (e.g., health, religion) or criminal conviction data.
2. How We Use Your Data
We process your data for the following purposes:
To fulfill and deliver orders
To communicate with you (e.g., order updates, support)
To improve our website and services
For personalized marketing (with explicit consent)
To comply with legal obligations (e.g., tax reporting)
To detect and prevent fraudulent activities
We do not engage in automated decision-making or profiling that produces legal effects for you.
3. Third Parties We Share Your Data With
We share data only when necessary to operate our business and in accordance with GDPR:
E-commerce Platform:
Shopify
Payment Processors:
Stripe
PayPal
Shipping Providers:
Royal Mail
Other logistics partners
Analytics and Advertising:
Google Analytics
Google Ads
Customer Interaction Tools:
Forms (for inquiries)
Judge.me (product reviews)
Shop app (enhanced shopping experience)
We ensure that all third parties adhere to GDPR by using data processing agreements (DPAs).
4. Legal Basis for Processing
We process personal data under the following legal bases:
Consent: For marketing communications and optional services.
Contractual Necessity: To fulfill your orders and provide services.
Legal Obligations: For compliance with tax and accounting laws.
Legitimate Interests: For fraud prevention, customer service, and improving our services.
Where consent is required, you may withdraw it at any time without affecting the lawfulness of prior processing.
5. Your GDPR Rights
Under GDPR, you have the following rights:
Access: Request a copy of your personal data.
Rectification: Correct inaccurate or incomplete data.
Erasure (Right to Be Forgotten): Request deletion of your data, subject to legal obligations.
Restriction: Limit how we process your data in certain circumstances.
Data Portability: Receive your data in a structured, machine-readable format.
Objection: Object to data processing for direct marketing or legitimate interests.
Withdraw Consent: Revoke consent for data processing where applicable.
Complaint: Lodge a complaint with a supervisory authority (e.g., UK Information Commissioner’s Office).
To exercise these rights, email info@luxeartisans.co.uk.
6. Data Retention
We retain your personal data for as long as necessary to fulfill orders, comply with legal obligations, or resolve disputes. Afterward, your data will be securely deleted or anonymized.
7. Cookies and Tracking
We use cookies to:
Ensure website functionality
Analyze website usage
Provide personalized content and advertisements
You can manage or disable cookies through your browser settings or via our cookie banner. For more details, see our Cookie Policy.
8. Security Measures
We implement strict security measures to protect your data, including:
Encryption of sensitive information during transmission
Secure storage of payment details via trusted payment processors
Role-based access controls to limit data access
Despite our best efforts, no transmission or storage method is 100% secure. Therefore, we cannot guarantee absolute security.
9. Data Breach Notification
In the unlikely event of a data breach, we will:
Notify affected individuals without undue delay, if required
Inform the relevant data protection authority within 72 hours, as mandated by GDPR
10. International Data Transfers
If your data is transferred outside the European Economic Area (EEA), we ensure it is protected through:
Adequacy Decisions: For countries deemed to provide an adequate level of protection.
Standard Contractual Clauses (SCCs): Binding agreements for data protection.
11. Children’s Privacy
Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children without parental consent.
12. Changes to This Policy
We reserve the right to update this Privacy Policy at any time. Changes will be effective immediately upon posting on our website, and we will notify you via email or website notification for significant changes.
13. Contact Information
For questions or GDPR-related requests, please contact us: