Privacy policy.
Effective Date: 10-03-2025
Last Updated: 04-06-2025
This Privacy Policy sets out the principles and legal basis upon which LUME ART LTD (“LUME”, “we”, “our”, or “us”) collects, processes, stores, and shares personal data via its website located at https://www.lumeart.co.uk. It also outlines the rights of individuals under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
LUME is committed to safeguarding the privacy and personal data of all individuals who interact with our brand, website, and services.
1. Identity of the Data Controller
For the purposes of applicable data protection laws, LUME ART LTD is the Data Controller in respect of the personal data you submit to us or which we collect on your behalf.
Legal Entity: LUME ART LTD
Registered Office: Management Suite, 2 Silicon Way, London, N1 6AT, United Kingdom
Contact Email for Data Protection Matters: management@lumeart.co.uk
Registered Company Number: 16303917
2. Scope of This Policy
This Privacy Policy applies to:
• All visitors and users of the LUME website
• Clients and potential clients who contact us via online forms, booking systems, or email
• Individuals who interact with our business online or offline
• Any personal data processed through embedded tools, such as Google Analytics
This policy does not apply to third-party websites linked through our site. Please consult those sites’ privacy policies independently.
3. Definitions
• Personal Data means any information that relates to an identifiable natural person (Data Subject).
• Processing means any operation performed on personal data (e.g., collection, use, storage, disclosure).
• Data Subject refers to the individual whose personal data is being processed.
• Controller means the legal entity that determines the purposes and means of processing personal data.
• Processor means any third party that processes data on behalf of the controller.
4. Categories of Data We Collect
We may collect and process the following types of personal data, depending on your interaction with our site:
a) Data You Provide Directly
• Full name, email address, phone number, and business name (where applicable)
• Messages submitted via the contact form or consultation booking system
• Marketing preferences (newsletter opt-ins or opt-outs)
b) Data We Collect Automatically
• IP address and geolocation data (city/region level only)
• Device type, browser type/version, and operating system
• Referring and exit pages, time spent on site, and clickstream behaviour
• Cookies and similar identifiers via Google Analytics 4 and Squarespace cookies
We do not collect sensitive personal data (e.g. racial origin, biometric data, health data) under any circumstances.
5. Legal Bases for Processing
Under the UK GDPR, we are required to specify the lawful basis for processing your personal data. Depending on the context, this may include:
Purpose
Legal Basis
Reference
Responding to form submissions
Consent
Art. 6(1)(a) UK GDPR
Providing consultations
Contractual necessity
Art. 6(1)(b) UK GDPR
Website analytics (GA4)
Consent via cookie banner
Art. 6(1)(a) UK GDPR
Internal record-keeping or service improvement
Legitimate interests
Art. 6(1)(f) UK GDPR
Legal obligations (e.g. tax compliance, fraud prevention)
Legal obligation
Art. 6(1)(c) UK GDPR
We do not rely on automated decision-making or profiling that produces legal or similarly significant effects on individuals.
6. Purpose of Data Collection
We collect and process personal data for the following specific purposes:
• To respond to general enquiries or requests for information
• To manage consultation or service bookings
• To analyse user interaction with our website to improve performance
• To maintain secure and legally compliant operations
• To send marketing communications (only with prior, explicit consent)
7. How We Collect Personal Data
Data is collected through the following means:
• Website forms (e.g., “Enquire”, “Consult”)
• Booking systems embedded or linked from our website
• Analytics scripts and tracking pixels (Google Analytics, Squarespace cookies)
• Email communication and client correspondence
• Cookie consent tools installed on our website
8. Use of Cookies and Analytics
We use cookies and similar technologies to collect certain types of personal and technical information.
Cookies are classified as follows:
• Strictly necessary cookies (essential for site operation)
• Performance cookies (used for aggregated analytics)
• Functionality cookies (used to remember your preferences)
We use Google Analytics 4 (GA4) to collect anonymous interaction data. This may include device ID, page engagement time, scroll depth, and traffic source. We do not use GA4 for demographics or remarketing unless you have provided additional consent.
All non-essential cookies are only placed on your device after you have given informed consent via our cookie banner, in accordance with the Privacy and Electronic Communications Regulations (PECR).
For full cookie details, refer to our Cookie Policy.
9. Data Sharing and Third-Party Processors
We do not sell or lease your data. We only share your personal data with trusted third parties necessary to operate our services, such as:
• Squarespace – for web hosting and form processing
• Google LLC – for analytics tracking
• Mailchimp (if newsletter is used) – for email marketing and subscriber management
• Legal or regulatory authorities – where required by law
International data transfers (e.g., to the U.S. via Google or Mailchimp) are protected by Standard Contractual Clauses (SCCs) or adequacy decisions as per UK regulations.
10. Data Retention Periods
We retain personal data only as long as necessary for the purposes outlined or as required by applicable law.
Data Type
Retention Duration
Contact form data
12 months from last contact
Consultation booking data
24 months or until service fulfilled
Analytics data (GA4)
14 months
Email marketing data
Until unsubscribed or deleted upon request
11. Your Rights as a Data Subject
Under UK data protection law, you have the following rights:
• Right of Access – Obtain a copy of your personal data
• Right to Rectification – Request correction of inaccurate data
• Right to Erasure – Request deletion of your data (“right to be forgotten”)
• Right to Restriction – Request limited processing
• Right to Data Portability – Receive your data in a transferable format
• Right to Object – Object to processing based on legitimate interest
• Right to Withdraw Consent – Withdraw marketing or cookie consent at any time
To exercise any of these rights, email: management@lumeart.co.uk
We may ask for identity verification before fulfilling any request.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://www.ico.org.uk
12. Security Measures
We take appropriate technical and organisational measures to protect your data, including:
• Secure Sockets Layer (SSL) encryption
• Access-restricted systems and databases
• Regular security reviews of third-party services
• Minimised data collection wherever possible
While we take security seriously, no digital system is 100% secure. We cannot guarantee absolute protection against unauthorised access or loss.
13. Data from Minors
We do not knowingly collect or process data from individuals under the age of 16. If you are a parent or guardian and believe your child has submitted personal data to us, please contact us immediately and we will take appropriate steps to delete that information.
14. Changes to This Privacy Polic
We reserve the right to update or amend this Privacy Policy at any time to reflect changes in our services, legal requirements, or operations. The latest version will always be published at www.lumeart.co.uk/privacy and will supersede any previous versions.
We recommend checking this page periodically to stay informed of any changes.
15. Contact Us
For any questions about this Privacy Policy or how we process your personal data, please contact:
LUME ART LTD
Management Suite
2 Silicon Way
London, N1 6AT
United Kingdom
management@lumeart.co.uk