Privacy Policy

Lumise Oy Privacy Policy ("Privacy Policy")

Protecting your privacy is extremely important to Lumise Oy (“Lumise”) – we want to keep your personal data safe, including personal data processed for marketing and sales purposes. This policy defines the basis on which we process any personal data we collect from you or that you provide to us in connection with marketing and sales activities.

This Privacy Policy contains the following information:

  1. Overview of data processing practices
  2. Data controller and data processors
  3. Processed data, purpose of processing, and retention period
  4. Data transfers
  5. Your rights
  6. Changes to this Privacy Policy
  7. Use of non-personal data

1. Overview of Data Processing Practices

As the data controller, Lumise Oy collects and processes personal data in accordance with this Privacy Policy and applicable national legislation, including the EU General Data Protection Regulation (GDPR). The term "personal data" refers to personal information that can directly or indirectly identify you, such as your name, physical address, email address, IP address, or other contact details. Processing of personal data includes any action that we or a third party acting on our behalf perform using personal data, such as collecting, registering, and storing data.

This policy describes how we process personal data in our online store (“online store”), in our physical stores, and in connection with our marketing activities and websites, including lumise.eu ("websites").

We strive to process personal data that is relevant, necessary, and not excessive in relation to the purpose for which it is collected. We collect and process personal data only if we have a legal basis for doing so.

2. Data Controller(s) and Data Processors

The primary data controller for the personal data collected and processed in this context is Lumise Oy, which is also the parent company of the Lumise corporate group. For certain types of data, particularly marketing data and data related to the online store and websites, Lumise acts as a joint data controller together with its subsidiaries in other Nordic countries. These subsidiaries include:

  • Lumise Sweden (Design by Scandinavian Metal AB)
  • Lumise Norway AS

(“Joint Controllers”). The Joint Controllers have signed an agreement defining the specific responsibilities of each data controller.

Inquiries related to the personal data managed by Lumise can be sent via email to info@lumise.eu. Inquiries regarding data processing by other Joint Controllers should be directed to the respective companies, whose contact information is available on their websites.

Lumise utilizes several data processors for the processing of the data described in this policy. These include:

  • Server/hosting provider, currently S1 Networks Oy
  • E-commerce platform provider, currently Nethit System Ltd
  • E-commerce UI development partner, currently Virtasoft Oy
  • Newsletter and SMS service provider, currently Custobar Oy
  • Website analytics and statistics provider, currently Custobar Oy
  • Website chat service and customer support system provider, currently Intercom R&D Unlimited Company
  • Customer support service providers, currently Aircall.io Inc.
  • Product review provider, currently Lipscore AS
  • Shipping service providers – currently using multiple providers, including Posti, Matkahuolto, and most major logistics companies
  • ERP system provider, currently Microsoft Dynamics NAV
  • Product manufacturers, in cases where products are shipped directly from the manufacturer to the customer. Several manufacturers are currently used.

Additionally, when making payments, customers are redirected to third-party payment service providers' websites/portals, which act as independent data controllers for payment processing. The privacy policies of the mentioned data processors can be found on their respective company websites.

3. Processed Data, Purpose of Processing, and Retention Period

Personal Data of Non-Registered Online Store Users (Name, Contact Information, and Delivery Details)

  • Legal basis: Performance of a contract between Lumise and the online store user (GDPR Article 6(1)(b))
  • Purpose: Processing orders in the online store and communication regarding orders, deliveries, and returns

Personal Data of Registered Online Store Users (Name, Contact Information, Delivery Details, and Order History)

  • Legal basis: Performance of a contract between Lumise and the online store user (GDPR Article 6(1)(b))
  • Purpose: Processing orders, providing customer support, and allowing users to view past orders

Other Data Categories

(Details remain unchanged but now apply to lumise.eu instead of multiple country-specific stores.)

  • Product reviewers' names
  • License plate numbers (optional)
  • Customer service inquiries
  • Marketing communication and user analytics data
  • Video surveillance data in physical stores
  • Social media contest winners' contact information
  • Website browsing behavior and event tracking

Data is retained as long as necessary to fulfill the purposes stated in this Privacy Policy. Inactive customer accounts will be deleted no later than five years after they are deemed inactive. Some data may be retained longer if required by law.

4. Data Transfers

The servers are hosted within the EU/EEA. However, personal data may be accessed (and thereby processed) from outside the EU/EEA/UK or, in some cases, transferred outside these regions. All such transfers are conducted based on:

  • An adequacy decision by the European Commission (GDPR Article 45), or
  • Standard Contractual Clauses (SCC) (GDPR Article 46) supplemented with additional safeguards to ensure that the rights of data subjects remain enforceable.

You may request a copy of the SCCs, including a description of the transferred data, by contacting Lumise using the contact details provided above.

5. Your Rights

As we process your personal data, you may exercise the following rights under applicable data protection laws:

  • Right of access and rectification: You have the right to request access to and correction of your personal data.
  • Right to restriction of processing: In certain cases, you may request a restriction on the processing of your personal data.
  • Right to erasure ("right to be forgotten"): You may request the deletion of your personal data under specific conditions.
  • Right to data portability: You can request a structured, commonly used, and machine-readable format of your personal data.
  • Right to withdraw marketing consent: You may withdraw your marketing consent at any time by contacting us.

You also have the right to lodge a complaint with the Data Protection Authority in Finland (Tietosuojavaltuutetun toimisto: https://tietosuoja.fi/etusivu) or the data protection authority in your country of residence.

6. Changes to this Privacy Policy

Lumise reserves the right to update this Privacy Policy periodically. Changes will be published on this page, and you will be notified by email if necessary. Please check this page regularly for updates.

7. Use of Non-Personal Data

Lumise also collects non-personally identifiable data. Additionally, certain data is anonymized or compiled into general statistics, which may be used to improve Lumise products or services. We specifically use cookies, Google Analytics, and Google Tag Manager to analyze website usage and traffic.

Last updated: February 18, 2025