Privacy policy

Last Updated: February 10, 2026

Introduction

At LUMA, trust is the foundation of every formula we create. The same care we put into crafting clean, effective skincare, we put into protecting the people who use it. This Privacy Policy explains, in plain and transparent terms, how LUMA ("LUMA," "we," "us," or "our") collects, uses, shares, and safeguards your personal information when you visit lumaskin.shop (the "Site"), purchase our products, contact our team, or otherwise interact with us (together, the "Services").

We are committed to handling your information responsibly and in accordance with applicable data protection laws, including the EU and UK General Data Protection Regulation (the "GDPR") and the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the "CCPA"). Please read this Policy carefully. By using our Services, you acknowledge that you have read and understood the practices described here.

1. Information We Collect

We collect personal information that you provide to us, information that is generated automatically when you use our Services, and information we receive from trusted third parties.

Information you provide to us, including:

  • Contact details such as your name, email address, phone number, billing address, and shipping address.
  • Order and account information, including purchase history, products considered, and account login credentials.
  • Payment information, including your payment card or other payment details. Payment card numbers are processed by our payment providers and are not stored by LUMA.
  • Customer support and communications, including messages, reviews, survey responses, and information you share when you contact us.
  • Marketing preferences, including your consent to receive communications from us.

Information we collect automatically, including:

  • Device and usage information such as your IP address, browser type, device identifiers, operating system, referring pages, pages viewed, and the dates and times of your visits.
  • Information collected through cookies and similar technologies, as described in Section 3.

Information we receive from third parties, including from our service providers, payment processors, shipping carriers, marketing and analytics partners, and platforms such as social media networks when you interact with our content.

2. How We Use Your Information

We use your personal information to operate our business, deliver a premium experience, and meet our legal obligations, including to:

  • Process, fulfill, and deliver your orders, and provide order confirmations and updates.
  • Create and manage your account and provide customer support.
  • Process payments and prevent, detect, and investigate fraud or unauthorized transactions.
  • Personalize your shopping experience and recommend products that may interest you.
  • Send you transactional messages and, where permitted, marketing communications about products, offers, and news.
  • Improve and develop our Site, products, and Services, including through analytics and research.
  • Maintain the security and integrity of our Services.
  • Comply with applicable laws and enforce our terms and policies.

3. Cookies and Tracking Technologies

We and our partners use cookies, pixels, and similar technologies to operate the Site, remember your preferences, analyze performance, and deliver relevant advertising. Cookies are small data files stored on your device.

We use the following categories of cookies:

  • Strictly necessary cookies, which are required for the Site to function, including for shopping cart and checkout features.
  • Performance and analytics cookies, which help us understand how visitors use the Site.
  • Functional cookies, which remember your choices and preferences.
  • Advertising cookies, which help us and our advertising partners deliver and measure marketing that is relevant to you.

You can control cookies through your browser settings and, where available, through the cookie preferences tool on our Site. Disabling certain cookies may affect the functionality of the Services. For information on managing your advertising choices, see Section 9.

4. How We Share Your Information

We do not sell your personal information for money. We share personal information only as described below:

  • Service providers and processors who perform services on our behalf, such as hosting, order fulfillment, shipping, payment processing, customer support, analytics, email delivery, and marketing. These providers are authorized to use your information only as necessary to provide services to us.
  • Payment processors, who handle payment transactions in accordance with their own privacy and security standards.
  • Advertising and analytics partners, who help us measure and deliver marketing. This sharing may be considered "sharing" for cross-context behavioral advertising or a "sale" under certain U.S. state laws; you may opt out as described in Sections 7 and 9.
  • Legal and safety disclosures, where we believe disclosure is necessary to comply with applicable law, respond to lawful requests, protect our rights, property, or safety, or that of our customers or others.
  • Business transfers, in connection with a merger, acquisition, financing, reorganization, or sale of assets, in which personal information may be transferred as a business asset.

5. Third-Party Platforms and Processors

Our Site is hosted on Shopify. Shopify provides the e-commerce platform that allows us to sell our products and services to you and processes certain personal information on our behalf as a data processor. We also work with reputable third parties for payments, shipping, analytics, and marketing. These third parties process your information in accordance with their own privacy policies and our contractual instructions.

6. International Data Transfers

LUMA operates internationally, and your personal information may be processed, stored, and transferred to countries other than the one in which you reside, including the United States and other jurisdictions where we or our service providers operate. These countries may have data protection laws that differ from those in your country. Where required by law, we implement appropriate safeguards for such transfers, including Standard Contractual Clauses approved by the relevant authorities.

7. Your Privacy Rights

Depending on where you live, you may have certain rights regarding your personal information. We honor these rights in accordance with applicable law.

For all users, you may:

  • Request access to the personal information we hold about you.
  • Request correction of inaccurate or incomplete information.
  • Request deletion of your personal information.
  • Opt out of marketing communications at any time.

For residents of the European Economic Area, the United Kingdom, and Switzerland, you also have the right to:

  • Object to or restrict our processing of your personal information.
  • Request portability of your personal information.
  • Withdraw consent at any time, where processing is based on consent, without affecting the lawfulness of prior processing.
  • Lodge a complaint with your local data protection authority.

Where we process your information under the GDPR, we rely on one or more of the following legal bases: performance of a contract with you; your consent; our legitimate interests in operating and improving our business; and compliance with our legal obligations.

For residents of California and other U.S. states with applicable privacy laws, you have the right to:

  • Know and access the categories and specific pieces of personal information we have collected.
  • Request deletion of your personal information.
  • Request correction of inaccurate personal information.
  • Opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising.
  • Be free from unlawful discrimination for exercising your rights.

We do not knowingly sell or share the personal information of consumers we know to be under 16 years of age. We do not use or disclose sensitive personal information for purposes other than those permitted under applicable law.

8. How to Exercise Your Rights

You may exercise your rights by contacting us at support@lumaskin.shop with the details of your request. You may also submit certain privacy requests directly through the Shopify Privacy Portal at https://privacy.shopify.com.

To protect your information, we will take steps to verify your identity before fulfilling your request. You may use an authorized agent to submit a request on your behalf, subject to verification. We will respond within the timeframes required by applicable law. Exercising your rights will not result in any discriminatory treatment.

9. Marketing Communications and Advertising Choices

With your consent where required, we may send you marketing communications about our products and offers. You can opt out at any time by clicking the "unsubscribe" link in any marketing email or by contacting us at support@lumaskin.shop. Even if you opt out of marketing, we may still send you non-promotional, transactional messages related to your orders and account.

To opt out of interest-based advertising, you may use the tools provided by the Digital Advertising Alliance (https://optout.aboutads.info) and the Network Advertising Initiative (https://optout.networkadvertising.org), and adjust the ad and privacy settings on your devices and browsers.

10. Do Not Track and Global Privacy Control

Some browsers offer a "Do Not Track" ("DNT") signal. Because there is not yet a common industry standard for DNT, our Site does not currently respond to DNT signals. Where required by law, we honor recognized opt-out preference signals, such as the Global Privacy Control (GPC), as a valid request to opt out of the sale or sharing of personal information for the browser or device from which the signal is sent.

11. Data Retention

We retain your personal information for as long as necessary to provide our Services, fulfill the purposes described in this Policy, comply with our legal, accounting, and reporting obligations, resolve disputes, and enforce our agreements. When personal information is no longer required, we securely delete or anonymize it.

12. Data Security

We maintain administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, loss, misuse, and alteration. Payment transactions are encrypted using industry-standard technology. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. Children's Privacy

Our Services are intended for adults and are not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@lumaskin.shop, and we will take appropriate steps to delete it.

14. Third-Party Links

Our Site may contain links to third-party websites, services, or content that are not operated by us. This Privacy Policy does not apply to those third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will revise the "Last Updated" date above and, where appropriate, provide additional notice. Your continued use of our Services after any update constitutes your acknowledgment of the revised Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal information, please contact us:

LUMA
Email: support@lumaskin.shop
05 Dong Phuoc Street
301, Lux Home
Nha Trang, Khanh Hoa
Vietnam 650000