Complimentary shipping over €200 · Extended returns until May 15
LumeBoutique
Lume Editions · Legal · LE · 02
Legal

Privacy policy

— How we handle your data

§ 8 sections

Last updated: 2026-06-22.

1. Data controller

The controller of your personal data is Jakub Rembiewski, conducting business as VIP APARTMENTS JAKUB REMBIEWSKI, ul. Młodzieżowa 31a/10, 09-100 Płońsk, Poland (NIP 5671919945). For any privacy matter contact us at lumeboutiq@gmail.com or +48 500 401 595.

2. What we collect and why

Category Examples Purpose & legal basis
Account name, e-mail, password (hashed) to create and run your account — Art. 6(1)(b) GDPR
Orders delivery address, phone, items, payment reference to perform the sales contract and meet accounting obligations — Art. 6(1)(b) and (c) GDPR
Complaints & returns order details, bank account for refunds to handle complaints and withdrawals — Art. 6(1)(c) and (b) GDPR
Reviews product review, display name to publish opinions of verified purchasers — Art. 6(1)(a)/(f) GDPR
Site usage IP, device, pages viewed security and improving the Store — Art. 6(1)(f) GDPR
Cookies see the Cookie Policy analytics/marketing only with your consent — Art. 6(1)(a) GDPR

We do not run a newsletter and do not send marketing e-mails. We do not sell your data and do not take decisions producing legal effects solely by automated means (no profiling).

3. Recipients

We share data only with the processors needed to run the Store:

  • Przelewy24 (PayPro S.A.) — online payments (BLIK, transfer, card)
  • InPost S.A., DPD Polska sp. z o.o., DHL — delivery of parcels
  • our hosting provider — server infrastructure (within the EEA)
  • a web analytics provider — only if you consent to analytics cookies

Each processor acts under a data processing agreement. We may also disclose data to public authorities where required by law.

4. International transfers

We store data within the European Economic Area. If an analytics or error-monitoring tool transfers data outside the EEA, we rely on the European Commission's adequacy decisions or on Standard Contractual Clauses.

5. Retention

Category Retention period
Orders, invoices & accounting records 5 years from the end of the tax year (Accounting Act / Tax Ordinance)
Account data until you delete the account, then up to 30 days, after which it is erased or anonymised
Complaints & withdrawals until the limitation period for related claims expires
Web analytics up to 14 months, aggregated

6. Your rights

Under the GDPR you have the right to access, rectification, erasure, restriction, data portability, and to object to processing based on legitimate interest. Where processing is based on consent, you may withdraw consent at any time without affecting processing carried out beforehand.

Submit a request from your account (Privacy → Data requests) or by e-mail to lumeboutiq@gmail.com. We respond within one month. You also have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO), ul. Stawki 2, 00-193 Warsaw — uodo.gov.pl.

7. Is providing data required?

Providing data is voluntary but necessary to create an account, place an order, and handle complaints or withdrawals. Without it we cannot perform the contract.

8. Security

We use technical and organisational measures appropriate to the risk, including encryption in transit (TLS), hashed passwords, and access on a need-to-know basis.

— Lume, the studio
More from

Legal edit

LE · 01

Terms & conditions

Terms of sale and use

Read
LE · 03

Cookie policy

What we set, and why

Read
LE · 04

Imprint

Company & contact

Read
PL EN
EUR PLN