PRIVACY POLICY

Privacy Policy

Last updated: 11/12/2025

This Privacy Policy explains how LUME BAG (“we”, “us”, or “our”) collects, uses, and protects your personal data when you visit or make a purchase from https://lumebag.com (the “Website”).

We are committed to protecting your privacy and handling your personal data in a transparent and secure manner, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), applicable Spanish data protection laws, and other relevant international regulations.

1. Introduction

This Privacy Policy applies to all users of the Website, including customers, visitors, and individuals who contact us. By using this Website, you acknowledge that you have read and understood this Privacy Policy.

2. Identity of the Data Controller

In accordance with GDPR requirements, the Data Controller responsible for your personal data is:

  • Full Name: Diego Zapata Solano

  • Address: C/San Millán N24, 1D, 26004, Logroño, La Rioja, Spain

  • Email: support@lumebag.com

  • Country of establishment: Spain

3. Personal Data We Collect

We may collect and process the following categories of personal data:

a) Data you provide directly

  • Identity details (name, surname)

  • Contact details (email address, billing and shipping address)

  • Account information (username, password)

  • Communications sent via contact forms or email

b) Data related to purchases

  • Order details and products purchased

  • Payment-related information (processed securely by third-party payment providers; we do not store full payment details)

  • Invoicing and transaction information

c) Technical and usage data

  • IP address

  • Browser type and device information

  • Log files and interaction data

d) Order tracking data

  • Shipment status and delivery updates provided through tracking services

4. Purpose and Legal Basis for Data Processing

We process your personal data for the following purposes and legal bases:

  • To provide our services and process orders (performance of a contract)

  • To manage customer accounts (performance of a contract)

  • To communicate with users and respond to inquiries (legitimate interest or consent)

  • To comply with legal and tax obligations (legal obligation)

  • To improve the Website and user experience (legitimate interest)

  • To send marketing communications, where applicable (consent)

5. Cookies and Tracking Technologies

Our Website uses cookies and similar technologies to ensure proper functionality, analyze traffic, and improve user experience.

Cookie consent and management are handled through Complianz, which allows users to accept, reject, or customize cookie preferences in accordance with GDPR and ePrivacy regulations.

For more information, please refer to our Cookie Policy.

6. Data Sharing with Third Parties

We may share personal data with trusted third parties strictly necessary to operate the Website and provide our services, including:

  • WooCommerce – eCommerce functionality and order management

  • DSers – Dropshipping and supplier order processing

  • AfterShip – Shipment tracking and delivery notifications

  • Complianz – Cookie consent management

  • Payment providers (such as Stripe, PayPal, or similar) – Secure payment processing

  • Hosting and email service providers – Website operation and communications

  • Facebook for WooCommerce / Meta Platforms – Marketing integrations, performance tracking, and personalized advertising.

  • Google Site Kit (Google Analytics, Tag Manager, Search Console) – Website analytics, performance measurement, and traffic insights.

  • Google Ads – Conversion tracking, remarketing features, and advertising performance measurement.

  • Google Merchant Center – Product data synchronization and integration with Google Shopping services.

All third parties process data under appropriate data processing agreements and in compliance with GDPR.

7. International Data Transfers

As we sell internationally and use global service providers, your personal data may be transferred outside the European Economic Area (EEA). In such cases, appropriate safeguards are applied, such as Standard Contractual Clauses or equivalent legal mechanisms, to ensure an adequate level of data protection.

8. Data Retention Periods

We retain personal data only for as long as necessary to:

  • Fulfill the purposes for which it was collected

  • Comply with legal, accounting, or tax obligations

When data is no longer required, it will be securely deleted or anonymized.

9. User Rights under GDPR

As a user, you have the following rights:

  • Right of access to your personal data

  • Right to rectification of inaccurate data

  • Right to erasure (“right to be forgotten”)

  • Right to restriction of processing

  • Right to data portability

  • Right to object to processing

  • Right to withdraw consent at any time

You also have the right to file a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos – AEPD).

10. Data Security Measures

We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, loss, alteration, or misuse.

11. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be posted on this page with an updated revision date.

12. Contact Information

If you have any questions about this Privacy Policy or how your personal data is processed, you may contact us at:

Email: support@lumebag.com
Address: C/San Millán N24, 1D, 26004, Logroño, La Rioja, Spain

Log In