Privacy policy

Last updated: March 2026

This Privacy Policy describes how LUMINNOV collects and processes personal data in accordance with the GDPR.

1. Data controller

LUMINNOV
253 rue Saint-Honoré
75001 Paris, France
Email: contact@sunlutionskincare.com

2. Personal data collected

2.1 Data provided directly by the user

When placing an order, creating an account, or contacting us, we may collect:

  • first and last name
  • email address
  • postal address
  • phone number
  • delivery information
  • billing information

Payment information is processed securely by Shopify Payments and is never stored by LUMINNOV.

2.2 Data collected automatically

When browsing the website, we may collect:

  • IP address
  • browser type
  • device information
  • pages visited
  • browsing duration
  • cookies and advertising identifiers

This data is collected through:

  • Shopify
  • Google Analytics 4
  • Meta Pixel
  • Klaviyo

3. Purpose of processing

Personal data is processed for the following purposes:

  • processing and delivering orders
  • account creation and management
  • managing customer service
  • managing returns and refunds
  • sending marketing communications (with consent)
  • improving the website and user experience
  • preventing fraud
  • complying with legal obligations

4. Legal basis

Processing is based on:

  • contract performance
  • consent
  • legal obligations
  • legitimate interests

5. Data recipients

Personal data may be shared with the following service providers:

  • Shopify (e-commerce platform and hosting)
  • payment providers (Shopify Payments, Stripe, PayPal)
  • logistics providers (shipping carriers)
  • Klaviyo (email marketing)
  • Google (analytics services)
  • Meta (advertising services)
  • technical and IT service providers

These providers act as data processors under GDPR.

6. International transfers

Some service providers (including Shopify, Google, Meta, and Klaviyo) may transfer personal data outside the European Union, including to the United States.

These transfers are governed by:

  • Standard Contractual Clauses approved by the European Commission
  • appropriate safeguards in accordance with GDPR

7. Data retention

Personal data is retained only as long as necessary:

  • customer data: maximum 5 years
  • marketing data: maximum 3 years after last contact
  • order and accounting data: 10 years (legal obligation)
  • cookies: maximum 13 months

8. Security

We implement appropriate technical and organizational measures to protect your data.

9. Your rights

In accordance with GDPR, users have the following rights:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to object
  • right to data portability

Users may exercise their rights by contacting: contact@sunlutionskincare.com

Users also have the right to lodge a complaint with the French data protection authority (CNIL): www.cnil.fr

10. Cookies

The website uses cookies to:

  • ensure proper functioning of the website
  • analyze traffic
  • personalize advertising

Users can manage their preferences through the cookie banner.