Luminousttforcee

Privacy Policy

How Luminousttforcee collects, uses, and protects your personal information.

1. Introduction and Data Controller

This Privacy Policy explains how Luminousttforcee ("we", "us", or "our") collects, processes, stores, and protects personal data when you visit our website at luminousttforcee.world, use our contact form, purchase educational products, or engage with our meal rhythm architecture consulting services. We are committed to protecting your privacy and processing your data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable international privacy legislation.

The data controller responsible for your personal information is:

Luminousttforcee
300 Oxford St, London W1C 1DX, United Kingdom
Email: hello@luminousttforcee.world
Phone: +44 34 5604 9049

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us using the details above. We will respond to all privacy-related requests within one calendar month, as required by UK GDPR.

2. Scope of This Policy

This Privacy Policy applies to all personal data collected through our website, email communications, telephone enquiries, in-person consultations at our London office, and any other channel through which you interact with Luminousttforcee. It does not apply to third-party websites that may be linked from our pages. We encourage you to review the privacy policies of any external sites you visit.

Our website provides general informational content about meal rhythm architecture design. We do not collect health data, medical records, or clinical information through our website or standard consulting processes. If you voluntarily share health-related information in a consultation context, we treat it as personal data subject to enhanced protection measures described in Section 8 of this policy.

3. Personal Data We Collect

3.1 Data You Provide Directly

When you interact with us, you may provide the following categories of personal data:

  • Identity data: Your full name, title, and preferred form of address.
  • Contact data: Email address, telephone number, postal address, and any other contact details you choose to share.
  • Communication data: The content of messages submitted through our contact form, email correspondence, and notes from telephone or in-person conversations.
  • Transaction data: Details of educational products or consulting services purchased, including payment references (processed by third-party payment providers; we do not store full card numbers).
  • Consent records: Records of GDPR consent given through our contact form, cookie preferences, and marketing opt-ins.

3.2 Data Collected Automatically

When you visit our website, we may automatically collect certain technical data, subject to your cookie preferences:

  • Usage data: Pages visited, time spent on pages, navigation paths, and interaction with site features.
  • Technical data: IP address (anonymised where possible), browser type and version, operating system, device type, screen resolution, and referring URL.
  • Cookie data: Information stored by cookies and similar technologies as described in our Cookie Policy.

3.3 Data We Do Not Collect

We do not intentionally collect special category data as defined under UK GDPR (including data concerning health, racial or ethnic origin, political opinions, religious beliefs, or biometric data) through our website forms. We do not collect data from individuals under the age of 16. Our services are intended for adults seeking educational guidance on meal rhythm architecture.

4. Legal Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases depending on the processing activity:

  • Consent (Article 6(1)(a)): When you submit our contact form and tick the GDPR consent checkbox, when you accept analytics or marketing cookies, or when you opt in to receive informational emails about our services.
  • Contract performance (Article 6(1)(b)): When processing is necessary to deliver consulting services or educational products you have purchased, including sending confirmations, delivering materials, and managing your account.
  • Legitimate interests (Article 6(1)(f)): For website security, fraud prevention, improving our services based on aggregated usage patterns, and responding to enquiries where you have not yet entered a contract but have expressed interest in our services. We balance our interests against your rights and will not process data where your interests override ours.
  • Legal obligation (Article 6(1)(c)): When we are required to retain or disclose data to comply with UK law, including tax record requirements and responses to lawful requests from regulatory authorities.

5. How We Use Your Personal Data

We use the personal data we collect for the following specific purposes:

  • To respond to enquiries submitted through our contact form or email
  • To deliver meal rhythm architecture consulting services and educational products you have requested or purchased
  • To send service-related communications, including appointment confirmations, delivery notifications, and policy updates
  • To process payments and maintain financial records in compliance with UK accounting requirements
  • To improve our website content, user experience, and service offerings based on aggregated, anonymised usage data
  • To comply with legal obligations and respond to lawful requests from courts or regulatory bodies
  • To protect the security and integrity of our website and prevent fraudulent activity
  • To send marketing communications about our educational products and services, only where you have given explicit consent

We will never use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. All consulting recommendations involve human review and are educational in nature.

6. Data Sharing and Third Parties

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We may share your data with the following categories of recipients where necessary:

  • Service providers: Hosting providers, email delivery services, payment processors, and analytics platforms (only where you have consented to analytics cookies). All service providers are bound by data processing agreements requiring them to protect your data and process it only on our instructions.
  • Professional advisers: Accountants, legal advisers, and insurers where disclosure is necessary for our legitimate business interests or legal compliance.
  • Regulatory authorities: Where required by law, court order, or regulatory request.

Where data is transferred outside the United Kingdom or European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office, or transfers to countries with an adequacy decision.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Contact form enquiries: Twelve months from the date of your last interaction, unless an ongoing consulting relationship exists.
  • Consulting client records: Duration of the engagement plus six years, in accordance with UK limitation periods for contract claims.
  • Transaction and financial records: Seven years from the end of the financial year in which the transaction occurred, as required by HMRC.
  • Marketing consent records: Until you withdraw consent, plus three years for audit purposes.
  • Cookie and analytics data: As specified in our Cookie Policy, typically no longer than twenty-six months.
  • Website server logs: Ninety days, unless required for security investigation.

When retention periods expire, we securely delete or anonymise your data so it can no longer be associated with you.

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • HTTPS encryption for all data transmitted between your browser and our website
  • Secure hosting infrastructure with regular security updates and monitoring
  • Access controls limiting personal data access to authorised personnel on a need-to-know basis
  • Password policies and multi-factor authentication for internal systems containing personal data
  • Regular review of data processing activities and security practices
  • Staff training on data protection obligations and secure handling procedures
  • Incident response procedures for detecting, reporting, and investigating personal data breaches

While we take reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but will notify you and the Information Commissioner's Office of any breach likely to result in a risk to your rights within seventy-two hours of becoming aware of it, as required by UK GDPR.

9. Your Rights Under UK GDPR

As a data subject, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data where there is no compelling reason for continued processing.
  • Right to restrict processing: Request that we limit how we use your data in certain circumstances.
  • Right to data portability: Receive your data in a structured, commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
  • Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.
  • Right to lodge a complaint: Complain to the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.

To exercise any of these rights, contact us at hello@luminousttforcee.world with sufficient information to verify your identity. We will respond within one month, extendable by two further months for complex requests with notice to you.

10. Children's Privacy

Our website and services are not directed at individuals under sixteen years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete such information promptly.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website. We encourage you to review this policy regularly.

12. Contact Information

For privacy-related enquiries, data subject requests, or concerns about our data handling practices, please contact:

Data Protection Enquiries — Luminousttforcee
300 Oxford St, London W1C 1DX, United Kingdom
Email: hello@luminousttforcee.world
Phone: +44 34 5604 9049

You also have the right to contact the Information Commissioner's Office:
Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk | Telephone: 0303 123 1113