PRIVACY POLICY

OF “LUNESI” (hereinafter referred to as “the Policy”) 


This Policy is prepared in compliance with the requirements of European legislation, namely the General Data Protection Regulation (GDPR; Regulation (EU) 2016/679), as well as Personal Data Protection Act of Estonia, regulates legal relations connected with the collection, processing, and storage of personal data, as well as the protection of individuals’ rights to privacy and self-expression.


1. DEFINITION OF TERMS


1.1. For the purposes of this Policy, the following terms shall have the meanings set out below:

1.1.1. “Confidentiality of Personal Data” – a mandatory obligation not to disclose Personal Data of a data subject (User) without their consent or another lawful basis, which must be observed by the “Lunesi” and any other persons granted access to such Personal Data. 

1.1.2. “Cookie” – a small data file transmitted by a web server and stored on the User’s device, which the browser sends back to the server in an HTTP request each time the relevant website page is accessed.

1.1.3. “IP address” – a unique network identifier assigned to a device within a computer network operating under the Internet Protocol (IP).

1.1.4.“Lunesi OÜ” (“Lunesi”) – a private limited company (registered at: Harju maakond, Tallinn, Kesklinna linnaosa, Tornimäe tn 5, 10145, Estonia; registry code: 17414214), acting as the owner of the “Lunesi” online store and carrying out the sale of goods and/or services. “Lunesi” collect and process of Personal Data, define the purposes of such processing, determine the scope of Personal Data to be processed, and specify the actions or operations performed with Personal Data.

1.1.5. “Lunesi” online store – an online platform available on the Internet at the following link: https://eu.lunesi.co.uk, through which the User may purchase goods and/or services from “Lunesi”.

1.1.6. “Personal Data” – any information, personal data (Art. 4 (1) GDPR) relating directly or indirectly to an identified or identifiable natural person (data subject), including the User.

1.1.7. “Processing of Personal Data” – any operation or set of operations performed on Personal Data, whether by automated means or otherwise, including collection, recording, systematization, accumulation, storage, updating, modification, retrieval, use, transfer (distribution, provision, access), anonymization, blocking, erasure, or destruction of the User’s Personal Data.

1.1.8. “User” – a natural person who can be directly or indirectly identified, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity (Art. 4 (1) GDPR). The term also includes any person purchasing goods or services from “Lunesi” and/or visiting the “Lunesi” online store.


2. SUBJECT OF THE POLICY


2.1. By accessing the “Lunesi” online store or purchasing goods or services through the “Lunesi” online store, the User accept this Policy and confirms their consent to the collection and processing of Personal Data by “Lunesi” as well as authorized by “Lunesi” persons. 

2.2. The User grants consent to “Lunesi” process received information, including collection, systematization, accumulation, storage, clarification (updating, correction), use, dissemination, anonymization, blocking, and destruction of personal data provided in questionnaires, for the purposes of forming a participant database, preparing statistical reports, conducting marketing research, and communicating with the User, including via telecommunication networks (SMS and email), until such consent is withdrawn.

2.3. The User agrees to communication with “Lunesi” through direct contact using various communication channels, including but not limited to postal mail, email, Internet communications, and other available means.

2.4. User’s Personal Data permitted for processing by the “Lunesi” under this Policy include, but are not limited to:

2.4.1. Customer (individual User) data:

  • first and/or last name;

  • email address;

  • telephone number;

  • company name (if applicable);

  • organization number and address (if applicable);

  • delivery address;

  • social media profile links;

  • IP address.

2.4.2. Transaction data:

  • payment details provided by the User and other information concerning ordered services or products (goods) in the “Lunesi” online store.

2.4.3. Financial data:

  • bank account details;

  • credit or debit card information;

  • invoice data;

  • payment method details.

2.4.4. Contact information:

  • records or information generated through communication with “Lunesi”, including phone calls, online contacts, emails, physical mail, and messengers such as Viber, Telegram, WhatsApp, and others.

2.4.5. Technical data:

  • IP address;

  • date and time of request;

  • content of request;

  • HTTP status/access status code;

  • referring website;

  • browser type;

  • operating system and interface;

  • language;

  • browser software version.


3. COOKIE 


3.1. “Lunesi” collect information regarding User visits to the “Lunesi” online store to obtain visit statistics and evaluate their effectiveness, personalize user experience, and adapt content to User interests. This is achieved through various technologies, including cookies, which are stored on the User’s device for identification purposes.

3.2. Cookies are used to assess website performance (e.g., number of visitors and duration of visits), identify the most visited sections, and ensure convenient navigation without collecting personal information. Cookies may also enable a personalized experience based on previous interactions and preferences, improving service quality over time.

3.3. Cookies are text files sent to the User’s device to enhance “Lunesi” online store functionality. They are unique to a specific account or browser.

3.4. Upon the first visit to the “Lunesi” online store, the User is informed about cookie usage. The User may adjust preferences at any time via the Cookie Settings Centre.

3.5. Browsers allow Users to manage cookies, including deleting, restricting, or blocking them by adjusting browser settings. If cookies are disabled, certain website features may not function properly.

3.6. Cookie management instructions depend on the browser used:

  • Cookie settings in Chrome;

  • Cookie settings in Firefox;

  • Cookie settings in Internet Explorer (Microsoft Edge);

  • Cookie settings in Safari.


Blocking functional cookies may limit access to certain “Lunesi” services. Users may also opt out of specific cookies beyond “Lunesi” online store settings.


4. COLLECTION AND USE OF PERSONAL DATA


4.1. Personal Data are collected by “Lunesi” in the following situations:

  • when visiting the Lunesi” online store;

  • when submitting contact forms to “Lunesi”;

  • when subscribing to newsletters regarding “Lunsesi”;

  • when contacting “Lunesi” via phone, messengers, email, chat, or social media;

  • when interacting with official “Lunesi” social media pages (e.g., “like”, “follow”, or other interactions);

  • other permitted by User situations.


5. PURPOSES OF DATA COLLECTION AND PROCESSING


5.1. Personal Data are processed by the “Lunesi” for the following purposes:

5.1.1. Contractual purposes:

  • concluding contracts and recording necessary identification data (name, phone, email, delivery address);

  • executing and managing contracts, including amendments and appendices;

  • sharing data with partners for service provision or product sales;

  • managing payments and fees;

  • notifying about changes to services, products, the Policy, or cookies;

  • delivering goods directly or via logistics providers;

  • informing about estimated service or delivery times.

5.1.2. Legal purposes:

  • statistics, analysis, and research;

  • product and service improvement;

  • product (goods) shipment;

  • disclosure to authorized state authorities as required by law;

  • supporting internal business processes;

  • monitoring and recording communications;

  • sending marketing materials, newsletters, offers, and store information;

  • informing about claim outcomes;

  • providing contact details of responsible representatives;

  • compliance with legal obligations;

  • organizing and managing promotions, loyalty programs, and related regulations.


6. USER’S RIGHTS


6.1. Under the GDPR (Regulation (EU) 2016/679) and Estonian law, the User regarding their Personal Data has the right to:

  • obtain information about data sources, storage location, and processing purposes;

  • access to Personal Data;

  • receive confirmation of processing;

  • object to processing;

  • request correction, deletion, or restriction;

  • protect data from unlawful processing;

  • lodge complaints with a supervisory authority;

  • be informed of safeguards when data are transferred outside the EU (Art. 46 GDPR);

  • seek judicial remedies;

  • withdraw consent at any time;

  • understand automated processing mechanisms;

  • correct inaccurate or incomplete data;

  • request erasure upon valid objection.

6.2. To exercise these rights, contact “Lunesi” at: info@lunesi.co.uk. Identity verification may be required.


7. TRANSFER AND DISCLOSURE


7.1. Personal Data are not disclosed without User’s consent unless required by this Policy or by law.

7.2. Third-party processors act strictly under “Lunesi” instructions and EU law.

7.3. Transfers outside the EU occur only where:

  • an adequacy decision exists; or

  • appropriate contractual safeguards are in place;

  • compliance EU law.


8. DATA PROTECTION MEASURES

8.1. “Lunesi” implements appropriate organizational and technical safeguards to ensure the protection and security of Personal Data at all stages of processing, including measures aimed at preventing unauthorized access, unlawful processing, accidental loss, destruction, alteration, or disclosure.

8.2. Access to Personal Data is granted only to authorized persons who require such access for the performance of their professional duties and who are bound by confidentiality obligations.

8.3. “Lunesi” applies technical protection measures, including but not limited to secure servers, encryption technologies, firewall protection, restricted access systems, and regular security updates.

8.4. Personal Data are stored in secure environments protected against unauthorized access, misuse, loss, or alteration.

8.5. “Lunesi” conducts regular monitoring, testing, and evaluation of the effectiveness of implemented technical and organizational measures to ensure an adequate level of security in accordance with Article 32 of the GDPR.

8.6. In the event of a Personal Data breach, “Lunesi” will assess the risk to the rights and freedoms of data subjects and, where required by law, notify the competent supervisory authority and affected Users within the time limits established by applicable legislation.

8.7. Where Personal Data are transferred to third parties, “Lunesi” ensures that such parties implement equivalent security measures and process Personal Data strictly in accordance with contractual obligations and documented instructions.


9. ADDITIONAL INFORMATION


9.1. “Lunesi” do not disclose Personal Data to any third party without the User’s explicit consent, except when required by applicable law or this Policy.

9.2. Personal Data are retained only for as long as necessary to achieve the purposes for which they were collected, including:

• the duration of the service or product (goods) delivery;

• management and maintenance of the relationship between “Lunesi” and the User;

• compliance with legal, regulatory, accounting, and reporting obligations;

• fulfillment of other obligations under contracts or applicable law.

9.3. Processing of Personal Data is lawful only with the consent of the data subject (User) for one or more specific purposes. In accordance with Article 8 (1) GDPR, processing the Personal Data of children under the age of 16 is only permitted if consent is given by the child’s parent or legal guardian.

9.4. The “Lunesi” online store may contain links to external websites (e.g., social media platforms, advertising partners, or other third-party sites). These websites are not controlled by “Lunesi” and their practices regarding Personal Data protection are not governed by this Policy. Users should review the Policy of such external websites and exercise caution when providing Personal Data.

9.5. Users are responsible for protecting their login credentials and other authentication information. “Lunesi” recommends using strong, unique passwords and keeping them confidential.

9.6. “Lunesi” reserves the right to anonymize or aggregate Personal Data for statistical, research, and analytical purposes without identifying individual Users.


10. ADDITIONAL TERMS


10.1. Changes may be introduced with 30 calendar days’ User notice and published at: https://eu.lunesi.co.uk/pages/privacy-policy-eu. Continued use of “Lunesi” online store constitutes acceptance by the User with new Policy. Users may request Personal Data deletion if they disagree with Policy updates or changes. Regardless of the reason for the deletion, correction, or restriction of Personal Data, if such a request is submitted by the User or other authorized person, “Lunesi” after such request cannot guarantee the proper fulfillment of its obligations to the User regarding the provision of services or the sale of goods through the “Lunesi” online store for User.

10.2. The updated Policy becomes effective upon publication unless otherwise stated. Significant changes affecting privacy rights will be communicated to User’s email.

10.3. EU citizens may lodge complaints regarding Personal Data with a court or the European Data Protection Supervisor: https://edps.europa.eu/about-edps/contact_en.

10.4. Estonian citizens may file complaints regarding Personal Data with the Data Protection Inspectorate in Estonia (Andmekaitse Inspektsioon): https://www.aki.ee/