Privacy Policy

1. Introduction

We are pleased that you are visiting our website and thank you for your interest. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website. Personal data refers to any information that can be used to identify you personally.

The data controller for this website, in accordance with UK GDPR, is Luvas London. A data controller is a natural or legal person who alone, or jointly with others, determines the purposes and means of processing personal data.

This website uses SSL/TLS encryption to ensure the security of personal data and other confidential information (e.g., orders or enquiries). You can recognise an encrypted connection by the address starting with “https://” and the padlock symbol in your browser.

2. Collection of Data When Visiting Our Website

When you use our website purely for information purposes, we only collect the data automatically transmitted by your browser to our server (“server log files”). This includes:

The website visited
Date and time of access
Amount of data transferred (in bytes)
Referring source or link
Browser type
Operating system
IP address (possibly anonymised)

Processing is based on our legitimate interest in improving website stability and functionality (Article 6(1)(f) UK GDPR). No data is transferred or used for other purposes. We may review server log files later only if there is evidence of misuse.

3. Cookies

We use cookies to make our website more functional and to enable certain features. Cookies are small text files stored on your device.

Session cookies: deleted when you close your browser.
Persistent cookies: remain on your device to recognise your browser on future visits.

Cookies may store information such as browser type, location, and IP address. They may also save your preferences, such as basket contents, to make ordering easier.

Where personal data is processed via cookies, this is based on either:

Article 6(1)(b) UK GDPR (for contract performance)
Article 6(1)(f) UK GDPR (for our legitimate interest in a functional website)

You can manage cookie preferences in your browser. Please note that rejecting cookies may limit website functionality.

Browser instructions:

4. Contact

When you contact us (e.g., via contact form or email), personal data is collected to respond to your enquiry or for technical administration.

Processing is based on our legitimate interest in responding to requests (Article 6(1)(f) UK GDPR). If your enquiry concerns a contract, the legal basis is Article 6(1)(b) UK GDPR.

Data is deleted once your enquiry has been fully addressed, unless statutory retention obligations apply.

5. Customer Accounts and Order Processing

Personal data is collected when you create an account or place an order. This is necessary for contract performance (Article 6(1)(b) UK GDPR).

You may delete your account at any time by contacting us. Data will be blocked according to tax and commercial retention periods and then deleted unless you have consented to further processing or the law permits continued processing.

6. Use of Data for Marketing

6.1 Newsletter Subscription: Providing your email address to subscribe to our newsletter allows us to send you offers. Only your email address is mandatory. Other information is optional and used to personalise content. Newsletter subscription requires confirmation (double opt-in). Consent is given under Article 6(1)(a) UK GDPR. You may unsubscribe at any time.

6.2 Marketing to Existing Customers: If you provided your email address during a purchase, we may send information about similar products or services. This is based on our legitimate interest in direct marketing (Article 6(1)(f) UK GDPR). You may object at any time.

7. Payment and Order Fulfilment

7.1 Order Fulfilment: Personal data is passed to couriers for delivery purposes. Payment details are passed to the payment provider as necessary (Article 6(1)(b) UK GDPR).

7.2 Payment Providers:

PayPal & Credit Card: Payment information is transmitted to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22–24 Boulevard Royal, L-2449 Luxembourg for payment processing only.
Google Pay & Apple Pay: Payment information is transmitted securely to the respective provider for processing.

Data processing is only to the extent necessary to complete your payment and is based on Article 6(1)(b) UK GDPR.

8. Review Reminders

Your email may be used to send a one-time reminder to submit a review, with your consent (Article 6(1)(a) UK GDPR). Consent can be withdrawn at any time.

9. Social Media Integration

We may include links to social media platforms such as Facebook and Instagram. Personal data is only processed when you interact with these links. For more details, see the privacy policies of the respective providers.

10. Online Marketing

DoubleClick: Cookies are used for user-targeted advertising and performance analysis.
Google Ads (AdWords): Cookies are used for conversion tracking, based on our legitimate interest in marketing analysis (Article 6(1)(f) UK GDPR).

11. Web Analytics

Google Analytics (Universal): Cookies analyse website traffic. IP addresses are anonymised. Processing is based on our legitimate interest in optimising the website (Article 6(1)(f) UK GDPR). Opt-out is possible via browser plugin or opt-out cookie.

12. Retargeting and Personalised Advertising

Facebook Pixel: Anonymised data used for ad performance evaluation, only with user consent (Article 6(1)(a) UK GDPR).
Google Ads Remarketing: Interest-based advertising processed under Article 6(1)(f) UK GDPR.

13. Your Rights

Right of Access (Article 15 UK GDPR): You have the right to obtain confirmation of whether your personal data is being processed. If so, you have the right to access:

The purposes of processing
Categories of personal data
Recipients of the data
Storage period
Rights to rectification, erasure, restriction of processing, and objection
Right to lodge a complaint
Source of data, if not collected directly from you
Existence of automated decision-making, including profiling

Privacy Policy