Privacy Policy

1. Who is responsible for your data (data controller)

The data controller for LumaFit is:

2. What data we collect and why

We do not knowingly collect data from anyone under 18 making a purchase (see our Terms).

3. Who processes your data (processors)

We use trusted third parties to run the shop. Payment is handled directly through our payment processor, Stripe, which processes your card payment, billing country, and contact details under its own privacy policy and calculates any applicable tax.

These providers may process data outside the EU/EEA; where they do, they rely on safeguards such as Standard Contractual Clauses. Please also review the privacy policy of the active provider for full details.

4. Lawful bases

5. How long we keep it (retention)

We keep transaction and accounting records for as long as required by Latvian/EU tax law (typically several years). Support emails are kept only as long as needed to resolve your request. Marketing contacts are kept until you unsubscribe or ask us to delete them.

6. Your rights

Under the GDPR, you have the right to:

You also have the right to lodge a complaint with the Latvian Data State Inspectorate (Datu valsts inspekcija) or your local EU supervisory authority.

7. We don't sell your data

8. Cookies and analytics

We currently do not use tracking cookies or third-party analytics on lumafit.org. Our payment provider may set cookies that are strictly necessary to process your checkout securely. If we introduce analytics or marketing cookies in the future, we will update this policy and request your consent first, as required by EU law.

9. How to exercise your rights or ask questions

Email edgars@ideajetlab.com [SUPPORT EMAIL] with your request. We may need to verify your identity before acting, and we'll respond within the timeframe required by the GDPR (normally within one month).