Privacy Policy

At Lumaraboutique, your privacy is of the utmost importance to us.
This Privacy Policy (“Policy”) explains how Lumaraboutique.shop (“we”, “us”, “our”) collects,
uses, discloses, stores, transfers, and protects the personal information you provide when you visit, browse,
register, or make a purchase on Lumaraboutique.shop (“Website”). By accessing or using our Website,
you consent to the data practices described in this Policy. If you do not agree, please discontinue use of the
Website.

This Policy is issued in accordance with the Digital Personal Data
Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000, the
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or
Information) Rules, 2011, the Information Technology (Intermediary Guidelines and Digital
Media Ethics Code) Rules, 2021, the Consumer Protection (E-Commerce) Rules, 2020,
and other applicable laws of India.

1. About Us

Lumaraboutique.shop is an India-based individual online retail
store (sole proprietorship) selling a curated range of products — exclusively within the territory of the
Republic of India. For the purposes of the DPDP Act, 2023, we act as a “Data Fiduciary” responsible for
determining the purpose and means of processing your personal data.

2. Scope and Applicability

This Policy applies to:

  • All visitors and users of Lumaraboutique.shop;
  • All customers who place an order through the Website;
  • All persons who subscribe to our newsletter, contact us by email, or engage with us in any manner online;
  • Personal data collected through cookies, analytics, and tracking technologies used on the Website.

It does not apply to third-party websites, services, or applications linked from
our Website. Please review their respective privacy policies separately.

3. Information We Collect

3.1 Personal Information

  • Contact Details: Full name, email address, mobile/telephone number, shipping address,
    billing address, city, state, and PIN code within India.
  • Account Information: Username, password (stored in encrypted form), account preferences,
    wishlists, and order history.
  • Payment Information: Credit/debit card details, UPI IDs, bank account information, and
    other payment data. Payment transactions are processed by secure third-party payment gateways; we do
    not store complete card numbers or CVV on our servers.
  • Demographic Information: Gender, date of birth (where provided), and other optional
    demographic data.
  • Communication Records: Email correspondence between you and our customer support team,
    including return requests, complaints, and feedback.

3.2 Non-Personal Information

  • IP address, approximate geographic location (country, state, city);
  • Device identifiers, browser type and version, operating system, screen resolution;
  • Website usage data: pages visited, time spent, click patterns, referral URLs, search queries on the Website;
  • Aggregated and anonymised analytics data that cannot be used to identify you personally.

3.3 Sensitive Personal Data or Information (SPDI)

In line with the IT (Reasonable Security Practices) Rules, 2011, we treat the
following as Sensitive Personal Data when collected:

  • Passwords;
  • Financial information such as bank account, card, or payment instrument details;
  • Any other information classified as sensitive under applicable law.

SPDI is collected only with your explicit consent and is used
strictly for the purpose for which it was provided.

4. How We Collect Information

  • Direct Collection: When you register an account, place an order, complete a checkout form,
    subscribe to our newsletter, or email us.
  • Automated Tracking Tools: Cookies, web beacons, pixels, web analytics, and similar
    technologies that track your activity on the Website.
  • Third-Party Sources: Information obtained from secure payment gateways, courier partners,
    fulfilment partners, and analytics providers, in accordance with their respective privacy policies.
  • Email Communications: Information you share when contacting our customer support at support@lumaraboutique.shop — our exclusive support channel.

5. Purpose of Data Processing

We process your personal data for the following lawful purposes:

  • Order Fulfilment: Processing, packaging, dispatching, and delivering your orders
    across India.
  • Payment Processing: Facilitating secure payment through third-party gateways and processing
    refunds where applicable.
  • Order Communications: Sending order confirmations, dispatch alerts, tracking information,
    delivery updates, and post-purchase follow-ups.
  • Customer Support: Responding to your queries, complaints, return requests, exchange
    requests, and warranty claims received by email.
  • Fraud Prevention & Security: Verifying your identity, detecting suspicious
    transactions, and protecting the Website from unauthorised access.
  • Personalisation: Recommending products based on your preferences, browsing history,
    and past purchases.
  • Marketing & Promotions: Sending promotional emails about new collections, offers, and
    brand updates (with the option to unsubscribe at any time).
  • Analytics & Improvement: Analysing Website performance, user behaviour, and conversion
    metrics to improve our products and services.
  • Legal Compliance: Complying with applicable Indian laws, regulations, court orders, and
    statutory requirements.

6. Legal Basis for Processing

Under the DPDP Act, 2023, we process your personal data on the following lawful
grounds:

  • Consent — You provide free, specific, informed, and unambiguous consent (e.g., by ticking
    the consent box at registration or checkout).
  • Performance of a Contract — Processing necessary to fulfil our agreement with you, such as
    delivering products you have ordered.
  • Legitimate Uses — Including fraud prevention, statutory compliance, and protection of our
    rights and interests, in accordance with Section 7 of the DPDP Act.
  • Legal Obligation — Compliance with applicable Indian tax, accounting, and regulatory
    requirements.

7. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on
Lumaraboutique.shop:

  • Essential Cookies: Required for the Website to function — login, shopping cart, security.
  • Functional Cookies: Remember your preferences such as language, currency, and saved form
    preferences.
  • Analytics Cookies: Help us understand how visitors use the Website (e.g., Google
    Analytics).
  • Advertising Cookies: Deliver personalised advertisements and measure marketing
    effectiveness across third-party platforms (e.g., Meta Pixel, Google Ads).

You can manage or disable cookies through your browser settings at any time.
Please note that disabling essential cookies may limit Website functionality.

8. Sharing of Information with Third Parties

We do not sell, rent, or trade your personal information to third
parties for their marketing purposes. We share your information only with trusted partners,
strictly to fulfil the purposes set out in this Policy:

  • Fulfilment & Service Partners: Trusted partners who help us process, prepare, or
    assemble your order receive only the data necessary to perform their function.
  • Payment Gateways: Authorised PCI-DSS-compliant payment processors handle your payment
    securely.
  • Courier and Logistics Partners: Reputed Indian courier partners (Delhivery, Blue Dart,
    Shadowfax, Xpressbees, Ecom Express, DTDC, India Post, etc.) receive your shipping address and contact
    number to deliver your order.
  • Email and Marketing Service Providers: Email service providers used to send order updates
    and promotional content.
  • Analytics Providers: Google Analytics, Meta Pixel, and similar tools for understanding
    Website usage (data shared in anonymised or pseudonymised form where possible).
  • Legal & Regulatory Authorities: Government agencies, regulators, or law enforcement
    bodies when required by law, court order, or to protect our legal rights.
  • Business Transfers: In the event of a sale, merger, or restructuring of the
    proprietorship’s business, personal data may be transferred to the successor entity, subject to the same
    privacy obligations.
  • With Your Explicit Consent: In any situation where you have given us specific permission to
    share your data.

9. Data Security

We implement reasonable administrative, technical, and physical security
measures to protect your personal data from unauthorised access, use, alteration, disclosure, or destruction.
These include:

  • SSL/TLS encryption during data transmission between your browser and our Website;
  • Encrypted password storage using industry-standard hashing algorithms;
  • Secure third-party payment gateways with PCI-DSS compliance for all financial transactions;
  • Restricted access to personal data on a need-to-know basis only;
  • Periodic review of our security practices in accordance with the IT (Reasonable Security Practices) Rules,
    2011 (ISO/IEC 27001 framework where applicable).

However, no method of electronic transmission or storage is 100% secure. While
we strive to use commercially acceptable means to protect your data, we cannot guarantee its absolute security
against unauthorised intrusion. You acknowledge and accept this inherent risk when providing information through
the Website.

10. Data Retention

We retain your personal data only for as long as necessary to:

  • Fulfil the purposes set out in this Policy;
  • Maintain your account and provide ongoing services;
  • Comply with applicable Indian legal, tax, accounting, and regulatory obligations (typically 7 years for
    transactional records under tax law);
  • Resolve disputes, enforce our agreements, and prevent fraud.

Upon deletion of your account, we may retain certain residual information in our
backups and archives for the period required by law, after which it shall be securely deleted or anonymised.

11. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023, as a Data Principal you
have the following rights with respect to your personal data:

  • Right to Access: Request a summary of the personal data we process about you and the
    purposes of processing.
  • Right to Correction: Request that we correct any inaccurate, misleading, or incomplete
    data.
  • Right to Erasure: Request the deletion of your personal data where retention is no longer
    necessary, subject to legal retention obligations.
  • Right to Withdraw Consent: Withdraw your consent for processing at any time, without
    affecting the lawfulness of processing carried out before withdrawal.
  • Right to Grievance Redressal: Lodge a complaint with our Grievance Officer regarding any
    concerns about data handling.
  • Right to Nominate: Nominate another individual to exercise these rights on your behalf in
    the event of your death or incapacity.

To exercise any of these rights, please email support@lumaraboutique.shop with subject line “Data Rights Request — [Your
Name]”. We will respond within a reasonable timeframe as required by applicable law.

12. Children’s Privacy

Our Website and services are intended for individuals aged 18 years and above.
We do not knowingly collect personal data from children under 18 without verifiable parental or guardian
consent, in accordance with Section 9 of the DPDP Act, 2023. If you are a parent or guardian and believe that
your child has provided personal data to us without your consent, please email support@lumaraboutique.shop and we will promptly delete such information.

13. Cross-Border Data Transfers

As a primarily India-only e-commerce operation, your personal data is generally
stored and processed within India. However, certain service providers (such as cloud hosting, email service
providers, or analytics tools) may store or process data on servers located outside India. Where such transfers
occur, we ensure that they comply with the DPDP Act, 2023 and any restrictions notified by the Central
Government from time to time.

14. Third-Party Links

Our Website may contain links to third-party websites, plug-ins, or applications
(e.g., social media icons, payment partner sites). Clicking on these links may allow third parties to collect or
share data about you. We do not control these third-party sites and are not responsible for their privacy
practices. Please review the privacy policy of each third-party site you visit.

15. Marketing Communications

By creating an account, placing an order, or subscribing to our newsletter, you
consent to receive marketing communications from us regarding new collections, style guides, exclusive offers,
and brand updates. You may withdraw consent at any time by:

  • Clicking the “unsubscribe” link in any marketing email;
  • Updating your communication preferences in your account settings; or
  • Emailing us at support@lumaraboutique.shop with subject line “Unsubscribe
    — [Your Email]”.

Please note that even after opting out of marketing communications, you may
continue to receive transactional emails related to your orders (e.g., order confirmations, shipping updates).

16. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in risk
to the rights or interests of affected Data Principals, we will notify the affected individuals and the Data
Protection Board of India (or any other competent authority) within the timelines mandated by the DPDP Act, 2023
and applicable rules.

17. Do Not Track Signals

Some browsers offer a “Do Not Track” (DNT) signal feature. As industry standards
are not yet harmonised on the proper response to DNT signals, the Website does not currently respond to DNT
browser signals. You can, however, exercise control over cookies through your browser settings, as described in
Section 7.

18. Changes to This Privacy Policy

Lumaraboutique.shop reserves the right to modify, amend, or
update this Privacy Policy at any time to reflect changes in our data practices, technology, legal requirements,
or other factors. Any updates will be posted on this page with a revised “Last Updated” date. Where the changes
are material, we may notify you via email or a prominent notice on the Website. Your continued use of the
Website following the posting of changes constitutes your acceptance of the updated Policy.

19. Grievance Officer / Data Protection Contact

In accordance with Section 8(9) of the DPDP Act, 2023, the Information
Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Consumer Protection
(E-Commerce) Rules, 2020, we have designated a Grievance Officer to address concerns related to the collection,
processing, or storage of your personal data. The designated officer’s details are as follows:

  • Name: Yuvraj Anand
  • Designation: Grievance Officer / Sole Proprietor / Data Protection Contact
  • Email: support@lumaraboutique.shop
  • Address: 1, Samarth Nagar, Chunabhatti, Sion, Mumbai, Maharashtra 400022, India
  • Working Hours: Monday to Friday, 10:00 AM – 6:00 PM IST (excluding public holidays)

All data-protection-related complaints, grievances, or rights-exercise requests
must be submitted exclusively by email. We will acknowledge receipt of your grievance within
24 hours and shall endeavour to resolve it within 15 days from the date of
receipt, in accordance with applicable law.

20. Contact Us

For any questions, concerns, complaints, or requests regarding this Privacy
Policy or our handling of your personal information, please contact us using the details below. Email is
our only supported channel for privacy-related communications.

  • Seller Name: Yuvraj Anand
  • Website: Lumaraboutique.shop
  • Privacy Email (only channel): support@lumaraboutique.shop
  • Address: 1, Samarth Nagar, Chunabhatti, Sion, Mumbai, Maharashtra 400022, India  
  • Email Response Time: Monday – Saturday, 8:00 AM – 5:00 PM IST Closed on Sundays and Public Holidays.

By using Lumaraboutique.shop, you confirm that you have read,
understood, and consented to the collection, use, and disclosure of your information as described in this
Privacy Policy.

Last Updated: May 2026