SAMPLES with every order

The Signature Shampoo: GLAMMMIES Best in Haircare Award by GLAMOUR Magazine!

24h delivery

Our sets = perfect gifts
SHOP About us JOURNAL
English Chevron
Poland PLN Chevron
Account

Privacy Policy

Privacy Policy

This Privacy Policy (hereinafter: “Policy”) contains information on the processing of your personal data in connection with the use of the online store Luãre, operating at the internet address www.luarebeauty.com (hereinafter: “Store”).
All capitalized terms that are not otherwise defined in the Policy shall have the meaning given to them in the Terms and Conditions, available at: https://luarebeauty.com/terms-conditions

Personal Data Controller

The Controller of your personal data is Cresmina Labs Monika Frydrych, with its registered office at ul. Adama Mickiewicza 4, 17-300 Siemiatycze, entered in the Central Registration and Information on Business (CEIDG) under NIP: 544 149 0007, REGON number: 529140770, (hereinafter: “Controller”).

Contact with the Controller

In all matters related to the processing of personal data, you can contact the Controller using email hello (at) luarebeauty.com

Measures to Protect Personal Data

The Controller uses modern organizational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: “GDPR”), the Act of 10 May 2018 on the protection of personal data and other provisions on the protection of personal data.

Information about the Processed Personal Data

Using the Store requires the processing of your personal data. Below you will find detailed information about the purposes and legal bases of processing, the period of processing, and whether providing them is obligatory or voluntary.

Purposes of Processing, Personal Data Processed, and Legal Bases

1. Conclusion and Performance of the Agreement for the Provision of the Account Service

  • Personal data: Name and surname, e-mail address

  • Legal basis: Article 6(1)(b) GDPR (necessary for performance of the Agreement)

  • Note: Providing data is voluntary but necessary to conclude and perform the contract, including creating an Account. Data processed until claims expire.

2. Conclusion and Performance of the Sales Agreement

  • Personal data: Name and surname, e-mail address, telephone number, address of residence/business (street, house number, apartment number, city, postal code, country), delivery address (if different), optionally company and NIP (if Buyer is an Entrepreneur)

  • Legal basis: Article 6(1)(b) GDPR

  • Note: Data necessary to conclude and perform the Sales Agreement; processed until claims expire.

3. Conclusion and Performance of a Paid Agreement for the Provision of Digital Goods

  • Personal data: Name and surname, e-mail address, telephone number, address, optionally company and NIP (if Buyer is an Entrepreneur)

  • Legal basis: Article 6(1)(b) GDPR

  • Note: Data necessary for conclusion and performance; processed accordingly.

4. Conclusion and Performance of a Free-of-Charge Agreement for the Delivery of Digital Goods

  • Personal data: E-mail address

  • Legal basis: Article 6(1)(b) GDPR

  • Note: Data necessary for conclusion and performance; processed accordingly.

5. Conclusion and Performance of the Newsletter Agreement (including Email and SMS Newsletters)

  • Personal data: E-mail address and/or telephone number

  • Legal basis: Article 6(1)(b) GDPR (necessary for Agreement) and Article 6(1)(f) GDPR (legitimate interest to inform about products and promotions)

  • Note: Providing data is voluntary but necessary to receive newsletters. Data processed until objection or achievement of purpose or expiry of claims.

  • Additional details related to SMS newsletters: Subscription to SMS newsletters can be made via a dedicated subscription form on the Store website. To receive SMS newsletters, a device capable of receiving SMS (e.g., mobile phone) is required. Unsubscription from SMS newsletters is possible by replying with "STOP" to any received SMS or by contacting the Store via email.

6. Conducting a Complaint Procedure

  • Personal data: Name and surname, e-mail address

  • Legal basis: Article 6(1)(c) GDPR (legal obligation)

  • Note: Data needed to respond to complaints or exercise customer rights; processed during procedure and until expiry.

7. Conducting Verification Proceedings and Handling Appeals on Unacceptable Content

  • Personal data: Name and surname, e-mail address

  • Legal basis: Article 6(1)(c) GDPR (legal obligation under Digital Services Act)

  • Note: Data needed to respond and handle complaints; processed accordingly.

8. Sending Email Notifications Related to Contract Performance

  • Personal data: E-mail address

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest)

  • Note: Voluntary but necessary to receive info about contract activities.

9. Handling Customer Inquiries

  • Personal data: Name, e-mail address, other data in message

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest)

  • Note: Voluntary but necessary to respond.

10. Sharing Reviews on Goods

  • Personal data: Name, optionally other data in opinion

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest)

  • Note: Voluntary but necessary to add opinion.

11. Informing Customers about Availability of Previously Unavailable Goods

  • Personal data: E-mail address

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest)

  • Note: Voluntary but necessary to receive notifications.

12. Fulfillment of Tax Obligations (including issuing VAT invoices, maintaining accounting documentation)

  • Personal data: Name and surname/company, address of residence/registered office, TIN

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest)

  • Note: Necessary for tax obligations; processed for 5 years from end of relevant year.

13. Fulfillment of Obligations Related to Personal Data Protection

  • Personal data: Name and surname, contact details (email, correspondence address, phone number)

  • Legal basis: Article 6(1)(c) GDPR (legal obligation)

  • Note: Necessary to exercise data protection rights; processed until expiry of limitation periods.

14. Establishing, Investigating, or Defending Against Claims

  • Personal data: Name and surname/company, e-mail address, address, PESEL, TIN

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest)

  • Note: Processed until expiry of limitation periods.

15. Analysis of Your Activity in the Store

  • Personal data: Date and time of visit, IP address, device OS type, approximate location, browser type, time spent, goods viewed, visited subpages and activities

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest)

  • Note: Voluntary but necessary for analysis; processed until objection or achievement of purpose.

16. Store Administration

  • Personal data: IP address, server date/time, browser info, OS info (saved in server logs)

  • Legal basis: Article 6(1)(f) GDPR (legitimate interest)

  • Note: Necessary for store operation; processed until objection or achievement of purpose.

Profiling

To create your marketing profile and direct marketing tailored to your preferences, the Controller will process your personal data automatically, including profiling, but this will not have legal effects or significant impact on you. The profiled data corresponds to your activity analysis and saved account data. Legal basis is Article 6(1)(f) GDPR (legitimate interest). Processing continues until objection or achievement of purpose.

Recipients of Personal Data

Your personal data may be shared with external entities cooperating with the Controller, including: hosting companies; logistics and courier companies; online payment system providers; newsletter service providers; companies providing tools for Store activity analysis and targeted marketing (e.g., Google Analytics, Meta); accounting service providers. Data may also be transferred to public or private entities if required by law, final court judgment, or administrative decision.

Transfer of Personal Data to Third Countries

Because the Controller uses services by Google LLC, your data may be transferred to third countries including the UK, Canada, USA, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan, Indonesia, and Australia. Transfers rely on:

  • European Commission adequacy decisions for UK, Canada, Israel, Japan, South Korea.

  • EU-US Data Privacy Framework for the USA.

  • Standard contractual clauses for other countries per EU Commission decisions.

You can request a copy of your transferred data from the Controller.

Your Rights

You have rights including: access, rectification, deletion (under specific conditions), data portability, consent withdrawal, objection to processing based on legitimate interest, complaint to the data protection authority, and restriction of processing under certain conditions.

Cookies

The Store uses cookies—small text files placed on your device by the Controller or third parties (e.g., Facebook, Google)—for:

  • Ensuring proper Store operation (necessary cookies).

  • Improving browsing experience.

  • Creating usage statistics.

  • Conducting marketing activities (targeted ads).

Cookies may be session or persistent. You can manage cookie settings via the Store’s cookie panel. Disabling cookies may limit Store functionality.

The Controller uses:

  • Necessary cookies that cannot be disabled as they ensure Store operation, mostly session cookies but some may persist for months.

  • Google Analytics for statistical data collection (retention up to 2 years).

  • Facebook Pixel to track Store visits and target ads on Facebook and Instagram (retention up to 3 months).

Final Provisions

This Policy applies alongside generally applicable data protection laws and is effective from July 10th, 2024.