Privacy Policy

Privacy Policy

Last updated: 1 January 2026

1. Information about the Controller

We are pleased that you are visiting our website and thank you for your interest. This privacy policy explains how we collect, use, and protect your personal data when you use our website.

Controller (data controller within the meaning of the GDPR):
Lune & Rose
The Netherlands
Email: info@luneandrose.com

Personal data means any information relating to an identified or identifiable natural person.

2. Data Collection When Visiting Our Website

When you visit our website for informational purposes only, we automatically collect certain technical data that your browser transmits to our server (so-called server log files). This includes:

  • Website visited

  • Date and time of access

  • Amount of data transferred

  • Referrer URL

  • Browser type and version

  • Operating system

  • IP address (anonymized where possible)

This processing is carried out in accordance with Article 6(1)(f) GDPR based on our legitimate interest in ensuring the stability, security, and functionality of our website.
The data is not merged with other data sources and is only reviewed in case of concrete indications of unlawful use.

3. Cookies

Our website uses cookies to ensure proper functionality and to make our website more user-friendly.

Cookies are small text files that are stored on your device. Some cookies are deleted when you close your browser (session cookies), while others remain stored for a defined period (persistent cookies).

Where cookies are technically necessary, processing is based on Article 6(1)(f) GDPR.
Where cookies are used for marketing or tracking purposes, processing is based on your consent pursuant to Article 6(1)(a) GDPR.

You can manage or disable cookies at any time via your browser settings or through our cookie consent banner. Please note that disabling cookies may limit the functionality of our website.

4. Contacting Us

If you contact us via email, we process the personal data you provide (such as your email address and message content) solely for the purpose of responding to your inquiry.

The legal basis for this processing is Article 6(1)(f) GDPR (legitimate interest in responding to inquiries).
If your inquiry is related to a contract, Article 6(1)(b) GDPR applies.

Your data will be deleted once your request has been fully handled, unless legal retention obligations apply.

5. Order Processing and Contract Fulfilment

When you place an order on our website, we process personal data necessary for contract execution, such as:

  • Name

  • Shipping address

  • Email address

  • Payment information

Processing is carried out in accordance with Article 6(1)(b) GDPR.

Your data may be shared with shipping and logistics partners to the extent necessary to deliver your order.

6. Payment Processing

Payments on our website are processed exclusively via credit card-based payment methods, including:

  • Visa

  • Mastercard

  • American Express

  • Apple Pay

  • Google Pay

  • Maestro

Payment processing is handled by secure third-party payment service providers. We do not store full payment card details.

The legal basis for this processing is Article 6(1)(b) GDPR.

7. Email Marketing (Klaviyo)

If you subscribe to our newsletter, we process your email address for marketing purposes via Klaviyo.

Newsletter registration may involve a confirmation process (double opt-in), where applicable.
The legal basis for newsletter communication is Article 6(1)(a) GDPR (consent).

If you have previously purchased from us, we may send you marketing emails related to similar products based on our legitimate interest (Article 6(1)(f) GDPR).
You can object to this at any time.

You may unsubscribe from marketing emails at any time via the unsubscribe link included in each email.

8. Facebook / Meta Pixel

Our website uses the Meta (Facebook) Pixel to analyze user behavior after interaction with Facebook or Instagram ads.

The pixel helps us measure ad performance and optimize marketing campaigns. Data collected is pseudonymized and does not allow us to directly identify individuals.

The use of the Meta Pixel is based on your consent pursuant to Article 6(1)(a) GDPR, where required.

You can withdraw your consent at any time via our cookie settings.

9. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal data.

Our website uses SSL/TLS encryption (https) to secure data transmission.

Personal data is stored within the European Union or in countries that ensure an adequate level of data protection in accordance with GDPR requirements.

10. Data Retention

Personal data is stored only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable legal retention periods (e.g. tax and commercial law).

After expiry of the retention period, the data will be deleted in accordance with statutory requirements.

 

11. Right to Object

If we process your personal data based on legitimate interests (Article 6(1)(f) GDPR), you have the right to object at any time for reasons arising from your particular situation.

You also have the right to object at any time to the processing of your personal data for direct marketing purposes.

12. Changes to This Privacy Policy

We reserve the right to update this privacy policy to reflect legal or technical changes. The current version is always available on our website.