Privacy Notice
Last updated: 20 January 2025
This privacy notice (notice) explains how we, Luna & Bloom Ltd (we, us our) control and process your personal data if you use our website, service, content or feature or otherwise engage with us online or offline.
If you have any questions about your data protection rights or if you do not understand anything explained in this notice, please contact us using out contact us page.
1. WHO DOES THIS PRIVACY NOTICE APPLY TO?
This notice applies to:
- users of our website, our social media, online content and features
- job applicants
- our freelance consultants
- our agents
- anyone else who interacts with us, if you call, email, send us an online message or otherwise engage with us online or offline
This notice applies to you if you act in your personal capacity, and if you act in your professional capacity, for example, as an employee or our customer, if you are our agent or our freelance consultant.
2. WHAT TYPES OF PERSONAL DATA DO WE PROCESS
"Personal data" means any information that identifies you or relates to you.
This may include your contact details, information about your engagement with us, online behavioural data, and other information as set out in the "categories of personal data" section below.
3. DATA ACCURACY
We will trust that your personal data is accurate, complete and up to date. We ask that you keep us informed of any changes.
4. HOW IS YOUR PERSONAL DATA COLLECTED?
We may collect your personal data as follows:
- From you, when you contact us, complete a form on our website, if you work for a customer who purchases our designs, during your engagement with us as our consultant or agent, or otherwise deal with us
- From third parties, such as your employer who may provide your professional details, social media platforms, your referees, recruitment agencies and other third parties
- From your online user interactions with our website, service, content and features and when users make choices we need to remember
- From the public domain, such as information on social media, the internet or other public record
If you provide information about others, please ensure you have their consent to do so (where required by law) or let us know if you do not.
5. WHY DO WE PROCESS YOUR PERSONAL DATA?
In this section we explain why we process your personal data. We include general purposes and provide examples of the various processing activities. For more information about the specific categories of personal data processed, please see the "categories of personal data" section below. If you have any questions, please contact us. We keep our processes and data collection under review and will update this notice should any personal data no longer be necessary for the given purpose.
| Purpose | Personal data | Lawful basis of processing |
|---|---|---|
| To assist with your enquiry |
general information contact information |
Necessary for our legitimate interest in responding to enquiries and complying with best practice or, as the case may be, necessary for taking steps prior to entering into a contract or the performance of our contract with you. |
| To provide information, agree the terms of a sale with you as our customer's representatives, and comply with other terms of our contract |
general information contact information public information your background information |
Necessary for our legitimate interests in performing our contractual obligations to our customers for whom you work and for promoting our activities and administering our business. |
| To create a user account for you if you register with us |
general information contact information profile information usage information technical information |
Necessary for taking steps prior to entering into a contract or the performance of our contract with you and for our legitimate interests in providing the services you request and maintaining our relationship with you. |
| To provide our online services including our website, content and features to you and the general public which may remember your preferences or include personalised content and services. |
technical information usage information profile information |
Necessary for our legitimate interest in providing our website and information to our supporters and the public and complying with best practice, and compliance with our legal obligations. Where required by law, we rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services. |
| To send you service communications about matters relevant to your involvement with the business and your engagement with us, and other feedback requests, etc. |
general information contact information |
Where you have given us your consent to contact you, where it is necessary for the performance of our contract with you and our legitimate interest in understanding how our website is used, views about our business and keeping our users informed. |
| To manage our professional relationship with you as our consultant or agent and using our record management systems and contacting you by phone, email and other means. |
general information contact information profile information public information special category of personal data your background information |
Necessary for the performance of our contract with you as our consultant or agent. Special categories data may be processed as is necessary in the context of employment and social security laws. |
| To manage our professional relationship with our customer, using our record management systems and engagement tools, identifying opportunities and contacting you by phone, email and other means. |
general information contact information profile information |
Necessary for our legitimate interest in winning business, understanding and maintaining our business relationship and administering our business. |
| To assess your job application and for business administration purposes. We may use automated processes and decision-making to assess your application. For example, if you apply for a job, we will review your CV, publicly available information about you, information from your previous employers and professional references. |
general information contact information profile information public information special categories of personal data your background information |
Necessary for our legitimate interest in considering applications, responding to queries and, as the case may be, necessary for taking steps prior to entering into a contract. Special categories data may be processed as is necessary in the context of employment and social security laws. |
| To develop and improve our information, website, content and features and organisation including measurement of engagement and activity, analytics, development of our tools, services and algorithms and development of our internal processes. |
anonymised usage, profile and technical information |
Necessary for our legitimate interest in service and process development and keeping our offering relevant. Where required by law, we rely on your consent to deploy cookies or similar technologies on your device or to read information on your device except where necessary for essential services. |
To ensure the proper administration of our business, including to:
|
all personal data as is necessary and proportionate | Necessary for compliance with our legal obligations, to establish, exercise or defend legal claims and necessary for our legitimate interest in the proper administration of our business and protecting our reputation. |
| To ensure information security of our information systems, premises, meetings and communications. |
general information security information your background information |
Necessary for our legitimate interest in ensuring the security of people, our organisations and assets and compliance with our contractual obligations, and as necessary for compliance with our legal obligations. |
| To ensure your health and safety at our premises or to make reasonable adjustments on account of your disability. |
general information special categories of personal data |
Necessary for our legitimate interest in ensuring health and safety and good accessibility at our premises in the substantial public interest and complying with our legal obligations. |
| To engage our third-party service providers and advisors who may process your personal data on our behalf or otherwise to facilitate the provision of our business services and the fulfilment of essential service functions including cloud storage, telecommunications, information security, professional advice and other services. | all personal data as is necessary and proportionate | Necessary for our legitimate interest in providing our services and running our business. |
| Processing and sharing your personal data in connection with legal claims, law enforcement including the prevention and detection of crimes including fraud and regulatory requests. | all personal data as is necessary and proportionate | Necessary for compliance with our legal obligations, to establish, exercise or defend legal claims or for our legitimate interest in complying with best practice. |
| To share data with another organisation in accordance with the law for the purposes of a joint venture, collaboration, merger or acquisition. | all information as is lawful, necessary and proportionate | Necessary for our legitimate interest in engaging in activities to promote our business and complying with our legal obligations. |
We may process your personal data for other purposes which are compatible with the existing ones. However, we will obtain your prior consent for any new purpose where required by law.
6. WHO IS YOUR PERSONAL DATA DISCLOSED TO?
We may share your personal data with the following third parties:
- Service providers which assist us with our website including website development, hosting and data analysis.
- Payment processors to facilitate the processing of your purchases including payment authentication services
- Your employer, who may need information about your interactions with us
- Recruitment agent, your former employer or other person providing a reference about you
- Our professional advisors, including our legal advisers and our accountants
- Our agents and freelance consultants
- The public if you interact with us on social media
- External auditors or inspectors
- Tax, law enforcement and other authorities where required by law or best practice
- Third parties where ordered by the court or necessary in establishing, exercising or defending legal claims
- Other third parties where you have provided consent, or as otherwise disclosed at the time of collection.
7. COOKIES AND DIGITAL ANALYTICS
We may work with third parties that collect data about your use of our websites and app and other sites or apps over time for non-advertising purposes. Specifically, we use Google Analytics to improve the performance of the website and for analytic purposes. For more information about how Google Analytics collects and uses data when you use our website, visit How Google uses information from sites or apps that use our services - Privacy & Terms - Google, and to opt out of Google Analytics, visit Google Analytics Opt-out Browser Add-on Download Page.
Additionally, your browser or device may offer tools to limit the use of cookies or to delete cookies; however, if you use these tools, our websites may not function as intended.
For more information on the types of cookies we use and how we use cookies in relation to your personal data, please see our cookies policy.
| Description of Cookie | Purpose |
|---|---|
| _comos_io_cookieconsent_status | Used to remember the choices you make when selecting settings for your acceptance around allowing cookies |
8. HOW DO WE SECURE YOUR PERSONAL DATA?
We have put in place appropriate organisational and technical measures designed to safeguard your personal data that we keep on premise and on our systems. Access to your personal data is restricted on a "need to know" basis.
We seek to ensure our third-party services providers do the same. We appoint service providers only under an appropriate contract who provide sufficient guarantees about data security in accordance with applicable law.
No system is completely secure and we cannot fully guarantee the security of your personal data. We will deal with any personal data breach in accordance with our incident response procedures and will notify you and the regulatory where we are legally required to do so.
You can take steps to keep access to your account secure by selecting a password and user name that is unique to you.
9. HOW LONG IS YOUR DATA KEPT?
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
After the retention period, your personal data will either be securely deleted or anonymised, and it may be used for analytical purposes.
Even if we delete your personal data, it may persist on backup or archival media for legal, tax or regulatory purposes.
10. WHERE WE STORE YOUR PERSONAL DATA
Generally, your personal data will be held in the UK.
We may also use or make available tools which require the transfer of your personal data outside the UK. For example, this could occur if our servers are located in a country outside of the UK or one of our service providers is situated in a country outside the UK. We may share information with our agents, some of whom are located outside of the UK and Europe. However, we will only transfer your personal data where we are satisfied that your data protection rights are adequately protected by appropriate technical, organisational and contractual safeguards in accordance with data protection laws before any such transfer. These safeguards may include the standard contractual clauses.
You may request further information on the measures used for the international transfers or access to your personal data.
11. YOUR RIGHTS
Depending on the data rights granted to you by the laws of your country, you may have the following rights in relation to your personal data:
- Right to information about matters set out in this notice. You may contact us for further details.
- Right to know about personal data collected, used, disclosure or sold or right to make an access request to receive a copy of your personal data held by us, subject to certain exemptions.
- Right to rectification of any inaccurate or incomplete personal data.
- Right to erasure of personal data that is no longer needed.
- Right to restriction of processing to limit how we use personal data.
- Right to opt-out or object to our processing of personal data based on our legitimate interests.
- Right to object to the processing of personal data for direct marketing purposes where you wish to no longer receive our direct marketing.
- Right to data portability from one organisation to another, where applicable.
- Right to withdraw consent previously provided.
- Right to human intervention in respect of any automated decision-making without human involvement that significantly affected you.
- Right to lodge a complaint with the Information Commissioner's Office. The address is Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. The Helpline number is 0303 123 113.
To exercise any of your above rights, please contact us by email at contactus@lunaandbloom.co.uk. All requests will be processed without undue delay and no later than within one month. We will first require appropriate proof of your identity. Your data rights are not absolute and are subject to exemptions and limitations, as shown above. If we cannot process your request within this period, we shall explain why and process it as soon as possible.
Please note that we will not discriminate against you for exercising any of your rights.
12. THIRD PARTIES MAY PROCESS YOUR PERSONAL DATA
Our website, content and features may involve the use of third-party services, social media platforms, such as Instagram and LinkedIn, or other third-party services.
We may also share your personal data with third parties, such as payment service providers, public authorities and others who process your personal data for their own purposes.
You should check the privacy statements of those third parties, and we are not responsible for how they may process your personal data. Please note some of them may use your personal data for business administration or product development purposes.
13. CATEGORIES OF PERSONAL DATA
We process the following categories of personal data about you:
| Category | Description |
|---|---|
| Contact information | including your home or business address, telephone, email and similar information. |
| General information | including your name, job function, education status, age bracket, details of your enquiry or communication and similar information. |
| Profile information | including your demographic information from our analytics and advertising partners, your preferences and interests known, observed or inferred by using analytics, advertising or other tools and sources including notes of your past interactions with us. |
| Public information | from public registers, databases, social media, the Internet and similar sources. |
| Security information | including logs, network monitoring and logging data, antivirus scan and similar information. |
| Special categories of personal data | including your race, ethnic origin, religious or philosophical beliefs, sexual orientation, political or trade union affiliation, information about your health and information relating to criminal convictions and offences. |
| Technical information | including online identifiers, internet protocol (IP) address, details of operating system, referring website, browser type, language, time zone setting, location, date and time of access, local storage data and similar information obtained from your device, browser, an API or similar source. |
| Usage information | about how you navigate and engage with our online services and newsletters, features including online activity data such as downloads, clickstream data with URLs visited previously, page interaction, such as scrolling, clicks, and mouse-overs, methods used to browse away from our websites, information in security logs and similar information |
| Your background information | including your personal, professional, tax payer and financial information obtained from you, public sources and third parties such as former employers, colleagues and similar information. |
14. UPDATES TO THIS NOTICE
We reserve the right to change this privacy notice as we may deem necessary from time to time or as may be required by law. If we make any changes to our notice, you will be able to see them on this page, as indicated by the "Last updated" date at the top. We encourage you to visit this page periodically to learn of any updates.
If any such changes materially affect you, we will ask for your prior consent where we are required to do so by law.
| Description of Cookie | Purpose |
|---|---|
| _comos_io_cookieconsent_status | Used to remember the choices you make when selecting settings for your acceptance around allowing cookies |