Who we are
Luna Charma (“we”, “us”, “our”) operates this website and is the data controller responsible for your personal data under the UK General Data Protection Regulation (UK GDPR).
Email: info@lunacharma.com
If you have any questions about this Privacy Policy or your data, please contact us at the details above.
What Personal Data We Collect
We may collect and process the following types of personal data:
Information You Provide to Us:
- Full name
- Billing and delivery address
- Email address
- Phone number
- Payment details (processed securely via third-party providers)
- Account login details
- Order history
- Customer service communications
Information Collected Automatically:
- IP address
- Browser type and version
- Device information
- Pages visited and browsing behaviour
- Cookies and tracking technologies
How We Use Your Personal Data
We use your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Processing and fulfilling orders | Performance of a contract |
| Managing payments and fraud prevention | Performance of a contract / Legitimate interests |
| Responding to enquiries | Legitimate interests |
| Sending marketing emails (if subscribed) | Consent |
| Improving our website and services | Legitimate interests |
| Complying with legal obligations | Legal obligation |
Marketing Communications
If you subscribe to our newsletter or marketing emails, we will use your email address to send promotional offers and updates to you.
You can withdraw your consent at any time by:
- Clicking the “unsubscribe” link in emails
- Contacting us at info@lunacharma.com
We will never sell your personal data to third parties.
Payment Processing
Payments are processed securely by third-party providers such as:
- Stripe
- PayPal
- Apple Pay
- Google Pay
We do not store full card details on our servers.
Sharing Your Data
We may share your data with:
- Payment providers
- Shipping companies (e.g., Royal Mail, courier services)
- IT and website hosting providers
- Accountants or legal advisors
- Regulatory authorities (if legally required)
- Suppliers / Manufacturers
All third parties are required to respect the security of your personal data.
International Transfers
If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as:
- UK International Data Transfer Agreement (IDTA)
- Adequacy regulations
- Standard contractual clauses
Data Retention
We retain personal data only as long as necessary:
- Order records: 6 years (for tax/legal compliance)
- Marketing data: Until consent is withdrawn
- Customer enquiries: Up to 2 years
Your Legal Rights
Under UK GDPR, you have the right to:
- Access your personal data
- Correct inaccurate data
- Request erasure (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent at any time
- Lodge a complaint with the supervisory authority
You can complain to the:
Information Commissioner’s Office
Website: https://ico.org.uk
Phone: 0303 123 1113
Data Security
We implement appropriate technical and organisational measures to protect your data, including:
- SSL encryption
- Secure payment gateways
- Access controls
- Regular security updates
However, no method of transmission over the internet is completely secure.
Cookies
We use cookies to:
- Enable essential website functionality
- Analyse website traffic
- Personalise content
- Support marketing efforts
You can manage cookie preferences via your browser settings.
Children’s Privacy
Our website is not intended for children under 16, and we do not knowingly collect personal data from children.
Changes to This Policy
We may update this Privacy Policy from time to time. Updates will be posted on this page.