top of page

Privacy Policy – NOIR LUMI
 

Last Updated: April 16, 2025

​

NOIR LUMI (hereinafter "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal data in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Law (Loi Informatique et Libertés). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with our services, including our website noirlumi.com, our products, and any other interactions you may have with us.

 

1. Data Controller

The data controller responsible for your personal data is:

NOIR LUMI
Quai des Orfévres, Paris, 75001, France

tamara@noirlumi.com
 

2. Personal Data We Collect

We may collect the following categories of personal data:

  • Identification Data: Name, surname, title, username, or similar identifier.

  • Contact Data: Billing address, delivery address, email address, telephone numbers.

  • Financial Data: Bank account and payment card details (processed securely by payment processors).

  • Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us.

  • Technical Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website or services.

  • Usage Data: Information about how you use our website, products, and services.

  • Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.

  • Profile Data: Your interests, preferences, feedback, and survey responses.

  • Other Data: Any other personal data you voluntarily provide to us.

 

3. How We Collect Your Personal Data

We collect your personal data through various means, including:

  • Direct Interactions: When you fill in forms on our website, place an order, subscribe to our newsletter, contact us via email or phone, provide feedback, or participate in surveys.

  • Automated Technologies or Interactions: As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this data by using cookies, server logs, and other similar technologies. 

  • Third Parties: We may receive personal data about you from third parties such as payment processors, analytics providers, and marketing partners.

 

4. Purposes of Processing Your Personal Data

We may process your personal data for the following purposes:

  • To process and fulfill your orders, including managing payments, delivering products, and handling returns.

  • To manage our relationship with you, including providing customer support and responding to your inquiries.

  • To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).

  • To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.

  • To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences.

  • To provide you with marketing communications, newsletters, and promotional offers where you have consented to receive them or where we have a legitimate interest in doing so.

  • To conduct surveys and gather feedback to improve our products and services.

  • To comply with legal and regulatory obligations.

  • To prevent fraud and other illegal activities.

 

5. Legal Basis for Processing Your Personal Data

We will only process your personal data when we have a lawful basis for doing so, which may include:

  • Consent: Where you have given us explicit consent to process your personal data for a specific purpose (e.g., marketing). You have the right to withdraw your consent at any time.

  • Contract: Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract (e.g., processing your order).

  • Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, provided that your interests and fundamental rights do not override those interests (e.g., improving our services, preventing fraud).

  • Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject (e.g., tax obligations).

 

6. Disclosure of Your Personal Data

We may share your personal data with the following categories of recipients:

  • Service Providers: Third-party service providers who provide services on our behalf, such as payment processing, website hosting, data analysis, email delivery, marketing, and customer service. These providers are contractually obligated to protect your personal data.

  • Business Partners: Where necessary to provide our services or with your consent.

  • Professional Advisors: Lawyers, auditors, and insurers.

  • Regulatory Authorities: When required by law or to comply with a legal obligation.

  • Other Third Parties: In the event of a merger, acquisition, or sale of all or a portion of our assets.

 

7. International Transfers of Your Personal Data

Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA). Where we transfer your personal data outside the EEA, we will ensure that appropriate safeguards are in place to protect your personal data in accordance with the GDPR, such as:

  • Transferring to countries that have been deemed to provide an adequate level of protection by the European Commission.

  • Implementing Standard Contractual Clauses approved by the European Commission.

 

8. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption of data where appropriate.

  • Secure server infrastructure.

  • Access controls and restrictions.

  • Regular security assessments and updates.

  • Staff training on data protection.

 

9. Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

10. Your Rights Under the GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • The right to access: You have the right to request access to the personal data we hold about you.

  • The right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

  • The right to erasure ("right to be forgotten"): You have the right to request that we erase your personal data under certain circumstances.

  • The right to restriction of processing: You have the right to request that we restrict the processing of your personal data under certain circumstances.

  • The right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

  • The right to object: You have the right to object to the processing of your personal data under certain circumstances, including for direct marketing purposes.

  • Rights in relation to automated decision-making and profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless there is a legal basis for such processing.

  • The right to withdraw consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.

 

11. How to Exercise Your Rights

To exercise any of your rights, please contact us using the contact details provided in Section 1. We will respond to your request without undue delay and within one month of receipt of your request. We may require you to provide proof of your identity before responding to your request.

 

12. Complaints

If you have any concerns about how we process your personal data, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority. You can find their contact details on their website: https://www.cnil.fr/fr. We would, however, appreciate the chance to deal with your concerns before you approach the CNIL, so please contact us in the first instance.

 

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. We will notify you of any significant changes by posting the updated policy on our website or through other communication channels. The "Last Updated" date at the top of this policy indicates when it was last revised.

 

Contact Us

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at:

NOIR LUMI
50 Quai des Orfévres, 75001, Paris, France

tamara@noirlumi.com

​

©2022 - 2025 by NOIR LUMI. Proudly created with Wix.com

bottom of page