Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:
Lux&Rosen (Academia Lucis) Slovenia
Contact: books (at)luxandrosen.com

Last Change: 8. 12. 2025

2. Legal Basis and Purposes of Processing

We process your personal data for the following purposes:

a) Order fulfilment

processing and delivery of orders
invoices and payment records
communication related to your purchase
Legal basis: performance of a contract

b) Customer support and inquiries
Legal basis: legitimate interest (communication and problem resolution)

c) Newsletter and updates
Your email is stored only with explicit consent.
You may withdraw consent at any time.

d) Website analytics (non-essential cookies)
Only active with your consent.

e) Marketing (e.g., Meta/Instagram Pixel)
Active only with your consent.

3. Categories of Personal Data We Collect

We may process the following personal data:

Name and surname
Shipping address
Email address
Order details and history
IP address (when visiting the website)
Cookies (only after consent)
Payment-related data from Stripe (we do not store card details)

4. Payment Security

Payments are processed exclusively through Stripe.
Lux&Rosen never receives and never stores your card information.

All communication between your device and our platform is secured via SSL/HTTPS.

5. Data Recipients (Who We Share Data With)

Personal data is never sold or shared for third-party marketing.
We may share your data only with:

Wix (website hosting and infrastructure)
Stripe (payment gateway)
Delivery carriers (for shipments)
Email service provider (if used for newsletters)

All processors operate under GDPR-compliant data processing agreements.

6. Data Retention

Order and invoicing data: 5 years (legal obligation)
Shipping address: until the order is completed
Newsletter data: until you unsubscribe
Cookies: per your browser preferences and consent choices

7. Your Rights Under GDPR

You have the right to:

Access your data
Rectify inaccurate data
Request deletion (where legally possible)
Restrict processing
Object to processing for marketing
Data portability
Withdraw consent (newsletter, cookies, marketing)

Consent for non-essential cookies may be withdrawn via the “Manage Cookies” button.

8. Cookies

We use three categories of cookies:

Essential cookies (required for site functioning) – do not require consent
Analytics cookies – only with consent
Marketing cookies – only with consent

When you first visit the website, a Cookie Banner allows you to choose:

Accept all
Reject non-essential cookies
Customize your selection

Cookies do not activate before consent (GDPR compliant).

9. No Selling or Leasing of Data

We do not sell, lease, or exchange personal data with third parties for marketing or any other purpose.

10. Use of AI Chat

If you use the AI chat feature on our website, limited dialogue data may be processed solely to provide customer support and improve user experience.
Payment or sensitive personal information is never stored.

11. Data Security Measures

We apply appropriate technical and organisational measures, including:

encryption via HTTPS/SSL
limited access to personal data
secure storage environment
regular security updates and maintenance

12. International Transfers

Wix and Stripe may process data outside the EU.
Such transfers occur within the protections established by Standard Contractual Clauses (SCCs) in compliance with GDPR.

13. Contact for Privacy Requests

To exercise any of your rights or for any privacy-related questions, please contact:
books(at)luxandrosen.com

We respond within 30 days.

14. Right to Lodge a Complaint

If you believe your data has been processed unlawfully, you may lodge a complaint with your local supervisory authority:
Information Commissioner of the Republic of Slovenia (IP RS)
Dunajska 22, 1000 Ljubljana, Slovenia

15. Changes to This Policy

This Privacy Policy may be updated from time to time.
The date of the most recent update is indicated at the top of this page.