Privacy Policy

Last updated: 20/03/2026

This policy explains what personal data Lumin collects, how it is used, how long it is kept and what your rights are under UK data protection law.

Lumin is a trading name of Lucian Chevallier, a sole trader registered in the United Kingdom. Lucian Chevallier is the data controller for all personal data collected through this website and in connection with Lumin's services.

1. Contact details

Lucian Chevallier trading as Lumin

Email: lucian@luminwebsites.com

Website: luminwebsites.com/contact

If you have any questions about how we handle your personal data, or wish to exercise your rights, please contact us using the details above. We will respond within one month, as required by UK GDPR.

2. ICO registration

The Information Commissioner's Office (ICO) is the UK's data protection regulator. Depending on the nature of data processing activities, sole traders may be required to register with the ICO. If you wish to verify our registration status, you can search the ICO register at ico.org.uk/esdwebpages/search.

3. What data we collect and why

Contact and enquiry data

When you submit a contact form on this website, we collect your name and email address. This is used solely to respond to your enquiry. Your message is received via email notification to our inbox.

Legal basis: Legitimate interests — it is in both parties’ interests to respond to a direct business enquiry.

Email marketing

If you sign up for the Lumin Letter, we collect your email address. This is used to send you the newsletter. We use a third-party email marketing platform to manage subscriptions and send emails. We do not share your email address with any other party for marketing purposes.

You can unsubscribe at any time using the link in any email we send. On unsubscribing, your email address will be removed from the mailing list promptly.

Legal basis: Consent — you actively opted in by submitting your email address for this purpose.

CRM and client data

Where an enquiry progresses to a client relationship, we may store your contact details and relevant project information in a customer relationship management (CRM) tool. This data is used solely to manage the working relationship.

Legal basis: Performance of a contract — necessary to deliver the agreed services.

Booking data

We use TidyCal for booking consultation calls. If you book a call, TidyCal will collect the information you provide during the booking process, including your name and email address. TidyCal processes this data as a data processor on our behalf, and their own privacy policy also applies to data processed through their platform.

Legal basis: Legitimate interests — to facilitate the scheduling of a requested consultation.

Analytics data

We use four analytics tools to understand how visitors use this website. The legal basis and data handling differs for each:

Plausible and Umami: Privacy-first, cookieless tools. No personal data is collected and no cookies are set. These tools operate on aggregated, anonymised data only. No consent is required under PECR.

Microsoft Clarity: Session recording and heatmap tool. Clarity uses cookies and may collect data including mouse movements, clicks and scrolling behaviour, linked to a randomly assigned user identifier. This data is not linked to your name or contact details. Microsoft may process data in the United States under its own privacy framework.

Legal basis: Consent — Clarity cookies are only set after you accept analytics cookies.

PostHog: Product analytics platform. May use cookies to track session behaviour and interactions with the website. Data is used solely to improve the website experience and is not shared for advertising purposes.

Legal basis: Consent — PostHog cookies are only set after you accept analytics cookies.

Technical and server data

This website is built using Astro and Sanity, and hosted via Netlify. Netlify may automatically log standard server data, including IP addresses, browser types and page requests, for security and operational purposes. This data is processed by Netlify as a data processor. We do not have direct access to this log data for marketing or profiling purposes.

For more information on Netlify's data handling, see netlify.com/privacy.

Legal basis: Legitimate interests — maintaining a secure and functional website.

4. How we share your data

We do not sell, rent or trade your personal data. We may share data with the following categories of third-party service providers, only to the extent necessary to deliver our services:

  • Email marketing platform — to manage newsletter subscriptions and send emails
  • TidyCal — to manage booking of consultation calls
  • Microsoft — in connection with Clarity session analytics (where consent is given)
  • PostHog — for product analytics (where consent is given)
  • Netlify — as the hosting provider for this website
  • Sanity — as the content management platform for this website

All third-party services are used in accordance with their own privacy policies and applicable data protection law. Where third parties act as data processors, they are only permitted to process personal data on our instructions.

5. International data transfers

Some of the third-party services we use may process data outside the United Kingdom, including in the United States. Where this occurs, we rely on appropriate safeguards being in place, such as the UK-US Data Bridge or standard contractual clauses, as applicable. If you have questions about a specific service's data transfer arrangements, please contact us.

6. How long we keep your data

  • Contact and enquiry data: retained for up to three years from the date of last contact, or for the duration of a client relationship where one exists, and then securely deleted.
  • Newsletter subscribers: email addresses are kept for as long as you remain subscribed. On unsubscribing, your address is removed promptly and no longer used.
  • Booking data: retained in TidyCal in accordance with TidyCal’s own data retention policy.
  • Analytics data: retained in accordance with the respective tool’s default retention settings. Plausible and Umami retain only anonymised, aggregated data with no defined expiry. Clarity and PostHog data is retained for the period set in our account settings.
  • Server logs: retained by Netlify in accordance with their own data retention policy.

7. Security

We take reasonable technical and organisational measures to protect personal data from unauthorised access, loss or disclosure. This includes using secure connections (HTTPS) across the website and limiting access to personal data to only those who need it.

No method of transmission over the internet is completely secure. While we take your data security seriously, we cannot guarantee absolute security.

8. Children

This website is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has submitted personal data to us, please contact us and we will delete it promptly.

9. Cookies

For full details of the cookies we use and how to manage them, see our Cookie Policy at luminwebsites.com/legal/cookie-policy.

10. Your rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request that inaccurate or incomplete data is corrected.
  • Right to erasure — to request deletion of your personal data where there is no compelling reason for us to continue processing it.
  • Right to restriction — to request that we limit how we process your data in certain circumstances.
  • Right to data portability — to request a copy of data you have provided to us in a structured, commonly used format, where processing is based on consent or contract.
  • Right to object — to object to processing based on legitimate interests, including for direct marketing.
  • Right to withdraw consent — where we rely on consent as the legal basis for processing, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at lucian@luminwebsites.com. We will respond within one month. In complex cases or where we receive a high volume of requests, we may extend this by a further two months, in which case we will let you know.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would, however, always appreciate the opportunity to address any concerns directly first.

11. Changes to this policy

We may update this policy from time to time to reflect changes in how we use personal data or changes in applicable law. Where changes are material, we will take reasonable steps to inform affected individuals. The most current version will always be available at luminwebsites.com/legal/privacy-policy.

12. Links to other websites

This website may contain links to third-party websites. We have no control over and accept no responsibility for the privacy practices of those sites. We recommend reading the privacy policy of any third-party site you visit.