Privacy Policy
LUMIDIAM Privacy Policy (North American Market)
This Privacy Policy governs the collection, use, storage, and disclosure of personal information by LUMIDIAM ("we," "us," "our") through our Shopify-hosted store (the "Store"). It applies to all visitors, customers, and users of our services, and is designed to comply with federal, state, and provincial privacy laws across North America.
1. Information We Collect
We adhere to the principle of "data minimization"—collecting only what is necessary to fulfill your requests and improve our services.
1.1 User-Provided Information
|
Category |
Details |
Purpose of Collection |
|
Purchase & Account Data |
Full name, shipping/billing address, email address, phone number, payment method details (processed via Shopify Payments), order history. |
Process orders, deliver products, send confirmations. |
|
Communication Data |
Inquiries via contact form, email, or live chat (e.g., co-created jewelry questions, return requests). |
Provide customer support, resolve issues. |
|
Customization Data |
Engraving text, preferred symbols, size specifications for personalized jewelry. |
Fulfill custom design requests. |
1.2 Automatically Collected Information
• Technical Data: IP address, browser type/version, device model, operating system, referral URL, and browsing activity (pages viewed, time on site, cart interactions) via cookies and tracking pixels.
• Shopify-Generated Data: Order status updates, inventory interactions, and analytics through Shopify’s built-in tools (e.g., Shopify Analytics, Google Analytics 4 integration).
2. How We Use Your Information
Your personal information is used exclusively for the following purposes, with explicit consent where required by law:
2.1 Core Service Delivery
• Process and ship orders, including coordination with logistics partners.
• Fulfill custom jewelry requests based on your specifications.
• Provide post-purchase support (e.g., warranty claims, quality issue resolutions).
2.2 Store Enhancement & Security
• Analyze user behavior to optimize product offerings and website navigation.
• Detect and prevent fraudulent transactions (via Shopify’s fraud analysis tools).
• Maintain the security of our Store and user data.
2.3 Marketing Communications
• Send promotional updates (new co-created collections, limited-time offers) only if you opt in during checkout or via our email signup form.
• You may unsubscribe at any time by clicking the "Unsubscribe" link in our emails or contacting our support team.
2.4 Legal Compliance
• Respond to subpoenas, court orders, or regulatory inquiries.
• Enforce our Terms of Service and Return & Exchange Policy.
3. Information Sharing & Disclosure
We do not "sell" personal information (as defined by CCPA) or share it with third parties for unrelated commercial purposes. Data is shared only in the following scenarios:
3.1 Service Providers (Data Processors)
|
Provider Type |
Examples |
Data Shared |
Legal Basis |
|
E-Commerce Platform |
Shopify |
Purchase data, order details, payment metadata (no full credit card numbers). |
Contractual obligation to operate the Store. |
|
Logistics Partners |
USPS, UPS, DHL, Canada Post |
Full name, shipping address, order number. |
To deliver your purchase. |
|
Payment Processors |
Shopify Payments, PayPal |
Payment method details (encrypted). |
To process transactions securely. |
|
Analytics Tools |
Google Analytics 4 |
Anonymous browsing data (IP addresses anonymized). |
Consent (for non-necessary cookies). |
3.2 Co-Creating Creators (Special Provision)
For co-created jewelry collections:
• We share non-sensitive, aggregated data with the corresponding creator, including:
◦ Product variant popularity (e.g., "14K gold zodiac pendants account for 60% of sales").
◦ De-identified feedback (e.g., "Customers praised the pendant’s sizing").
• Never shared: Full name, address, payment details, or other sensitive personal information.
• Purpose: Help creators refine future designs to better serve their audience.
3.3 Legal Requirements
We disclose information if compelled by law, or to protect our rights, property, or the safety of users or the public.
4. Your Privacy Rights (U.S. State-Specific & Canada PIPEDA Details)
North American residents have distinct privacy rights under state and provincial laws. Below is a breakdown of key rights and jurisdiction-specific requirements:
4.1 Universal Rights (Applicable to All Jurisdictions)
• Right to Access: Request a copy of your personal information we hold.
• Right to Correct: Update inaccurate or incomplete data.
• Right to Delete: Request erasure of your data (subject to legal exceptions).
• Right to Withdraw Consent: Opt out of marketing communications at any time.
4.2 U.S. State-Specific Requirements
California (CCPA/CPRA)
• Right to Opt-Out of "Sharing": You may opt out of the sharing of your data for cross-context behavioral advertising. Use our Cookie Settings or Shopify’s Data Sale Opt-Out Page.
• Right to Non-Discrimination: We will not penalize you for exercising your privacy rights (e.g., charge higher prices, deny services).
• Verification: We may require additional information to verify your identity for access/delete requests.
Virginia (VCDPA)
• Right to Data Portability: Request your personal information in a portable, machine-readable format (e.g., CSV file).
• Automated Decision-Making: We do not use automated decision-making that produces legal or similarly significant effects without human review.
Colorado (CPA)
• Consent for Marketing: Explicit consent is required before sending promotional emails (we do not use pre-checked consent boxes).
• Breach Notification: We will notify you of a data breach within 45 days of discovery (per CPA § 6-1-713).
Utah (UCPA)
• Right to Know Data Sources: Request information about where we obtained your personal data (e.g., direct collection vs. third-party sources).
• Retention Disclosure: Request details on how long we will retain your personal information.
4.3 Canada (PIPEDA Compliance)
• Consent Requirements: We obtain meaningful consent for collecting, using, or disclosing personal information (express consent for sensitive data, implied consent for non-sensitive data).
• Purpose Limitation: Personal information is used only for the purposes for which it was collected, unless you provide additional consent.
• Access & Correction: Canadian residents may request access to their personal information and request corrections to inaccurate data (response within 30 days, extendable by 30 days for complex requests).
• Breach Notification: We notify the Office of the Privacy Commissioner of Canada (OPC) and affected individuals of data breaches that pose a real risk of significant harm.
4.4 How to Exercise Your Rights
To submit a request:
1. Email us at: lumidiam.jewelry@gmail.com
2. Include: Full name, email address associated with your account, jurisdiction of residence, and specific right you wish to exercise.
3. Response Time:
◦ U.S. Residents: Acknowledge within 10 business days, final response within 45 business days (extendable by 45 days for complex requests).
◦ Canadian Residents: Acknowledge within 5 business days, final response within 30 business days (extendable by 30 days with notification).
5. Data Retention
We retain your personal information only for as long as necessary to fulfill the purpose for which it was collected, or as required by law:
|
Data Type |
Retention Period |
Reason |
|
Purchase Data |
7 years after last order |
Tax and accounting compliance (IRS, CRA requirements). |
|
Communication Data |
2 years after last interaction |
To address follow-up inquiries or warranty claims. |
|
Customization Data |
90 days after order fulfillment |
To resolve post-delivery customization issues, then anonymized. |
|
Automated/Browsing Data |
1 year after last visit |
To optimize user experience, unless you request deletion. |
6. Security Measures
We implement industry-standard security practices to protect your data, aligned with Shopify’s security framework and PIPEDA requirements:
• Encryption: Data in transit (via SSL/TLS 1.3) and at rest (AES-256 encryption).
• Access Controls: Limited access to personal information (only authorized team members with job-related need).
• Fraud Protection: Shopify’s built-in fraud analysis and 3D Secure for payment processing.
• Regular Audits: Quarterly security scans of our Store (conducted by Shopify’s security team) and annual privacy compliance reviews.
Breach Notification:
• U.S. Residents: Notification within the timeframe required by your state’s law (e.g., 45 days in Colorado, 72 hours in California for certain breaches).
• Canadian Residents: Notification to OPC and affected individuals within 72 hours of discovering a breach that poses a real risk of significant harm.
7. Cookies & Tracking Technologies
We use cookies to enable Store functionality and improve user experience. You can manage cookie preferences via our Cookie Banner or your browser settings.
7.1 Cookie Types & Purposes
|
Cookie Category |
Examples |
Purpose |
Manageability |
|
Necessary (Strictly Required) |
Shopify session cookies, cart cookies. |
Enable checkout, preserve cart items, prevent fraud. |
Cannot be disabled (required for Store function). |
|
Analytics |
Google Analytics 4 cookies (_ga, _gid). |
Track user behavior to improve Store performance. |
Opt out via Cookie Banner or browser settings. |
|
Marketing |
Facebook Pixel, Instagram Shopping cookies. |
Deliver targeted ads (only if you opt in). |
Opt out via Cookie Banner or ad platform settings. |
7.2 Step-by-Step Cookie Management Guide
Option 1: Via Our Store’s Cookie Banner
1. Visit the LUMIDIAM Shopify Store homepage.
2. The Cookie Banner will appear at the bottom of the screen.
3. Click "Customize Settings" to:
◦ Enable/disable analytics cookies.
◦ Enable/disable marketing cookies.
1. Click "Save Preferences" to confirm your choices.
Option 2: Via Your Browser Settings
• Chrome: Go to Settings > Privacy and security > Cookies and other site data > See all cookies and site data > Search for "lumidiam" > Remove all.
• Safari: Go to Safari > Preferences > Privacy > Manage Website Data > Search for "lumidiam" > Remove.
• Firefox: Go to Settings > Privacy & Security > Cookies and Site Data > Manage Data > Search for "lumidiam" > Remove Selected.
• Edge: Go to Settings > Cookies and site permissions > Manage and delete cookies and site data > Search for "lumidiam" > Remove.
7.3 Global Privacy Control (GPC)
We respect the GPC signal. If your browser (e.g., Brave, Firefox, Safari) sends a GPC signal, we will automatically opt you out of data sharing for targeted advertising, without additional action required.
8. Children’s Privacy
Our Store is not intended for individuals under 13 years of age ("Children") in the U.S. and under 16 years of age in Canada. We do not knowingly collect personal information from minors. If we discover we have collected data from a minor, we will delete it immediately. Parents or guardians may contact us to request deletion of their child’s data.
9. Changes to This Policy
We may update this Privacy Policy to reflect:
• New legal requirements (e.g., new state/provincial privacy laws).
• Changes to our services (e.g., new co-creation features).
• Updates to Shopify’s data processing practices.
Notification of Changes: For material updates, we will:
1. Post a prominent notice on our Store homepage for 30 days.
2. Send an email to customers who have opted in to communications.
3. Update the "Last Updated" date at the top of this Policy.
10. Contact Us
For questions about this Policy, to exercise your privacy rights, or to report a privacy concern:
• Address: Flat 1102, 11/F, Hart Ave Plaza, 5-9 Hart Ave, Tsim Sha Tsui, Kowloon
• Phone: (852) 3520 2031 | (852) 3520 2030
• Email: lumidiam.jewelry@gmail.com
• Working Hours: Monday-Friday, 9:00 AM–6:00 PM (Hong Kong Time)
Regulatory Authorities
• U.S. Residents: File a complaint with your state’s attorney general or the Federal Trade Commission (FTC).
• Canadian Residents: File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at www.priv.gc.ca.
© 2026 LUMIDIAM. All Rights Reserved. Hosted on Shopify.
Shopify’s privacy policy: https://www.shopify.com/legal/privacy
