PRIVACY POLICY
Effective Date: December 26, 2024
Last Updated: February 28, 2025
1. INTRODUCTION & SCOPE
LuminaPix (“Company,” “we,” “us,” or “our”), legally registered in Vietnam, operates the website LuminaPix.net (the “Site”) and associated services (collectively, the “Services”).
We are committed to protecting the privacy and security of your personal information (“Personal Data”). This Privacy Policy outlines our practices concerning the collection, use, processing, disclosure, transfer, and storage of Personal Data when you interact with our Services globally.
By accessing or using our Services, you acknowledge that you have read, understood, and agree to the collection, use, and processing of your Personal Data as described in this Privacy Policy. If you do not agree with this Policy, please discontinue use of our Services immediately.
This Policy is designed to comply with applicable data protection laws, including but not limited to Vietnam’s Decree 13/2023/ND-CP on Personal Data Protection (“Decree 13”), the European Union’s General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (“UK GDPR”), and the California Consumer Privacy Act (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”).
For inquiries regarding this Policy or your Personal Data, please contact our Data Protection Officer at:
Email: cs@luminapix.net
2. PERSONAL DATA WE COLLECT
We collect Personal Data through various means:
(a) Information You Provide Directly:
When you register, make a purchase, subscribe to newsletters, participate in promotions, contact customer support, or otherwise interact with our Services, you may voluntarily provide Personal Data, including:
* Identifiers: Full name, username, email address, phone number, postal address.
* Account Credentials: Usernames, passwords (stored securely, typically hashed).
* Commercial Information: Billing address, payment details (processed securely by third-party payment processors – see Section 5), purchase history.
* Communications: Content of your communications with us (emails, chat logs, feedback).
* User-Generated Content: Any data you post publicly or submit through interactive features (comments, reviews, forum posts, potentially image uploads if applicable to your service).
* Marketing Preferences: Your choices regarding receiving marketing communications.
* Social Media Information: If you use social login (see Section 6), we collect profile information like name, email, profile picture as permitted by the social media platform and your settings.
You are responsible for ensuring the accuracy, completeness, and truthfulness of the Personal Data you provide. Please notify us promptly of any changes.
(b) Information Collected Automatically:
When you access or use our Services, we automatically collect certain technical information:
* Device Information: IP address, device type, operating system, browser type and version, unique device identifiers.
* Usage Information: Pages visited, features used, time spent on the Site, referring URLs, clicks, interaction patterns.
* Location Information: General geographic location derived from your IP address (country, region). Precise location is collected only with your explicit consent.
* Cookies and Tracking Technologies: Information collected via cookies, web beacons, pixels, and similar technologies (see Section 4).
(c) Information from Third Parties:
We may occasionally receive Personal Data about you from third-party sources, such as analytics providers, marketing partners, or public databases, where permitted by law.
3. LEGAL BASIS AND PURPOSES FOR PROCESSING PERSONAL DATA
We process your Personal Data based on one or more lawful grounds and for specific purposes:
Purpose of Processing | Examples of Data Used | Legal Basis (Illustrative – may vary by jurisdiction) |
To Provide and Manage Services: | Identifiers, Account Credentials, Commercial Info, Usage Info | Performance of Contract (fulfilling our terms of service with you); Legitimate Interests (operating and improving our Services) |
To Process Transactions: | Identifiers, Commercial Info | Performance of Contract |
Account Creation & Management: | Identifiers, Account Credentials, Social Media Info | Performance of Contract; Consent (for social login); Legitimate Interests (account security) |
Customer Support & Communication: | Identifiers, Communications, Account Credentials | Performance of Contract; Legitimate Interests (responding to inquiries, providing support) |
Marketing & Promotional Communications: (Subject to Opt-Out) | Identifiers, Marketing Preferences, Usage Info | Consent (where required, e.g., Decree 13, GDPR); Legitimate Interests (marketing our services to existing users, where permitted) |
Personalization & Targeted Advertising: (Subject to Controls) | Usage Info, Cookies Data, Location Info (General) | Consent (often required for non-essential cookies/tracking); Legitimate Interests (showing relevant content/ads, where permitted and balanced) |
Analytics & Service Improvement: | Usage Info, Device Info, Cookies Data (Often Anonymized/Aggregated) | Legitimate Interests (understanding user behavior, improving service quality); Consent (for certain analytics cookies) |
Security & Fraud Prevention: | Identifiers, Device Info, Usage Info, Commercial Info | Legitimate Interests (protecting our Services, users, and business); Legal Obligation |
Legal Compliance & Enforcement: | All relevant categories as needed | Legal Obligation (responding to lawful requests); Legitimate Interests (enforcing terms, defending legal claims) |
Business Transfers: | All relevant categories as needed | Legitimate Interests (facilitating mergers, acquisitions, etc.) |
Important Note on Consent (Vietnam Decree 13): For users whose data processing falls under Vietnamese jurisdiction, explicit consent is a primary basis, particularly for sensitive data, marketing, and data sharing beyond essential service provision. We will obtain such consent where required by Decree 13.
4. COOKIES AND OTHER TRACKING TECHNOLOGIES
We use cookies (small text files placed on your device) and similar technologies (web beacons, pixels, scripts) to:
* Ensure the Site functions correctly (essential cookies).
* Remember your preferences and settings (functional cookies).
* Analyze Site usage and performance (analytics cookies).
* Deliver relevant advertising (marketing/targeting cookies).
You can manage your cookie preferences through:
* Your web browser settings (though this may affect Site functionality).
For detailed information, please refer to our separate Cookie Policy [Create and link this if you don’t have one]. We obtain consent for non-essential cookies as required by applicable laws (e.g., GDPR, Decree 13).
5. DISCLOSURE AND SHARING OF PERSONAL DATA
We do not sell your Personal Data in the traditional sense. We may share your Personal Data only in the following circumstances:
Service Providers: With trusted third-party vendors, consultants, and service providers who perform services on our behalf (e.g., payment processing [Name specific providers like Stripe, PayPal, VNPay etc.], hosting [Name provider like AWS, Google Cloud], email delivery, customer support platforms, analytics providers). These providers are contractually obligated to protect your data and use it only for the purposes we specify.
Payment Processors: Payment details are provided directly to secure third-party payment processors. We do not store full credit card numbers. Review the processor’s privacy policy.
Business Transfers: In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of our assets, your Personal Data may be transferred to the successor entity, subject to confidentiality agreements and compliance with applicable law.
Legal Requirements: If required by law, subpoena, court order, or other governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Affiliates: With our parent company, subsidiaries, joint ventures, or other companies under common control, provided they adhere to this Policy. Currently, we do not have affiliates with whom we share data.
Business Partners: With select business partners for joint promotions or offerings, but only with your explicit consent where required. We currently do not share data with business partners for their independent use.
With Your Consent: We may share your information for other purposes if you provide your explicit consent.
Publicly Posted Information: Information you voluntarily post in public areas of the Site (e.g., comments) may be visible to other users.
6. SOCIAL MEDIA LOGINS
If you choose to register or log in using a third-party social media account (e.g., Facebook, Google), we receive profile information (e.g., name, email, profile picture) from the provider based on your settings with them. We use this information solely for account creation/login and as described in this Policy. We do not control the social media provider’s use of your data; please review their privacy policy.
7. INTERNATIONAL DATA TRANSFERS
Your Personal Data may be transferred to, stored, and processed in countries other than your country of residence, including Vietnam, Singapore, and United States. Data protection laws in these countries may differ from those in your jurisdiction.
We implement safeguards to ensure your Personal Data receives adequate protection when transferred internationally:
For Transfers outside EEA/UK: We rely on mechanisms like the European Commission’s Standard Contractual Clauses (SCCs) or UK’s International Data Transfer Agreement (IDTA), or adequacy decisions where applicable.
For Transfers outside Vietnam: We comply with Decree 13 requirements, which may include conducting impact assessments, obtaining your consent, and potentially reporting to relevant authorities, ensuring appropriate safeguards are in place with the recipient.
By using our Services, you consent to the transfer, storage, and processing of your data in these countries, subject to the safeguards described.
8. DATA RETENTION
We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements, and resolving disputes.
Account Data: Retained for the duration your account is active, plus a reasonable period thereafter for archival, legal, or fraud prevention purposes (e.g., 1 year] after account closure).
Transaction Data: Retained as required by financial and tax regulations (often 6-10 years).
Marketing Data: Retained until you withdraw consent or opt-out.
Log/Usage Data: Retained for a shorter period (e.g., 6-12 months]) for security and analytics, unless needed longer for specific investigations.
When retention is no longer necessary, we will securely delete or anonymize your Personal Data. If deletion is not immediately possible (e.g., backup archives), we will securely store and isolate it from further processing until deletion can occur.
9. DATA SECURITY
We implement appropriate technical and organizational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include:
Encryption (e.g., SSL/TLS for data in transit).
Access controls and authentication mechanisms.
Regular security assessments and updates.
Data minimization practices.
Employee training on data privacy.
However, no internet transmission or electronic storage is 100% secure. While we strive to protect your Personal Data, we cannot guarantee its absolute security.
10. YOUR PRIVACY RIGHTS
Depending on your jurisdiction, you may have the following rights regarding your Personal Data:
Right to Access: Request a copy of the Personal Data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete Personal Data.
Right to Erasure (‘Right to be Forgotten’): Request deletion of your Personal Data under certain conditions (e.g., no longer necessary, consent withdrawn).
Right to Restrict Processing: Request limitation of how we process your Personal Data under certain circumstances.
Right to Data Portability: Request transfer of your Personal Data to you or another controller in a structured, commonly used format (where processing is based on consent or contract and automated).
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Withdraw your consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
Rights Related to Automated Decision-Making: Request not to be subject to decisions based solely on automated processing, including profiling, if it produces legal or similarly significant effects (we currently [State if you use such profiling, e.g., “do not engage in such automated decision-making”]).
Specific Regional Rights:
Vietnam (Decree 13): In addition to the above, you have the right to request data provision, and the right to complain, denounce, or initiate lawsuits regarding data processing violations.
EEA/UK (GDPR/UK GDPR): You have the right to lodge a complaint with your local data protection supervisory authority (contact details available via the European Data Protection Board or UK Information Commissioner’s Office websites).
California (CCPA/CPRA):
Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and categories of third parties shared with.
Right to Delete: Request deletion (subject to exceptions).
Right to Correct: Request correction of inaccurate information.
Right to Opt-Out of Sale/Sharing: Opt-out of the “sale” or “sharing” (for cross-context behavioral advertising) of your Personal Data. We currently do not share or sell your Personal Data.
Right to Limit Use of Sensitive Personal Information: Limit the use of sensitive data to essential purposes.
Non-Discrimination: You will not be discriminated against for exercising your CCPA/CPRA rights.
Shine the Light: California residents can request information annually about sharing with third parties for their direct marketing purposes.
Exercising Your Rights: To exercise any of these rights, please contact us using the details in Section 1 or Section 14. We will respond to verifiable requests within the timeframe required by applicable law (e.g., 30 days for GDPR, 72 hours acknowledgement + response time for Decree 13, 45 days for CCPA). We may need to verify your identity before processing your request.
11. CHILDREN’S PRIVACY
Our Services are not directed to individuals under the age of 18 (or the applicable minimum age for data processing consent in your jurisdiction, e.g., 16 in parts of the EU, or potentially younger with parental consent under Vietnamese law). We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected Personal Data from a child without verified parental consent, we will take steps to delete such information promptly. If you believe we might have collected data from a child, please contact us immediately.
12. DO-NOT-TRACK SIGNALS
Currently, there is no universally accepted standard for responding to Do-Not-Track (DNT) signals. Therefore, our Site does not currently respond to DNT browser signals or mechanisms.
13. UPDATES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The “Last Updated” date at the top indicates the latest revision. If we make material changes, we will notify you prominently (e.g., by posting a notice on the Site or sending an email) prior to the change becoming effective. We encourage you to review this Policy periodically.
14. HOW TO CONTACT US & REQUEST DATA ACTIONS
For any questions, concerns, or comments about this Privacy Policy, or to exercise your privacy rights (review, update, delete your data):
Email: cs@luminapix.net
Please provide sufficient detail to allow us to understand and respond to your request.
WEBSITE DISCLAIMER
The information provided by LuminaPix.net (“we,” “us,” or “our”) on LuminaPix.net (the “Site”) is for general informational purposes only. All information on the Site is provided in good faith; however, we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the Site. UNDER NO CIRCUMSTANCE SHALL WE HAVE ANY LIABILITY TO YOU FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF THE SITE OR RELIANCE ON ANY INFORMATION PROVIDED ON THE SITE. YOUR USE OF THE SITE AND YOUR RELIANCE ON ANY INFORMATION ON THE SITE IS SOLELY AT YOUR OWN RISK.