Privacy policy
## Privacy Policy
Last update: 01/04/2026
—
## 1. Data Controller
This website is operated by:
Luminaverse (sole proprietorship — EI)
Legal name: Juliette Nanchino
Address: 22 Boulevard Malesherbes, 75008 Paris
Email: [email protected]
Luminaverse acts as the data controller for all personal data collected through this website.
—
## 2. Hosting Provider
The website is hosted by:
OVH SAS
SAS with share capital of €50,000,000
RCS Lille Métropole 424 761 419 00045
APE code 2620Z · VAT FR 22 424 761 419
Registered office: 2 rue Kellermann, 59100 Roubaix, France
Website: https://www.ovhcloud.com
(OVH SAS is a subsidiary of OVH Groupe SA — RCS Lille 537 407 926.)
Optional abuse contact: [email protected]
—
## 3. GDPR Contact
Luminaverse has not appointed a Data Protection Officer (DPO).
For any request regarding your personal data:
📩 [email protected]
—
## 4. Scope
This Privacy Policy explains how we process personal data collected via:
– luminaverseagency.com
– contact and booking forms (including Calendly)
– e-mail exchanges
– official social media interactions
It applies to clients, prospects, partners and professional visitors.
It complements our Terms & Conditions and Legal Notice.
—
## 5. Purposes, Legal Bases & Processing
We process your data only for specific, explicit and legitimate purposes:
### Contact & request handling
(“Contact” form, “Book a call”, e-mail)
– Data: identity, role/company, e-mail, phone, message content, technical metadata
– Legal basis: pre-contractual steps / contract (Art. 6(1)(b) GDPR)
—
### Appointment scheduling (Calendly)
– Data: identity, e-mail, time zone, availability, responses (e.g. estimated budget)
– Legal basis: pre-contractual steps / contract
—
### B2B communications & outreach
– Data: identity, contact details, preferences
– Legal basis: consent (Art. 6(1)(a))
– You may withdraw your consent at any time
—
### Analytics & website improvement
– Data: cookie identifiers, page views, events, truncated/pseudonymised IP, device
– Legal basis: consent (via cookie banner)
—
### Security, maintenance & fraud prevention
– Data: server logs, IP address, timestamps, security events
– Legal basis: legitimate interest (Art. 6(1)(f))
—
Luminaverse does not sell your personal data.
Processing is limited to what is strictly necessary and, where possible, data is aggregated or anonymised.
—
## 6. Data Categories & Sources
### Data you provide:
– identity (name)
– contact details (email, phone)
– company / role
– messages and requests
– booking preferences
– form responses (e.g. estimated budget)
### Data collected automatically:
– cookies / trackers (based on your consent)
– technical logs
– consent records
### Sources:
– website forms
– Calendly
– direct email exchanges
– analytics tools (if enabled)
– social media interactions
We do not intentionally collect:
– sensitive personal data
– data relating to minors
—
## 7. Cookies & Consent Management
A cookie banner (Real Cookie Banner – devowl) is displayed on your first visit.
You can:
– accept
– refuse
– customise your preferences
Non-essential cookies are only set after your explicit consent.
You can update your choices anytime via the
“Manage my cookies” link in the footer.
Proof of consent and withdrawals is stored.
—
## 8. Recipients & Processors
Access to data is limited to the Luminaverse team.
We rely on trusted processors acting on our behalf:
– Hosting: OVH
– Scheduling: Calendly
– Cookie management: Real Cookie Banner (devowl)
– Analytics: [Matomo / Google Analytics – if enabled]
These providers process data:
– only under our instructions
– for defined purposes
– with confidentiality and security safeguards
—
## 9. International Transfers
Some providers (e.g. Calendly — USA) may involve transfers outside the European Union.
These transfers are secured through:
– Standard Contractual Clauses (SCC)
– Data Privacy Framework (when applicable)
Further details are available upon request.
—
## 10. Data Retention
We retain personal data only as long as necessary:
– Prospects: up to 3 years after last contact
– Clients: duration of the contract + legal obligations
– Cookies: according to their lifespan (as shown in the banner)
After this period, data is deleted or anonymised.
—
## 11. Your Rights
Under GDPR (Articles 15–22), you have the right to:
– access your data
– rectify or update it
– request deletion
– restrict processing
– object (especially to marketing)
– request data portability
– withdraw consent at any time
– define post-mortem data instructions
To exercise your rights:
📩 [email protected]
We may request proof of identity.
We respond within 1 month (extendable if necessary).
You also have the right to lodge a complaint with the CNIL.
—
## 12. Security
We implement appropriate technical and organisational measures:
– secure hosting (HTTPS)
– access control
– backups
– logging & monitoring
– firewall protection
In case of a data breach, we will notify the relevant authority and, where required, inform affected users.
—
## 13. Automated Decision-Making
We do not carry out automated decisions producing legal effects.
Light profiling may occur (e.g. segmentation of prospects),
without legal impact and without non-consented tracking.
—
## 14. Social Media & Third-Party Content
Our social media pages (LinkedIn, Instagram, TikTok, etc.) are governed by the platforms’ own policies.
Embedded content (Calendly, iframes, etc.) may use trackers,
disabled by default unless consent is given.
—
## 15. External Links
Our website may contain links to third-party websites.
We are not responsible for their content or data practices.
—
## 16. Updates
This policy may be updated at any time.
The applicable version is the one published on this page.
—
## 17. Contact
For any question or request:
Luminaverse — GDPR
[email protected]