Last update: 22/09/2025

Publisher / Controller: Luminaverse (sole proprietorship — EI) — Legal name: Juliette Nanchino

Address: 243 rue de Bercy · E-mail: [email protected]

Hosting provider: OVH SAS — SAS with share capital of €50,000,000

RCS Lille Métropole 424 761 419 00045 · APE code 2620Z · VAT FR 22 424 761 419

Registered office: 2 rue Kellermann, 59100 Roubaix, France

Website: ovhcloud.com

(OVH SAS is a subsidiary of OVH Groupe SA — RCS Lille 537 407 926.)

Optional: “Report abuse” (OVH): [email protected].

DPO / GDPR contact: Luminaverse has not appointed a DPO. For any request, write to [email protected].

1. Scope

This policy describes how we process personal data collected via luminaverseagency.com, our forms (including Calendly), e-mail exchanges, and official social media. It is intended for clients, prospects, partners, and professional visitors. It complements our T&Cs and Legal Notice.

2. Purposes, legal bases & processing details

We process your data only for specific, explicit and legitimate purposes:

Contact & handling your requests (“Contact”, “Book a 15-min call” forms, e-mail).

Data processed: identity, role/company, e-mail, phone, message content, technical metadata.

Legal basis: performance of pre-contractual steps / contract (Art. 6(1)(b) GDPR).

Scheduling appointments (via Calendly).

Data: identity, e-mail, time zone, availability, answers to qualification questions (e.g., estimated budget).

Basis: performance of pre-contractual steps / contract.

B2B outreach & communications (occasional information, guides, invitations, where you have consented).

Data: identity, contact details, preferences.

Basis: consent (Art. 6(1)(a)). You may withdraw consent at any time.

Analytics & site improvement (non-essential cookies, analytics scripts).

Data: cookie IDs, page views, events, truncated/pseudonymous IP, device.

Basis: consent (cookie banner). Set only after consent.

Security, maintenance & fraud prevention (logs, firewall, anti-spam).

Data: server logs, IP addresses, timestamps, security events.

Basis: legitimate interest (Art. 6(1)(f)).

Luminaverse does not sell your data. We limit processing to what is necessary and favour aggregated/anonymous data where possible.

3. Data categories & sources

Data you provide: identity (first/last name), contact details (e-mail, phone), role/company, message contents, booking preferences, responses to our forms (e.g., estimated budget).

Data collected automatically: cookies/trackers (according to your choices), technical logs, consent identifiers (evidence).

Sources: site forms, Calendly, direct e-mail exchanges, analytics tools (if enabled), social networks when you interact with our official pages.

We do not intentionally collect special-category data (health, opinions, etc.) nor data of minors.

4. Cookies & consent management

A banner (tool: Real Cookie Banner – devowl) is displayed on your first visit to accept / refuse / customise.

Non-essential cookies (analytics, integrations) are set only after your free, specific, informed and unambiguous consent.

You can change your choices at any time via the “Manage my cookies” link in the footer.

The tool stores proof of consent and withdrawals.

5. Recipients & processors

Access is limited to the Luminaverse team. We use processors acting on our behalf (GDPR-compliant contracts):

Hosting: https://www.ovhcloud.com/fr/

Scheduling: Calendly

Cookie banner: Real Cookie Banner (devowl)

Analytics: [Matomo / Google Analytics / …] (if enabled)

These providers process data only per our instructions, for our purposes, with confidentiality and security safeguards.

6. International transfers

Some providers (e.g., Calendly — USA) may involve transfers outside the EU. We rely on appropriate safeguards (Standard Contractual Clauses, and where applicable the Data Privacy Framework). Detailed information is available on request.

7. Retention periods

We keep your data only as long as necessary:

Contacts & prospects: up to 3 years after the last interaction.

Clients & files: for the contract term, then legal archiving (e.g., accounting obligations).

Cookies & consents: according to the lifetime shown in the banner (and at most as required for the purpose).

After that, data are deleted or anonymised.

8. Your rights

Under GDPR Articles 15–22, you have the rights to:

Access your data and information on processing,

Rectification and update,

Erasure (“right to be forgotten”) and restriction,

Objection (notably to marketing),

Portability (data you provided, structured format),

Withdraw consent at any time (marketing/cookies),

Post-mortem directives regarding your data.

Exercise your rights: write to [email protected]. We may request proof of identity. We respond within 1 month (extendable by 2 months for complex requests) and will inform you where we cannot comply lawfully. You may lodge a complaint with the CNIL.

9. Security

We implement reasonable technical and organisational measures: access control, backups, in-transit encryption (HTTPS), logging, firewall. In the event of a personal data breach, we will notify the competent authority and, where the risk to your rights and freedoms is high, we will inform you.

10. Automated decision-making & profiling

We do not take decisions producing legal effects solely based on automated processing. Light profiling may occur (e.g., simple segmentation of prospects/clients, interest in an offer), without legal effects and without non-consented cookies.

11. Social networks & third-party content

Our official pages (LinkedIn, Instagram, TikTok, etc.) are subject to the platforms’ policies. Embeds (players, iframes, Calendly) may set their own trackers — disabled by default unless you consent via the banner.

12. External links

The site may contain links to third-party sites. We are not responsible for their content or their data-protection practices. Please refer to their policies.

13. Changes to this policy

We may update this policy to reflect legal, technical or service changes. The applicable version is the one published on this page with its last update date.

14. Contact

For any question about this policy or to exercise your rights:

Luminaverse — GDPR · [email protected]