This Privacy Policy explains how Level Lume (operated by ICI2030 BV, Belgium) collects, uses, and protects your personal data when you visit levellume.com or place an order with us. We are committed to safeguarding your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Belgian data protection law.
1. What data we collect
We collect the following personal data:
- Order information — your name, email address, shipping address, and phone number, collected through our Stripe-powered checkout.
- Payment data — processed entirely by Stripe. We do not store your credit card number or payment details on our servers.
- Referral cookies — if you arrive via a referral link, we store a referral code in a cookie to attribute your visit to the referring person.
- Analytics data — anonymised usage data collected through Google Analytics, including pages visited, session duration, device type, and approximate geographic location.
- Account data — if you create an account, your email address and authentication credentials are managed through Firebase Authentication.
2. Why we collect it
We use your personal data for the following purposes:
- Order fulfilment — to process, ship, and deliver your order, and to communicate about order status.
- Referral tracking — to credit referrals and manage our referral programme.
- Website analytics — to understand how visitors use our website so we can improve the experience.
- Customer support — to respond to your questions or requests.
- Legal obligations — to comply with tax, accounting, and other legal requirements under Belgian and EU law.
3. Third parties
We share your data only with trusted third-party services that are necessary to operate our business:
- Stripe — payment processing. Stripe acts as an independent data controller for payment data. See Stripe's Privacy Policy.
- Google Analytics — website analytics. Data is anonymised and processed in accordance with Google's Privacy Policy.
- Firebase (Google Cloud) — website hosting, authentication, and database services.
We do not sell, rent, or trade your personal data to any third party for marketing purposes.
4. Cookies
We use a limited number of cookies:
- Referral cookie — stores the referral code from a referral link. Expires after 30 days.
- Google Analytics cookies — used to distinguish users and track sessions. See Google's cookie policy for details.
- Firebase authentication cookies — used to maintain your login session if you create an account.
We do not use advertising or tracking cookies beyond what is described above.
5. Data retention
We retain your personal data only for as long as necessary to fulfil the purposes described in this policy:
- Order data — retained for 7 years to comply with Belgian tax and accounting requirements.
- Analytics data — retained for 14 months (Google Analytics default).
- Referral cookies — expire after 30 days.
- Account data — retained until you request deletion of your account.
6. Your rights under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of access — you can request a copy of the personal data we hold about you.
- Right to rectification — you can ask us to correct inaccurate or incomplete data.
- Right to erasure — you can request that we delete your personal data, subject to legal retention obligations.
- Right to data portability — you can request your data in a structured, machine-readable format.
- Right to restrict processing — you can ask us to limit how we use your data in certain circumstances.
- Right to object — you can object to processing based on legitimate interests.
- Right to lodge a complaint — you have the right to file a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit).
7. Data security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All data transmitted through our website is encrypted using TLS/SSL. Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified provider.
8. Contact
For any questions about this Privacy Policy or to exercise your data rights, please contact us:
Last updated: March 2026