Privacy Policy
This Privacy Policy explains how Luma Partners (“Luma”, “we”, “us”) collects, uses, and protects your personal information when you interact with our website and services.
Effective date: October 2, 2025 · Last updated: October 2, 2025
1) Scope #
This policy covers personal information processed by Luma Partners via luma.partners and related pages (the “Site”), as well as information collected during sales, support, recruiting, and service delivery. It does not cover third-party sites linked from our Site.
2) Information we collect #
Information you provide
- Contact details (name, email, company, phone)
- Project details (goals, timelines, budget guidance)
- Support messages, survey responses, or form submissions
- Recruiting data (CV/resume, portfolio, experience)
Information collected automatically
- Technical data (IP, device, browser, OS, timezone)
- Usage data (page views, clicks, referring URLs)
- Cookies and similar technologies (see Cookies & tracking)
Sensitive information
We do not intentionally collect sensitive categories (e.g., health, biometrics, precise geolocation) through the Site. If your engagement requires regulated data, we will address it in a separate agreement.
3) How we use information #
- Provide and improve services, proposals, and support
- Operate the Site (troubleshooting, analytics, security)
- Communicate about projects, billing, and updates
- Recruiting and talent management with your consent
- Comply with legal obligations and enforce agreements
4) Legal bases (GDPR) #
Where the GDPR applies (e.g., users in the EEA/UK), we rely on these legal bases:
- Contract performance — to provide requested services or respond to inquiries
- Legitimate interests — to secure and improve the Site and services, and to prevent fraud
- Consent — for certain marketing or recruiting activities (where required)
- Legal obligation — to comply with applicable laws
7) Data retention #
We retain personal information for as long as necessary to fulfill the purposes described above, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and context.
8) Security #
We implement reasonable technical and organizational measures designed to protect personal information. No system is perfectly secure, and we cannot guarantee absolute security.
9) International transfers #
We operate in the U.S. and Colombia and may process data in other countries. When transferring personal data internationally, we use appropriate safeguards such as contractual clauses where required by law.
10) Your rights #
GDPR/UK rights (EEA/UK)
Subject to conditions, you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. You also have the right to lodge a complaint with a supervisory authority.
U.S. state laws (e.g., CCPA/CPRA)
For eligible residents, you may have rights to know, access, delete, correct, and opt-out of certain sharing. We do not sell personal information. To exercise rights, see Contact.
Colombia (Habeas Data)
If you are in Colombia, you may have rights to know, update, rectify, and delete information, and to revoke consent subject to legal limits.
11) Children #
Our Site and services are not directed to children under 13 (or the equivalent age in your jurisdiction), and we do not knowingly collect their personal information.
12) Changes to this policy #
We may update this policy from time to time. When we post changes, we will update the “Last updated” date above. Material changes will be highlighted on this page.
↑ Back to top13) Contact #
Questions or requests about this policy or your personal information?
Email: info@luma.partners
If contacting us about a data request, please specify your country or state of residence and the right you wish to exercise. We may need to verify your identity.