Privacy Policy

1. Who We Are

This Privacy Policy is issued by ILOVELUX LTD, a company registered in England and Wales. We are the data controller in respect of your personal data as described in this policy.

This policy applies to all personal data we collect through our website, communications (email, WhatsApp, Telegram) and in the course of providing our services.

2. Legal Framework

We process personal data in accordance with:

• The UK General Data Protection Regulation (UK GDPR)
• The Data Protection Act 2018 (DPA 2018)
• The Privacy and Electronic Communications Regulations 2003 (PECR) where applicable

As a data controller, we are registered with / notified to the Information Commissioner's Office (ICO) as required by applicable law.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity data: first name, last name
• Contact data: email address, telephone number, WhatsApp or Telegram handle
• Request data: details of the service or request you submit to us
• Communication data: records of correspondence between you and ILOVELUX
• Technical data: IP address, browser type, and basic analytics data collected by our website (non-identifying, aggregated only)

We do not collect, store or process any special category personal data (such as health, biometric, racial or ethnic origin data) unless you explicitly provide it as part of a service request and consent to its use.

4. How We Collect Personal Data

• Directly from you when you complete our contact form, send an email, or message us via WhatsApp or Telegram
• Through your use of our website (technical data only, aggregated and non-identifying)
• Through referrals from existing clients or business partners (with appropriate authorisation)

5. Lawful Basis for Processing

We rely on the following lawful bases under Article 6 UK GDPR:

• Contract (Art. 6(1)(b)): Processing necessary to provide a service you have requested or to take steps prior to entering into a contract
• Legitimate interests (Art. 6(1)(f)): To respond to enquiries, manage our business, prevent fraud, and ensure the security of our systems — where these interests are not overridden by your rights
• Legal obligation (Art. 6(1)(c)): Where processing is required to comply with applicable law (e.g. anti-money laundering, tax obligations)
• Consent (Art. 6(1)(a)): Where we have obtained your explicit consent for a specific processing activity, which you may withdraw at any time

6. How We Use Your Personal Data

We use your personal data solely for the following purposes:

• To respond to and fulfil your service request or enquiry
• To communicate with you regarding your request or an ongoing service
• To arrange and coordinate third-party service providers on your behalf
• To send service-related communications (not marketing, unless you have opted in)
• To comply with legal and regulatory obligations
• To protect the security and integrity of our business

We do not use your personal data for automated decision-making or profiling.

7. Disclosure to Third Parties

We treat your information with the strictest confidence. We will only share your personal data with third parties in the following limited circumstances:

• Service providers: Hotels, aviation operators, event companies, or other suppliers engaged to fulfil your specific request — only the minimum data necessary is shared, and only under obligations of confidentiality
• Legal and regulatory authorities: Where required by law, court order, or at the request of a competent regulatory authority
• Professional advisers: Lawyers, accountants or auditors acting in that capacity, bound by duties of confidentiality

We do not sell, rent, trade or otherwise transfer your personal data to any third party for commercial or marketing purposes, under any circumstances.

8. International Transfers

Where we engage third-party service providers located outside the United Kingdom or European Economic Area to fulfil a service request on your behalf (for example, an overseas hotel or operator), personal data may be transferred internationally. In such cases:

• We share only the minimum data required to fulfil the service
• We ensure appropriate safeguards are in place as required by UK GDPR, including reliance on adequacy decisions, standard contractual clauses, or other approved transfer mechanisms where applicable

9. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected:

• Enquiries and requests not resulting in a service: deleted within 30 days of the conclusion of correspondence
• Active service engagements: retained for the duration of the service plus up to 6 years thereafter (to comply with limitation periods under the Limitation Act 1980 and related obligations)
• Legal and financial records: retained for the period required by applicable law (typically 6–7 years under HMRC and Companies Act requirements)

When personal data is no longer required, it is securely deleted or anonymised.

10. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the following rights in relation to your personal data:

1. Right of access — to receive a copy of the personal data we hold about you (Subject Access Request)
2. Right to rectification — to have inaccurate or incomplete data corrected
3. Right to erasure ("right to be forgotten") — to request deletion of your data, subject to legal retention obligations
4. Right to restriction of processing — to request that we limit how we use your data in certain circumstances
5. Right to data portability — to receive your data in a structured, machine-readable format (where processing is based on consent or contract)
6. Right to object — to object to processing based on legitimate interests or for direct marketing
7. Right to withdraw consent — where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing
8. Rights related to automated decision-making — we do not carry out solely automated decision-making with legal or similarly significant effects

To exercise any of these rights, please contact us at info@ilovelux.co.uk. We will respond within one calendar month as required by UK GDPR.

We may need to verify your identity before processing a request. There is no fee for making a request unless it is manifestly unfounded, excessive or repetitive, in which case we may charge a reasonable fee or decline the request.

11. Cookies and Tracking

Our website uses only strictly necessary technical operations required for the page to function. We do not use tracking cookies, advertising pixels, or third-party analytics services that identify individual users. No consent for cookies is required as we do not set non-essential cookies.

If this changes in the future, we will update this policy and implement a compliant cookie consent mechanism prior to any such use.

12. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, alteration or disclosure. These include:

• Restricted access to personal data on a need-to-know basis
• Use of encrypted communication channels
• Regular review of our data handling practices

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify affected individuals without undue delay.

13. Children's Data

Our services are not directed at, and we do not knowingly collect personal data from, anyone under the age of 18. If we become aware that personal data of a minor has been submitted without appropriate authorisation, we will delete it promptly.

14. Links to Third-Party Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices of those websites and recommend that you review their respective privacy policies.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, our services, or our data practices. The effective date at the top of this page will reflect when the policy was last updated. We encourage you to review this page periodically.

Where changes are material, we will take reasonable steps to bring them to your attention.

16. Right to Complain

If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority:

We would, however, appreciate the opportunity to address your concerns directly before you approach the ICO. Please contact us first at info@ilovelux.co.uk.

17. Contact Us

For any questions, requests or concerns relating to this Privacy Policy or our data handling practices, please contact the data controller: