Privacy

Privacy Policy.

Last updated: April 2026

This policy explains how Lumii collects, uses and protects your personal data. It applies to visitors to lumii.ch and to clients who hire Lumii's services. We comply with the Swiss Federal Act on Data Protection (nDSG, in force since 1 September 2023) and, where applicable, with the European General Data Protection Regulation (GDPR), because Lumii serves clients in Spain, Germany and other EU countries.

Short version: we collect only what we need to make your celebration happen. We don't sell data, we don't track you, and we don't place advertising cookies.

Data controller

The person responsible for processing your data is:

Daniela López González
Lumii
Webermühle, 5432 Neuenhof, Schweiz
info@lumii.ch

For any question or request regarding your personal data, write to info@lumii.ch. We will respond within 30 days.

What data we collect

We only collect what is strictly necessary for each interaction.

Contact form

When you use the contact form on lumii.ch, we receive: your name, your email address, the type of event you are planning, the estimated date, the approximate number of guests, and a free-text message. This data is transmitted to us via Formspree before reaching info@lumii.ch.

Payment

Payments are processed by Stripe. Lumii never sees or stores your card number, expiry date or security code. Stripe handles all payment data directly and according to their own privacy policy.

Technical data

When you visit lumii.ch, your browser automatically sends your IP address to Cloudflare (our hosting provider) and to Google's servers when loading fonts (Google Fonts). We do not install analytics trackers, advertising pixels or social media embeds. We store your language preference in your browser's localStorage under the key lumii_lang.

Why we collect it

To respond to your enquiry and confirm the details of your order.
To produce your invitation — we need the event details you provide.
To process payment securely through Stripe.
To communicate with you throughout the production process (revisions, delivery, questions).
To fulfil our accounting and legal obligations under Swiss law.

We do not use your data for marketing purposes or to send newsletters unless you explicitly ask us to.

Legal basis

Under Swiss nDSG: processing is based on the legitimate interest of Lumii to manage its business relationships and fulfil its obligations.

Under EU GDPR (applicable to clients in Spain, Germany and other EU member states):

Art. 6(1)(b) GDPR — processing necessary for the performance of a contract (managing your order and producing your invitation).
Art. 6(1)(f) GDPR — legitimate interest (serving the website, loading fonts, security).
Art. 6(1)(c) GDPR — legal obligation (accounting records required by Swiss law).

How long we keep your data

Contact and order data — for the duration of the business relationship and for 10 years thereafter, as required by Swiss accounting law (OR art. 958f).
Payment data — managed exclusively by Stripe according to their own retention policy. Lumii retains only transaction references (amount, date, status).
Language preference (localStorage) — stored in your browser until you clear it. Not transmitted to any server.

Third parties who receive data

We use a small number of carefully chosen external services. Here is exactly what each one does with your data.

Google LLC — Google Fonts

When this site loads, your browser makes a request to fonts.googleapis.com to download the typography used on the site. This request transmits your IP address to Google's servers. Google does not install cookies via Google Fonts. We use it to ensure visual consistency across all devices. Legal basis: legitimate interest (consistent design). Google Privacy Policy.

Cloudflare Inc. — Hosting

lumii.ch is hosted on Cloudflare Pages. When you visit the site, Cloudflare processes your IP address to serve the content and to protect against attacks. Cloudflare is based in San Francisco, California. Legal basis: legitimate interest (operating the website). Cloudflare Privacy Policy.

Stripe Inc. — Payment processing

When you pay for your order, you are redirected to Stripe's secure payment interface. Stripe collects and processes all payment data directly. Lumii does not see or store card details. Stripe may install session cookies for fraud prevention. Stripe is headquartered in San Francisco, California. Legal basis: performance of contract. Stripe Privacy Policy.

Formspree — Contact form

The contact form on lumii.ch is processed by Formspree. The data you enter (name, email, event details, message) passes through Formspree's servers before reaching info@lumii.ch. Formspree does not install cookies in the user's browser. Legal basis: legitimate interest (receiving client enquiries). Formspree Privacy Policy.

We do not share your data with any other third parties. We do not sell data. We do not use advertising networks or social media trackers.

Your rights

You have the following rights regarding your personal data. To exercise any of them, write to info@lumii.ch — we will respond within 30 days.

Access

Know what data we hold about you.

Correction

Have inaccurate data corrected.

Deletion

Request erasure of your data, where no legal obligation requires us to retain it.

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to processing based on legitimate interest.

Restriction

Request that we limit processing in certain circumstances.

To exercise any of these rights: info@lumii.ch. Response time: 30 days maximum.

Supervisory authorities

If you believe your data has been processed unlawfully, you have the right to file a complaint with the relevant supervisory authority.

Switzerland: Federal Data Protection and Information Commissioner (FDPIC / PFPDT) — edoeb.admin.ch
EU: The supervisory authority of your country of residence. In Spain: Agencia Española de Protección de Datos (aepd.es). In Germany: your state's Landesdatenschutzbehörde.

International data transfers

Google (Fonts) and Stripe are based in the United States. Cloudflare has servers globally. Transfers to these companies are covered by one or more of the following mechanisms:

The EU-US Data Privacy Framework (adequacy decision by the European Commission, adopted July 2023).
Standard Contractual Clauses (SCCs) approved by the European Commission.

From Switzerland, transfers to the US are assessed under nDSG art. 16-17. The companies listed above implement appropriate safeguards.

Changes to this policy

If we make meaningful changes to how we handle your data, we will update this page and reflect the new date at the top. We recommend checking this page periodically if you are a regular client. For significant changes affecting existing clients, we will notify you directly by email.

This version was published in April 2026.