1. Data Controller
Luminoussyexpela
1 Santorini Promenade, Alkimos WA 6038, Australia
Email: request@luminoussyexpela.world
Phone: +61 437 999 988
For users in Australia, we are an organisation that handles personal information and are committed to complying with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). For users in the European Economic Area, we act as a data controller under the General Data Protection Regulation (GDPR).
2. Scope
This Privacy Policy applies to all personal information collected through the website luminoussyexpela.world and related communication channels operated by Luminoussyexpela, including our contact form, email correspondence, and telephone enquiries. It describes how we collect, hold, use, disclose, and protect personal information in accordance with Australian law and, where applicable, GDPR.
3. Data We Collect
3.1 Information You Provide
When you contact us via the contact form, we collect your name, email address, and message content. When you manage cookie preferences, we store your consent choices locally on your device.
3.2 Automatically Collected Data
With your consent, we may collect anonymised usage data including pages visited, browser type, device type, referring URL, and approximate geographic location derived from IP address.
4. Purposes of Processing
We process personal data for the following purposes:
- Responding to enquiries submitted through the contact form
- Operating and improving the website
- Analysing site usage to enhance user experience (with consent)
- Complying with legal obligations
- Protecting the security and integrity of our services
5. Legal Basis for Processing (GDPR)
For users in the EEA, we rely on the following legal bases:
- Consent: for analytics and marketing cookies, and contact form submissions where consent is given
- Legitimate interests: for website security, fraud prevention, and service improvement
- Legal obligation: where processing is required by applicable law
6. Australian Privacy Principles
When handling personal information of individuals in Australia, we follow the APPs. In summary:
- APP 1 — Open and transparent management: We maintain this policy and make it easily accessible on our website.
- APP 2 — Anonymity and pseudonymity: Where lawful and practicable, you may interact with us without identifying yourself. The contact form requires identification so we can respond to your enquiry.
- APP 3 & APP 5 — Collection and notification: We collect only information reasonably necessary for our functions and notify you at or before collection about how it will be used, as described in this policy.
- APP 6 — Use and disclosure: We use personal information only for the purposes stated in this policy, or for a related purpose you would reasonably expect, unless permitted or required by law.
- APP 7 — Direct marketing: We do not send direct marketing communications without your consent. See Section 13 for details.
- APP 8 — Cross-border disclosure: If personal information is disclosed overseas, we take reasonable steps to ensure recipients comply with Australian privacy standards. See Section 9.
- APP 10 — Quality: We take reasonable steps to ensure personal information is accurate, up to date, and complete.
- APP 11 — Security: We protect personal information from misuse, interference, loss, and unauthorised access. See Section 11.
- APP 12 & APP 13 — Access and correction: You may request access to or correction of your personal information. See Section 10.
7. Data Retention
Contact form submissions are retained for up to 24 months after the last correspondence, unless a longer period is required by law. Analytics data is retained for up to 26 months. Cookie consent records are stored locally on your device until you clear your browser data. When personal information is no longer needed, we take reasonable steps to destroy or de-identify it in accordance with APP 11.
8. Data Sharing and Disclosure
We do not sell personal information. We may disclose personal information to trusted service providers who assist with website hosting, analytics, and email delivery, where they are contractually required to handle information securely and only for authorised purposes. We may also disclose information where required or authorised by Australian law, including to courts, regulators, or law enforcement agencies, or to protect the rights, safety, or property of our organisation or others.
9. International Transfers
Some service providers may store or process personal information outside Australia. Before disclosing personal information overseas, we take reasonable steps under APP 8 to ensure the recipient handles the information in a manner consistent with the APPs, including through contractual safeguards. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or equivalent mechanisms.
10. Your Rights
Under the Privacy Act 1988 (Cth) and GDPR (where applicable), you have the right to:
- Access the personal information we hold about you (APP 12)
- Request correction of inaccurate, out-of-date, incomplete, or misleading information (APP 13)
- Request deletion of your data where permitted by law (right to erasure under GDPR)
- Restrict or object to processing in certain circumstances
- Data portability (GDPR)
- Withdraw consent at any time without affecting the lawfulness of prior processing
- Make a complaint to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au/privacy/privacy-complaints, or to a supervisory authority in the EEA
To exercise any of these rights, contact us at request@luminoussyexpela.world. We will acknowledge your request promptly and respond within 30 days, or explain if an extension is required under applicable law.
11. Security Measures and Data Breaches
We implement appropriate technical and organisational measures including HTTPS encryption, access controls, regular security reviews, and staff training on data protection practices to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure.
If we become aware of a data breach that is likely to result in serious harm to individuals whose personal information we hold, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth) by assessing the breach, notifying affected individuals, and reporting eligible breaches to the OAIC as required.
12. Children
This website is not directed at children under 16. We do not knowingly collect personal information from children without appropriate parental or guardian consent. If you believe we have collected information from a child, please contact us immediately so we can take steps to delete it.
13. Direct Marketing and the Spam Act 2003
We will only send you electronic marketing messages (such as email newsletters) if you have given express consent or if an exemption under the Spam Act 2003 (Cth) applies. Every marketing message will include a functional unsubscribe facility and identify Luminoussyexpela as the sender. You may opt out at any time by following the unsubscribe instructions or contacting us directly. We do not use contact form submissions for unrelated direct marketing without your consent.
14. Complaints
If you believe we have breached the APPs or mishandled your personal information, please contact us first using the details in Section 1. We will investigate your complaint and respond within a reasonable period. If you are not satisfied with our response, you may lodge a complaint with the OAIC. We will cooperate with any OAIC investigation.
15. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated revision date. Where changes materially affect how we handle your personal information, we will take reasonable steps to bring those changes to your attention.