Skip to main content

Privacy Policy

Effective date: 14 January 2026

This Privacy Policy (“Policy”) explains how LUMSET® Europe (Portugal) (“we”, “us”) collects, uses, shares, and protects your personal data when you visit or use lumset.eu, submit contact/quotation requests, subscribe to updates, or communicate with us, and the rights you have under the General Data Protection Regulation (GDPR, EU 2016/679).

1. Data Controller

Controller: LUMSET® Europe (Portugal)

Website: lumset.eu

Company email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Data protection contact/officer: Rui

DPO email: This email address is being protected from spambots. You need JavaScript enabled to view it.

2. Our Data Protection Principles

We process personal data in line with GDPR principles: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; and integrity and confidentiality.

3. What Personal Data We Collect

Data you provide:

  • First name and last name
  • Email address
  • Phone number (if provided)
  • Business details such as company, role, country/region (if provided)
  • The content of your messages, requests and any attachments (if any)

Data collected automatically (technical data):

  • IP address, timestamps, pages visited, browser/device details, referral page (mainly for security and troubleshooting)

4. Why We Process Your Data and Our Legal Bases

  • Responding to enquiries, handling quotation requests, and business communication
    Purpose: to respond, provide information/quotes/lead times, and follow up.
    Legal basis: performance of a contract or pre-contractual steps (GDPR Art. 6(1)(b)).
  • Managing communication history and service improvement
    Purpose: to keep a record of communications for follow-up and quality management.
    Legal basis: legitimate interests (GDPR Art. 6(1)(f)).
  • Subscriptions / email updates (where applicable)
    Purpose: to send updates you subscribed to or consented to receive.
    Legal basis: consent (GDPR Art. 6(1)(a)). You can unsubscribe at any time via the link in our emails or by contacting us.
  • Website operation, security, and troubleshooting
    Purpose: to keep the website secure and functional, prevent abuse/attacks/fraud.
    Legal basis: legitimate interests (GDPR Art. 6(1)(f)).

5. Cookies and Consent Management (CookieYes)

We use cookies and similar technologies to ensure the website functions properly and, where applicable, to manage preferences and obtain consent. We use CookieYes as our consent management platform to display cookie banners and store/manage your consent choices.

Except for strictly necessary cookies, we will request your consent where required before placing cookies. You can change or withdraw your consent at any time via the cookie settings on the website.

Note: We currently do not use Google Analytics.

6. Recipients and Sharing

We do not sell your personal data. We share data only where necessary:

  • Service providers (Processors): We may share necessary data with providers acting on our behalf, such as Brevo (email delivery, subscription management, customer communications, where applicable) and website hosting/technical support providers. We require processors to act only on our instructions and to implement appropriate safeguards (typically via Data Processing Agreements).
  • Legal requirements: We may disclose data where required by law or to protect our rights and security (e.g., fraud prevention, cyber security incidents).

7. International Transfers (Outside the EEA)

If a service provider stores or accesses personal data outside the EEA, we apply GDPR-compliant safeguards such as Standard Contractual Clauses (SCCs) or other lawful transfer mechanisms.

8. Data Retention

  • Enquiry/quotation and communication records: typically 24 months (follow-up and service quality).
  • Security and technical logs: typically 30 days (security auditing and troubleshooting).
  • Contracts/invoices/accounting & tax records (where applicable): 10 years in line with applicable tax/accounting retention obligations.

After the retention period, data is deleted, anonymised, or otherwise handled in a compliant manner.

9. Your GDPR Rights

Where applicable, you have the right to access, rectify, erase, restrict processing, data portability, object, and withdraw consent. To exercise your rights, contact This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it.. We may need to verify your identity.

10. Complaints to a Supervisory Authority

If you believe your rights have been infringed, you may lodge a complaint with a supervisory authority. As we are based in Portugal, you may contact CNPD (Comissão Nacional de Proteção de Dados).

11. Security

We implement reasonable technical and organisational measures (e.g., HTTPS/SSL where applicable, access controls, backups, monitoring, and appropriate contractual controls with processors). No internet transmission is fully secure; if a personal data breach occurs, we will assess and notify authorities/data subjects where required by law.

12. Third-Party Links

Our website may contain links to third-party services. We are not responsible for their privacy practices. Please review their policies.

13. Children

Our services are not intended for children under 16. If you believe a child provided personal data without guardian consent, contact us and we will take reasonable steps to delete it.

14. Updates to this Policy

We may update this Policy from time to time. Updates will be posted on this page and the effective date will be revised. Material changes may be highlighted via website notice or email where appropriate.

15. Contact

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Data protection contact: Rui (This email address is being protected from spambots. You need JavaScript enabled to view it.)