NEED HELP ?
  • Bespoke
Login

Cart

Your cart is empty

Privacy policy

Effective Date: January 8, 2026
Last Updated: January 8, 2026
Version: 1.0

Table of Contents

  1. Introduction and Identity of the Controller
  2. What Personal Data We Collect
  3. How We Collect Your Personal Data
  4. Legal Bases for Processing
  5. How We Use Your Personal Data
  6. Data Sharing and Third Parties
  7. International Data Transfers
  8. Data Retention
  9. Your Rights (GDPR)
  10. United States Privacy Rights (CCPA/CPRA)
  11. Cookies and Tracking Technologies
  12. Security of Your Data
  13. Minors
  14. Changes to This Privacy Policy
  15. Contact Information

1. Introduction and Identity of the Controller

We value the trust you place in us when you commission a work from Lunburg. This Privacy Policy describes how we collect, use, and disclose your personal information when you visit our website, use our services, or make a purchase (referred to herein as a "Commission").

Identity of the Data Controller
This Privacy Policy is issued by Lunburg B.V., a company registered in the Netherlands under Chamber of Commerce number 96303743, which operates the Lunburg Master Artisans brand. Throughout this policy, references to "Lunburg," "we," "us," or "our" refer to Lunburg B.V.

We act as the "Data Controller" under the General Data Protection Regulation (EU) 2016/679 ("GDPR"). This means we are responsible for deciding how we hold and use personal data about you.

2. What Personal Data We Collect

When we use the term "personal data" or "personal information," we refer to information that identifies, relates to, describes, or can be reasonably linked to you. We may collect the following categories of personal data:

2.1 Identity Data

Includes your first name, last name, username, or similar identifier.

2.2 Contact Data

Includes your billing address, shipping address, email address, and telephone number.

2.3 Financial Data

Includes payment card details (processed securely by our payment providers; we do not store full credit card numbers), bank account details for wire transfers, and billing information.

2.4 Transaction Data

Includes details about payments to and from you, and details of the Commissions (products) you have purchased from us. This includes the specific nature of the item (e.g., standard collection or bespoke request).

2.5 Technical Data

Includes your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

2.6 Profile Data

Includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.

2.7 Marketing and Communications Data

Includes your preferences in receiving marketing from us and your communication preferences.

3. How We Collect Your Personal Data

We use different methods to collect data from and about you including through:

  • Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
    • Commission a product (place an order);
    • Create an account on our website;
    • Register for the "Shared Stewardship" (Warranty) program;
    • Subscribe to our newsletter or waitlists;
    • Request marketing to be sent to you; or
    • Give us feedback or contact us for support.
  • Automated Technologies or Interactions: As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
  • Third Parties: We may receive personal data about you from various third parties, including:
    • Shopify: Our e-commerce platform provider;
    • Payment Providers: Such as PayPal, Stripe, or credit card processors;
    • Analytics Providers: Such as Google Analytics.

Under the GDPR, we must have a legal basis to process your personal data. We rely on the following legal bases:

  1. Performance of a Contract: We process your data where it is necessary for the performance of a contract to which you are a party (e.g., to fulfill your Commission, process payment, and deliver your item).
  2. Legitimate Interest: We process your data where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes fraud prevention, improving our services, and maintaining records for our "Shared Stewardship" warranty program.
  3. Legal Obligation: We process your data where we need to comply with a legal obligation (e.g., tax reporting, customs requirements, anti-money laundering laws).
  4. Consent: Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

5. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To Fulfill Your Commission: To register you as a new client, process and deliver your order, manage payments, fees, and charges, and collect and recover money owed to us.
  • To Manage Our Relationship: To notify you about changes to our terms or privacy policy, and to ask you to leave a review or take a survey.
  • To Provide Warranty Services: To maintain a registry of ownership for our "Shared Stewardship" 50-year warranty program, allowing us to identify your specific item and its history should it require restoration.
  • To Protect Our Business: To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data).
  • To Improve Our Atelier: To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences.
  • Marketing: Subject to your preferences, to send you newsletters and updates regarding new collections or events.

6. Data Sharing and Third Parties

We do not sell your personal data. However, we may share your personal data with the parties set out below for the purposes set out in this policy:

  • Shopify: Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify's data storage, databases, and general Shopify application.
  • Service Providers: Companies that provide services on our behalf, such as:
    • Shipping and logistics partners (to deliver your Commission from our Atelier or distribution center to you);
    • Payment processors (to securely handle financial transactions);
    • IT and system administration services;
    • Professional advisers including lawyers, bankers, auditors, and insurers.
  • Legal Authorities: Tax authorities, regulators, and other authorities acting as processors or joint controllers based in the Netherlands or other relevant jurisdictions who require reporting of processing activities in certain circumstances.

7. International Data Transfers

Lunburg B.V. is based in the Netherlands. However, because we operate globally and utilize Shopify as our platform, your personal data may be transferred to, stored, and processed in countries outside the European Economic Area (EEA), specifically Canada and the United States.

  • Transfers to Shopify: Shopify Inc. is located in Canada. The European Commission has recognized Canada (for commercial organizations) as providing an adequate level of data protection.
  • Other Transfers: Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
    • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
    • Where we use certain service providers, we may use specific contracts approved by the European Commission (Standard Contractual Clauses) which give personal data the same protection it has in Europe.

8. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

Specific Retention Periods:

  • Commissions (Transaction Data): We are required by Dutch tax law to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for seven years after they cease being customers for tax purposes.
  • Warranty Records: Due to our 50-Year Warranty ("Shared Stewardship"), we retain limited transaction data necessary to validate the warranty for the duration of the warranty period, unless you specifically request the deletion of this data. Note: Requesting deletion of warranty data may affect our ability to verify the provenance of your item for warranty purposes.

9. Your Rights (GDPR)

Under certain circumstances, you have rights under data protection laws in relation to your personal data. If you reside in the EEA or UK, you have the right to:

  • Request access to your personal data (commonly known as a "data subject access request").
  • Request correction of the personal data that we hold about you.
  • Request erasure of your personal data.
  • Object to processing of your personal data where we are relying on a legitimate interest.
  • Request restriction of processing of your personal data.
  • Request the transfer of your personal data to you or to a third party (right to data portability).
  • Withdraw consent at any time where we are relying on consent to process your personal data.
  • Lodge a complaint with a supervisory authority. If you are based in the Netherlands, you may contact the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl. If you are based elsewhere in the EEA or UK, you may contact your local supervisory authority.

To exercise any of these rights, please contact us at privacy@lunburg.com. We aim to respond to all legitimate requests within one month.

10. United States Privacy Rights (CCPA/CPRA)

If you are a resident of the United States, specifically California, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

  • Right to Know: You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months.
  • Right to Delete: You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.
  • Right to Opt-Out of Sale/Sharing: Lunburg does not sell your personal data for monetary value. However, the use of certain cookies or trackers for advertising purposes may be considered "sharing" under California law. You may opt out of this via our cookie preferences tool or by enabling the Global Privacy Control (GPC) signal on your browser.
  • Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To exercise these rights, please contact us at the email provided below or visit our Data Sharing Opt-Out page.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our services and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze our services.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of our services.

For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

12. Security of Your Data

The security of your personal data is important to us. We use Shopify's secure platform, which employs industry-standard encryption protocols (such as SSL) to protect data during transmission. While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee its absolute security.

13. Minors

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

15. Contact Information

If you have any questions about this Privacy Policy, your rights, or our data processing practices, please contact our Data Protection Officer (DPO) at:

Lunburg B.V.
Attn: Data Protection Officer
Nikkelweg 533
2401MM Alphen aan den Rijn, The Netherlands

Email: privacy@lunburg.com

Fifty-Year Warranty

Complimentary Shipping

30 days return policy

Forty Percent to Preservation