Privacy policy
Privacy Policy Lupno | Last updated: April 2026
Who We Are
This website is operated by Lupno ("we", "us", "our"). Our business address is:
Lupno Flat 7, Hunslet House Station Road Corby NN17 1GA United Kingdom
Email: team@lupno.com
What This Policy Covers
This Privacy Policy explains how we collect, use, store, and share your personal data when you visit lupno.com or make a purchase from us. It also explains your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Please read this policy carefully. By using our website, you acknowledge that you have read and understood how we handle your personal data.
What Data We Collect
Depending on how you interact with our website, we may collect the following personal data:
Data you provide directly:
- Name, email address, phone number
- Billing and shipping address
- Payment information (processed securely by our payment providers — we do not store card details)
- Any messages or enquiries you send us
Data collected automatically:
- IP address and browser type
- Pages visited, time spent on site, click behaviour and session recordings (via Microsoft Clarity)
- Device type and operating system
- Referring website or search term
Data from third parties:
- Order and payment confirmation data from Shopify Payments, PayPal, and Klarna
- Delivery and tracking data from our fulfilment partner and Track123
How We Use Your Data
We use your personal data for the following purposes, each supported by a lawful basis under UK GDPR Article 6:
| Purpose | Lawful Basis |
|---|---|
| Processing and fulfilling your order | Contract (Art. 6(1)(b)) |
| Sending order confirmations and shipping updates | Contract (Art. 6(1)(b)) |
| Responding to your customer service enquiries | Contract (Art. 6(1)(b)) |
| Processing payments securely | Contract (Art. 6(1)(b)) |
| Order tracking via Track123 | Contract (Art. 6(1)(b)) |
| Preventing fraud and ensuring website security | Legitimate interests (Art. 6(1)(f)) |
| Analysing website usage and improving our store (Microsoft Clarity) | Legitimate interests (Art. 6(1)(f)) |
| Sending marketing emails (if you have opted in) | Consent (Art. 6(1)(a)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
Third-Party Service Providers
We share your personal data with the following third parties where necessary to operate our business. All providers are contractually required to handle your data securely and in accordance with applicable data protection law.
Shopify Inc. Our store is hosted on Shopify. Shopify processes your order data, stores your personal information, and provides our checkout infrastructure. Shopify Inc. is based in Canada and the USA. Data transfers are covered by Shopify's standard contractual clauses. Privacy Policy: shopify.com/legal/privacy
PayPal Holdings Inc. If you choose to pay via PayPal, your payment data is processed by PayPal. PayPal is based in the USA. Data transfers are covered by standard contractual clauses. Privacy Policy: paypal.com/uk/legalhub/privacy-full
Klarna Bank AB If you choose to pay via Klarna, your data is processed by Klarna to assess eligibility and process payment. Klarna is based in Sweden and operates under EU GDPR. Your data may be transferred to and stored in the EEA. Privacy Policy: klarna.com/uk/legal/privacy-policy
Track123 We use Track123 to provide order tracking functionality. Track123 processes your order number, shipping carrier data, and delivery status. Data may be processed outside the UK. Privacy Policy: track123.com/privacy-policy
Microsoft Clarity We use Microsoft Clarity to understand how visitors interact with our website. Clarity records anonymised session data including mouse movements, clicks, and scrolling behaviour. Microsoft is based in the USA. Data transfers are covered by Microsoft's standard contractual clauses. Privacy Policy: privacy.microsoft.com/en-gb/privacystatement
Klaviyo Inc. We use Klaviyo to manage and send marketing emails to customers who have opted in. Klaviyo processes your name and email address for this purpose. Klaviyo is based in the USA. Data transfers are covered by Klaviyo's standard contractual clauses. Privacy Policy: klaviyo.com/legal/privacy-notice
International Data Transfers
Some of our service providers are based outside the United Kingdom, including in the United States. Where we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, such as the UK's International Data Transfer Agreement (IDTA) or standard contractual clauses approved by the ICO.
Cookies
We use cookies and similar tracking technologies on our website. These include:
- Essential cookies — required for the website and checkout to function
- Analytics cookies — used by Microsoft Clarity to analyse site usage (requires consent)
- Marketing cookies — used for advertising purposes via Google (requires consent)
You can manage your cookie preferences at any time via our cookie banner. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal. For full details, please see our Cookie Policy.
How Long We Keep Your Data
We retain your personal data only for as long as necessary for the purposes set out in this policy:
- Order data — 6 years (for legal and accounting purposes)
- Customer service correspondence — 2 years
- Marketing data — until you withdraw consent or unsubscribe
- Analytics data — as per the respective provider's retention policy
Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access — you can request a copy of the personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate or incomplete data
- Right to erasure — you can ask us to delete your data in certain circumstances
- Right to restriction — you can ask us to limit how we use your data
- Right to data portability — you can request your data in a structured, machine-readable format
- Right to object — you can object to processing based on legitimate interests or for direct marketing
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time
To exercise any of these rights, please contact us at team@lupno.com. We will respond within one calendar month. We may need to verify your identity before processing your request.
Right to Complain
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Website: ico.org.uk Phone: 0303 123 1113
We would appreciate the opportunity to address your concerns directly before you contact the ICO, so please reach out to us first at team@lupno.com.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of any significant changes by updating the date at the top of this page. We encourage you to review this policy periodically.
Contact
If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at team@lupno.com. Our team is available Monday to Friday, 9:00 am – 3:00 pm (GMT/BST).