top of page
Mustard Seed Faith Logo.png

Privacy Policy

Effective Date: 9 December 2025

 

1. Introduction

LUMENX STUDIOS LTD (trading as Mustard Seed Faith) is the data controller responsible for your personal information. We are committed to protecting your privacy and handling your data in accordance with the UK GDPR, the EU GDPR (where applicable), the Data Protection Act 2018, and all relevant UK/EU privacy legislation.

This Privacy Policy explains how we collect, use, store, and share your personal information when you interact with our website, make a purchase, create an account, sign up for email communications, or otherwise engage with our services.

It applies to all visitors, customers, and users of our website. By accessing or using the site, you acknowledge that you have read and understood this Policy.

This Policy should be read together with our Terms & Conditions and any other notices we provide from time to time.

2. Information We Collect

We collect personal information that you voluntarily provide to us when you browse the website, create an account, make a purchase, contact us, or use our services. The categories of data we may collect include:

2.1 Identification & Contact Information

  1. First name and surname

  2. Email address

  3. Phone number

2.2 Order & Delivery Information

  1. Shipping address

  2. Billing address

  3. Order history

  4. Any notes you provide during checkout

2.3 Payment Information

Payment card details are not stored or processed by us directly. All payments are handled securely by integrated third-party payment processors (such as Stripe, Wix Payments, PayPal, Apple Pay or Google Pay, as applicable).
We only receive limited information confirming whether a payment was successful.

2.4 Account Login Information

If you choose to create an account on our website, your login credentials (such as your email address and password) are processed and securely stored by our website platform provider, Wix. We do not have access to your password, and it is encrypted and protected by Wix’s security systems. We may have access to your account preferences and basic account information associated with your profile.

2.5 Cookies & Tracking Technologies

We use cookies and similar technologies for:

  1. Website functionality

  2. Shopping cart operation

  3. Session control

  4. Preference storage

  5. Security

  6. Analytics

Cookie settings can be managed via your browser or our cookie banner.

2.6 Analytics & Usage Data

We may collect anonymised or aggregated data through:

  1. Google Analytics

  2. Wix Analytics

  3. IP address (which may be processed in full for security logs, fraud prevention, and system integrity)

  4. Device information

  5. Pages visited

  6. Time spent on the site

  7. Referring URLs

This information helps us improve performance, troubleshoot issues, enhance user experience, and understand how visitors interact with our website. Where possible, analytics data is anonymised or aggregated. However, certain technical identifiers (such as IP addresses) may be processed where necessary for security and fraud prevention. Where required by law (e.g., in parts of the EU), analytics cookies are only activated after you provide consent via the cookie banner.

 

3. How We Use Personal Information

We use the personal information we collect for the following purposes:

3.1 Processing and Fulfilling Orders

To accept and process your orders, manage payments through our secure payment processors, communicate order confirmations, and deliver your purchases to the correct address.

3.2 Customer Support

To respond to your enquiries, provide assistance, handle returns or issues, and offer general support relating to your orders or account.

3.3 Account Creation and Management

If you choose to create an account, we use your information to set up and maintain your login, preferences, order history, and account functionality.

3.4 Fraud Prevention and Website Security

To detect, investigate, and prevent fraudulent transactions, unauthorised access, misuse of the site, and violations of our Terms & Conditions.
This includes the use of security logs, IP monitoring, and other protective measures.

3.5 Shipping, Delivery & Fulfilment

To share necessary order details (such as name, address, and contact information) with trusted fulfilment partners or carriers so your order can be packed and delivered.

3.6 Marketing Communications

If you opt in, we may send you email updates, promotions, product news, or personalised offers.
You may unsubscribe at any time by using the link in our emails or contacting us directly.

Transactional emails relating to your orders (such as order confirmations and delivery updates) will be sent regardless of marketing preferences, as they are necessary to fulfil your contract with us.

3.7 Website Improvement, Performance & Analytics

We analyse usage patterns through cookies, Google Analytics, and Wix Analytics to help us:

  1. Improve site functionality

  2. Enhance user experience

  3. Troubleshoot errors

  4. Test new features

  5. Understand visitor traffic and behaviour

This data is often anonymised or aggregated wherever possible.

 

4. Legal Bases for Processing (UK/EU GDPR)

Under the UK GDPR and EU GDPR, we must have a lawful basis for processing your personal information. We rely on the following legal grounds:

4.1 Contractual Necessity

We process your information to:

  1. Provide our services

  2. Process and deliver your orders

  3. Manage your account

Without this data, we cannot fulfil your order or provide the requested services.

4.2 Legal Obligations

We may process and retain certain information to comply with legal requirements, including:

  1. Tax and accounting records

  2. Consumer rights obligations

  3. Product safety, reporting, or recall requirements (if applicable)

4.3 Legitimate Interests

We process certain data where it is necessary for our legitimate business interests, including:

  1. Improving the website and services

  2. Maintaining security and preventing fraud

  3. Understanding how customers use our site

  4. Protecting our rights and enforcing our Terms

We balance these interests against your rights and freedoms through a documented legitimate interest assessment and only rely on this basis where your rights are not overridden.

4.4 Consent

We rely on consent when:

  1. Using non-essential cookies

  2. Sending marketing communications

  3. Collecting analytics data where consent is required under local laws

You can withdraw your consent at any time.

 

5. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to ensure the site functions correctly, to improve your browsing experience, and to analyse how visitors interact with our services. This section also serves as our formal Cookie Policy.

5.1 Types of Cookies We Use

  1. Necessary Cookies
    Essential for operating the website and enabling core functions such as:

    1. Secure checkout

    2. Page navigation

    3. Account login

    4. Saving your privacy preferences

These cookies cannot be switched off because the site cannot function properly without them.

  1. Analytics & Performance Cookies
    Used to understand how visitors use our website.
    These may include: 

    1. Google Analytics 

    2. Wix Analytics 

They help us analyse traffic, improve user experience, fix errors, and optimise site performance.

These are only activated with your consent (where required).

  1. Marketing & Advertising Cookies
    Used to deliver relevant ads, measure marketing effectiveness, and track engagement across devices or platforms.
    These are optional and only used if you accept them via the cookie banner.

5.2 Cookie Consent & Banner

Upon your first visit, our website displays a cookie consent banner, allowing you to:

  1. Accept all cookies

  2. Reject non-essential cookies

  3. Choose specific categories of cookies

Your preferences will be stored, and you can modify them at any time.

5.3 Managing Your Cookie Preferences

You may adjust or withdraw your cookie consent through:

  1. The cookie settings link available on our site, or

  2. Your browser settings to block or delete cookies at any time.

Disabling some cookies may affect the functionality or performance of the website.

 

6. Sharing Your Information

We only share your personal information with trusted third parties when necessary to operate our business, fulfil your orders, or comply with legal obligations. We do not sell your personal data.

6.1 Print-on-Demand (POD) Fulfilment Partner

TWO FIFTEEN LTD
We share only the information required to produce, pack, and fulfil your order, such as your name, delivery address, and order details. This information is used solely for order fulfilment purposes.

6.2 Payment Processors

We use secure third-party payment processors, including:

  1. Wix Payments

  2. Stripe

  3. PayPal

  4. Apple Pay

  5. Google Pay

Your full payment information is not stored by us and is handled according to each provider’s security and privacy policies.

6.3 Shipping Carriers

For delivery, we share necessary shipping details with:

  1. Royal Mail

  2. International postal or courier partners

This includes your name, shipping address, and sometimes a contact email or phone number for tracking updates.

6.4 Analytics & Tracking Tools

To monitor website performance and understand visitor behaviour, we use:

  1. Google Analytics

  2. Wix Analytics

These tools may collect technical and usage information such as IP address, device type, browser type, and pages visited. Where possible, this data is pseudonymised or aggregated.

6.5 Limited  & Secure Data Sharing

We only share:

  1. What is essential

  2. With service providers who follow designed to comply with GDPR data protection standards

  3. Under contracts that require them to safeguard your information

We do not sell, rent, or trade personal data with any third parties.

 

7. International Data Transfers

Because we use third-party service providers—including Wix, our website hosting platform—your personal information may be processed or stored on servers located outside the United Kingdom or European Economic Area (EEA). These locations may include countries that do not provide the same level of data protection as UK/EU law.

7.1 Wix International Data Processing

Wix may store or process data in:

  1. The United States

  2. Israel

  3. Europe

  4. Other jurisdictions where their servers or partners operate

Wix is contractually required to maintain GDPR-level protections regardless of server location.

7.2 GDPR Safeguards (UK & EU)

Whenever personal data is transferred outside the UK/EEA, we ensure that such transfers are protected by one or more of the following legal mechanisms:

  1. Standard Contractual Clauses (SCCs)
    We rely on approved Standard Contractual Clauses for data transfers to ensure that the receiving country or service provider offers adequate safeguards.

  2. Data Processing Agreements (DPAs)
    All major service providers, including Wix, Google, Stripe, and TwoFifteen, operate under legally binding DPAs that meet GDPR requirements.

  3. Additional Technical & Organisational Measures
    These may include:

    1. Encryption

    2. Secure access controls

    3. Data minimisation

    4. Pseudonymisation where possible

7.3 Your Rights for International Transfers

You may request further information about:

  1. The safeguards in place for international transfers

  2. Copies of relevant SCCs

Contact details are provided at the end of this Privacy Policy.

 

8. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Different categories of data are retained for different periods:

8.1 Order & Transaction Data

We keep order records—including customer details, tax records, invoices, and transaction histories—for six (6) years, as required under UK tax and accounting laws.

This applies even if you delete your account, as we must legally retain invoice information.

8.2 Customer Account Data

If you create an account with us, we retain your account information until you request deletion or until the account becomes inactive for a continuous period of 24 months (in accordance with GDPR storage limitation principles).

8.3 Marketing & Communications Data

If you opt into marketing emails, we retain your marketing data until you unsubscribe or request deletion.
Unsubscribing does not affect your ability to place orders or receive transactional emails.

8.4 Customer Support And Correspondence

Support-related messages may be stored for a reasonable period to help us:

  1. Manage follow-up inquiries

  2. Maintain service quality

  3. Comply with legal obligations

Typically retained for up to 2 years, unless required for dispute resolution.

8.4 Cookie & Tracking Data

Cookies are retained according to their individual expiration periods, which vary by type and provider.
You may delete cookies at any time through your browser or cookie preferences panel.

 

9. Security Measures

We take the protection of your personal information seriously and implement a range of technical and organisational measures designed to safeguard the data we process.

9.1 Encryption

  1. Data transmitted through our website is protected using SSL/TLS encryption, ensuring that information exchanged between your browser and our servers remains secure.

  2. Sensitive payment data is encrypted and processed directly by certified payment providers.

9.2 Access Controls

  1. Personal data is accessible only to authorised personnel who require access to fulfil their duties (e.g., order processing, customer support).

  2. We implement secure login systems, password protection, and administrative safeguards to prevent unauthorised access.

9.3 Payment Security (PCI Compliance)

  1. We do not store or process your full payment card details on our servers.

  2. Payments are handled by third-party payment processors such as 

    1. Wix Payments, 

    2. Stripe, PayPal, 

    3. Apple Pay, 

    4. And Google Pay, 

all of whom are PCI-DSS compliant and required to maintain globally recognised payment security standards.

9.4 General Security Limitations

While we follow industry best practices, no method of transmission over the Internet or electronic storage is entirely secure.
Therefore, we cannot guarantee absolute security, but we commit to maintaining and continually improving reasonable and appropriate safeguards as required under UK/EU law.

Nothing in this section limits our obligation to implement appropriate technical and organisational security measures as required by UK and EU data protection law.

 

10. Your Rights (UK & EU GDPR)

Under the UK General Data Protection Regulation (UK GDPR) and the EU GDPR (for EU-based customers), you have the following rights regarding your personal data:

10.1 Right of Access

You may request a copy of the personal data we hold about you and information on how it is processed.

10.2 Right to Rectification

If your information is inaccurate or incomplete, you have the right to request corrections.

10.3 Right to Erasure (“Right to Be Forgotten”)

You can request the deletion of your personal data when:

  1. It is no longer necessary for the purposes collected,

  2. You withdraw consent (where consent is the legal basis), or

  3. You successfully object to processing.

Exceptions may apply where data must be retained for legal obligations (e.g., tax records).

10.4 Right to Restrict Processing

You may request that we limit how we use your data—for example, while accuracy is being verified or where processing is unlawful but you prefer restriction over deletion.

10.5 Right to Data Portability

You may request your personal data in a structured, commonly used, machine-readable format and transfer it to another service provider where processing is based on consent or contract.

10.6 Right to Object

You may object to processing based on legitimate interests, including profiling.
You may also object at any time to the use of your data for direct marketing.

10.7 Right to Withdraw Consent

If we rely on consent (e.g., cookies, marketing), you may withdraw that consent at any time without affecting the lawfulness of processing carried out before withdrawal.

10.8 Right to Lodge a Complaint

You have the right to file a complaint with your local data protection authority.

  1. For UK customers:
    Information Commissioner’s Office (ICO)
    www.ico.org.uk

  2. For EU customers:
    You may contact your national data protection authority, whose details can be found on the European Data Protection Board (EDPB) website.

10.9 Verification of Identity for Requests

To protect your privacy and the security of your information, we may need to verify your identity before responding to certain requests under this section. This helps ensure that personal data is not disclosed to anyone who does not have the right to receive it.

 

11. Children’s Privacy

11.1

Our website and services are not intended for use by children under the age of 16. We do not knowingly permit individuals under 16 to create an account, place an order, or submit personal data unless verifiable parental or guardian consent has been obtained in accordance with applicable UK and EU data protection laws.

For users located in the United Kingdom, the legal age for a child to provide their own consent for online services is 13 years old. For users located in the European Union, the applicable age of digital consent may range between 13 and 16, depending on local national law. Where a higher age applies, we rely on parental or guardian consent for data processing.

11.2

We do not knowingly collect personal information from individuals under the age of 16 without verifiable parental consent. If we become aware that personal data has been collected from a child without appropriate consent, we will take reasonable steps to delete that information promptly.

11.3

If you believe that a child has provided us with personal information without appropriate consent, please contact us immediately using the details provided at the end of this Privacy Policy so that we can investigate and take appropriate action.

 

12. Third-Party Links

12.1

Our website may include links to third-party websites, applications, or services. These external sites operate independently from us and have their own privacy policies and practices.

12.2

We are not responsible for the privacy standards, data handling, or content of third-party websites.
We strongly encourage you to review the privacy policies of any external sites you visit.

12.3

Where we integrate third-party services (such as Stripe, Wix, Google Analytics, or social media logins), their handling of your data is governed by their respective privacy policies, and your use of those services is subject to their terms.

 

13. Changes to This Privacy Policy

13.1

We may update or amend this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings.

13.2

When updates occur, the latest version will be posted on this page, with the “Last Updated” date appearing at the top of the policy. All changes become effective upon posting, except where continued processing requires renewed consent, in which case consent will be requested.

13.3

Your continued use of our website after any updates are published constitutes acceptance of the revised Privacy Policy. If you do not agree with the changes, you should discontinue use of our website and may contact us to exercise your data rights or close your account.

 

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the way your personal data is handled, you may contact us at:

Email: support@lumenxstudios.com
Company Name: LUMENX STUDIOS LTD (trading as Mustard Seed Faith)
Registered Address: 64 Hall Gate, Doncaster, DN1 3PB, United Kingdom
Company Number: 16067108

bottom of page