Privacy policy

Last updated: 12 June 2026

Who I am

Lumen Maris is a handcrafted devotional rosary brand based in Dublin, Ireland. When you purchase a rosary, subscribe to my mailing list, or get in touch, I — Patrizia, founder of Lumen Maris — am the person responsible for protecting your data. You take a moment to trust me with your address, your email, your name. I take that seriously.

Data controller:

Lumen Maris Proprietor: Patrizia Gonzalez Sky Business Centres 57 Clontarf Road Clontarf West Dublin 3 D03 A7P0

Email: contacto@lumenmaris.com

Sole Trader (Ireland)

What data I collect and why

When you purchase a rosary

  • Name and surname
  • Delivery and billing address
  • Email address and phone number
  • Payment information (processed by our payment providers — we do not store card numbers)
  • Messages you send us by email or contact form

Special data for spiritual services, courses and retreats

When you book a spiritual consultation, course or retreat, we may ask for additional information necessary for the activity: allergies, relevant medical conditions (pregnancy, injuries, ongoing treatments), dietary requirements. This data is considered "sensitive data" under the GDPR and is handled with particular care: it is used only for the specific activity, kept separate from commercial data, and deleted once the activity has concluded, unless we are legally required to retain it.

Data we collect automatically

  • Device and browser information (IP address, device type, operating system)
  • Pages visited, time spent on each page, traffic source
  • Cookies and similar technologies (see section 7)

3. Legal basis and purpose of processing

We process your data on the following legal bases:

  • Performance of a contract: to process orders, manage deliveries and fulfil booked courses and services.
  • Consent: to send you marketing communications and newsletters (always with explicit opt-in and the option to unsubscribe at any time).
  • Legitimate interests: for basic analytics, service improvement and fraud prevention.
  • Legal obligation: to retain invoices and tax records in accordance with Irish law.
  • Explicit consent (sensitive data): for health information you provide in connection with services and retreats.

4. Sharing data with third parties

We work with the following service providers who may have access to some of your data in order to carry out their function:

  • Shopify Inc. — e-commerce platform and order processing (servers in Canada and Ireland).
  • Shopify Payments / Stripe — payment processing.
  • An Post — delivery management.
  • MailerLite — email marketing management (servers in Lithuania, EU).
  • Google Analytics — anonymised web analytics.
  • Pinterest, Meta — advertising tracking pixels (only if you consent to marketing cookies).

All of our providers comply with the GDPR, or, where data is transferred outside the EU, do so under Standard Contractual Clauses approved by the European Commission.

5. International transfers

Some of our providers may process data outside the European Economic Area (in particular the United States and Canada). In those cases, we ensure that equivalent legal safeguards to the GDPR are in place, primarily through Standard Contractual Clauses issued by the European Commission.

If you place an order from outside the EU (United States, United Kingdom, Mexico, Argentina or elsewhere), your personal data will be transferred to your country of residence for the purposes of delivery and order management.

6. Retention periods

  • Customer and order data: 6 years from the date of the last transaction (Irish tax obligation).
  • Marketing data (newsletter subscription): until you unsubscribe.
  • Sensitive data from services and retreats: deleted on completion of the activity, unless legally required to be retained.
  • Browsing and analytics data: between 14 and 26 months, depending on the provider's configuration.

7. Cookies

We use technical cookies (necessary for the website and shopping basket to function) and, with your consent, analytics and marketing cookies. You can manage your cookie preferences at any time via the banner that appears when you first visit the site.

8. Your rights

Under the GDPR you have the following rights in relation to your data:

  • Access: to find out what data we hold about you.
  • Rectification: to correct inaccurate data.
  • Erasure: to request that we delete your data (the "right to be forgotten").
  • Restriction: to restrict processing in certain circumstances.
  • Portability: to receive your data in a structured format.
  • Objection: to object to processing based on legitimate interests.
  • Withdrawal of consent: at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

To exercise any of these rights, write to us at contacto@lumenmaris.com. We will respond within 30 days.

If you believe we have not respected your rights, you may lodge a complaint with the Data Protection Commission of Ireland (www.dataprotection.ie) or with the data protection authority in your country of residence.

9. Security

We apply reasonable technical and organisational measures to protect your data: SSL encryption across the entire site, restricted access controls and providers with recognised security certifications. No system is entirely infallible, but we do everything reasonably possible to keep your data safe.

10. Changes to this policy

We may update this policy to reflect legal, technical or commercial changes. The date of the most recent update appears at the top of this page. If there are any material changes, we will notify you by email if you are subscribed.

By purchasing products or booking services through Lumen Maris, you accept these Terms and Conditions. Please read them carefully before placing your order.