Lufuma Privacy Policy

Lufuma Privacy Policy describes how Lufuma collects, uses, and shares your personal data.

  • Affiliated Company” refers to a company that is related to Lufuma Orgnl due to joint ownership or control.
  • Third Parties” refer to companies or persons who do not have a related relationship arising out of joint ownership or control with Lufuma Orgnl (i.e., a non-affiliated company) or other non-related persons. Third parties can be financial or non-financial companies, or persons other than you and Lufuma Orgnl.
  • Personal Data” refers to any information relating to an identified or identifiable natural person.
  • Lufuma Orgnl collects data to improve operational efficiency and to optimise our Websites and your product experience. Our channels for collecting personal data include: (1) you provide your data to us directly, (2) we obtain certain data about how you interact with our products, and/or (3) we obtain certain data about you from third parties.
    The data we collect depends on the environment in which you interact with Lufuma Orgnl, the choices you make, including your privacy settings and the products and features you use. It is worth noting that we usually treat the shipping area recorded on the product box as the actual location where your product is used and comply with local laws and regulations, including those for data protection.
  • 1. Personal Data We Collect
  • (1) Information Directly Provided by You
  • The services we provide for you require you to provide information directly to us. For instance:
  • a. Filling out a warranty card/electronic warranty card requires you to complete a personal profile. In these services, we may ask you to provide personal data to set up a personal profile. Types of personal data include name, address, mobile number, device ID, model of product, etc.
  • b. If you order products from us, request a return or refund, or use a paid service, we may collect your delivery details, bank account number, credit card details, billing address, information for credit check and other financial information, contact and communication records , etc., so we can process your order.
  • c. Some of our services allow you to communicate and share with others. The communicated or shared content may be transmitted through and stored in our system.
  • d. Fingerprints Recognition enables rapid unlocking of your device with your pre-recorded fingerprint information. To achieve this function, you will need to provide your fingerprint information from different angles. Such information will only be stored locally within your device and not upload onto our servers. Therefore, it is impossible for us to disclose such information to any third party or use it for any other purpose.
    We may ask you to provide personal data and collect it under other circumstances, such as when you enter in prize draws or competitions, participate in promotional or marketing activities organised by us or our business partners, complete questionnaires, participate in user forums or blogs hosted by us or our business partners. The information you provide helps us design and improve the products and services. We may match your information with third-party data to better understand your needs.
  • (2)Service Usage Information
  • In addition to the information you provide, we may also collect information about your use of our services through software on your device and other means. We may collect:
  • a. Device information — such as device name, device model, region and language settings, device identification number (IMEI number, etc.), device hardware information and status, usage habits, IP address, MAC address, operating system version, and settings of the device used to access the service.
  • b. Log information — such as when and how long the service is used, search terms entered through the service, and error log information of your device. The system is designed in such a way that your error or crash logs will include the overall information when the events occur, which may sometimes include your personal data such as phone number, email address, Google account, Facebook account, etc. However, we have implemented security measures to ensure such information will only be used for error log analysis and not for personal identification or other purposes. We clear such data on a regular basis, usually within 30 days after collection.
  • c. Location information — such as device location ID, network service provider ID. You can modify the location settings of your device from the device settings (such as changing or disabling the method or server used in location-based services or modifying the accuracy of your location information) to change the location information provided to us.
  • Please note that we may cooperate with third-party service providers to achieve the above business functions, for instance, when a third-party service provider provides voice to text conversion services on our behalf, it may receive and store certain personal data. These third parties may not use this information for any other purpose.
  • (3) Obtaining Data from a Third Party
  • Where permitted by law, we may obtain data about you from public or commercial sources and may combine it with other information received or relevant to you. If you choose to use our services by logging in with third-party accounts such as Facebook, Google etc., we may also obtain your public information from these services, such as your alias, profile picture, etc.
  • How We Use Your Personal Data
  • (1) We may process your personal data on the following legal basis:

    a. with your prior explicit consent which can be withdrawn at any time at your request;
    b. so that we can perform or carry out a contract with you in relation to our products and/or services;
    c. for compliance with a legal obligation to which Lufuma Orgnl is subject; or
    d. when necessary for the purposes of the legitimate interests pursued by Lufuma Orgnl or a third party to whom it may be necessary to disclose information. Where we process your information in reliance on such grounds, we will only do so where we have appropriately balanced such interests against your right to privacy.

  • Examples of related usages are as follows:

    · Provide Products and Improve Services. The personal data we collect will be used to provide you with Lufuma Orgnl’s products and services, process your orders or fulfil the contract between you and Lufuma Orgnl to ensure the functionality and safety of our products and services, to verify your identity, to prevent and investigate fraud or other improper use.

    · Customer Support. We use data to diagnose product issues, repair customer equipment, and provide other customer care and support services. Your product user identification information, product device’s unique identifier, and geographic location information can be used to activate your warranty service and specific software licenses and may be used to invite you to participate in surveys. We also use this information to improve our products and analyse the efficiency of our business operations. However, we will not use this information to track your location. We may also collect your email address to reply your questions or comments raised in the “Contact Us” section of our websites.

    · Product Improvements. We use data to constantly improve our products, including the addition of new features and functionality. We use mobile phone numbers obtained through offline sales channels, electronic warranties, and account registrations to conduct survey and return visit to users in order to improve user experience.

    · Commercial Promotion Activities. If you participate in prize draws, contests or similar promotional activities held by Lufuma Orgnl, we will use the personal data you provide to manage such activities.

    (2) With your consent, the personal data we collect will be used to personalise the product and to provide you with more tailored services, for example: your information can be used to recommend and display content and advertisements tailored to you on our services, or be used to conduct research and pay return visits to customers. In order to improve our products or services, with your consent, we may match your personal data (including but not limited to the location information ) with third-party data to form a user profile so that we can conduct product development or deliver targeted product information to you (through post, email, phone, or social media).

    (3) We will strictly abide by the terms of this Privacy Policy and any updates to it (which will be notified to you in advance) where we use your personal data.

    (4) When we want to use the information for other purposes not covered by this Privacy Policy, we will obtain your consent in advance.

    (5) We do not take any decisions involving the use of algorithms or profiling that significantly affects you. If certain of our services require us to do so in the future, we will inform you in advance and you can exercise your legal rights as set out in section VI.9 of this Privacy Policy.

Our retention period for personal data is the minimum time necessary to realise the purpose of collection unless a longer retention period is required by law. Beyond the above retention period, we will delete or anonymise your personal data.

  • 1. At times Lufuma Orgnl may make certain personal information available to affiliated companies and other third parties that work with Lufuma Orgnl necessary to provide products and services. Your information will not be shared with third parties for their own independent marketing or commercial purposes.
  • (1) Affiliated Companies: your personal data may be shared with Lufuma Orgnl’s affiliated companies. We only share necessary personal data subject to the purposes stated in this Privacy Policy. If the affiliated companies wish to change the purpose of processing, they will ask for your consent again.
  • (2) Sharing with other third parties: to realise the purposes stated in this Policy, some of our services will be provided by other third parties. We may share some personal data with our partners to provide better services and user experience. Third party service providers are used to scan viruses and clear space on your product. Third party service providers are also used to provide you with customer service.
  • (3) Where a merger, acquisition or bankruptcy liquidation takes place, if the transfer of personal data is involved, we will ask the new company or organisation that obtains your personal data to be subject to this Privacy Policy, otherwise we will ask such company or organisation to acquire your authorisation and consent again.
  • 2. We will only share your personal data for lawful, legitimate, necessary, specific and clear purposes, and only personal data necessary for service provision will be shared. Our partners are not allowed to use the shared personal data for any other purposes.
  • We may also disclose your personal data if it is compulsorily required by laws, such as to comply with a subpoena or other legal proceedings, legal actions or government agencies, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.
  • 1. We have taken reasonably practical and technical measures to protect the collected information related to the service. However, please note that although we have taken reasonable measures to protect your information, no websites, Internet transmissions, computer systems or wireless connections are absolutely secure.
  • 2. We have taken safeguarding measures in accordance with industry standards to protect the personal data you provided and prevent data from unauthorised access, public disclosure, use, modification, damage or loss. We take all reasonably practical measures to protect your personal data. In particular:
  • (1) We will de-identify your personal data to mitigate the risk that other organisations or individuals may identify you on the basis of that personal information. We use SSL to encrypt many services. We review practices regarding information collection, storage and possessing (including physical security measures), to prevent unauthorised access.
  • (2) We only allow LFM employees and personnel of authorised service companies to access such personal data on a need-to-know basis, in order to process such information or provide relevant services to you. These employees and external personnel are subject to strict contractual confidentiality obligations. If they fail to perform these obligations, they may be held liable or their relationship with LFM may be terminated.
  • (3) The security of your information is extremely important for us. Therefore, we endeavour to ensure the security of your personal data and implement measures such as full security encryption during storage and transmission to prevent your information from unauthorised access, use, or disclosure. At the same time, no one can access the specific content of some encrypted data except the users themselves.
  • (4) When transmitting and storing your personal data of special categories, we use security measures such as encryption. We use technical measures to process your personal biometric information before storage. For instance, we store only the essential components of personal biometric information.
  • (5)We will prudently select business partners and service providers and implement the requirements for personal data protection to the business contracts or audits and assessments between both parties.
  • (6) We conduct security and privacy protection training, testing and other activities to enhance employees’ awareness and proficiency of personal data protection.
  • (7) We use international and industry-recognised standards to protect your personal data and actively pass relevant security and privacy protection certifications.
  • 3. In case of personal data security incident, we will act, in accordance with the applicable law.
  • LFM will respect your legal rights to your personal data. Below are the rights that you have under law, and what LFM does to protect those rights. Please note that for the sake of security, we may ask you to verify your identity before processing your request.
  • 1. The right to be informed: LFM is publishing this Privacy Policy to keep you informed as to what we do with your personal data. We strive to be transparent about how we use your data.
  • 2. The right to access: If you wish to access your personal data, you can access the information you provided by contacting our Data Protection Officer:
  • 3. The right to rectification: If you find that your personal data we process about you is inaccurate or incomplete, you are entitled to ask us to make rectifications. You can rectify your information. You can rectify your information by contacting our Data Protection Officer:
  • 4. The right to erasure: You can submit a request to us to delete personal data if we do not have a legal reason to continue to process and hold it. You can delete your information by contacting our Data Protection Officer:
  • 5. The right to restriction of processing: You have the right to ask LFM to restrict how we process your personal data. We will keep just enough or process such data necessary for us to make sure we respect your restriction request in the future. You can realise your right to restriction of processing by contacting our Data Protection Officer:
  • 6. The right to data portability: To the extent permitted by laws and regulations, you have the right to obtain a copy of your personal data in a structured, commonly used and machine-readable format. For example, if you decide to switch to a new provider, this enables you to move copy or transfer your personal data easily between our IT systems and theirs safely and securely, without affecting its usage. You can exercise your right to data portability by contacting our Data Protection Officer:
  • 7. The right to object: You have the right to object to LFM processing your data even if it is based on our legitimate interests, the exercise of official authority, direct marketing (including data aggregation), and processing for statistical purposes. You can object LFM processing your data by contacting our Data Protection Officer:
  • 8. The right to withdraw consent: If you have given us your consent to process your personal data but change your mind later, you have the right to withdraw your consent at any time, and LFM must stop processing your data. You can withdraw your consent by contacting our Data Protection Officer:
  • 9. The right to object automated individual decision-making: You have right not to be subject to a decision based solely on automated processing, including profiling. If these decisions significantly affect your lawful rights, you are entitled to ask for an explanation by contacting our Data Protection Officer:, which we will respond to and take appropriate measures to resolve, as necessary.
  • 10. The right to lodge a complaint: You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection authority.
  • We will respond and reply to your above requests as soon as possible, and generally no later than one month upon receipt of your request. (If necessary and as permitted by law, we may extend it by an additional two months. We will inform you the reason for the extension within the aforementioned one month, for example, if the request is complex or involves a large volume of data). If you are not satisfied with the response you received, you can refer the complaint to the relevant regulatory authority in your jurisdiction.

    Please note that for security reasons, we may ask you to verify your identity before processing your request on a strict need-to-know basis. In principle, we do not charge a fee for your reasonable request. However, for multiple and repetitive requests that exceed reasonable limit, we may charge a reasonable fee to cover some costs depending on the nature of the request. We may refuse requests that are manifestly unfounded, unreasonably repetitive, or require disproportionate technical effort (for instance, require the development of new systems). In addition, we may not respond to requests that directly concern significant issues of public interest or may cause serious damage to the legitimate rights and interests of you or other individuals or entities.
  • 1. Our products, websites and services are mainly adult-oriented. A child should not use our websites and services without his/her legal guardian’s consent. We treat anyone under 18 years old (or equivalent minimum age for full legal capacity in relevant jurisdiction) as a child.
  • 2. When we find that a child’s personal data is collected, we will delete the relevant data as soon as possible.
  • 1. Lufuma Orgnl websites, products and services may contain links to third-party websites, products, and services. You can choose whether to access websites, products and services provided by third parties or not. For example, the “follow us” function in the official website will lead you to access to our official accounts in social network platforms (e.g. Facebook, Instagram, Twitter and etc.) where you can be aware of the marketing or promotional information published by Lufuma Orgnl.
  • 2. We have no control over third-party privacy and data protection policies and such third parties are not bound by this Privacy Policy. Before submitting personal data to third parties, please refer to the privacy protection practice of such third parties.
  • 1. In principle, the personal data collected and produced within the territory of European Union is stored within the territory of the European Union.
  • 2. We provide products and services based on our resources and servers around the world. This means, in compliance with applicable laws, your personal data (e.g., IMEI, mobile phone number, email address, and user name) might be transferred to or accessed from jurisdictions outside of the jurisdiction where you use our products or services.
  • 3. In case your personal data is transferred by Lufuma Orgnl to countries located outside of the European Economic Area (EEA), we will ensure that appropriate safeguards are taken, such as:
  • (1) the recipient of the personal data is located within a country that benefits from a full “adequacy” decision of the European Commission;
  • (2) the recipient may have adhered to binding corporate rules (only for intragroup transfers);
  • (3) the recipient has signed a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data; or
  • (4) where the recipient is located in the US, it is a certified member of the EU-US Privacy Shield.
  • In the absence of the above appropriate safeguards, we will ask you for your explicit consent for cross-border transmission of your personal data. In the meantime, security measures such as encryption or de-identification will be adopted for the safety of your personal data.
  • For more information about the safeguards relating to personal data transfers outside of the EEA, please contact our Data Protection Officer:
  • We reserve the right to update or modify this Privacy Policy from time to time. We will send you notifications of update of this Privacy Policy in a form we deem appropriate. If you have provided us an email address, we will notify you updates (and seek your consent on such updates) by email before such updates take effect. If we do not have an email address of yours, we will post a notice on our website or send push notifications to you through our devices about the aforesaid updates.
  • If you have questions or concerns regarding our Privacy Policy or practices, please contact our Support Teams Officer at the following address:

    30 Calverton Road E6 2NT, London, England, United Kingdom


Scroll to Top