Lumene Group B2B privacy notice

LAST UPDATED: 15 DECEMBER 2025

PRIVACY NOTICE FOR BUSINESS PARTNERS

This Privacy Notice for Business Partners (“Notice”) is provided by Lumene Group (collectively “we”, “us” or “our”).

This Notice explains how we process personal data relating to representatives of our current, former, or prospective corporate customers, suppliers, and other business partners (hereinafter “Business Partner” or “you”) in connection with your business relationship with us. The personal data of such representatives is referred to as “Business Partner Data”.

Please note that this Notice covers the processing of personal data of our Business Partners and the processing of personal data we conduct at our corporate website at lumenegroup.com only.

If you are a user of our online store at www.lumene.com or a consumer interacting with us through other means, please refer to Lumene’s Consumer Privacy Notice. If you place orders as a professional customer on Cutrin Oy’s website, please refer to Cutrin Privacy Policy, which applies to the processing of personal data in connection with such interactions.

1. CONTROLLERS AND CONTACT INFORMATION

The data controller is the Lumene Group company that has a contractual or other business relationship with you or the organization you represent. This may be Lumene Oy or its subsidiaries Lumene Group Sweden AB or Cutrin Oy.

Lumene Oy
Business ID 2377940-8
PL 27 02781
Espoo, Finland		Lumene Group Sweden AB
Business ID 559228-0191
Gamla Brogatan 9
111 20 Stockholm, Sweden		Cutrin Oy
Business ID 2443709-8
PL 27 02781
Espoo, Finland

You can contact us: lumene.info (at) lumene.com

2. WHY WE PROCESS THE BUSINESS PARTNER DATA?

We process your personal data only for the purposes described in this Notice or as otherwise communicated to you when collecting your personal data, and only to the extent it is necessary for each purpose of processing further described herein. Please note that providing personal data is partly necessary for us to perform our contractual or other obligations towards the organization you represent. If you do not provide the requested personal data, we may not be able to fulfil these obligations, which could affect or prevent our business relationship with your organization.

We may process Business Partner Data for the following purposes and based on the following legal bases:

ContextPurposeLegal basis
Business relationship managementEntering into and performing agreements, managing and developing business relationships, handling invoicing and payments, managing sales and deliveries Performing due diligence and background checks as permitted by law Communicating with you and other business partners to e.g., maintain and improve our relationship with our Business Partners, or respond to requests or enquiries from representatives of potential or existing Business Partners Ensuring compliance with agreements between us and you or the organisation you represent, and investigating suspected malpracticePerformance of a contract with you (Art. 6(1)(b) GDPR) Legitimate interest (Art. 6(1)(f) GDPR)  
Improving our business and productsIdentifying potential customers and generating leads Improving and developing our business operations and products Conducting analysis and compiling statistics to support business developmentLegitimate interest (Art. 6(1)(f) GDPR)
Complying with legal requirementsFulfilling statutory obligations (e.g., tax, accounting) and compliance related requirements, and responding to authority requestsLegal obligation (Art. 6(1)(c) GDPR)
Sending marketing communicationsProviding information on products and promotionsLegitimate interest (Art. 6(1)(f) GDPR) Consent (Art. 6(1)(a) GDPR) when you sign up to receive our newsletter
Event participationManaging your participation in events hosted by usConsent (Art. 6(1)(a) GDPR)
Website useProviding access to and functionality of our website, ensuring its security, stability, and performance, preventing and detecting possible misconduct or attacks Collecting technical data through cookies and similar technologies to enable features and improve user experience For more information on the use of cookies on our website, please see the section 8 “Use of cookies on Lumene Group website” belowConsent (Art. 6(1)(a) GDPR) when placing other than strictly necessary cookies Legitimate interest (Art. 6(1)(f) GDPR)
Media Bank use at brandhub.lumene.comAllowing access to our media bank by creating and managing user accounts, enabling you to download marketing materials and resources necessary for business collaborationLegitimate interest (Art. 6(1)(f) GDPR)
Visiting our premisesEnsuring security and safety of our premises (e.g., access control, CCTV)Legitimate interest (Art. 6(1)(f) GDPR)

3. THE CATEGORIES OF DATA WE PROCESS

We process the following categories of Business Partner Data:

  • Identifying data and contact details, such as your name and title, email and business address, and telephone number,
  • Specifics related to the business relationship, such as the name of the organisation you represent, information related to the agreement between us and you or the organisation you represent as well as and your association with the agreement, your preferred language, and invoicing and payment details,
  • Contents of communications with us, such as information provided to us in meetings, email correspondence, and by other means of communication, as well as timing and other details of the communications between you and us,
  • Event registration information, such as information which events you have registered for, selections and preferences related to the event, event feedback, special diets,
  • Premises security data, such as information acquired through technical monitoring at our premises, including access control logs and CCTV recordings,
  • Media Bank registration data, such as name, email address, and optionally organization name and business contact details provided when creating a user account at brandhub.lumene.com,
  • Website browsing data, such as technical data collected when you visit our website (e.g., IP address, browser type and version, operating system, time of visit, referral page, and data transferred), as well as data collected through cookies and similar technologies. For more information on the use of cookies on our website, see section 8 “Use of cookies on Lumene Group website”.

4. REGULAR SOURCES OF BUSINESS PARTNER DATA

We primarily obtain your personal data directly from you. You may provide us personal data for instance through our website, by sending us emails, through phone conversations or meetings with us, or through documents you provide to us. We may however obtain personal data relating to you also from other representatives of your organization.

We may collect and update personal data also from publicly available sources, or registers of authorities and companies providing services related to personal data.

We may also collect personal data automatically when the data subject visits our website, where personal data may be collected via cookies.

5. TRANSFERS AND DISCLOSURES OF BUSINESS PARTNER DATA

We may transfer Business Partner Data to third parties as further described in the following.

When transferred to an entity processing Business Partner Data on behalf of us (i.e., processors), we have, including by contractual arrangements, ensured that Business Partner Data is processed only under our instructions and for the purposes specified in this Notice. The processing carried out by our processors may include, for instance, the provision of data systems and other IT and software services.

We may disclose your personal data within the limits permitted or required by the applicable laws, for example to authorities, external advisors, or other third parties including where such disclosure is necessary for compliance with a legal obligation to which we are subject, or for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative procedure. For example, we may disclose personal data to a debt collection agency for purposes of debt collection, or to other service providers or partners of ours, but only to the extent that the fulfilment of their tasks requires the disclosure of personal data.

If we are involved in a merger, sale of assets or other business transaction or reorganization, we may disclose limited amounts of Business Partner Data to the purchaser candidates and their representatives in accordance with the applicable law.

Some of our service providers to whom we transfer personal data are located or may store personal data outside the EU or the EEA, and therefore, to the extent necessary, personal data may be transferred to countries outside the EU or the EEA. In such cases, we will ensure the adequate level of data protection. Information on transfers of personal data outside the EU or the EEA and on the safeguards applied is available upon request. Please contact us using the details provided in the beginning of this Notice.

6. HOW LONG WILL WE KEEP YOUR PERSONAL DATA?

We retain Business Partner Data only for the time necessary to achieve the purposes for which the data was collected, in accordance with applicable legislation.

  • General business partner data: Retained for two (2) calendar years after termination of the agreement with the business partner. However, we may continue to store your personal data after the end of the business relationship where necessary for legitimate business interests, to comply with legal obligations, or to protect our rights.
  • Agreement documents and related communications: Retained for up to ten (10) years from the end of the calendar year in which the contract expired.
  • Accounting-related documents (e.g., invoices): Retained for up to ten (10) years from the end of the calendar year in which the financial year ended, in accordance with statutory accounting requirements.
  • Data processed for security or abuse prevention: Retained for the duration of the investigation and, if necessary, longer where required to manage or defend legal claims or comply with legal obligations.
  • Event participation data: Retained prior to and during the event and for up to two (2) years thereafter for evaluation, follow-up, and planning future events.
  • Data processed based on consent: Retained until you withdraw your consent.
  • Access control and CCTV data: Retained for a limited period necessary to ensure security and investigate incidents. CCTV recordings are retained for 3–4 weeks unless required longer for investigating a security incident. Access control logs are generally retained for up to 12 months, unless a longer retention is necessary for security or legal compliance.

When personal data is no longer needed for these purposes, it will be securely deleted or irreversibly anonymized. However, we may retain certain personal data for a longer period if justified by an appropriate connection between us and the data subject, for example for marketing purposes, provided that the individual has not objected to such processing.

7. WHAT RIGHTS DO YOU HAVE?

Below is a summary of the rights you have under the EU General Data Protection Regulation (GDPR). These rights apply to natural persons whose personal data we process, such as representatives of our business partners. Please note that some rights are subject to conditions and exceptions under applicable law.

  • Right of access: You have the right to obtain confirmation as to whether we process your personal data and to access the personal data we hold about you by contacting Lumene Group.
  • Right to rectification: If your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it.
  • Right to erasure: You have the right to request the erasure of your personal data when there is no longer a legal basis for processing. Please note that certain data may be subject to statutory retention requirements, and we cannot erase such data until the end of the applicable retention period.
  • Right to object: You have the right to object to the processing of your personal data when the processing is based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds for the processing or the processing is necessary for the establishment, exercise, or defence of legal claims.
  • Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data. This means we may store the data but not use it during the restriction period. For example, this right applies if you contest the accuracy of the data or the lawfulness of the processing, and we are verifying the matter.
  • Right to withdraw consent: If we process your personal data based on your consent, you have the right to withdraw your consent at any time. Please note that withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. If you wish to stop receiving marketing communications, you can opt out at any time by clicking the “unsubscribe” link in our emails or by contacting us through other means.
  • Right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible. This right applies when the processing is based on your consent or on a contract and is carried out by automated means.
  • Right to lodge a complaint: If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority. You may do so in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement.

For more information or to exercise your rights, please contact us using the contact details provided above.

We may refuse to act on a request if it is manifestly unfounded or excessive. If you request multiple copies when exercising your right of access, or submit more than one request per year, we may charge a reasonable fee based on administrative costs.

8. USE OF COOKIES ON LUMENE GROUP WEBSITE

8.1 What types of cookies do we use?

Cookies are small text files placed on your computer or device by a web server when you access our Lumene Group websites. They are stored on your device when you browse our websites.

We use cookies, and allow certain third parties to use cookies, to better understand how our website is used and to improve navigation and functionality. We use the following types of cookies:

  • Necessary cookies: Necessary cookies are required for the operation of our website.
  • Functionality cookies: Used to remember your language preferences and cookie consent choices when you return to our website.
  • Analytical/performance cookies: Help us understand how visitors use our website and improve its functionality. These cookies are placed on your device only with your consent. For example, we use Google Analytics to collect anonymous information, such as the number of visitors to the site and the most popular pages. Please note that Google may process data on servers located in the United States. In such cases, we ensure an adequate level of protection for your personal data through measures required by applicable data protection laws, such as adequacy decisions or other appropriate safeguards.

This site uses following cookies:

CookieUsageTTL
_gaGoogle: to store and count pageviews2 years
_ga_*Google: to store and count pageviews1 year
moove_gdpr_popupSite: to store cookie consent preferencesSession
pll_languageSite: to store language settingsSession

8.2 How to control cookies

You can manage your cookie preferences at any time by visiting “Cookie Settings” at the bottom of our website. You can also withdraw your consent at any time.

Most browsers accept cookies automatically, but you can configure your browser to block cookies, delete existing cookies, or alert you before cookies are stored. Please refer to your browser’s user guide for instructions.

Please note that disabling all cookies may affect the functionality of our website. However, if you disable only third-party cookies, you can still use our website.

8.3 Social media plugins

Lumene Group website contains third-party components e.g., to social media services. These third-party components on our website are downloaded from the servers of these third parties. Please note that such services and applications provided by third parties are subject to their own terms and conditions, and the data protection and privacy practices of these third parties may significantly differ from the practices described in this Notice adhered to by us.

If you wish to obtain more information on how these third parties process your personal data, please familiarize yourself with the privacy policies and other such documentation of these third parties.

9. CHANGES TO THE PRIVACY NOTICE

This Notice may be updated from time to time. When changes are made, we will update the “Last updated” date at the top of this Notice to indicate when the changes took effect.

Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Powered by  GDPR Cookie Compliance