Join Moon&Woomb Program
Join Moon&Woomb Program

Privacy Policy

Last updated: 17.02.2026

This privacy policy explains how personal data is collected, used and protected in accordance with the EU General Data Protection Regulation (GDPR) and the Norwegian Personal Data Act (personopplysningsloven).

1. Data Controller (Behandlingsansvarlig)

Company/Name: Lunariah Ewa Maria Zygadlo Organization number: 835232352 Address: Vollsveien 168, 1359 Eiksmarka Email: ewa@lunariah.com Website: https://lunariah.com

The data controller is responsible for ensuring that processing of personal data takes place in accordance with applicable laws.

2. What Personal Data We Collect

We only collect personal data that you voluntarily provide to us, for example when you:

  • Contact us via email or contact form

  • Book a service or purchase a product

  • Subscribe to newsletters

The information may include:

  • Name

  • Email address

  • Phone number (if provided)

  • Message content

  • Billing information (if relevant)

Automatically collected information

When visiting the website, technical data may be registered automatically:

  • IP address (shortened/anonymized where possible)

  • Browser type

  • Device type

  • Pages visited

  • Date and time of visit

This information cannot normally identify you directly.

3. Purpose of Processing and Legal Basis

We process personal data only when we have a lawful basis under GDPR Article 6.

PurposeLegal basisRespond to inquiries - GDPR Art. 6(1)(b) – contract / pre‑contractual measures
Deliver services or products - GDPR Art. 6(1)(b) – contract
Accounting and bookkeeping - GDPR Art. 6(1)(c) – legal obligation
Improve website performance - GDPR Art. 6(1)(f) – legitimate interest
Send newsletters (if consent given) - GDPR Art. 6(1)(a) – consent

You may withdraw consent at any time.

4. Data Processors (Third Parties)

We use trusted third‑party providers to operate the website and deliver services. They process personal data only according to our instructions and under data processing agreements where required.

Payment processing

Payments are processed via Stripe through the platform Heartbeat Chat, Inc. When you purchase a course or membership, payment details (such as name, email, billing details and transaction information) are handled directly by Stripe. We do not store full card details on our servers.

Course & Membership Platform

Course and membership content is delivered through Heartbeat Chat, Inc.. This platform stores account information necessary to provide access to purchased services (such as name, email, login activity and purchased products).

Email marketing

We collect and store email addresses using MailerLite for newsletters and communication you have consented to receive. You may unsubscribe at any time using the link in emails.

Website hosting

The website is hosted using Hostinger Website Builder, which may process limited technical data required to deliver the website securely.

These providers may process limited data necessary to perform their services.

5. Transfer Outside the EU/EEA. Transfer Outside the EU/EEA

If any supplier processes data outside the EU/EEA, this will only occur using lawful safeguards such as:

  • EU Standard Contractual Clauses (SCC)

  • Adequacy decisions by the European Commission

6. Storage and Retention

We store personal data only as long as necessary:

Type of data - Retention period
Contact inquiries - Up to 12 months
Customer relationship - Duration of contract + 3 years
Accounting data - 5 years (legal requirement)
Consent‑based marketing - Until consent withdrawn

Data is deleted or anonymized when no longer required.

7. Cookies

The website is built using Hostinger Website Builder.

By default, the site only uses essential technical cookies necessary for basic functionality and security. These cookies do not track you for marketing purposes and normally do not require consent under Norwegian regulations.

However, some third‑party services may place cookies when used:

  • Stripe – payment session security

  • Heartbeat Chat – login/session authentication

  • MailerLite – subscription and form handling

No advertising or tracking cookies are used unless explicitly added in the future. If analytics or marketing cookies are implemented later, a consent banner will be activated before such cookies are stored.

You can also block cookies in your browser settings.

8. Your Rights

Under GDPR you have the right to:

  • Access your data

  • Correct inaccurate data

  • Request deletion ("right to be forgotten")

  • Restrict processing

  • Data portability

  • Object to processing

  • Withdraw consent

To exercise your rights, contact: ewa@lunariah.com

We respond within 30 days.

9. Complaints

If you believe we process personal data unlawfully, you may file a complaint with the Norwegian Data Protection Authority (Datatilsynet).

10. Security Measures

We implement appropriate technical and organizational security measures, including:

  • HTTPS encryption

  • Access control

  • Secure hosting

  • Data minimization principles

11. Children's Privacy

Our services are not directed to children under 13. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this policy when necessary. The latest version will always be available on the website with an updated revision date.

Policies

Privacy Policy
Terms & Conditions

Contact

ewa@lunariah.com