Privacy Policy
Last updated: April 5, 2026
1. Who we are
LiveLightLab is an independent digital studio based in Belgium. We are the data controller for the personal data processed through this website as defined by the General Data Protection Regulation (EU) 2016/679 (GDPR).
Contact: info@livelightlab.com
2. What data we collect
We collect very little data. Here is exactly what and when:
| Data | When | Stored where |
|---|---|---|
| Name, email, message | When you use the contact form | Our email inbox only |
| IP address, browser type | When you visit any page | Server logs (Hetzner, Germany) |
We do not collect any data beyond this. There are no user accounts, no tracking pixels, no analytics tools, and no newsletter subscriptions on this website.
3. How the contact form works
Our contact form opens your default email application with a pre-filled email. When you press send, the message is transmitted via standard email protocols directly from your email client to our inbox. Your data is not stored on our web server or in any database.
Once received, your email is stored by our email provider (Google Workspace / Gmail, operated by Google Ireland Limited) and is accessible only to us. We use your name and email solely to respond to your inquiry.
4. Why we process your data
We process personal data under Article 6(1)(f) GDPR (legitimate interest). Our legitimate interest is to receive and respond to inquiries from visitors who actively contact us. When you fill out the contact form and send an email, you reasonably expect us to receive and respond to it.
Server logs are processed under the same legal basis for security purposes (protecting against attacks, monitoring server health).
You have the right to object to processing based on legitimate interest at any time (see section 8).
5. Third-party services
Hetzner (hosting)
Our website is hosted by Hetzner Online GmbH in Germany (EU). Hetzner processes server access logs (IP address, timestamp, requested page, browser type) as a data processor on our behalf. All data remains within the European Union. No international transfer takes place.
Google Workspace (email)
Emails sent to us via the contact form are received and stored by Google Workspace (Gmail), operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google processes this data as a data processor on our behalf under a Data Processing Agreement. Email data is stored in European data centers.
Google LLC (US parent company) is certified under the EU-US Data Privacy Framework. EU Standard Contractual Clauses are in place as an additional safeguard for any data that may be processed outside the EEA.
Cloudflare (DNS and security)
We use Cloudflare for DNS resolution and security protection. Cloudflare may process visitor IP addresses and connection metadata to route traffic and protect against malicious requests. Cloudflare may set strictly necessary security cookies (such as __cf_bm) that do not require your consent under the ePrivacy Directive.
Cloudflare Inc. is a US-based company certified under the EU-US Data Privacy Framework. Where applicable, EU Standard Contractual Clauses (Art. 46(2)(c) GDPR) are in place as an additional safeguard.
6. Links to other websites
Our website contains links to third-party platforms, including our Etsy shop, Pinterest, and Instagram. When you click these links, you leave our website and become subject to the privacy policies of those platforms. We have no control over and accept no responsibility for their data processing practices.
Please review the privacy policy of any website you visit through our links.
7. Cookies
This website does not use analytics cookies, advertising cookies, or any form of tracking technology. We do not use Google Analytics or similar tools.
Cloudflare may place strictly necessary security cookies to protect our website from malicious traffic. These cookies are exempt from consent requirements under Article 5(3) of the ePrivacy Directive because they are essential for the operation and security of the website.
No cookie consent banner is required or shown because we do not place any cookies that require your consent.
8. Your rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access - You can ask us what personal data we hold about you. (Art. 15)
- Right to rectification - You can ask us to correct inaccurate data. (Art. 16)
- Right to erasure - You can ask us to delete your data. (Art. 17)
- Right to restriction - You can ask us to limit how we process your data. (Art. 18)
- Right to data portability - You can request your data in a machine-readable format. (Art. 20)
- Right to object - You can object to processing based on our legitimate interest at any time. We will stop processing unless we have compelling legitimate grounds. (Art. 21)
To exercise any of these rights, email us at info@livelightlab.com. We will respond within one month as required by Article 12(3) GDPR.
9. How long we keep your data
| Data | Retention period |
|---|---|
| Contact form emails | Until your inquiry is resolved, then deleted within 12 months |
| Server access logs | Automatically deleted after 30 days |
10. Data security
Your data is protected by HTTPS encryption on every page. Server access is restricted and sits behind Cloudflare's security infrastructure.
11. Children's privacy
Our website and products are not meant for children under 16. We do not collect data from children. If you think we have, please contact us and we will delete it.
12. Right to lodge a complaint
If you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Belgian Data Protection Authority:
Gegevensbeschermingsautoriteit (GBA)
Drukpersstraat 35, 1000 Brussel
www.gegevensbeschermingsautoriteit.be
contact@apd-gba.be
13. Changes to this policy
We may update this privacy policy when our practices or legal requirements change. When we do, we will update the date at the top of this page.