Last updated: 5th of March 2026

Privacy Policy

1.  Who We Are

1.1  Lou Joia Studio, trading as Lou Joia (“we”, “us”, “our”), is the data controller responsible for your personal data. We are a sole trader registered in Ireland.

1.2  Registered address: Kilternan, Dublin, Ireland.

1.3  Contact for data protection queries: info@loujoia.com

1.4  The supervisory authority for data protection in Ireland is the Data Protection Commission (DPC). You can contact the DPC at www.dataprotection.ie.

2.  What This Policy Covers

2.1  This Privacy Policy explains how we collect, use, store and protect your personal data when you visit our Website, place an order, sign up to our newsletter or contact us. It applies to all personal data we process about you.

2.2  This Policy should be read alongside our Terms of Sale and Cookie Policy.

3.  Personal Data We Collect

3.1  We collect and process the following categories of personal data:

When you place an order

(a)  Identity data: your full name.

(b)  Contact data: your email address, delivery address, billing address and telephone number.

(c)  Payment data: your payment card details or payment account information. Note: payment data is processed by our third-party payment provider and is not stored on our servers.

(d)  Transaction data: details of the products you have purchased, order value, order date and delivery information.

When you sign up to our newsletter

(a)  Your name and email address.

(b)  Your marketing preferences.

When you browse the Website

(a)  Technical data: your IP address, browser type and version, operating system, time zone, and device information.

(b)  Usage data: pages visited, time spent on each page, click patterns, and referring website.

(c)  Cookie data: information collected through cookies and similar technologies (see our Cookie Policy for details).

When you contact us

(a)  Any personal data you include in your correspondence, such as your name, email address and the content of your enquiry or feedback.

4.  How We Use Your Personal Data

4.1  We process your personal data for the following purposes and on the following legal bases under Article 6 of the GDPR:

4.2  To fulfil your order.  We process your identity, contact, payment and transaction data to process and deliver your order, take payment, and communicate with you about your purchase. Legal basis: performance of a contract (Article 6(1)(b)).

4.3  To send you marketing communications.  If you have opted in to our newsletter, we process your name and email address to send you product updates, news and promotional offers. Legal basis: your consent (Article 6(1)(a)). You can withdraw your consent at any time by clicking the unsubscribe link in any email or by contacting us at info@loujoia.com.

4.4  To improve our Website.  We process technical and usage data collected through Google Analytics to understand how visitors use the Website and to improve its design and functionality. Legal basis: our legitimate interest in improving our products and services (Article 6(1)(f)).

4.5  To comply with legal obligations.  We may process your personal data to comply with our legal obligations, including tax and accounting requirements, consumer protection law and the General Product Safety Regulation (EU) 2023/988. Legal basis: compliance with a legal obligation (Article 6(1)(c)).

4.6  To respond to your enquiries.  We process the data you provide when you contact us to respond to your questions, feedback or complaints. Legal basis: our legitimate interest in managing customer relationships (Article 6(1)(f)), or, where your enquiry relates to an order, performance of a contract (Article 6(1)(b)).

5.  Product Safety (GPSR)

5.1  As a manufacturer of consumer products sold in the EU, we are subject to the General Product Safety Regulation (EU) 2023/988 (“GPSR”), which has applied since 13 December 2024.

5.2  Under the GPSR, we are required to maintain technical documentation for each product, conduct internal risk assessments, and ensure full traceability of our products. This may require us to retain certain personal data (such as your name, order details and delivery address) for longer than we otherwise would, so that we can identify affected customers in the event of a product safety concern or recall.

5.3  If a product safety issue arises, we may be required to contact you directly using the information you provided at checkout, to notify relevant market surveillance authorities, and to report the issue through the EU Safety Gate system. Legal basis: compliance with a legal obligation (Article 6(1)(c)).

5.4  We ensure that all products offered on the Website include the required GPSR traceability information, including: (a) a product type, batch or serial number visible on the product or its packaging; (b) our name, trade name, postal address and email address; and (c) safety instructions in English.

6.  Who We Share Your Data With

6.1  We do not sell, rent or trade your personal data to third parties. We share your data only with the following categories of recipients, and only to the extent necessary:

(a)  Payment providers (e.g. Stripe, PayPal): to process your payment securely. These providers act as independent data controllers for payment data.

(b)  Delivery partners: to deliver your order to your specified address.

(c)  Analytics providers (Google Analytics): to collect anonymised usage data about how visitors use the Website.

(d)  Email marketing platform: to send newsletter communications to subscribers who have opted in.

(e)  Professional advisors: our accountant and legal advisors, where necessary for tax, legal or regulatory compliance.

(f)  Regulatory authorities: where required by law, including market surveillance authorities under the GPSR, the Revenue Commissioners, or the Data Protection Commission.

7.  International Transfers

7.1  Some of our third-party service providers (such as Google and payment processors) may process your data outside the European Economic Area (EEA). Where this occurs, we ensure that appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) or an adequacy decision by the European Commission, to protect your personal data in accordance with Articles 44–49 of the GDPR. 

8.  How Long We Keep Your Data

8.1  We retain your personal data only for as long as necessary for the purposes described in this Policy, or as required by law. Our standard retention periods are:

(a)  Order and transaction data: 7 years from the date of the transaction, in line with Irish tax and accounting obligations under the Taxes Consolidation Act 1997.

(b)  Product safety and GPSR records: 10 years from the date a product is placed on the market, in line with the GPSR requirement to maintain technical documentation and traceability information.

(c)  Newsletter subscriber data: until you withdraw your consent (unsubscribe), after which we will delete your data within 30 days.

(d)  Website analytics data: anonymised and aggregated data is retained indefinitely. Any identifiable data (such as IP addresses) is anonymised or deleted within 14 months.

(e)  Enquiry and correspondence data: 2 years from the date of your last communication, unless the enquiry relates to an order or product safety matter (in which case the relevant retention period above applies).

9.  Your Rights

9.1  Under the GDPR, you have the following rights in relation to your personal data:

(a)  Right of access: You may request a copy of the personal data we hold about you.

(b)  Right to rectification: You may ask us to correct any inaccurate or incomplete personal data.

(c)  Right to erasure: You may ask us to delete your personal data where there is no compelling reason for us to continue processing it.

(d)  Right to restrict processing: You may ask us to limit the way we use your data.

(e)  Right to data portability: You may request that we provide your data in a structured, machine-readable format so that you can transfer it to another controller.

(f)  Right to object: You may object to our processing of your data where we rely on legitimate interest as our legal basis.

(g)  Right to withdraw consent: Where we rely on your consent (e.g. newsletter marketing), you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

9.2  To exercise any of these rights, please contact us at info@loujoia.com. We will respond within one month. If your request is complex, we may extend this by a further two months and will inform you if so.

9.3  If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Data Protection Commission at www.dataprotection.ie.

10.  Data Security

10.1  We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction or alteration. These measures include encrypted connections (SSL/TLS) on our Website, secure payment processing through PCI-compliant providers, and restricted access to personal data on a need-to-know basis.

10.2  While we take every reasonable precaution, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your data.

11.  Children

11.1  Our Website and products are not directed at children under the age of 16. We do not knowingly collect personal data from children. Under Irish law (Data Protection Act 2018), the age of digital consent is 16. If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will delete that data promptly.

12.  Direct Marketing

12.1  We will only send you marketing emails if you have actively opted in (e.g. by ticking an unticked consent box at checkout or on our newsletter signup form). We do not use pre-ticked boxes or treat the acceptance of terms and conditions as marketing consent.

12.2  Every marketing email includes an unsubscribe link. You can also contact us at any time at info@loujoia.com to opt out.

12.3  If you are an existing customer and have purchased a Lou Joia object from us, we may send you marketing communications about similar products under the “soft opt-in” exception permitted by the Irish ePrivacy Regulations (S.I. No. 336 of 2011), provided you were given a clear opportunity to opt out at the point of sale and in every subsequent email. You may opt out at any time.

13.  Changes to This Policy

13.1  We may update this Privacy Policy from time to time. Any material changes will be posted on the Website. The date at the top of this document indicates when the Policy was last updated.

Cookie Policy

1.  What Are Cookies?

1.1  Cookies are small text files that are placed on your device (computer, tablet or mobile phone) when you visit a website. They are widely used to make websites work efficiently and to provide information to the website owner.

1.2  This Cookie Policy explains what cookies we use on loujoia.com (the “Website”), why we use them, and how you can manage your preferences.

2.  Legal Basis for Cookies

2.1  Under the Irish ePrivacy Regulations (European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011, S.I. No. 336 of 2011), we are required to obtain your consent before placing non-essential cookies on your device.

2.2  Strictly necessary cookies do not require your consent, as they are essential for the Website to function (e.g. maintaining your shopping basket during checkout).

2.3  Analytics and payment-related cookies require your consent before being placed on your device. We ask for this consent through our cookie consent banner when you first visit the Website.

3.  Cookies We Use

Strictly necessary cookies

3.1  These cookies are essential for the Website to function and cannot be switched off. They include session cookies that maintain your shopping basket, remember your cookie consent preferences, and enable secure checkout.

(a)  Session cookie: maintains your browsing session and shopping basket. Expires when you close your browser.

(b)  Cookie consent cookie: remembers your cookie preferences so we do not ask you again on each visit. Typically expires after 12 months.

Analytics cookies (Google Analytics)

3.2  We use Google Analytics to understand how visitors interact with the Website. These cookies collect information in an anonymised form, including the number of visitors, where visitors have come from, and the pages they visit. This helps us improve the Website and your experience.

(a)  Google Analytics cookies (e.g. _ga, _ga_*): used to distinguish users and throttle request rate. Typically expire after 2 years (_ga) or 24 hours (_ga_*).

3.3  We have configured Google Analytics to anonymise your IP address (IP anonymisation). Google’s privacy policy is available at policies.google.com/privacy. You can also opt out of Google Analytics across all websites by installing the Google Analytics Opt-out Browser Add-on.

Payment processing cookies

3.4  When you proceed to checkout, our payment provider (e.g. Stripe or PayPal) may place cookies on your device to enable secure payment processing, prevent fraud, and remember your payment preferences. These cookies are controlled by the payment provider and are subject to their own privacy and cookie policies.

(a)  Stripe cookies: used for fraud detection and secure payment. Subject to Stripe’s privacy policy.

(b)  PayPal cookies: used for authentication and fraud prevention. Subject to PayPal’s privacy policy.

4.  How to Manage Your Cookie Preferences

4.1  When you first visit the Website, you will see a cookie consent banner that allows you to accept or reject non-essential cookies. You can change your preferences at any time by clicking the cookie settings link in the Website footer.

4.2  You can also control cookies through your browser settings. Most browsers allow you to refuse or delete cookies. The method for doing so varies from browser to browser. You can generally find instructions under the “Help”, “Tools” or “Settings” menu of your browser.

4.3  Please note that if you block or delete strictly necessary cookies, some parts of the Website may not function properly (for example, you may not be able to complete a purchase).

5.  Third-Party Cookies

5.1  Some cookies on the Website are placed by third parties (Google, Stripe, PayPal). We do not control how these third parties use cookies. Please refer to their respective privacy policies for more information about how they handle your data.

5.2  We do not use any social media tracking pixels or advertising cookies on the Website.

6.  Changes to This Cookie Policy

6.1  We may update this Cookie Policy from time to time to reflect changes in the cookies we use or for regulatory reasons. The date at the top of this document indicates when it was last updated.

7.  Contact Us

7.1  If you have any questions about our use of cookies, please contact us at info@loujoia.com.