top of page

PRIVACY POLICY

LUMAHAVEN is dedicated to providing a serene and peaceful escape from the demands of everyday life. Our space is designed to offer a sanctuary for deep rest and healing, where you can embark on a journey of self-discovery and renewal.

Last updated: 15 FEB 2026

 

This Privacy Policy explains how LUMA HAVEN (“we”, “us”, “our”), operated by Erika [Surname], collects, uses, stores, and protects personal data in accordance with the EU General Data Protection Regulation (GDPR).

 

By contacting, booking, or receiving services from LUMA HAVEN, you acknowledge and accept this Privacy Policy.

 

 

1) Data Controller

 

LUMA HAVEN

Operated by Erika Yamada

The Netherlands

Email: info@lumahaven.nl

 

LUMA HAVEN acts as the data controller for personal data collected in connection with its services.

 

 

2) Principles We Follow

 

We process personal data in accordance with GDPR principles:

    •    Lawfulness, fairness, and transparency

    •    Purpose limitation

    •    Data minimization

    •    Accuracy

    •    Storage limitation

    •    Integrity and confidentiality

    •    Accountability

 

We collect only what is necessary to provide safe, professional services.

 

 

3) Personal Data We May Collect

 

Depending on your interaction with us, we may collect:

    •    Full name

    •    Contact details (email address, phone number)

    •    Booking details and session history

    •    Health information relevant to treatment

    •    Payment confirmation data (we do not store full card details)

    •    Communications between you and LUMA HAVEN

 

We do not intentionally collect unnecessary or excessive data.

 

 

4) Special Category Data (Health Information)

 

Health information provided through intake forms or consultations is classified as sensitive data under GDPR.

 

Such data is:

    •    Collected solely for safe service delivery

    •    Accessed only by the Practitioner

    •    Stored securely

    •    Never shared without explicit consent, unless legally required

 

Health information is not used for marketing purposes.

 

 

5) Legal Basis for Processing

 

We process personal data under the following lawful bases:

    •    Performance of a contract (appointment booking and service delivery)

    •    Compliance with legal obligations (e.g., tax regulations)

    •    Legitimate interests (practice administration and record-keeping)

    •    Explicit consent (for health-related data)

 

You may withdraw consent at any time where consent is the legal basis.

 

 

6) How We Use Personal Data

 

Your data may be used to:

    •    Schedule and manage appointments

    •    Provide safe and tailored sessions

    •    Communicate regarding bookings and follow-ups

    •    Maintain professional records

    •    Comply with legal or regulatory obligations

 

We do not sell, rent, or trade personal data.

 

 

7) Confidentiality & Discretion

 

LUMA HAVEN operates with strict discretion.

    •    Client identities are not publicly disclosed.

    •    We neither confirm nor deny past, present, or prospective professional engagement with any individual or entity.

    •    Personal data is never used for promotional purposes without explicit consent.

 

Confidentiality obligations apply during and after the professional relationship.

 

 

8) Third-Party & Representative Bookings

 

Where bookings are arranged by personal assistants, estate managers, family offices, hospitality staff, or other representatives:

    •    Only necessary coordination data is processed.

    •    Health information remains confidential between Client and Practitioner.

    •    Financial and administrative responsibilities may be assigned separately by written agreement.

 

We do not disclose sensitive data to representatives without explicit consent.

 

 

9) Data Security Measures

 

We implement appropriate technical and organizational measures to protect personal data, including:

    •    Secure digital storage systems

    •    Password-protected devices

    •    Limited access controls

    •    Encrypted communications where appropriate

 

While no system can guarantee absolute security, reasonable safeguards are maintained at all times.

 

 

10) Data Retention

 

Personal data is retained only as long as necessary:

    •    Contact and booking records: retained for administrative continuity

    •    Health-related notes: retained only as reasonably required for safe practice

    •    Financial records: retained in accordance with Dutch legal requirements

 

When data is no longer required, it is securely deleted or anonymized.

 

 

11) International Data Transfers

 

If services are provided outside the European Economic Area (EEA), or data is accessed while traveling internationally, appropriate safeguards are maintained in line with GDPR requirements.

 

We do not transfer personal data to third parties outside the EEA without appropriate legal safeguards.

 

 

12) Data Breach Protocol

 

In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, LUMA HAVEN will:

    •    Assess the nature and scope of the breach

    •    Take immediate steps to mitigate risks

    •    Notify the relevant supervisory authority where legally required

    •    Inform affected individuals where required under GDPR

 

 

13) Your Rights Under GDPR

 

You have the right to:

    •    Request access to your personal data

    •    Request correction of inaccurate data

    •    Request deletion of your data (subject to legal obligations)

    •    Restrict or object to processing

    •    Withdraw consent at any time

    •    Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens)

 

Requests may be submitted to: [Insert Email Address]

 

 

14) Website Data & Cookies

 

When visiting our website, limited technical data (such as IP address, browser type, or device information) may be collected for security and functionality purposes.

 

If cookies are used, details will be provided through a separate cookie notice.

 

 

15) Media & Testimonials

 

Sessions may not be recorded without explicit written consent.

 

Testimonials are published only with written permission and may be anonymized upon request.

 

 

16) Data Minimization in High-Sensitivity Engagements

 

In environments requiring enhanced discretion (including private residences or internationally coordinated engagements), data collection remains limited to what is strictly necessary for safe service delivery.

 

Temporary coordination data may be deleted following completion of the engagement, where legally permissible.

 

 

17) Policy Updates

 

This Privacy Policy may be updated periodically. The most current version will always be available on our website.

 

 

18) Contact

 

For privacy-related inquiries or data requests, please contact:

 

LUMA HAVEN

Erika Yamada, Founder of LUMA HAVEN

info@lumahaven.nl

The Netherlands

bottom of page