Lubbeger Interiors ("we", "us", "our") is committed to protecting your privacy. This policy explains what personal information we collect when you use lubbeger.com, how we use it, and the rights you have over it. We comply with Uganda's Data Protection and Privacy Act 2019.
1. Who we are
Lubbeger Interiors is a custom curtains and blinds business based in Kampala, Uganda. You can contact us at lubbeger@gmail.com or on WhatsApp at +256 787 704 219.
2. What information we collect
When you place an order or make an enquiry
- Full name
- Email address and/or phone number
- Delivery area / district
- Order details (products, quantities, measurements)
- Any notes or special requests you provide
- IP address (for fraud prevention and rate limiting)
When you create an account
- Name, email, phone number
- Encrypted password (we never store plain-text passwords)
- Order history and loyalty points balance
Automatically collected
- Browser type and device type (via standard web server logs)
- Pages visited and time on site (if analytics are enabled)
- IP address
We do not collect payment card details. All payments are handled directly (mobile money, bank transfer, or cash on delivery) and no card data passes through our systems.
3. How we use your information
- Fulfilling your order — contacting you to confirm measurements, arrange delivery, and provide after-sales support.
- Sending order confirmations — by email and/or WhatsApp depending on your preference.
- Managing your account — tracking order history and loyalty points.
- Fraud prevention — IP addresses are used to detect and block abusive activity.
- Improving our service — aggregated, anonymised analytics to understand which products are popular.
We do not sell, rent, or share your personal data with third parties for marketing purposes.
4. Legal basis for processing
Under Uganda's Data Protection and Privacy Act 2019, we process your data on the following grounds:
- Contract performance — processing your order requires us to hold your contact and order details.
- Legitimate interests — fraud prevention and service improvement.
- Consent — where you have opted in to receive marketing communications (you may withdraw consent at any time).
5. Data storage and security
Your data is stored on a secure MySQL database hosted on our web server. Passwords are hashed using bcrypt with a cost factor of 12 — we cannot recover your password if lost. We use HTTPS (TLS) across the entire site. Access to our admin panel is protected by password and restricted to authorised personnel only.
No system is 100% secure. In the unlikely event of a data breach that affects your rights, we will notify you and the relevant authority as required by law.
6. How long we keep your data
- Order records — retained for 7 years for tax and business record purposes.
- Account data — retained while your account is active, plus 2 years after your last interaction.
- Contact form enquiries — retained for 1 year.
- Server logs (IP addresses) — purged after 90 days.
7. Your rights
Under the Data Protection and Privacy Act 2019, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Correction — ask us to update inaccurate or incomplete data.
- Erasure — request deletion of your data, subject to our legal retention obligations.
- Objection — object to processing based on legitimate interests.
- Portability — receive your data in a commonly used format.
To exercise any of these rights, contact us at lubbeger@gmail.com. We will respond within 14 days.
8. Cookies
We use only essential cookies: a session cookie to keep you logged in to your account, and a cart cookie to remember your shopping cart across page visits. We do not use tracking or advertising cookies. No third-party ad networks have access to your browsing data through our site.
9. Third-party services
We use the following third-party services, each with their own privacy policies:
- Google Fonts — typefaces loaded from Google's CDN. Google may log your IP. You can self-host the fonts to avoid this.
- WhatsApp (Meta) — if you choose to contact us via WhatsApp, Meta's privacy policy applies to that communication.
- Gmail / Google SMTP — order confirmation emails are sent via Google's mail servers.
10. Children's privacy
Our services are not directed at children under 13. We do not knowingly collect personal data from children. If you believe we have done so in error, please contact us immediately.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top of this page will always reflect the most recent version. Continued use of our site after changes are posted constitutes your acceptance of the revised policy.
12. Contact
For any privacy-related questions or to exercise your rights:
- Email: lubbeger@gmail.com
- WhatsApp: +256 787 704 219
- Address: Kampala, Uganda