Privacy Policy

Effective date: 10 May 2026

This Privacy Policy explains how LUVINDO LTD (company number 17078430), trading as “Qi-Vora” (“we”, “us”, “our”), collects, uses and protects personal data when you visit or use https://qi-vora.com (the “Site”). We act as a data controller within the meaning of the UK GDPR and the Data Protection Act 2018.

If you have any questions about this policy, contact us at info@qi-vora.com.

1. Who we are

LUVINDO LTD
Studio No. 12, 264 Lavender Hill, London, England, SW11 1LJ
Company number: 17078430
Email: info@qi-vora.com
Phone: +44 7488 848274

2. What data we collect

We collect the minimum data needed to operate the Site and deliver the digital files you order. Specifically:

• Account data — email address, display name, password (stored hashed), and account preferences when you register.
• Order and download data — list of PBR materials, HDRI environments and 3D bundles you have purchased or downloaded, timestamps, invoice metadata, and any associated order references.
• Communication data — content of any message you send us via the contact form or email, plus your reply address.
• Technical data — IP address, browser type and version, device identifiers, referring URL, language preference, and similar diagnostics gathered through server logs and cookies.
• Cookie and session data — see our Cookie Policy.

We do not intentionally collect special-category personal data (health, ethnicity, biometrics, etc.) and we do not ask you for it.

3. Why we process your data

We process personal data on the following lawful bases:

• Contract performance — to create your account, deliver the digital files, and provide customer support.
• Legitimate interests — to keep the Site secure, prevent abuse and bulk-scraping, debug errors, and improve the catalogue.
• Legal obligations — to comply with UK tax, accounting and anti-money-laundering rules.
• Consent — to send you optional product updates, only where you have explicitly opted in. You can withdraw consent at any time.

4. Payment Card Data and PCI DSS Compliance

Payments on the Site are processed by acquiring banks and payment service providers that are certified as compliant with the Payment Card Industry Data Security Standard (PCI DSS). We do not store, process or transmit full cardholder data on our own servers. Card details are entered directly into a hosted payment page or tokenised iframe operated by the processor; we receive only a transaction reference, the last four digits of the card, the card scheme, and the billing country reported by the processor.

5. Sharing your data

We share personal data only with parties who help us run the Site, and only to the extent necessary:

• Hosting and infrastructure providers (currently Hostinger).
• Email-delivery providers for transactional messages (account confirmations, password resets, download links, order receipts).
• Payment processors and acquiring banks for card and alternative-method transactions.
• Professional advisers (accountants, lawyers) under confidentiality.
• Public authorities, where required by law or to defend our legal rights.

We do not sell your personal data and we do not share it with advertising networks for cross-site profiling.

6. International transfers

Some of our service providers may be located outside the UK. Where data is transferred outside the UK or the EEA, we rely on UK Government adequacy decisions or Standard Contractual Clauses with appropriate safeguards.

7. How long we keep data

• Account data — for as long as your account is active, plus up to 24 months of inactivity, after which we delete or anonymise it.
• Order and invoice records — at least 6 years, as required by UK tax and accounting law.
• AML/KYC records — at least 5 years, as required by the Money Laundering Regulations 2017.
• Server logs — typically 30–90 days, then aggregated or deleted.
• Marketing consent records — until you withdraw consent.

8. Your rights

Under UK GDPR you have the right to:

• access the personal data we hold about you;
• request correction or erasure of inaccurate or unnecessary data;
• restrict or object to certain processing;
• request data portability in a machine-readable format;
• withdraw consent at any time, where processing is based on consent;
• lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk).

To exercise any of these rights, email info@qi-vora.com. We will respond within one month.

9. Security

We use TLS encryption for all traffic to the Site, hash stored passwords, and apply standard hardening to our hosting environment. No system is completely secure, but we work to keep risk low and we will notify affected users and the ICO if a breach occurs that meets the legal threshold.

10. Children

The Site is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Effective date” at the top will reflect the most recent version. Material changes will be highlighted on the Site or sent by email where appropriate.

12. Contact

For any privacy-related question, write to:

LUVINDO LTD
Studio No. 12, 264 Lavender Hill, London, England, SW11 1LJ
Company number: 17078430
info@qi-vora.com · +44 7488 848274