Skip to main content

Privacy Policy

Last Updated: March 12, 2026

1. Introduction & Controller Identity

This Privacy Policy explains how Miluxury Living Studio (“we”, “us”, “our”) collects, uses, discloses, and protects personal information when you visit our website and when you contact us for interior guidance, residential styling support, lifestyle consulting, or design education resources for Canadian clients.

The data controller for the purposes of applicable privacy laws is Miluxury Living Studio Canada Inc., with its registered business address at 80 Bloor St W, Suite 1200, Toronto, ON M5S 2V1, Canada. You can reach us at [email protected] or by phone at +1 416 623 7849.

Our services and content are focused on interior design guidance and education. Information is provided for educational and informational purposes, and interior recommendations are general guidance only. Individual results depend on each project, and clients remain responsible for their own decisions.

2. Personal Data We Collect

We collect personal information that you provide directly to us, information collected automatically through your use of our website, and information generated through your interactions with our communications. The categories below describe what we may collect depending on how you use the site.

  • Identity and contact information: name, email address, phone number, and other contact details you share.
  • Form content and project context: messages, room details, preferences, design goals, measurements you choose to provide, and any other information submitted through our contact forms.
  • Technical information: IP address, browser type and version, device identifiers, operating system, language settings, and approximate location inferred from IP (city/province-level).
  • Usage information: pages visited, time spent on pages, navigation paths, referrer URLs, and interactions with site elements (such as button clicks).
  • Cookies and identifiers: first- and third-party cookie identifiers and similar technologies described in Section 4.
  • Conversion events: signals that a form submission or other meaningful interaction occurred, used for website operations and, when consent is provided, for analytics and marketing measurement.

We do not intentionally collect special-category data (such as health data, political opinions, religious beliefs), government-issued identification numbers, or financial account details. Please do not include sensitive personal information in your message. If you choose to provide such information, we will handle it in accordance with this policy and applicable law, but our services do not require it.

3. Why We Process Personal Data & Legal Bases

We process personal information only where we have a lawful basis to do so. Depending on your location, one or more legal bases may apply. When GDPR or similar frameworks apply, we rely on the legal bases below.

Contact and consultation requests

When you submit a form or email us, we process your contact details and message to respond, propose an appropriate service format, and support a potential client relationship.

  • GDPR Art. 6(1)(b) (performance of a contract or steps prior to entering a contract)
  • GDPR Art. 6(1)(a) (consent, where indicated through an explicit consent checkbox)

Website performance, security, and fraud prevention

We use basic logs and security measures to keep our website reliable, prevent abuse, and protect both visitors and our systems. This includes monitoring for suspicious traffic patterns, attempted exploitation, and spam submissions.

  • GDPR Art. 6(1)(f) (legitimate interests in maintaining security and service integrity)

Analytics

If you provide consent through our cookie banner, we may enable analytics tools to understand how visitors use the site and to improve navigation, content clarity, and page performance.

  • GDPR Art. 6(1)(a) (consent)

Marketing and advertising measurement

If you provide consent, we may enable marketing cookies and pixel tags to measure campaign effectiveness, understand which content is useful, and show more relevant ads. This may include remarketing audiences and conversion attribution.

  • GDPR Art. 6(1)(a) (consent)

Legal and compliance

In limited circumstances, we may process information to comply with legal obligations, respond to lawful requests, or establish, exercise, or defend legal claims.

  • GDPR Art. 6(1)(c) (legal obligation)
  • GDPR Art. 6(1)(f) (legitimate interests)

Automated decision-making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects (GDPR Art. 22).

4. Cookies & Tracking Technologies

Cookies are small text files stored on your device. We also use similar technologies such as pixel tags and, where enabled, server-side events to understand website usage and measure performance. Our cookie categories match our Cookie Policy at /cookie-policy/.

Essential cookies (always active)

Essential cookies are required for the website to function and cannot be turned off through our preference controls. They support session continuity, basic security features, and your saved cookie choices. Examples include _site_session and cookie_consent. Retention ranges from session-only to up to 12 months.

Analytics cookies (consent required)

When enabled, analytics cookies help us understand traffic patterns and which pages are useful. We may use Google Analytics 4 (GA4) with IP anonymization where available. Example cookies include _ga and _ga_XXXXXXXXXX (GA4 identifier). Typical retention is up to 14 months for analytics reporting, though cookie lifetimes may be longer on your device depending on configuration.

Marketing cookies (consent required)

When enabled, marketing cookies are used to measure campaigns, build audiences for remarketing, and attribute conversions. These cookies may include _gcl_au (Google Ads) and _fbp/_fbc (Meta). These tools can record events such as page views and form submissions, and may connect them to ad interactions.

In addition to cookies, pixels and similar tags may collect device identifiers derived from IP address and user agent strings. Where supported and configured, advertising providers may also receive server-side conversion events (for example, via Meta Conversion API or server-side Google Tag Manager), potentially using hashed identifiers for matching. We do not use these features without the required consent where applicable.

5. Consent and How to Withdraw It

You can manage cookies through the banner and cookie preferences controls available on our site, including the “Manage cookie preferences” link in the footer. Your selection is stored in the cookie_consent cookie, typically for 12 months.

If you withdraw consent, we stop using the relevant category and, where appropriate, we attempt to delete related cookies such as _ga and _fbp. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.

6. Sharing With Advertising & Service Partners

We use reputable service providers to operate our website and, where enabled by your consent, to measure and improve our marketing and content. We do not sell personal information. We share data only for the purposes described in this policy and with appropriate safeguards.

  • Google LLC (Google Analytics 4, Google Ads, Google Tag Manager, remarketing): may receive cookie IDs, usage data, conversion events, and audience signals when enabled. https://policies.google.com/privacy
  • Meta Platforms, Inc. (Meta Pixel, Custom/Lookalike Audiences, Conversion API): may receive page-view and conversion events, cookie identifiers, and potentially hashed identifiers when enabled. https://www.facebook.com/privacy/policy
  • Cloudflare, Inc. (CDN and security services): may process IP-based signals and traffic metadata to protect the site from abuse and improve delivery. https://www.cloudflare.com/privacypolicy/

These providers may process data on our behalf as service providers. We do not permit them to use site data for their own independent commercial purposes beyond what is required to provide their services, and we configure tools to align with consent choices.

7. International Transfers

Some of our service providers may process data outside Canada, including in the United States or other jurisdictions where they maintain infrastructure. Where required, we use contractual and organizational safeguards to protect personal information, such as Standard Contractual Clauses and equivalent transfer mechanisms. Some providers may also rely on recognized frameworks such as the EU–US Data Privacy Framework and related extensions where applicable.

International transfers can involve different legal standards than those in your province or territory. We take reasonable steps to ensure that transferred information is protected in line with this policy.

8. Retention

We keep personal information only as long as necessary for the purposes described in this policy, unless a longer period is required or permitted by law. Typical retention periods are:

  • Contact submissions: up to 2 years from our last interaction, to support follow-ups and continuity.
  • Email correspondence: for the life of the relationship plus 1 year, unless a longer period is needed for dispute handling or compliance.
  • Server logs and security records: typically up to 90 days, unless needed to investigate abuse.
  • Analytics reporting: typically up to 14 months, depending on tool settings and consent.
  • Marketing cookies: according to cookie lifetimes (often 90 days for advertising identifiers).
  • Cookie consent record: up to 3 years for audit and compliance support, where required.

Retention periods can vary depending on the nature of your inquiry and legal obligations. When information is no longer needed, we delete or anonymize it.

9. Your Rights and Choices

Your privacy rights depend on where you live. For Canadian residents, privacy rights may be provided under applicable federal and provincial laws (including Quebec, Alberta, British Columbia, and other provincial privacy regimes where applicable). You may have the right to access, correct, or request deletion of your personal information, subject to legal and contractual limitations.

If GDPR or UK GDPR applies to you, you may have the following rights: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), objection (Art. 21), withdraw consent (Art. 7(3)), and lodge a complaint with a supervisory authority (Art. 77).

To exercise your rights, email us at [email protected]. We may ask for reasonable verification to protect your information. We aim to respond within 30 days, and may extend by up to 60 days for complex requests where legally permitted.

If you are located in Canada and have unresolved concerns, you may also contact the Office of the Privacy Commissioner of Canada: https://www.priv.gc.ca/.

10. Children

This website is not directed to individuals under 16. We do not knowingly collect personal information from minors. If you believe a child has provided personal information without appropriate consent, please contact us and we will take steps to delete it promptly.

11. Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. Our website does not respond to DNT signals. Third-party providers may have their own DNT handling and opt-out tools.

12. Data Deletion Requests

You can request deletion of your personal information by emailing [email protected] with the subject line “Data Deletion Request.” We may need to verify your identity and may retain limited records where required by law or for legitimate business purposes (for example, security logs or records needed to resolve disputes).

13. Business Transfers

If Miluxury Living Studio Canada Inc. is involved in a merger, acquisition, financing, restructuring, asset sale, or similar transaction, personal information may be transferred as part of that transaction. We will post a notice on the website if the transfer results in material changes to how personal information is used.

14. California (CCPA/CPRA) Notice

If you are a California resident, you may have rights under the California Consumer Privacy Act as amended by the CPRA. Over the past 12 months, we may have collected the following categories of personal information: identifiers (such as name, email, IP address, cookie IDs), internet or other electronic network activity information (such as browsing history on our site), and inferences (such as interests derived from site navigation when marketing cookies are enabled).

We do not sell personal information as defined by the CCPA. We may share personal information for cross-context behavioral advertising if you enable marketing cookies. You may opt out via our cookie preferences panel accessible from the footer link “Manage cookie preferences.”

To submit a verified request to know, delete, or correct, email us with the subject “California Privacy Request.” We will verify your request and respond as required by law. Authorized agents may submit requests with written proof of authorization.

15. Virginia (VCDPA)

If you are a Virginia resident, you may have rights under the Virginia Consumer Data Protection Act, including the right to access, correct, delete, and obtain a copy of your personal data, and to opt out of targeted advertising. We do not sell personal data and we do not engage in profiling that produces legal or similarly significant effects.

To make a request, email us with the subject “Virginia Privacy Request.” If we decline to act on your request, you can appeal by emailing “Appeal of Refusal — Privacy Request,” and we will respond within 60 days.

16. Nevada

Nevada residents may submit a verified request to opt out of the sale of certain covered information by emailing us with the subject “Nevada Do Not Sell Request.” We do not currently sell personal information as defined under Nevada Revised Statutes Chapter 603A.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in practices, technologies, or legal requirements. If changes are material, we will post a prominent notice on the site at least 14 days before the updated policy takes effect when feasible. The “Last Updated” date at the top will always show the most recent revision.

18. Contact Us

If you have questions about privacy, cookie preferences, or how your information is handled, contact:

Miluxury Living Studio Canada Inc.
80 Bloor St W, Suite 1200
Toronto, ON M5S 2V1, Canada
Email: [email protected]
Phone: +1 416 623 7849

For cookie-related details, also see our Cookie Policy at /cookie-policy/.