Privacy policy
Here you can find information regarding the processing of personal data by LutherOne a.s., having its registered office at Sokolovská 685/136f, Invalidovna, 180 00 Prague 8 (hereinafter referred to as the “Company”).
This Privacy Policy is elaborated in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”). The purpose of this Policy is to provide natural persons concerned with basic information about the processing of their personal data.
1. Personal data processed for purpose of provision of the services
| Purpose of data processing | List of personal data processed | Legal basis | Retention period |
|---|---|---|---|
| Provision of LutherOne services | Employee ID, name, surname, e-mail, work department, work position, sex, date of birth, phone number, the date of commencement of employment, photo | Contract or negotiation on its conclusion |
Personal data processed within the performance of contract are processed on instruction of data
controller (client) and are removed or fully anonymized at the end of cooperation. Anonymized data are kept after the termination of business relationship for statistical purposes |
| Personal data stated in contract | Name, surname, and work position of the person representing organization/ company ordering the services | Contract or negotiation on its conclusion | All contractual documents are stored in locked room for a period of 10 years. |
When processing personal data for the purpose of provision of LutherOne services, the Company acts as data processor as it does not determine purpose and means of processing of personal data. Data controller is client who ordered the services, i.e. employer of end users.
2. Personal data processed for purpose of e-mail communication
| Purpose of data processing | List of personal data processed | Legal basis | Retention period |
|---|---|---|---|
| Business and marketing information mailing to business partners | Name, surname, email, information about company | Legitimate interest of data controller | Until the termination of business partnership |
| Business and marketing information with business partnership offers | Name, surname, email, information about company | Legitimate interest of data controller | 6 months and 3 attempts of e- mail contact (2 initial emails and 1 e- mail after 6 months) |
| Newsletter mailing | Name, surname, email, information about company | Consent of data subject | Until the consent is revoked |
| PF mailing | Name, surname, email, information about company | Legitimate interest of data controller | 3 years following the year of termination of business partnership |
| Communication through the web application of quick contact | Name, surname, email | Consent of data subject | By sending a question, data subject give consent for processing his or her personal data stated in message. These personal data are processed until the question is solved and then they are deleted. |
If contacts from public database are addressed, it is always for purposes that are compatible with purposes for which this contact information were published.
In case of addressing new potential clients from non-public databases, such as those from our marketing partners, the communication is as follows:
- If there is no reaction (positive or negative) within 6 months, the contact is deleted from the database.
- If the communication is initiated with the first e-mail, the data subject is regarded as business partner, and his or her personal data are processed until the termination of business partnership.
- If the data subject gives consent to the mailing of other business and marketing information, his or her personal data are processed until the withdrawal of consent or cease of such purpose of processing.
- If the data subject disagrees with receiving business and marketing information, his or her personal data are deleted without any delay.
Cookies
- The Company uses cookies for collecting standard internet statistical information and information about the behavior of website visitors. Obtained information are used for statistical purposes – website use, website activity. Under no circumstances is the data subject identified or linked to specific natural person. Cookies can be deleted from the computer anytime.
General provisions
- The Company does not process personal data contrary to or beyond the scope set out by this Privacy policy without the consent of data subject.
- On the basis of Article 22 GDPR, the Company does not use automated, individual decision making while processing personal data.
Transfer of personal data to third parties
- Personal data are not transferred outside the EU.
- Personal data are not transferred to third parties.
Rights of data subject (DS)
- DS has the right to withdraw any time the consent (applies only to case when the consent is legal basis for personal data processing) to the processing of personal data. Consent withdrawal can be sent in a plain message electronically on e-mail: hello@lutherone.com. Subject of the e-mail must contain text of consent withdrawal to the personal data processing and in the body of the e-mail must be written for which purposes the consent was given.
- DS has the right to be informed about processing of his or her personal data, is entitled to request the information from data controller about whether personal data is processed and if so, then further information about identity and contact information of data controller, data processors, categories of concerned personal data, legitimate interest of data controller, list of rights of the customer, possibility to appeal to The Office for Data Protection and about the source of processed personal data.
- DS has the right to request from data controller the access to his or her personal data, especially to the information about purpose of processing, categories of concerned personal data, recipients, retention period of personal data, information about his or her rights (right to rectification, right to erasure, right to restriction of processing, right to objection), right to make a complaint to The Office for Data Protection, information about source of personal data, right to portability and information about automated decision making and profiling.
- DS has the right to the correction of provided personal data, if there is a change of a situation that can be considered as personal data. Customer has the right to require the correction of processed personal data from data controller.
- DS has the right to deletion of provided personal data. This relates to the case in which data controller processes personal data after the cease of the purpose of processing or processes the personal data provided based on data subject consent.
- DS has the right to restrict processing of his or her personal data, if he or she feels that data controller exceeds determined purpose of processing. DS has the right to make a complaint to supervisory authority. Supervisory authority for personal data protection is The Office for Data Protection, with registered office at Pplk. Sochora 27, 170 00 Praha 7, website https://www.uoou.cz/.
- DS has right to raise an objection against the processing and demand from data controller to correct such situation (e.g. by blocking, correction, amending or erasing personal data).
- DS can exercise above mentioned rights in writing at the address LutherOne a.s. with registered office at Sokolovská 685/136f, Invalidovna, 180 00 Prague 8 or by e-mail on hello@lutherone.com.
- If DS requests the information about the scope or manner of processing of his or her personal data, data controller is obliged to give this information without any delay, latest within one month after receiving such request.
- If DS exercises the right to access his or her personal data in electronic form, data controller will also provide requested information in electronic form, unless DS asks for a different way of provision of information.
- Data controller is entitled to charge a reasonable fee for administrative costs associated with repeated and unreasonable request for physical copy of processed personal data.
Come into effect
- This Privacy policy comes into effect on August 1st, 2022.