Privacy policy

Privacy Policy

This Privacy Policy defines the rules for storing and accessing data on Users’ Devices used for the provision of electronic services by the Administrator, as well as the rules for collecting and processing Users’ personal data provided personally and voluntarily through tools available within the Service.

This Privacy Policy constitutes an integral part of the Terms and Conditions, which define the rules, rights, and obligations of Users using the Service.

§1 Definitions

  • Service – the website "Lumenux" operating at https://lumenux.pl

  • External Service – websites of partners, service providers, or clients cooperating with the Administrator

  • Data Controller – Vasylyna Nawrocka, Sadowa 24'O'/2, 32-020 Wieliczka, Poland, tel. +48452048919, e-mail: contact@lumenux.pl

  • User – a natural person for whom the Administrator provides electronic services via the Service.

  • Device – an electronic device with software through which the User accesses the Service

  • Cookies – text data collected in the form of files stored on the User’s Device

  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation)

  • Personal Data – information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity

  • Processing – any operation or set of operations performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, restriction, erasure, or destruction

  • Restriction of Processing – marking stored personal data with the aim of limiting their future processing

  • Profiling – any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person

  • Consent – any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data

  • Personal Data Breach – a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data

  • Pseudonymisation – processing of personal data in such a way that it can no longer be attributed to a specific data subject without additional information kept separately

  • Anonymisation – an irreversible data processing operation that removes personal data in a way that prevents identification of a specific individual

§2 Data Protection Officer

Pursuant to Article 37 of the GDPR, the Administrator has not appointed a Data Protection Officer.

In matters concerning data processing, please contact the Administrator directly.

§3 Types of Cookies

  • Internal Cookies – files placed and read by the Service’s IT system
  • External Cookies – files placed and read by IT systems of External Services
  • Session Cookies – files stored during a single session of a given Device
  • Persistent Cookies – files stored until manually deleted

§4 Data Storage Security

  • Cookie storage and reading mechanisms – These mechanisms are handled by built-in browser functions and do not allow access to other data stored on the User’s Device.

  • Internal Cookies – safe for Users’ Devices and do not contain scripts or content threatening security.

  • External Cookies – The Administrator selects trusted partners but does not control external cookie content.

  • Cookie Control

    • The User may change cookie settings at any time.

    • Instructions for disabling cookies are available via browser providers.

    • The User may delete stored cookies at any time.

  • User-side threats – Security also depends on the User’s actions and device protection.

  • Storage of personal data – The Administrator applies appropriate physical and organizational safeguards.

  • Password storage – Passwords are stored in encrypted form using current standards.

§5 Purposes for Using Cookies

  • Improving access to the Service
  • Personalization of the Service
  • Enabling login
  • Marketing and remarketing
  • Advertising services
  • Affiliate services
  • Statistics (users, visits, etc.)
  • Multimedia services
  • Social networking services

§6 Purposes of Processing Personal Data

Personal data provided voluntarily by Users are processed for:

  • User account registration and maintenance
  • Newsletter services
  • Commenting / liking posts
  • Sharing content on social media
  • Communication with Users
  • Legitimate interests of the Administrator

Anonymous data are processed for:

  • Statistics
  • Remarketing
  • Personalized advertising
  • Affiliate programs
  • Legitimate interests

§7 Cookies of External Services

The Service uses scripts and web components of partners who may place cookies on the User’s Device.

§8 Types of Collected Data

The Service collects User data. Some are collected automatically and anonymously, while others are provided voluntarily.

Automatically collected anonymous data:

  • IP address
  • Browser type
  • Screen resolution
  • Approximate location
  • Visited pages
  • Time spent on pages
  • Operating system
  • Referrer URL
  • Browser language
  • Internet speed
  • Internet service provider

§9 Access to Personal Data by Third Parties

As a rule, the Administrator is the sole recipient of Users’ personal data.

§10 Method of Processing Personal Data

  • Personal data will not be transferred outside the EU unless published by the User.
  • Data will not be used for automated decision-making (profiling).
  • Data will not be sold to third parties.

§11 Legal Basis for Processing

Data are processed under GDPR and applicable Polish laws.

§12 Data Retention Period

Personal data are stored for the duration of service provision and deleted or anonymized within 30 days after termination, unless legitimate interests require longer storage (max 3 years).

§13 Users’ Rights

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction
  • Right to data portability
  • Right to object
  • Right to lodge a complaint

§14 Contact

  • Postal address – Sadowa 24'O'/2, 32-020 Wieliczka, Poland
  • Phone – +48452048919
  • Email – contact@lumenux.pl
  • Contact form – https://lumenux.pl/en/contact-us

§15 Service Requirements

  • Restricting cookies may affect Service functionality.
  • The Administrator is not liable for improper functioning caused by cookie restrictions.

§16 External Links

The Service may contain links to external websites. The Administrator is not responsible for their content.

§17 Changes to the Privacy Policy

  • The Administrator may modify this Privacy Policy at any time.
  • Registered Users will be informed via email within 7 days of changes.
  • Changes are effective upon publication.