Privacy Policy

Table of Contents

1. Introduction
2. Data Protection Officer
3. Information We Collect
4. How We Use Your Information
5. Legal Basis for Processing
6. Use of the LumiFlows Website
7. Cookies and Tracking Technologies
8. Use of the LumiFlows Services
9. When and How We Share Information with Third Parties
10. International Data Transfers
11. Data Subject Rights
12. Security of Your Information
13. Data Storage and Retention
14. Children's Privacy
15. Changes to This Privacy Policy
16. Questions, Concerns, or Complaints

1. Introduction

LumiFlows is a Software as a Service (SaaS) application developed and operated by LumiVerse d.o.o., a company based in Zagreb, Croatia. We are committed to protecting the privacy of our users and their personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard personal data within the LumiFlows app and website. By using our services, you consent to the data practices described in this policy.

2. Data Protection Officer

LumiVerse d.o.o. has designated a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with applicable data protection laws. For any inquiries or concerns regarding our data protection practices, you can contact our DPO at dpo@lumiflows.ai.

3. Information We Collect

LumiFlows may collect the following types of information:

3.1 Personal Information

• Name
• Job title
• Company name
• Work address
• Work email
• Work phone number
• Payment information (processed securely through our payment processors)

3.2 Usage Data

• IP address
• Browser type and version
• Operating system
• Date and time of access
• Pages visited
• Features used within the LumiFlows application

3.3 User-Generated Content

Any data, content, or information that you upload, store, or process using the LumiFlows services.

4. How We Use Your Information

We use the collected information for various purposes, including:

• Providing and maintaining our services
• Improving and personalizing user experience
• Processing payments and managing accounts
• Sending administrative information and service updates
• Responding to user inquiries and support requests
• Conducting research and analysis to enhance our services
• Complying with legal obligations
• Detecting, preventing, and addressing technical issues or fraudulent activities

5. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

• Performance of a contract (e.g., to provide you with our services)
• Your consent
• Compliance with a legal obligation
• Protection of vital interests
• Legitimate interests pursued by us or a third party

6. Use of the LumiFlows Website

When you visit the LumiFlows website, we automatically collect certain information about your device and your interaction with our website. This information helps us analyze website performance, enhance user experience, and improve our services. We may use third-party analytics tools to gather this information.

7. Cookies and Tracking Technologies

LumiFlows uses cookies and similar tracking technologies to enhance user experience, analyze trends, administer the website, track users' movements around the site, and gather demographic information about our user base as a whole. Users can control the use of cookies at the individual browser level, but disabling cookies may limit your use of certain features or functions on our website or service.

8. Use of the LumiFlows Services

When you use the LumiFlows services, we collect information about how you interact with our platform. This helps us understand user behavior, improve functionality, and provide tailored solutions. We have a legitimate interest in processing this data to deliver relevant products and services and to ensure the security and proper operation of our platform.

9. When and How We Share Information with Third Parties

We may share your information with third parties in the following circumstances:

• With service providers and subprocessors who assist in operating our business and providing services
• With affiliated companies within our corporate group
• In response to lawful requests by public authorities, including to meet national security or law enforcement requirements
• In connection with a merger, sale, or acquisition of all or a portion of our company
• With your consent or at your direction

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

10. International Data Transfers

Your information may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. If you are located outside Croatia and choose to provide information to us, please note that we transfer the data to Croatia and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

11. Data Subject Rights

Under applicable data protection laws, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate personal data
• Right to erasure of your personal data
• Right to restrict processing of your personal data
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

To exercise these rights or for any privacy-related inquiries, please contact our Data Protection Officer. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

12. Security of Your Information

We implement appropriate technical and organizational measures to maintain the security of your personal information, including but not limited to:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection and security best practices
• Incident response plans

However, no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

13. Data Storage and Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide services to you
• Whether there is a legal obligation to which we are subject
• Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations)

14. Children's Privacy

Our services are not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.

15. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the bottom of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

16. Questions, Concerns, or Complaints

If you have any questions, concerns, or complaints regarding this Privacy Policy or our privacy practices, please contact our Data Protection Officer at dpo@lumiflows.ai. You can also visit our website at lumiflows.ai for more information.

If you are not satisfied with our response or believe we are processing your personal data in violation of the law, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP) or your local supervisory authority.

Effective Date: 2024-09-18