Private Policy
1. Introduction
This Privacy Policy sets out the rules for the processing of personal data obtained through the internet website: luminhopper.com (hereinafter referred to as the “Website”). The owner of the Website and the administrator of personal data is private person: Lumin Hopper.
Personal data collected by the Owner via the Website are processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the repeal of Directive 95/46/EC (General Data Protection Regulation), also referred to as GDPR.
The Owner takes special care to respect the privacy of Users visiting the Website.
2. Type of data processed, purposes and legal basis
The owner collects information on natural persons, natural persons conducting business or professional activity on their own behalf and natural persons representing legal persons or organizational units that are not legal persons, to whom the law grants legal capacity, hereinafter jointly referred to as Users.
Users’ personal data is collected in the case of:
- subscription to the newsletter (Newsletter), in order to perform the contract, the subject of which is the service provided electronically. Legal basis – consent of the data subject to perform the contract for the provision of the Newsletter service (Article 6(1)(a) of the GDPR);
- using the contact form service on the Website in order to perform the contract provided electronically. Legal basis: necessity to perform the contract for the provision of the contact form service (Article 6(1)(b) of the GDPR);
When using the Website, additional information may be downloaded, in particular: the IP address assigned to the User’s computer or the external IP address of the Internet provider, domain name, browser type, access time, operating system type.
Navigational data may also be collected from Users, including information about links and references which they decide to click or other activities undertaken on our Website. Legal basis – legitimate interest (Article 6(1)(f) of the GDPR), consisting in facilitating the use of services provided electronically and improving the functionality of these services.
In order to determine, pursue and enforce claims, some personal data provided by the User as part of using the functionality on the Website may be processed, such as: name, surname, data on the use of services, if the claims result from the way in which the User uses the services other data necessary to prove the existence of the claim, including the extent of the damage suffered. Legal basis – legitimate interest (Article 6(1)(f) of the GDPR), consisting in determining, pursuing and enforcing claims and defending against claims in proceedings before courts and other state authorities.
3. Who are the data made available to or entrusted to and how long are they stored?
The User’s personal data is transferred to service providers used by the owner when running the Website. Service providers to whom personal data are transferred, depending on contractual arrangements and circumstances, or are subject to the owner’s instructions as to the purposes and methods of data processing (processors) or independently determine the purposes and methods of their processing (administrators).
- a) Processors. The owner uses suppliers who process personal data only at the owner’s request. They include e.g. suppliers providing IT services, accounting services, systems for analyzing traffic on the Website, systems for analyzing the effectiveness of marketing campaigns;
- b) Administrators. The Owner uses suppliers who do not act only on instructions and set the purposes and methods of using Users’ personal data on their own, e.g electronic payment and banking services.
Users’ personal data is stored:
- a) If the basis for the processing of personal data is consent, then the User’s personal data are processed by the owner until the consent is revoked, and after the consent is revoked, for a period of time corresponding to the period of limitation of claims that the User may raise and which may be raised towards him. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
- b) If the basis for data processing is the performance of the contract, then the User’s personal data is processed by the owner as long as it is necessary to perform the contract, and after that time for a period corresponding to the period of limitation of claims. Unless a special provision provides otherwise, the limitation period is six years, and for claims for periodic benefits and claims related to running a business – three years.
Navigation data can be used to provide Users with better service, analyze statistical data and adjust the Website to Users’ preferences, as well as administer the Website.
If the User subscribes to the newsletter (Newsletter) to his e-mail address, the owner will send electronic messages containing commercial information about promotions and new products available on the Website.
In the event of a request, the owner provides personal data to authorized state authorities, in particular to organizational units of the Prosecutor’s Office, the Police, the President of the Office for Personal Data Protection, the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.
4. Cookie mechanism, IP address
The website uses small files called cookies. They are saved by the owner on the end device of the person visiting the Website, if the web browser allows it. A cookie file usually contains the name of the domain from which it comes, its “expiration time” and an individual, randomly selected number identifying this file. Information collected using this type of files helps to adapt the products offered by the owner to the individual preferences and real needs of people visiting the Website. They also give the opportunity to develop general statistics of visits to the presented products on the Website.
The owner uses two types of cookies:
- a) Session cookies: after the browser session ends or the computer is turned off, the saved information is deleted from the device’s memory. The session cookies mechanism does not allow for downloading any personal data or any confidential information from the Users’ computers.
- b) Persistent cookies: they are stored in the memory of the User’s end device and remain there until they are deleted or expire. The mechanism of persistent cookies does not allow downloading any personal data or any confidential information from the Users’ computer.
The owner uses own cookies in order to:
- a) analyzes and research as well as audience audits, in particular to create anonymous statistics that help to understand how Users use the Website, which allows improving its structure and content.
The owner uses external cookies to:
- a) presenting multimedia content on the websites of the Website, which are downloaded from an external website YouTube (administrator of external cookies: Google Inc based in the USA);
- b) collecting general and anonymous static data via Google Analytics analytical tools (administrator of external cookies: Google Inc based in the USA);
- c) collecting general and anonymous static data via Yandex Metrics analytical tools (administrator of external cookies: Yandex Inc based in the Russian Federation);
The cookie mechanism is safe for the computers of the Website Users. In particular, this way is not possible to get viruses or other unwanted software or malware to the Users’ computers. Nevertheless, in their browsers, Users have the option of limiting or disabling the access of cookies to computers. If you use this option, the use of the Website will be possible, except for the functions that by their nature require cookies.
The Owner may collect Users’ IP addresses. The IP address is a number assigned to the computer of the person visiting the Website by the Internet service provider. The IP number allows access to the Internet. In most cases, it is assigned to the computer dynamically, i.e. it changes each time you connect to the Internet. The IP address is used by the Owner when diagnosing technical problems with the server, creating statistical analyzes (e.g. determining from which regions we record the most visits), as information useful in administering and improving the Website, as well as for security purposes and possible identification of burdening the server, undesirable automatic programs for viewing the content of the Website.
The website contains links and references to other websites. The owner is not responsible for the privacy protection rules applicable to them.
5. Rights of data subjects
The right to withdraw consent – legal basis: art. 7 sec. 3 GDPR.
a) The user has the right to withdraw any consent he has given to the owner
b) Withdrawal of consent takes effect from the moment of withdrawal of consent.
c) Withdrawal of consent does not affect the processing carried out by the owner in accordance with the law before its withdrawal.
d) Withdrawal of consent does not entail any negative consequences for the User, however, it may prevent further use of services or functionalities that, according to the law, the owner may only provide with consent.
The right to object to data processing – legal basis: art. 21 GDPR.
a) The User has the right to object at any time – for reasons related to his particular situation – to the processing of his personal data, including profiling, if the owner processes his data based on a legitimate interest, e.g. marketing of the owner’s products and services keeping statistics the use of individual functionalities of the Website and facilitating the use of the Website, as well as satisfaction surveys.
b) Resignation in the form of an e-mail from receiving marketing messages regarding products or services will mean the User’s objection to the processing of his personal data, including profiling for these purposes.
c) If the User’s objection turns out to be justified and the owner has no other legal basis for the processing of personal data, the User’s personal data will be deleted, the processing of which the User has objected to.
The right to delete data (“the right to be forgotten”) – legal basis: art. 17 GDPR.
a) The User has the right to request the deletion of all or some of his personal data.
b) The user has the right to request the deletion of personal data, if: a. the personal data are no longer necessary for the purposes for which they were collected or processed; b. withdrew a specific consent to the extent that personal data was processed based on his consent; c. objected to the use of his data for marketing purposes; d. personal data is processed unlawfully; e. personal data must be deleted in order to comply with a legal obligation provided for in Union law or the law of a Member State to which the owner is subject; f. dane osobowe zostały zebrane w związku z oferowaniem usług społeczeństwa informacyjnego.
c) Despite the request to delete personal data, in connection with raising an objection or withdrawing consent, the owner may retain certain personal data to the extent that processing is necessary to establish, pursue or defend claims, as well as to fulfill a legal obligation requiring processing on under Union or Member State law to which the owner is subject. This applies in particular to personal data including: name, surname, e-mail address, which data is retained for the purpose of handling complaints and claims related to the use of the owner’s services or, additionally, address of residence/correspondence address, order number, which data is retained are for the purpose of considering complaints and claims related to concluded sales contracts or the provision of services.
The right to limit data processing – legal basis: art. 18 GDPR.
a) The user has the right to request the restriction of the processing of his personal data. Submitting a request, until it is considered, prevents the use of specific functionalities or services, the use of which will involve the processing of data covered by the request. The owner will also not send any messages, including marketing ones.
b) The User has the right to request the restriction of the use of personal data in the following cases: a. when he questions the correctness of his personal data – then the owner limits their use for the time needed to verify the correctness of the data, but not longer than for 7 days; b. when data processing is unlawful, and instead of deleting the data, the User requests restriction of their use; c. when personal data are no longer necessary for the purposes for which they were collected or used, but they are needed by the User to establish, pursue or defend claims; d. when he objected to the use of his data – then the restriction takes place for the time needed to consider whether – due to the particular situation – the protection of the interests, rights and freedoms of the User outweighs the interests pursued by the Administrator when processing the User’s personal data.
Right of access to data – legal basis: art. 15 GDPR. The User has the right to obtain confirmation from the Administrator whether he processes personal data, and if this is the case, the User has the right to:
a. access own personal data;
b. obtain information about the purposes of processing, categories of personal data being processed, about the recipients or categories of recipients of this data, the planned period of storing the User’s data or about the criteria for determining this period (when determining the planned period of data processing is not possible), about the rights of the User under GDPR and about the right to lodge a complaint with the supervisory authority, about the source of this data, about automated decision-making, including profiling, and about the safeguards applied in connection with the transfer of this data outside the European Union;
c. obtain a copy of your personal data.
The right to rectify data – legal basis: art. 16 GDPR.
a) The User has the right to request the Administrator to immediately rectify his personal data that are incorrect. Taking into account the purposes of processing, the User to whom the data pertains has the right to request completion of incomplete personal data, including by submitting an additional statement, sending a request to the e-mail address.
The right to transfer data – legal basis: art. 20 GDPR.
a) The User has the right to receive his personal data, which he provided to the Administrator, and then send it to another personal data administrator of his choice. The User also has the right to request that personal data be sent by the Administrator directly to such an administrator, if it is technically possible. In this case, the Administrator will send the User’s personal data in the form of a file in the csv format, which is a commonly used, machine-readable format and allows the received data to be sent to another personal data administrator.
In the event of the User exercising the right resulting from the above rights, the owner fulfills the request or refuses to comply with it immediately, but not later than within a month after receiving it. However, if – due to the complicated nature of the request or the number of requests – the owner will not be able to meet the request within a month, he will meet them within the next two months informing the User in advance within one month of receiving the request – about the intended extension of the deadline and its reasons.
The user may submit complaints, inquiries and requests to the owner regarding the processing of his personal data and the exercise of his rights.
The user has the right to request the owner to provide a copy of standard contractual clauses by directing the inquiry in the manner indicated in the Privacy Policy.
The User has the right to lodge a complaint with the President of the Office for Personal Data Protection in the scope of violation of his rights to the protection of personal data or other rights granted under the GDPR.
6. Security management – password
The Owner provides Users with a secure and encrypted connection when transferring personal data. The owner uses an SSL certificate issued by one of the world’s leading companies in the field of security and encryption of data transmitted via the Internet.
7. Changes to the Privacy Policy
The Privacy Policy may change, about which the Owner will inform the Users 14 days in advance.
Please direct questions related to the Privacy Policy to the following address: luminhopper@gmail.com
8. Your Consent
By using our site, you consent to our online privacy policy.