top of page

Privacy Policy

This Privacy Policy describes how we collect, use and disclose information a Personal Data, and what choices you have with respect to your Personal Data.
By using the Services, you are agreeing to the terms expressed in the conditions of the Privacy Policy below.

Data controller is
Jan Svamberg


(the “Controller”)
and we ensure that your data is always treated according to the applicable data protection laws, in particular with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”).


2.1.    This Privacy Policy applies to your use of Lumyros application (the “Application”), website and other means by which we provide content to you or receive content from you (the “Services”). If you do not agree with the terms, do not access or use the Services, Application or any other aspect of the Controller’s business.
2.2.    This Privacy Policy does not apply to any third party applications or software that integrate with the Services through the Application (“Third Party Services”), or any other third party products, services or businesses.  


3.1.    The Controller may collect and receive your Personal Data and other information. In order to enable the use of the Services and features of the Application, you shall register by creating a user account in the Application (“Account”). Generally, no one is under a statutory or contractual obligation to provide any Personal Data or other information to the Controller (“Information”). However, if some Information is not provided, we may be unable to provide the Services.
3.2.    Users or individuals granted access to the Account by a registered user routinely submit to the Controller the following Information when using the Services:
a)    Account Information. To create or update the Account, you supply the Controller with your name and surname, date of birth, e-mail address, phone number, password, country of origin, travel itinerary, name and seat of your employer and/or similar Account details. In addition, users that purchase a paid version of the Services provide the Controller (or its payment processors) with billing details such as credit card information, banking information and/or a billing address.
b)    Services Metadata. When you interact with the Services, metadata is generated that provides additional context about the way user work with the Application. For example, the Controller logs the submissions, features, content and links you interact with, the types of material shared and what third party services are used (if any).
c)    Log data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Application or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Application or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
d)    Device information. The Controller collects information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this information often depends on the type of device used and its settings.
e)    Location information. The Controller collects location information from your devices in accordance with the consent process provided by your device.
3.3.    We use cookies and similar technologies in the Application and Services. The Application and Services may also include cookies and similar tracking technologies of third parties. For more details about how we use these technologies, please see our Cookie Policy.
3.4.    Third Party Services. User can choose to permit or restrict third party services for the Account. Typically, Third Party Services are software that integrate with our Services, and user can enable or disable these integrations for the Account. Once enabled, the provider of a Third Party Service may share certain information with the Controller. We do not, however, receive or store passwords for any of these Third Party Services when connecting them to the Services.
3.5.    Contact Information. In accordance with the consent process provided by your device, any contact information that you choose to import is collected when using the Services.


4.1.    The Information will be used by the Controller in accordance with this Privacy Policy, Terms of Use and as required by applicable law. 
4.2.    The Controller uses the Information in furtherance of our legitimate interests in operating our Services, Application and business. More specifically, the Controller uses the Information:
a)    To provide, update, maintain and protect our Services, Application and business. This includes use of the Information to support delivery of the Services, prevent or address service errors, security or technical issues, analyse and monitor usage, trends and other activities or at an user’s request.
b)    As required by applicable law, legal process or regulation.
c)    To communicate with you by responding to your requests, comments and questions. If you contact us, we may use the Information to respond.
d)    To develop and provide search, learning and productivity tools and additional features. The Controller tries to make the Services as useful as possible for specific users. For example, we may improve search functionality by using the Information to help determine and rank the relevance of tasks, roles or expertise to an user, make Services suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Services experience or create new productivity features and products.
e)    To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news. These are marketing messages so you can control whether you receive them.
f)    For billing, account management and other administrative matters. The Controller may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
g)    To investigate and help prevent security issues and abuse.
4.3.    If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, the Controller may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”


The Controller will retain the Information in accordance with this Privacy Policy and as required by applicable law. Depending on the Services plan, the Controller may be able to customize its retention settings and apply those customized settings at the processing of the Information. The Controller may also apply different settings to different types of Personal Data. The Controller may retain the Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Information after you have deactivated your account for the period of time needed for the Controller to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.


6.1.    This section describes how the Controller may share and disclose Information:
a)    The Controller will share and disclose in order to enable the use of Services functionality and for other purposes, as described herein, however always in compliance with applicable law and legal process.
b)    We may engage third party companies or individuals as service providers or business partners to process the Information and support our business. These third parties may, for example, provide virtual computing and storage services. Additional information about the processors we use to support delivery of our Services is set forth in our Data Processing Agreement.
c)    You might enable Third Party Services while using the Services. When enabled, the Controller may share the Information with provider of the Third Party Services. Third Party Services are not owned or controlled by the Controller and third parties that have been granted access to the Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the respective provider for any questions.
d)    The Controller may share the Information with its corporate affiliates, parents and/or subsidiaries.
e)    If the Controller engages in a merger, acquisition, reorganization, sale of some or all of the Controller’s portion of business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all the Information may be shared or transferred, subject to standard confidentiality arrangements.
f)    We may disclose or use aggregated or de-identified Information for any purpose. For example, we may share aggregated or de-identified Information with prospects or partners for business or research purposes.
g)    If we receive a request for information, we may disclose the Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
h)    To protect and defend the rights, property or safety of the Controller or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
i)    We may share Other Information with third parties when we have consent to do so.


The Controller takes security of the Personal Data very seriously. The Controller works hard to protect all the Information you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Information we collect, process and store, and the current state of technology. 


To the extent prohibited by applicable law, the Controller does not allow use of our Services and Application by anyone younger than 18 years old. If you learn that anyone younger than 18 years old has unlawfully provided us with Personal Data, please contact us and we will takes steps to delete such information.


The Controller may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to the Application and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, we will provide additional notice, such as via email or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Account. Please contact us if you wish to request the removal of Personal Data under our control.


10.1.    If you are a resident of the European Economic Area (EEA), you have certain data protection rights. The Controller aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us (see below the contact details).
10.2.    In certain circumstances, you have the following data protection rights:
a)    The right to access, update or to delete the information we have on you. Whenever possible, you can access, update or request deletion of your Personal Data directly within your Account settings section. If you are unable to perform these actions yourself, please contact us to assist you.
b)    The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
c)    The right to object. You have the right to object to our processing of your Personal Data.
d)    The right of restriction. You have the right to request that we restrict the processing of your Personal Data.
e)    The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.
f)    The right to withdraw consent. You also have the right to withdraw your consent at any time where the Controller relied on your consent to process your personal information.
10.3.    Please note that we may ask you to verify your identity before responding to such requests.
10.4.    You also have the right to lodge a complaint with your local data protection authority or the Czech Office for Personal Data Protection, which is the Controller’s lead supervisory authority. You may direct questions or complaints to our lead supervisory authority:
The Office for Personal Data Protection


Pplk. Sochora 27
170 00 Praha 7
Czech Republic, Europe
Phone: +420 234 665 800 


11.    CONTACT
Please also feel free to contact us if you have any questions about our Privacy Policy or practices. You may contact us at our mailing address below:


Jan Svamberg


bottom of page