1. Introduction and Purpose
Lukka, Inc. and its subsidiaries, affiliates and other members of its group companies (together, “We”, “Us”, “Our” or the “Company”) are committed to protecting the privacy of visitors to our websites and the individuals and entities who register to use our products and services from time to time (each, a “Lukka Product” and collectively, the “Lukka Products” or “our Products”). This policy shall apply collectively to the Company websites, lukka.tech, coinfirm.com and all subdomains of the foregoing and any other public websites within the lukka.tech and confirm.com domains (together, the “Lukka Sites” or “our Sites”).
The Company you are contracting with is your Data Controller and is responsible for the collection, use, disclosure, retention, and protection of your Personal Data (as defined below) in accordance with this policy, applicable laws and regulations, and global privacy standards. The Company shares data internally with each other under a Data Processing Agreement. Lukka, Inc., a Delaware corporation, is the Data Controller of your Personal Data processed under this policy. Our registered office is at c/o Stellar Corporation Services LLC, 3500 SouthDuPont Highway, Dover, DE 19901 and our registered company number is 5492959.
Our Customers are solely responsible for establishing policies that ensure compliance with all applicable laws and regulations, agreements, or other obligations, with regards to the collection of Personal Data in connection with the use of our Products by individuals or entities with whom our Customers interact. If you are an individual who interacts with a Customer using our Products, then you will be directed to contact that Customer for assistance with any requests or questions relating to your Personal Data.
The security of your Personal Data is important to us. The Company has in place safeguards to protect the Personal Data stored with us. This policy describes how we may collect, use, disclose, process, and manage your Personal Data. We use commercially reasonable physical, electronic, and procedural measures to protect Personal Data in accordance with data protection legislative requirements. We will not use your Personal Data for purposes other than those purposes we have disclosed to you in this policy without your permission.
This policy applies to any individual’s Personal Data which is in our possession or under our control. By visiting, accessing, or using our Sites or our Products, you acknowledge that we use your Personal Data as set out in this policy. This policy does not apply to anonymized data as it cannot be used to identify you.
This policy will be updated from time to time and the most current version will always be available on our Site.
2. Personal Data
“Personal Data” is data that can be used to identify a natural person or which allows a natural person to be identified when combined with other information. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, email address, an identification number, location data, and online identifier or to one or more factors specific to his/her physical, physiological, genetic, mental, economic, cultural or social identity. It does not include data where your identity has been removed (“Anonymized Data”).
For the purposes of applicable data protection law, we are the Data Controller in relation to the processing of your Personal Data when provided by you to us. More commonly under contract with our customers, we are a processor of Personal Data following their instructions. This policy applies to any individual’s Personal Data which is in our possession or under our control. By visiting, accessing, or using our Sites or our Products, you acknowledge that we use your Personal Data as set out in this policy.
You may give us Personal Data by filling in forms on one of our Sites or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use one of our Sites, subscribe to one of our Products, submit your CV to us, or any other communication with us. We may also process Personal Data in performance of a contract with a customer where they supply or provide Personal Data in their business interaction with us.
In order to provide you with the Products, we may ask you to provide us with certain details or Personal Data. The collection of Personal Data is limited to what is necessary to meet the Company’s objectives. Some examples of Personal Data that we may collect are:
You have the right to refuse, deny, or withdraw consent on providing us with any of the Personal Data described above at any time (see also Section 12). However, we may not be able to offer our Products to you if we agree to such a request.
Should our Company develop or acquire additional Personal Data, outside of what was defined above, about its Customers for our use, we will update this policy to reflect such additional data.
3. Lawful Uses of Personal Data
We may use your Personal Data in order to perform our contract with you, provide you with access to our Products, process related payments, contact you and your agents about our Products, and for such other purposes permitted by law. Personal Data is used only for the intended purposes for which it was collected and only when implicit or explicit consent has been obtained, unless a law or regulation specifically requires otherwise.
In order to be responsive to you, to provide the Products to you, and to maintain our business relationship, as a matter of our legitimate interests, we may use your Personal Data to:
If Personal Data that was previously collected is to be used for purposes not identified by our then current policy, we will update this policy to define the new purpose.
The Company’s methods of collecting Personal Data are reviewed by our management before they are implemented to confirm that Personal Data is obtained fairly, without intimidation or deception, and lawfully, adhering to all relevant rules of law, whether derived from statute or common law, relating to the collection of Personal Data.
If you are based in the European Economic Area (EEA), Switzerland, or the United Kingdom, use of Personal Data under relevant data protection laws must be justified under one of a number of legal “grounds” and we are required to set out the grounds in respect of each use in this policy. We note the grounds we use to justify each use of your information in each heading below.
Type of Personal Data
For the Performance of Our Contracts
We may use your name, address, phone number, and email address to register your account for the Lukka Products and to communicate important information to you. We may obtain additional Personal Data about you, such as address change information from commercially available sources, to keep our records current. If you set up an administrator account that may be accessed by people other than you, please note that they may see and have the ability to change or delete your Personal Data. We may use your information to operate our business, including providing the Lukka Products you requested, provide you with support related to the Lukka Products, and to help us protect our Products, including to combat fraud and protect your information.
Compliance with a Legal Obligation
There are a number of legal obligations imposed by relevant laws to which we are subject, as well as specific statutory requirements (e.g., anti-money laundering laws, financial services laws, corporation laws, privacy laws and tax laws). There are also various supervisory authorities whose laws and regulations apply to us. Such obligations and requirements impose on us necessary Personal Data processing activities for identity verification, payment processing, compliance with court orders, tax laws or other reporting obligations and anti-money laundering controls.
To Improve the Lukka Products and Develop New Products and Services
Only in a way that would not allow you or any other person to be identified, we may use your information to personalize or customize your experience and the Lukka Products, develop new features or products and services, and to improve the overall quality of the Company’s products and services.
To Provide Customer Service and Technical Support
We may use your name, address, phone number, email address, how you interact with the Lukka Products, and information about your computer configuration to resolve questions you may have about the Lukka Products and to follow up with you about your experience.
We may use any information you volunteer in surveys you answer for us and combine them with answers from other customers in order to better understand our Products and how we may improve them. Answering any survey is optional.
For Research, Including Publishing or Sharing Combined Information from Many Users, But Only in a Way that Would Not Allow You or Any Other Person to be Identified
Only in a way that would not allow you or any other person to be identified, we may prepare and share information about our Customers with third parties, such as advertisers or partners, for research, academic, marketing, and/or promotional purposes. For example, we may share demographic data that describes the percentage of our customers who use a particular operating system. We or our third party partners may publicly report the aggregated findings of the research or analysis, but only in a way that would not allow you or any other person to be identified.
To Investigate or Settle Inquiries or Disputes
We may need to use Personal Data collected from you to investigate issues or to settle disputes with you because it is our legitimate interest to ensure that issues and disputes get investigated and resolved in a timely and efficient manner.
Response to Subpoenas and Other Legal Requests
We may share your Personal Data with courts, law enforcement agencies, or other government bodies when we have a good faith belief that we are required or permitted to do so by law, including to meet national security, regulatory or law enforcement requirements, to protect our Company, or to respond to a court order, subpoena, search warrant or other law enforcement request.
For the Purpose of Safeguarding Legitimate Interests
We may also share account information, including Personal Data, when we believe it is appropriate to enforce or apply the terms and conditions governing your use of the Lukka Products and other agreements, or to protect the rights, property, or safety of the Company, the Lukka Products, our Customers, or others. This does not include selling, renting, sharing, or otherwise disclosing Personal Data of our customers for commercial purposes in violation of the commitments set forth in this policy.
For Marketing Purposes
We may use your Personal Data to send you marketing communications by email or other agreed forms (including social media campaigns), to ensure you are always kept up-to-date with our latest products and services. If we send you marketing communications, we will do so based on your consent and registered marketing preferences. Such marketing messages may be sent to you in various modes, including, but not limited to, electronic mail, direct mailers, short message service, telephone calls, facsimile and other mobile messaging services. In doing so, we will comply with the Gramm Leach Bliley Act of the United States (the “GLBA”) and other applicable data protection and privacy laws. You may at any time request that we stop contacting you for marketing purposes via selected or all modes. Nothing in this Section shall vary or supersede the terms and conditions that govern our relationship with you.
For Internal Business Purposes and Record Keeping
We may need to process your Personal Data for internal business and research purposes as well as for record keeping purposes. Such processing is in our own legitimate interests and is required in order to comply with our legal obligations. This may include any communications that we have with you in relation to the Lukka Products we provide to you and our relationship with you. We will also keep records to ensure that you comply with your contractual obligations pursuant to the agreements governing our relationship with you.
4. Disclosure of your Information to Third Parties
The Company will not disclose any of your Personal Data to a third party, except: (a) to the extent that it is required to do so pursuant to any applicable laws, rules or regulations; (b) if our legitimate business interests require disclosure; (c) in line with our binding agreements with you; (d) at your request or with your consent or to those described in this policy. The Company will endeavor to make such disclosures on a “need-to-know” basis, unless otherwise instructed by a regulatory authority. Under such circumstances, the Company will notify the third party regarding the confidential nature of any such information.
As part of using your Personal Data for the purposes set out above, the Company may disclose your Personal Data to any of its service providers and business partners, for business purposes, such as specialist advisors who have been contracted to provide us with administrative, financial, legal, tax, compliance, insurance, IT, debt-recovery, analytics, research or other services. Personal Data is disclosed only to third parties who have agreements with the Company to protect Personal Data in a manner consistent with our privacy requirements which guarantee adequate protection of your Personal Data. The Company has procedures in place to evaluate whether third parties have effective controls to meet the terms of the relevant agreement, instructions, or requirements.
If the Company discloses your Personal Data to service providers and business partners in order to perform the services requested by you, such providers and partners may store your Personal Data within their own systems in order to comply with their legal and other obligations.
5. Disclosure for National Security or Law Enforcement
Under certain circumstances, we may share your Personal Data with courts, law enforcement agencies, or other government bodies when we have a good faith belief that we are required or permitted to do so by law, including, without limitation, to meet national security, regulatory or law enforcement requirements, to protect our Company, to respond to a court order, subpoena, search warrant or other law enforcement requests or where we believe in good faith that the disclosure of such Personal Data is necessary to prevent physical harm or financial loss, to report suspected illegal activity or to investigate violations of Company policies.
6. How the Company Protects your Information
The Company respects the privacy of any users who access the Lukka Sites or Lukka Products, and it is therefore committed to taking commercially reasonable steps to safeguard any existing or prospective Customers, applicants, and Site visitors.
The Company keeps any Personal Data of its Customers and its potential Customers in accordance with the applicable privacy and data protection laws and regulations. Additionally, the Company creates and maintains a record of authorized disclosures of Personal Data that is complete, accurate, and timely.
We have the necessary and appropriate technical and organizational policies and procedures in place to help ensure that Personal Data remains secure. We regularly train and inform our employees on the importance of maintaining, safeguarding, and respecting your Personal Data and privacy.
We regard breaches of individuals’ privacy very seriously and as such, the Company manages unauthorized access or disclosure of protected Personal Data in accordance with its Incident Management Policy. We also have processes in place with third parties to report actual or suspected unauthorized disclosures of Personal Data to the Company. We will impose disciplinary measures, as appropriate, for any breach or misuse of Personal Data by an employee or third party. Notifications of breaches and incidents will be communicated in accordance with Company policies, agreements, and applicable laws and regulations.
It is your responsibility to make sure that any password or other protected information that you create or maintain in connection with the Lukka Products is only known to you and not disclosed to anyone else. Information inputted into your account is securely stored in a safe location and accessible only by authorized personnel. Reasonable measures are taken to prevent unauthorized parties from viewing Personal Data transferred to the Company over a secure connection.
Our operations are supported by a network of computers, servers, and other infrastructure and information technology, including, but not limited to, third-party service providers. We and our third-party service providers and business partners store and process your Personal Data securely in Switzerland, the European Union, the United Kingdom, Singapore, the United States of America, and elsewhere in the world.
7. Transfers of Personal Information outside of Switzerland, the European Economic Area (EEA) and the United Kingdom (UK)
This Section 7 applies to individuals located in Switzerland, the EEA, or the UK. Our office headquarters are based in the United States and our main data centers are located in the United States and in Poland. Where required to perform our contract with you or for our wider business purposes, the information that we hold about you may be transferred to, and stored at, a destination outside Switzerland, the EEA or the UK. It may also be processed by staff operating outside Switzerland, the EEA or the UK who work for us. We also may transfer your Personal Data outside Switzerland, the EEA, and the UK to other Company subsidiaries, service providers, and business partners (“Data Processors”) who are engaged on our behalf. To the extent that we transfer your Personal Data outside of Switzerland, the EEA, and the UK, we will ensure that the transfer is lawful and that Data Processors in third countries are obliged to comply with the revised Swiss Federal Data Protection Act of 2023, the European Union (EU) General Data Protection Act 2016/679, and the UK Data Protection Act 2018. If transfers of Personal Data are processed in the US, we may in some cases rely on applicable standard contractual clauses and binding corporate rules.
If we need to transfer your Personal Data to other countries, including countries that have differing levels of privacy and data protection laws than your country, we will do so in accordance with the contractual agreements we have in place with you or obtain your explicit consent as necessary. When obtaining explicit consent, we will specify which Personal Data in particular is being transferred and the third party that the data is being transferred to. In all such transfers, we will protect your Personal Data as described in this policy and ensure that appropriate information sharing contractual agreements are in place that protect your Personal Data at an appropriate level.
8. Transfers of Personal Information outside of Singapore
This Section 8 applies to individuals located in Singapore. We may transfer your Personal Data outside Singapore to Data Processors who are engaged on our behalf. To the extent that we transfer your Personal Data outside of Singapore, we will ensure that the transfer is lawful and that such data continues to be protected to an extent comparable with Singapore’s data privacy laws.
9. Cookies Policy
We use Google Analytics, Search Console, Tag Manager, and cookies to facilitate your use of our Sites and Products in order to offer you the Lukka Products according to your preferred settings, track use of our Sites and Products, and to compile statistics about activities carried out on our Sites and Products. Google Analytics, Search Console, Tag Manager, and cookies may collect information such as the internet protocol (IP) address from which you access our Products, date and time accessed, information about your browser, operating system and computer or device, pages viewed, internet service provider, referring/exit pages, clickstream data, and items clicked. We may also collect location information, including location information automatically provided by your computer or device.
You may set up your web browser to block our tracking technologies from monitoring your website visits. You may also remove some of these technologies from your computer or mobile device. However, if you do block these technologies, you may not be able to use certain features and functions of our Sites.
When visiting or using third party websites or products, you should read their relevant policies to understand the cookies and similar technologies they use to facilitate your use of their products and/or services.
10. Other Websites
Our Sites and Products may contain links to other websites or services which are not owned or maintained by the Company. When you access these third-party services or websites, you leave our Sites and Products, and we are not responsible for, and do not control, the content, security, or privacy practices employed by any such third-party websites and services. You access these third-party services at your own risk. This policy does not apply to any third-party services. You must refer to the privacy notices or policies for such third-party services for information about how they collect, use, and process your Personal Data.
11. Retention of Personal Data
Your Personal Data is retained as long as the purpose for which it was collected remains and until it is no longer necessary for any other legal or business purposes.
When we consider that Personal Data is no longer necessary for the purpose for which it was collected, we will remove any details that will identify you, dispose of, or securely destroy the records to prevent loss, theft, misuse or unauthorized access. However, we may need to maintain records for a certain period of time (after you cease being our Customer) where required by law or regulation or our legitimate business interest.
Also, the Personal Data we hold in the form of recorded information, by telephone, electronically, or otherwise, will be held in accordance with applicable legal and regulatory requirements. If you have opted out of receiving marketing communications, we will hold your details on a suppression list to document that you do not want to receive these communications
12. Your Rights to your Personal Data
The rights that are available to you in relation to the Personal Data we hold about you are outlined below. Prior to performing any of the below, the Company may require you to verify your identity through appropriate and reasonable authentication procedures. UK, EU and Swiss law provide the following rights for individuals, and we apply these rights to all Personal Data we hold. Please be aware that some of these rights are qualified, and any request will be assessed before we carry it out.
If you ask us, we will confirm whether we are processing your Personal Data and, if so, what data/information we process and, if requested and if possible and lawful, provide you with a copy of that data in a timely manner.
In the rare instances that you are denied access to your Personal Data in accordance with applicable laws and regulations, the Company will inform you of the denial and in writing, provide you the reason a request for access to your Personal Data was denied, the source of our legal right to deny such access and your right, if any, to challenge such denial, as specifically permitted or required by law or regulation. This information will be provided in a timely manner unless prohibited by law or regulation.
It is important to us that your Personal Data is up to date. Therefore, we will take reasonable steps to make sure that your Personal Data remains accurate, complete and up-to-date. If the Personal Data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have disclosed your Personal Data to others, we will let them know about the rectification where possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your Personal Data so that you can contact them directly.
You may inform us at any time that your personal details have changed by contacting us in accordance with Section 14 of this policy. The Company will change your Personal Data in accordance with your instructions. To proceed with such requests, in some cases we may request supporting documentation.
If a request for correction of Personal Data is denied, you will be provided a reason in writing, and you may appeal such reason by contacting us in accordance with Section 14 below.
You can ask us to delete or remove your Personal Data in certain circumstances however, such requests will be subject to the binding contracts that you have with us and with applicable legal or regulatory retention periods we are required to comply with. These requests can be made by contacting us in accordance with Section 14 of this policy. If we have disclosed your Personal Data to others, we will let them know about the erasure request where lawful and possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your Personal Data so that you can contact them directly.
You can ask us to block or suppress the processing of your Personal Data if you contest the accuracy of that Personal Data or object to us processing it. It will not necessarily stop us from storing your Personal Data. We will inform you before we decide not to agree with any requested restriction. If we have disclosed your Personal Data to others, we will let them know about the restriction of processing if possible. If you ask us, if possible and lawful to do so, we will also inform you with whom we have shared your Personal Data so that you can contact them directly.
In certain circumstances, you may have the right to obtain the Personal Data you have provided us with (in a structured, commonly used, and machine readable format) and to re-use it elsewhere or ask us to transfer this to a third party of your choice.
You can ask us to stop processing your Personal Data, and we will do so, if we are:
Automated decision-making and profiling
If we have made a decision about you based solely on an automated process (e.g., through automatic profiling) that affects your ability to access our Products or has another significant effect on you, you can request not to be subject to such decision unless we can demonstrate to you that such decision is necessary for entering into, or the performance of, a contract between you and us. Even if a decision is necessary for entering into or performing a contract, you may contest the decision and request human intervention. We may not be able to offer the Products to you if we agree to such a request.
If you are a resident of an EU, the UK or EEA member state, you have the right to file a complaint with a competent supervisory authority against the way in which your Personal Data is processed by us at any time.
Right of revocation
You can withdraw your consent to certain processing of your Personal Data at any time, with effect for the future, where we rely on your consent for processing your data. This will not affect the lawfulness of any processing of your Personal Data carried out before you withdraw your consent, nor any ongoing contractual or other legal obligations requiring us to process Personal Data.
13. Access by Children
Our Sites and Products are meant for adults. Please note that we do not knowingly collect any Personal Data from children under 13 without permission from a parent or guardian. We reserve the right to limit participation in particular programs or promotions to adults. If you are a parent or legal guardian and think your child under 13 has given us information, you can contact us in accordance with Section 14 below. Please title the Subject of your inquiries as “COPPA Information Request.”
14. How to Contact Us
To contact us on any aspect of this policy or to provide any feedback that you may have, please contact us at https://www.lukka.tech/privacyhelp.
We review this policy regularly (but no less than annually) to ensure that any new obligations and technologies, as well as any changes to our business operations and practices are taken into consideration. Any Personal Data we hold will be governed by our then current policy. We may amend this policy from time to time to ensure that this policy is consistent with any developments to the way the Company uses your Personal Data or any changes to the laws and regulations applicable to the Company.
If we make any material changes to this policy, we will notify you by email or by posting a prominent notice on our Sites and/or take such other steps as required by applicable law. We encourage you to periodically review this policy for the latest information on our privacy practices. Your continued use of our Products constitutes your understanding of any such changes to this policy. We will make available the updated policy on our Sites and Products. All communications, transactions and dealings with us shall be subject to the latest version of this policy in force at the time.
16. How to Contact Supervisory Authority
For those in the UK, the relevant supervisory authority is the Information Commissioner’s Office (ICO).
Post: Information Commissioner’s Office, Wycliffe, Water Lane, Wimslow, Cheshire, SK9 5AF.
For those in Poland, the relevant supervisory authority is Urząd Ochrony Danych Osobowych (Personal Data Protection Office)
For those in Switzerland, the relevant supervisory authority is the Federal Data Protection and Information
For those in Singapore, the relevant supervisory authority is the Personal Data Protection Commission
Last Updated: January 2024