Last updated: January 2025
1. Introduction
Lumia Labs B.V. (“Lumia Labs”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website or use our services.
2. Data Controller
The data controller responsible for your personal data is:
Lumia Labs B.V. The Netherlands Email: info@lumialabs.com Phone: +31 85 800 2048
3. What Data We Collect
3.1 Data You Provide
- Contact information: Name, email address, phone number when you contact us or submit a form
- Business information: Company name, job title, project requirements when discussing potential collaboration
- Communication data: Content of emails and messages you send us
3.2 Data Collected Automatically
- Analytics data: We use Umami Analytics, a privacy-focused analytics tool that does not use cookies and does not collect personal data. We only collect aggregated, anonymized statistics about page views and visitor counts.
- Technical data: Your browser type and version, anonymized and aggregated for website optimization
3.3 Data We Do Not Collect
- We do not use tracking cookies
- We do not collect IP addresses
- We do not create user profiles
- We do not share data with advertising networks
4. Legal Basis for Processing
We process your personal data based on the following legal grounds (Article 6 GDPR):
| Purpose | Legal Basis |
|---|---|
| Responding to inquiries | Legitimate interest / Pre-contractual measures |
| Providing services | Performance of a contract |
| Sending project updates | Performance of a contract |
| Newsletter (if subscribed) | Consent |
| Website analytics | Legitimate interest (anonymized data only) |
| Legal compliance | Legal obligation |
5. How We Use Your Data
We use your personal data to:
- Respond to your inquiries and requests
- Provide our software development and consulting services
- Send you information about your project or our collaboration
- Improve our website and services
- Comply with legal obligations
We will never sell your data or use it for purposes other than those stated above.
6. Data Retention
We retain your personal data only for as long as necessary:
| Data Type | Retention Period |
|---|---|
| Contact form submissions | 2 years after last contact |
| Project-related data | 7 years after project completion (legal requirement) |
| Contract and invoice data | 7 years (Dutch tax law requirement) |
| Newsletter subscriptions | Until you unsubscribe |
| Analytics data | Aggregated, no personal data retained |
7. Data Sharing
We do not sell or rent your personal data. We may share data with:
- Service providers: Hosting providers and email services that process data on our behalf, under strict data processing agreements
- Legal requirements: When required by law or to protect our legal rights
All our service providers are based in the EU or provide adequate safeguards for data transfers.
8. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encrypted data transmission (HTTPS/TLS)
- Secure hosting infrastructure
- Access controls and authentication
- Regular security reviews
- Employee confidentiality obligations
9. Your Rights
Under GDPR, you have the following rights:
Right of Access (Article 15)
You can request a copy of the personal data we hold about you.
Right to Rectification (Article 16)
You can request correction of inaccurate or incomplete data.
Right to Erasure (Article 17)
You can request deletion of your data when it’s no longer necessary or when you withdraw consent.
Right to Restrict Processing (Article 18)
You can request limitation of processing in certain circumstances.
Right to Data Portability (Article 20)
You can request your data in a structured, machine-readable format.
Right to Object (Article 21)
You can object to processing based on legitimate interests.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at info@lumialabs.com. We will respond within 30 days.
10. Cookies
Our website does not use cookies for tracking or analytics. We use Umami Analytics, which is cookie-free and privacy-focused. Your browser may store essential technical data (such as preferences) locally, but this is not used for tracking.
11. Third-Party Links
Our website may contain links to external websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies.
12. Children’s Privacy
Our services are not directed at individuals under 16 years of age. We do not knowingly collect data from children.
13. International Data Transfers
We primarily process data within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
14. Complaints
If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Dutch Data Protection Authority:
Autoriteit Persoonsgegevens Website: autoriteitpersoonsgegevens.nl Phone: +31 88 180 5250
15. Changes to This Policy
We may update this privacy policy to reflect changes in our practices or legal requirements. The updated version will be posted on this page with a new “Last updated” date. We encourage you to review this policy periodically.
16. Contact Us
For questions about this privacy policy or your personal data:
Email: info@lumialabs.com Phone: +31 85 800 2048
We aim to respond to all inquiries within 5 business days.