What is the purpose of this information?
This information about the processing and protection of your personal data will explain to you who we are, why and how we process personal data and what your rights are if you are a person affected by such processing, and how you may get in touch with us if necessary.
Who are we?
Our company is the controller in relation to the personal data processed in accordance with this policy and therefore is responsible for your personal data processing.
When do we process your personal data?
We may process your personal data in the following cases:
- you are our customer, and you use our services,
- you have visited our website,
- you work for our customer or for someone who purchases our services,
- you are our supplier,
- you are applying for a job with us,
- you are someone (or you work for someone) to whom we would like to advertise or provide our services. In this case, we may have obtained your personal data directly from you (for example, via our website where you could subscribe to our newsletter) or from other sources.
What personal data do we process?
We may process personal data relating to you that we have either obtained from you or obtained from somewhere else. The personal data relating to you that we process may include the information set out below.
Your personal data that we process when you use our services
Personal data that we may process are:
- your name and surname,
- your contact details (address, phone number, email address),
- name of the person/company that you work for including your job position or rank if you use the service for that person/company.
Please note that the provision of this data is a contractual requirement in order to properly provide our services and to fulfill the contract you have entered into with us; or to take steps based on your request prior to the conclusion of the contract and in the event of non-provision of this information, we are unable to provide our services, for example, the use of the website as a logged in user for the use of services you have ordered.
Information we gain from our mutual communication
We may process information that we obtain from communicating with you, including:
- Information about you that you give us or that results from our mutual communication via telephone, e-mail, our website, social media or otherwise.
- Information you give us or that we obtain when you use our website, use our services, obtain information about or subscribe to our services, participate in our promotional activities and questionnaires, contact us with your request or when you report a problem or when you do some of these activities on behalf of the person you work for.
- Information about you that you have provided us when you apply for a job with us, including your identification and contact details and information included in your CV, cover letter, certificates, and other documents made available to us, and any personal data provided to us about you by your referees.
Personal data processed in advertising
If you have used our service in the past and provided us with your email address, we may contact you at this email address in order to promote our services, special offers, and news and provide other information related to our services via our newsletter. However, in relation to this, you have the option to choose not to receive our newsletters by ticking the appropriate check box when submitting your email. You may also unsubscribe from our newsletter at any time by ticking the appropriate check box or by using the link in the newsletter, or you may contact us in this regard at any time.
You can also sign up to subscribe to our newsletter at any time by entering your email address in the box provided on our website. You can unsubscribe from our newsletters at any time as described above.
What personal data do we process when you use our website?
The data we may receive from you when you visit our website, either as a visitor or as a registered customer using our services, may include:
- technical data including the IP address used to connect your computer to the internet (we do not permanently store the IP address, and it is only used for the purpose of finding the place where the server answer to your request should be sent to). The IP address is stored in our system only in an anonymized form, while the last octet is replaced by the letter “x”), your login details (if you have registered online), browser type and version and its settings, the operating system information and, if applicable, information from cookies used on our website;
- information regarding your visit, clickstreams on our website (including date and time), services and pricing that you browsed for or viewed, page response times, length of visits on certain subpages, page interaction information (such as scrolling, clicks, and mouse movements), any phone number used to call our customer service number or names used through the social media to contact our customer service.
On March 14, 2022, Luigi’s Box successfully passed the penetration test of application and web services according to OWASP Methodology from CITADELO s.r.o. Luigi’s Box systems withstood the test of a mock hacker attack on their security and possible leak of sensitive information.
For what purposes do we use your personal data?
We may process your personal data for the following purposes:
- To enter into contracts with you or the person you work for and to exercise the rights and fulfilments of the obligations arising from our contractual relationships based on a contract under our terms of service.
- For the recruitment process, when you apply for a job with us and entering into an employment relationship.
- For the purposes of keeping a database of job seekers.
- provide our services;
- communicate our pre-contractual and contractual relationships and provide our services;
- manage and administer our customer relationships and fulfill Luigi’s Box’s obligations according to special regulations (in particular tax and accounting rules;
if you, or the person you work for, is our customer, user, or our service supplier.
- To advertise and provide information regarding our services. We manage our marketing activities through direct marketing communications (for example, through emails) or through telephone calls. This may include suggestions and recommendations regarding our services that may be of interest to you. If we also use our analytics and tracking cookies on our website, we may also use the information obtained from these files for advertising purposes, in particular, to better understand your use of our website.
- To record and evaluate access and movement of users of our website by using Google Analytics and HotJar. The collected data are used only to find ad hoc information needed to solve technical problems, for website administration, and to find out the preferences of our customers and users of our website, while they are in a form that does not allow the identification of individual data sources. We do not use any of this information to identify visitors to our website or users of our services.
- To manage our website regarding our terms and internal operations, which also includes maintaining and improving individual aspects of our services, providing services and information you required from us, responding to comments and questions, supporting service users, troubleshooting, analyzing data, testing, statistical purposes, and surveys.
- To improve our website to ensure that its content is presented in the most effective manner for you and for your device.
- To understand trends regarding the use of our services and the preferences of our customers and visitors to our website in order to continually improve our services and to develop new products, services, features, and functionality.
- To maintain the protection and security of our website, other systems, and assets.
- To prove, enforce or defend our claims, especially in proceedings before public authorities.
What are the legal grounds for our processing of your personal data?
The legal basis on which we process your personal data is as follows:
- Where it is necessary to obtain your prior consent to the processing concerned in order for us to be allowed to do it, we will obtain and rely on your consent in relation to the processing concerned (see below for how to withdraw your consent at any time). Consent is the legal basis for processing your data, for example when you subscribe to our newsletter or when we keep your data in our job seeker database.
- Otherwise, we will process your personal data where the processing is necessary:
- for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a such contract – on this legal ground we process data necessary for the provision of services and necessary for the exercise of the rights and obligations arising from the contract concluded according to our terms and conditions. On this legal ground, we also process data for the purpose recruitment process when you apply for a job with us,
- for compliance with our legal obligations – on this legal ground, we are required to keep, for example billing information in our accounts for the period of time stated in specific legislation, or
- for the purposes of the legitimate interest pursued by us, provided that this will only be in circumstances in which those legitimate interests are not overridden by your interests or fundamental rights and freedoms which require protection of personal data – on this legal ground, we may send to our customers, for example advertising information about our company. We also rely on our legitimate interest, if we process data due to keep our systems safe and secure. Please note that when we process your data on a legitimate interest basis, we always carefully assess whether the particular processing does not override your rights and freedoms.
Who do we share your personal data with?
Your personal data are safe with us. We do not sell or trade your data with any third parties. Please note that we may only disclose your personal data to service providers that have undertaken the necessary security measures to protect your data. When we share personal information with others we require them to keep it safe. In this section, you may learn more about who we share your personal information.
We may share your personal data with the following recipients:
- our business partners, suppliers, subcontractors, and service providers, for example, authorized IT service providers, and accounting companies, all to the extent necessary to meet the obligations of these suppliers and service providers in relation to Luigi’s Box;
- other recipients, including:
- our auditors, legal advisers, and other professional consultants and service providers;
Other disclosures we may make
We may provide your personal information to third parties:
- In the event Luigi’s Box or part of it were acquired by a third party, in such case personal data would be processed as a part of the transferred property.
- If we are under a duty to disclose or share your personal information in order to comply with any legal obligation resulting from generally binding legal regulations or to enforce or apply our rights resulting from the legislation and/or terms of service or to protect the rights, property, and security of Luigi’s Box, our customers or others; in these cases, we may provide your data in particular to public authorities and our legal counsels and other professional consultants.
Where do we process personal data?
We do not provide your personal data to any third countries, i.e. countries outside of the European Union or the European Economic Area. If we provide your personal data to our service providers situated outside of the European Economic Area (“EEA”), such provision may only be made on the basis of a European Commission decision on the appropriate level of protection of personal data in that third country or on the basis of other appropriate safeguards (see http://ec.europa.eu/justice/dataprotection/internationaltransfers/transfer/index_en.html) in line with Chapter V of the EU Data Protection Directive (so-called GDPR).
How is your data protected?
Protecting your personal information is important to us. We have taken security measures to protect your personal data processed in hard copies or/and electronically as well from destruction, loss, alteration, unauthorized provision, or access to them.
Your personal data are securely transmitted by encryption. In order to do that we use the encryption system SSL (Secure Socket Layer). We take appropriate technical and organizational measures in accordance with the relevant data protection legislation in order to secure our website and as well as other systems used for data processing.
Access to your customer account that is created after your registration with us is possible only after you have entered your email address and your chosen password. You are responsible for maintaining the confidentiality of your access data. Therefore we suggest that you do not disclose your access data to anyone. You should treat your access information as confidential and always remember to log out of your account after you end your activity.
No payment transactions take place on our website and all payment transactions are provided by the bank or other authorized payment service providers.
Unfortunately, transferring data across internet websites is never fully safe. Despite our efforts to do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and you, therefore, carry out all data transmission under your sole responsibility. From the moment we receive your data we will take strict steps and security measures in order to prevent any unauthorized access to your data.
Would you like to find out more about the security measures that we have taken to protect your personal data? Please contact us via our contact details stated below.
How long do we process personal data?
We process your personal data only for so long as is necessary for the purpose(s) for which it was originally collected.
If we do not enter into an employment or contractor agreement with you, personal data for the purpose of recruitment process are stored until the given selection procedure is completed. In case we are provided with a consent, we keep the personal data of job seekers for a period of 2 years from the date of the consent.
Personal data processed for the purpose of enforcing the rights and fulfilling the obligations arising from the contract is processed according to the statutory deadlines set out in generally binding legal regulations (typically five to ten years). Personal data processed based on your consent and personal data processed for the purpose of managing your customer account will be processed unless the agreement is withdrawn or the customer account is deleted by terminating our services agreement. Personal data processed based on legitimate interest is processed only for the duration of this interest.
After your data has been processed and if there is no legal basis for further processing of your data, it will be removed; this does not apply if further processing is necessary for the fulfillment of our legal obligations or if it is required for any other legitimate and lawful purpose.
What are your rights?
Below you will find the rights you have regarding your personal data and which specific terms are set out in Chapter III of the GDPR. If you would like to exercise any of your rights or receive more information about them, please contact us via the contact details below and we will assist you. Please note that some of the rights may not be applicable to your situation, as some of the legal requirements may not be met for the enforcement of such rights.
Regarding your processed personal data, you have the following rights:
- Right of access
- You have the right to gain access to information about the personal data that we process about you. Should you have any questions regarding the processing, or you would like to have more insight about the personal data we process from you, please contact us via the contact details below and we will provide you with further information.
- Right to rectification
- You can request us to correct information inaccurately stored by us without undue delay. You also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to erasure/right to be forgotten
- You have the right to request us to permanently delete your personal information. You can make such a request if you, for example, believe that the personal data are no longer necessary in relation to the purpose for which the personal data were collected or otherwise processed.
- Right to restrict the processing activities
- You have the right to request us to restrict our processing activities, for example, if you believe we process incorrect personal data about you, for the time being until the correctness of that personal data is verified, or when the processing of your personal data is unlawful.
- Right to data portability
- You have the right to request data that we process about you by automated means based on a contract or consent in a structured, commonly used, and machine-readable format and you have the right to request that we transmit those data to another controller, if technically feasible.
- Right to lodge a complaint with a supervisory authority
- If you are not satisfied with the method how we process your personal information, you can contact us at any time in order to find a solution to your concern. However, you always have the right to file a formal complaint with the Office for Personal Data Protection of the Slovak Republic (https://www.dataprotection.gov.sk).
You have the right to object to the processing of your personal data
Right to object to the processing of your personal data
You have the right to object to the processing of your personal data for direct marketing purposes (for example sending you newsletters) – in which case your personal data shall no longer be processed for such purposes.
In the event that your data are processed on the legal basis of our legitimate interest, you shall have the right to object at any time to the processing of your personal data; in which case we shall no longer process the personal data on this legal basis unless we demonstrate compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms or for the establishment, exercise or defense of legal claims.
How to withdraw your consent to processing?
Where we process your personal data on the basis of your prior consent to that processing, you may withdraw your consent at any time. In which case we shall stop the processing concerned. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
How to exercise your data protection rights?
You can exercise your rights to your personal data here:
If you wish to exercise any of your rights as a data subject and from your application it is not possible to verify the identity of the applicant or if we have reasonable doubts as to the identity of the person making the request, we reserve the right to ask for further information necessary to confirm the identity of the person applying the application.
Our full contact details are:
Luigi’s Box, s.r.o.
811 02 Bratislava
Tel: +421 903 547 498
Changes to this policy
This policy was last updated on 10th January 2023.