logo
privacy-policy-background

Privacy Policy

July 2025

Purpose

At LumaTask, we are committed to ensuring the privacy, confidentiality, and security of all personal and project-related data we process. Our aim is to protect the confidentiality (unauthorized disclosure), integrity (unauthorized or accidental alteration), and availability (access when needed) of information to support business continuity, client trust, and compliance with applicable data protection laws.

Scope

This policy applies to all personal data we process in the course of delivering software development and outstaffing services, and to all employees, contractors, and service providers working on behalf of LumaTask.

Information We Collect

We may collect and process the following types of personal data:

  • Full name, email, and contact details
  • Company affiliation and job role

Use of Information

We use your data to:

  • Fulfill service agreements or respond to inquiries
  • Manage projects and client relationships
  • Ensure secure access to tools and systems
  • Comply with legal and regulatory obligations
  • Improve service performance and security

Security Responsibilities

  • Management Oversight: This policy is reviewed and approved by senior management.
  • Information Security Manager: Responsible for day-to-day oversight, legal compliance (including GDPR), and continuous security improvement.
  • Employees & Providers: Everyone has a duty to protect the information and digital assets in their care. Any suspected data breach must be reported immediately.
  • Non-compliance: Failure to follow security protocols may result in disciplinary action or termination of engagement.

Data Sharing and Transfers

We may share your personal data with trusted third parties (e.g., infrastructure providers or project management tools) under strict contractual obligations, including:

  • Use of Data Processing Agreements (DPAs)
  • Standard Contractual Clauses (SCCs) for transfers outside the EEA
  • Technical and organizational safeguards to maintain data protection

Legal and Regulatory Compliance

We comply with all applicable laws, including the EU General Data Protection Regulation (GDPR), and regularly review legal and regulatory updates that may impact data handling.

Data Retention

Personal data is retained only for as long as necessary to fulfill the purpose it was collected for, or as required by law or contractual obligations.

Your Rights

Under GDPR, you have the right to:

  • Access and receive a copy of your data
  • Request correction or deletion
  • Restrict or object to processing
  • Withdraw consent at any time
  • File a complaint with the Dutch Data Protection Authority

Business Continuity and Review

A business continuity plan is in place and is regularly reviewed and tested.

This policy is reviewed periodically to ensure relevance, effectiveness, and legal compliance. Improvements are continuously implemented through our Information Security Management System (ISMS).

privacy-policy-bottom