Lumosa Lighting BV, located at Ekkersrijt 4110, 5692 DC Son en Breugel (Netherlands), is responsible for the processing of personal data as described in this privacy policy. This policy applies to the processing of personal data under both the General Data Protection Regulation (GDPR) and the UK General Data Protection Regulation (UK GDPR).

Personal data we process

Lumosa processes your personal data because you use our services and/or because you provide this data to us directly. Below is an overview of the personal data we may process:

• First and last name

• Email address

• IP address

• Other personal data you actively provide (e.g. by creating a profile on this website, in correspondence or by phone)

• Location details of the sports club or facility

• Contact list details shared via an app

• Internet browser and device type

Special and/or sensitive personal data

Our website and/or services are not intended to collect data from visitors under the age of 16, unless they have consent from a parent or guardian. We cannot, however, verify the age of visitors. We therefore recommend that parents stay involved in their children's online activity to prevent data from being collected without parental consent.

If you believe that we have collected personal data about a minor without proper consent, please contact us at info@lumosa.nl and we will delete the data.

Purpose and legal basis for processing

Lumosa processes your personal data for the following purposes:

• To contact you by phone or email if necessary to provide our services

• To offer you the ability to create an account

• To comply with legal obligations, such as data required for tax filings

Automated decision-making

Lumosa does not make decisions based solely on automated processing that may have significant consequences for individuals. This refers to decisions made by computer programs or systems without human involvement.

Data retention

Lumosa stores your personal data no longer than is necessary to achieve the purposes for which it was collected.

Sharing personal data with third parties

Lumosa does not sell your data to third parties. We only share your data if this is necessary to perform our agreement with you or to comply with a legal obligation.
With third-party service providers who process data on our behalf, we enter into data processing agreements to ensure the same level of protection and confidentiality. Lumosa remains responsible for these processing activities.

Cookies or similar technologies

Lumosa uses only technical and functional cookies, and analytical cookies that do not infringe on your privacy.
A cookie is a small text file that is stored on your computer, tablet or smartphone during your first visit to our website. These cookies are necessary for the technical functioning of the website and to enhance your user experience. They help the site remember your preferences and allow us to improve our website.

You can disable cookies by setting your browser to not store them, and you can delete any cookies already stored via your browser settings.

Access, correction or deletion of data

You have the right to access, correct or delete your personal data. You can do this yourself through your account settings.
You also have the right to withdraw your consent, object to processing, and request data portability. This means you can request a copy of your personal data and transfer it to yourself or another organization.

To exercise any of these rights, or if you have questions about how we process your data, please send a detailed request to info@lumosa.eu.

To verify your identity, we may ask you to include a copy of your ID with your request. Please black out your photo, MRZ (machine readable zone), passport number and citizen service number (BSN) to protect your privacy. We will respond as quickly as possible and always within four weeks.

Supervisory authorities

If you believe your rights under data protection laws have been violated, you have the right to file a complaint with your local supervisory authority:

• For residents of the EU:
  Autoriteit Persoonsgegevens (Netherlands)

• For residents of the UK:
  Information Commissioner's Office (ICO)

Data breaches

If a personal data breach occurs that is likely to result in a risk to the rights and freedoms of individuals, Lumosa will report the breach to the appropriate supervisory authority without undue delay, and no later than 72 hours after becoming aware of it, in line with GDPR and UK GDPR requirements.

If the breach is likely to result in a high risk for affected individuals, those individuals will also be notified as soon as possible, in cooperation with the client (where applicable).
The individuals concerned are those whose personal data is involved in the breach. Notification is required if the breach is likely to adversely affect their privacy.

Processors are required to report breaches to Lumosa as the controller.

Roles and responsibilities

1. Controller
The management of Lumosa Lighting BV is the controller. The controller determines the purpose and means of processing personal data and is responsible for decisions regarding storage, access, and data security.

2. Processor
A processor is any party that processes data on behalf of the controller, based on instructions, and without direct authority. A processor does not make decisions about how the data is used or stored.

How we protect personal data

Lumosa takes the protection of your data seriously and implements appropriate technical and organizational measures to prevent misuse, loss, unauthorized access, disclosure or changes.
If you believe your data is not properly secured or suspect misuse, please contact our marketing department at marketing@lumosa.eu.