PRIVACY POLICY OF THE LULA CLEANING PLATFORM
This Privacy Policy (the „Policy”) contains information about the processing of your personal data in connection with your use of the „Lula Cleaning” online platform, available at https://lula.cleaning (the „Platform”).
Any capitalised terms not otherwise defined in this Policy have the meanings given to them in the Terms of Service, available at: https://lula.cleaning/en/terms-and-conditions/.
Personal Data Controller
The controller of your personal data is Lula Solutions sp. z o.o., with its registered office in Warsaw (registered office address: ul. Hoża 29/31, 00 – 521 Warsaw), entered into the Register of Entrepreneurs of the National Court Register kept by the District Court for the Capital City of Warsaw in Warsaw, 12th Commercial Division of the National Court Register under KRS no.: 0000977968, NIP (tax ID): 7011093598, REGON (statistical no.): 522355756, share capital: PLN 5,000 (the „Controller”).
Contact with the Controller
For all matters related to the processing of personal data you can contact the Controller by email at: support A T lula . cleaning.
Personal data protection measures
The Controller applies modern organisational and technical safeguards to ensure the best possible protection of your personal data and guarantees that it processes them in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation, “GDPR”), the Polish Personal Data Protection Act of 10 May 2018, and other applicable data protection laws.
Information on processed personal data
Using the Platform requires the processing of your personal data. Below you will find detailed information on the purposes and legal bases of processing, as well as on the storage period and whether providing the data is obligatory or voluntary.
| Purpose of processing | Personal data processed | Legal basis / Storage / Voluntariness |
| Conclusion and performance of the Landlord/Cleaning Company Account Service Agreement. | Email address; first name; phone number; company name. | Art. 6(1)(b) GDPR (processing is necessary for the performance of the Landlord/Cleaning Company Account Service Agreement concluded with the data subject, or to take steps at the request of the data subject prior to entering into such agreement).
Providing the above personal data is a condition for concluding and performing the Landlord/Cleaning Company Account Service Agreement (providing them is voluntary, but the consequence of not providing them will be the inability to conclude and perform the Agreement). The Controller will process the above personal data until the limitation periods for claims arising from the Landlord/Cleaning Company Account Service Agreement expire. |
| Conclusion and performance of the Platform Service Agreement. | Email address; full name/company; phone number; NIP; REGON; registered office/business/billing address. | Art. 6(1)(b) GDPR (processing is necessary for the performance of the Platform Service Agreement concluded with the data subject, or to take steps at the request of the data subject prior to entering into such agreement).
Providing the above personal data is a condition for concluding and performing the Platform Service Agreement (providing them is voluntary, but the consequence of not providing them will be the inability to conclude and perform the Agreement). The Controller will process the above personal data until the limitation periods for claims arising from the Platform Service Agreement expire. |
| Conclusion and performance of the Newsletter or other Digital Good Agreement. | Email address; first name; surname; company; phone number. | Art. 6(1)(b) GDPR (processing is necessary for the performance of the Newsletter Agreement concluded with the data subject, or to take steps at the request of the data subject prior to entering into such agreement), and Art. 6(1)(f) GDPR (processing is necessary for the purposes of the Controller’s legitimate interests, namely informing about news and promotions available on the Platform).
Providing the above personal data is voluntary but necessary to receive the Newsletter or other Digital Good (the consequence of not providing them will be the inability to receive the Newsletter/deliver the Digital Good). The Controller will process the above personal data until an effective objection is lodged or the purpose of processing is achieved, or until the limitation periods for claims arising from the Newsletter or other Digital Good Agreement expire (whichever occurs first). |
| Sending email notifications. | Email address. | Art. 6(1)(f) GDPR (processing is necessary for the purposes of the Controller’s legitimate interests, namely informing Users about actions taken in connection with the provision of services).
Providing the above personal data is voluntary but necessary to receive information on actions related to the provision of services (the consequence of not providing them will be the inability to receive such information). The Controller will process the above personal data until an effective objection is lodged or the purpose of processing is achieved. |
| Fulfilment of tax obligations (including issuing VAT invoices, retaining accounting documentation). | Full name/company; home/registered office address; NIP (tax ID). | Art. 6(1)© GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, namely obligations under tax law).
Providing the above personal data is voluntary but necessary for the Controller to fulfil its tax obligations (the consequence of not providing them will be the inability for the Controller to fulfil such obligations). The Controller will process the above personal data for 5 years from the end of the year in which the deadline for payment of tax for the previous year expired. |
| Performance of obligations related to personal data protection. | First name; surname; contact details (email address, correspondence address, phone number). | Art. 6(1)© GDPR (processing is necessary for compliance with a legal obligation to which the Controller is subject, namely obligations arising from data protection regulations).
Providing the above personal data is voluntary but necessary for the proper performance by the Controller of its obligations arising from data protection laws, including the exercise of your rights under the GDPR (the consequence of not providing the data will be the inability to properly exercise such rights). The Controller will process the above personal data until the expiry of the limitation periods for claims for breach of data protection regulations. |
| Establishment, exercise or defence of legal claims. | Full name/company; email address; home/registered office address; PESEL (Polish national ID); NIP (tax ID). | Art. 6(1)(f) GDPR (processing is necessary for the purposes of the Controller’s legitimate interests, namely the establishment, exercise or defence of claims that may arise in connection with the performance of agreements concluded with the Controller).
Providing the above personal data is voluntary but necessary for the establishment, exercise or defence of such claims (the consequence of not providing them will be the inability of the Controller to undertake these actions). The Controller will process the above personal data until the expiry of the limitation periods for claims that may arise in connection with the performance of agreements concluded with the Controller. |
| Analysis of your activity on the Platform. | Date and time of visit; device IP address; device operating system type; approximate location; web browser type; time spent on the Platform; subpages visited and other actions performed within the Platform. | Art. 6(1)(f) GDPR (processing is necessary for the purposes of the Controller’s legitimate interests, namely obtaining information about your activity on the Platform, including session replay).
Providing the above personal data is voluntary but necessary for the Controller to obtain information about your activity on the Platform (the consequence of not providing them will be the inability to obtain such information). The Controller will process the above personal data until an effective objection is lodged or the purpose of processing is achieved. |
| Administration of the Platform. | IP address; server date and time; information about the web browser; information about the operating system.
The above data are automatically recorded in server logs each time you use the Platform (administration without server logs and automatic recording would not be possible). |
Art. 6(1)(f) GDPR (processing is necessary for the purposes of the Controller’s legitimate interests, namely ensuring the proper functioning of the Platform).
Providing the above personal data is voluntary but necessary to ensure the proper operation of the Platform (the consequence of not providing them will be the inability to ensure the proper operation of the Platform). The Controller will process the above personal data until an effective objection is lodged or the purpose of processing is achieved. |
Profiling
To create your profile for marketing purposes and to direct direct marketing tailored to your preferences, the Controller will process your personal data in an automated manner, including profiling; however, this will not produce any legal effects concerning you or similarly significantly affect your situation.
The scope of profiled personal data corresponds to the scope indicated above with respect to analysing your activity on the Platform and the data you save in your account.
The legal basis for processing for the above purpose is Art. 6(1)(f) GDPR, under which the Controller may process personal data for the purposes of its legitimate interests, namely conducting marketing activities tailored to the preferences of recipients. Providing the above personal data is voluntary but necessary to achieve the above purpose (the consequence of not providing them will be the inability of the Controller to conduct marketing activities tailored to recipients’ preferences).
The Controller will process personal data for profiling until an effective objection is lodged or the purpose of processing is achieved.
Recipients of personal data
The recipients of personal data may include the following external entities cooperating with the Controller:
hosting services provider;
domain provider;
email system provider;
online payment system providers;
Facebook social networking service provider;
Apple service provider;
online meeting scheduling provider;
CRM system provider;
webinar system provider;
provider of tools enabling the automatic translation of messages exchanged by Users into other languages;
companies providing tools used to analyse activity on the Platform and to deliver direct marketing to its users (including Google Ads);
accounting office.
In addition, personal data may be transferred to public or private entities if such an obligation results from generally applicable law, a final and binding court judgment or a final and binding administrative decision.
Transfers of personal data to third countries
In connection with the Controller’s use of services provided by Google LLC, your personal data may be transferred to the following third countries: the United Kingdom, Canada, the United States, Chile, Brazil, Israel, Saudi Arabia, Qatar, India, China, South Korea, Japan, Singapore, Taiwan (Republic of China), Indonesia and Australia.
The legal basis for transferring data to the above third countries is as follows:
- for the United Kingdom, Canada, Israel and Japan – European Commission adequacy decisions confirming an adequate level of data protection in each of those third countries;
- for the United States, Chile, Brazil, Saudi Arabia, Qatar, India, China, South Korea, Singapore, Taiwan (Republic of China), Indonesia and Australia – contractual clauses ensuring an adequate level of protection, in line with the standard contractual clauses set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries under Regulation (EU) 2016/679.
You may obtain from the Controller a copy of the data that are transferred to a third country.
Your rights
In connection with the processing of personal data, you have the following rights:
- the right to be informed which of your personal data are processed by the Controller and to receive a copy of those data (the right of access). The first copy is free of charge; for additional copies, the Controller may charge a fee;
- if the processed data become outdated, incomplete or otherwise inaccurate, you have the right to request their rectification;
- in certain situations, you may request the Controller to erase your personal data, for example where: (i) the data are no longer needed by the Controller for the purposes about which you were informed; (ii) you have effectively withdrawn your consent to the processing – provided that the Controller has no other legal basis for processing; (iii) the processing is unlawful; or (iv) the erasure is required for the Controller to comply with a legal obligation;
- where personal data are processed by the Controller on the basis of consent or for the performance of a contract concluded with the Controller, you have the right to data portability;
- where personal data are processed by the Controller on the basis of your consent, you have the right to withdraw that consent at any time (the withdrawal does not affect the lawfulness of processing based on consent before its withdrawal);
- if you consider that your personal data are inaccurate, their processing is unlawful, or the Controller no longer needs certain data, you may request that, for a necessary period (e.g. to verify the accuracy of the data or to establish/defend claims), the Controller refrain from performing any operations on the data and only store them (restriction of processing);
- you have the right to object to the processing of personal data where the legal basis for processing is the Controller’s legitimate interests. If the objection is effective, the Controller will cease processing the personal data for that purpose;
- you have the right to lodge a complaint with the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych) if you consider that the processing of personal data infringes the GDPR.
Cookies
The Platform uses “cookies”, which are installed on your terminal device. These are small text files that can be read by the Controller’s system, as well as by systems belonging to other entities whose services the Controller uses (e.g. Facebook, Google).
The Controller uses cookies for the following purposes:
- ensuring the proper operation of the Platform – cookies make it possible for the Platform to operate smoothly, for you to use its features and to move conveniently between subpages;
- improving your browsing experience on the Platform – cookies make it possible to detect errors on some subpages and to continuously improve them;
- compiling statistics – cookies are used to analyse how Users use the Platform. This allows the Platform to be continuously improved and adapted to Users’ preferences;
- conducting marketing activities – cookies allow the Controller to direct advertisements tailored to Users’ preferences.
The Controller may place both persistent and session cookies on your device. Session cookies are usually deleted when you close your browser, while closing the browser does not remove persistent cookies.
Information about the cookies used by the Controller is displayed in the panel located at the bottom of the Platform’s website. Depending on your choice, you can enable or disable cookies in individual categories (except for necessary cookies) and change these settings at any time.
Data collected via cookies do not allow the Controller to identify you.
The Controller uses the following cookies or tools that use cookies:
| TOOL | PROVIDER | FUNCTIONS AND SCOPE OF DATA COLLECTED | OPERATING PERIOD |
| Necessary cookies | Controller | The operation of these cookies is necessary for the proper functioning of the Platform’s website, therefore you cannot disable them. Thanks to these cookies (which collect, among other things, the IP number of your device), it is possible, among other things, to log in and use the Platform, as well as to collect information about your activity on the Platform, including session replay. | Most necessary cookies are session cookies, but some remain on your terminal device for up to 2 years or until they are deleted; |
| This tool allows registration and logging in using the Google button (if you use this form of logging in). | Up to 2 years or until they are deleted (whichever occurs first) | ||
| Facebook | Facebook | This tool allows registration and logging in using the Facebook button (if you use this form of logging in). | Up to 2 years or until they are deleted (whichever occurs first) |
| Apple | Apple | This tool allows registration and logging in using the Apple button (if you use this form of logging in). | Up to 2 years or until they are deleted (whichever occurs first) |
Through most commonly used browsers you can check whether cookies have been installed on your terminal device, remove installed cookies and block the Platform from installing them in the future. However, disabling or restricting cookies may cause substantial difficulties in using the Platform, e.g. the need to log in on every subpage, longer loading times, and limitations in using certain functionalities.
Final provisions
To matters not regulated by this Policy, generally applicable data protection laws apply.
This Policy has been in force since 1 July 2023.
