Lumardox Logo
Lumardox

General Data Protection Regulation (GDPR) Compliance

Last Updated: July 2, 2025

Lumardox is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page explains how we collect, use, store, and protect your personal data in accordance with GDPR principles.

1. Data Controller Information

The data controller responsible for your personal information is:

Lumardox
Viacheslava Chornovola St, 162/3
Cherkasy, Cherkasy Oblast, 18000
Ukraine

Email: help@lumardox.com
Phone: +380963564402

2. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract: Processing is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract
  • Legal Obligation: Processing is necessary for us to comply with the law
  • Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided your interests and fundamental rights do not override those interests

3. What Personal Data We Collect

We may collect and process the following categories of personal data:

3.1 Account Information

  • Full name
  • Email address
  • Username and password
  • Profile photograph
  • Country of residence

3.2 Payment Information

  • Billing address
  • Payment method details processed through secure third-party payment processors
  • Transaction history

3.3 Usage Data

  • Course enrollment and progress
  • Learning activity and completion records
  • Device information and IP address
  • Browser type and version
  • Pages visited and time spent on platform

3.4 Communication Data

  • Customer support correspondence
  • Feedback and survey responses
  • Email communication preferences

4. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To provide and deliver educational services you have requested
  • To create and manage your account
  • To process payments and prevent fraud
  • To send course updates, certificates, and educational content
  • To improve our platform and user experience
  • To respond to your inquiries and provide customer support
  • To send marketing communications with your consent
  • To comply with legal obligations and enforce our terms
  • To analyze platform usage and generate statistical insights

5. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our platform, including:

  • Cloud hosting providers
  • Payment processors
  • Email service providers
  • Analytics services
  • Customer support tools

5.2 Instructors and Content Partners

Course enrollment and progress information may be shared with instructors to facilitate course delivery and certification.

5.3 Legal Requirements

We may disclose your data when required by law, regulation, legal process, or governmental request.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity.

We do not sell your personal data to third parties.

6. International Data Transfers

As a global online education platform, your personal data may be transferred to and processed in countries outside your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions by data protection authorities
  • Binding corporate rules
  • Consent where appropriate

7. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

7.1 Right to Access

You have the right to request a copy of the personal data we hold about you.

7.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

7.3 Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, including when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

7.4 Right to Restriction of Processing

You have the right to request that we restrict processing of your personal data under certain circumstances.

7.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.

7.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

7.7 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

7.8 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

8. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the following methods:

  • Email: help@lumardox.com
  • Phone: +380963564402
  • Mail: Viacheslava Chornovola St, 162/3, Cherkasy, Cherkasy Oblast, 18000, Ukraine

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you of any such extension.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

Retention periods vary based on data type:

  • Account data: Retained while your account is active and for a reasonable period thereafter
  • Transaction records: Retained for accounting and tax compliance purposes
  • Marketing data: Retained until you unsubscribe or withdraw consent
  • Usage logs: Typically retained for analytical purposes for a limited period

When personal data is no longer needed, we securely delete or anonymize it.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication measures
  • Employee training on data protection
  • Secure backup and disaster recovery procedures
  • Monitoring and logging of access to personal data

While we strive to protect your personal data, no method of transmission or storage is completely secure. We cannot guarantee absolute security.

11. Automated Decision-Making and Profiling

We may use automated processing and profiling to:

  • Recommend courses based on your interests and learning history
  • Personalize your learning experience
  • Detect and prevent fraudulent activities

You have the right to object to automated decision-making and profiling that produces legal effects or similarly significantly affects you. You may request human intervention in such decisions by contacting us.

12. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that information.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our platform. For detailed information about our use of cookies, please refer to our Cookie Policy.

You can control cookie preferences through your browser settings. However, disabling certain cookies may affect platform functionality.

14. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

15. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

16. Updates to This Policy

We may update this GDPR compliance policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Updating the last updated date at the top of this page
  • Sending email notification for significant changes

Your continued use of our platform after such changes constitutes acceptance of the updated policy.

17. Data Protection Officer

For questions or concerns regarding data protection, you may contact our data protection team at:

Email: help@lumardox.com
Subject Line: Data Protection Inquiry

18. Contact Information

If you have any questions, concerns, or requests regarding this GDPR compliance policy or our data processing practices, please contact us:

Lumardox
Viacheslava Chornovola St, 162/3
Cherkasy, Cherkasy Oblast, 18000
Ukraine

Email: help@lumardox.com
Phone: +380963564402

Alternative Contact Methods:

  • WhatsApp: https://wa.me/380963564402
  • Viber: viber://chat?number=%2B380963564402
  • Signal: https://signal.me/#p/+380963564402

Your privacy matters to us. We are committed to transparency, security, and respecting your rights under GDPR.