Skip to content

Privacy Policy

Last updated: March 2026

1. Data Controller

The controller of your personal data is Lucerno, operated by World Leap sp. z o.o., based in Poland. For matters related to personal data protection, you can contact us at: privacy@lucerno.pl

2. Scope & Applicable Law

This policy applies to all visitors and clients of Lucerno, regardless of location. We process personal data in compliance with:
  • The EU General Data Protection Regulation (GDPR) — applicable to individuals in the EU/EEA, including Ireland
  • The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 — applicable to individuals in the United Kingdom
  • The Privacy and Electronic Communications Regulations 2003 (PECR) — applicable to electronic communications targeting the UK, as amended by the Data (Use and Access) Act 2025
  • Other applicable data protection laws in the jurisdictions we serve

3. Data We Collect

We collect the following types of data:
  • Contact information: name, email address, phone number (optional)
  • Business information: company name, business type, website URL
  • Technical data: IP address, browser type, operating system
  • Analytics data: anonymised, cookieless website usage data via Umami Analytics (no personal data collected)

4. Purpose of Data Processing

We process your data for the following purposes:
  • Responding to enquiries submitted through contact forms
  • Service delivery and order processing
  • Sending marketing communications (with your explicit consent only)
  • Website performance analysis and service improvement (using cookieless analytics)
  • Fulfilling legal obligations

5. Legal Basis for Processing

We process your data based on the following legal grounds under EU GDPR and UK GDPR:
  • Art. 6(1)(a) — Your consent (e.g., marketing communications, contact form submissions)
  • Art. 6(1)(b) — Performance of a contract or pre-contractual steps (e.g., service delivery)
  • Art. 6(1)(f) — Legitimate interests of the controller (e.g., website security, fraud prevention)

Where we rely on legitimate interests, we have conducted a balancing test to ensure your rights and freedoms are not overridden. You may request details of this assessment at any time.

6. Cookies & Analytics

Our website uses Umami Analytics, a privacy-focused, cookieless analytics solution. This means:
  • No cookies are placed on your device for analytics purposes
  • No personal data is collected or stored by our analytics
  • No consent banner is required for our analytics tracking
  • We do not use marketing or advertising cookies
  • Essential cookies may be used for core website functionality (e.g., theme preferences)

For UK visitors: Our analytics approach is fully compliant with PECR as no non-essential cookies are used. Under the Data (Use and Access) Act 2025, analytics cookies are exempt from consent requirements — however, we go further by not using cookies at all for analytics.

7. Data Sharing & Processors

Your data may be shared with the following processors, each operating under a Data Processing Agreement (DPA):
  • Umami Analytics — cookieless, privacy-first website analytics (no personal data transferred)
  • Cal.com — meeting and consultation scheduling
  • Resend — transactional email delivery
  • Supabase — secure data storage

All processors maintain appropriate technical and organisational measures to protect your data. We do not sell your personal data to any third party.

8. International Data Transfers

Lucerno is operated from Poland (EU). When we process data of individuals in the UK or other jurisdictions:
  • EU–UK transfers: The European Commission renewed the UK's adequacy decision on 19 December 2025 (extended until 27 December 2031), allowing free data flow between EU and UK without additional safeguards
  • UK–EU transfers: The UK considers the EU adequate for data transfers
  • We maintain Standard Contractual Clause (SCC) fallback provisions as a precautionary measure
  • For Irish and EU clients: No transfer issues arise as processing occurs within the EU

9. Data Retention

We retain your data for the minimum period necessary:
  • Contact form data: up to 3 years from last contact
  • Analytics data: anonymised and aggregated — no personal data retained
  • Contractual data: for the duration of the contract plus any legally required period
  • Data required for legal compliance: for the period required by applicable law

10. Your Rights

Under EU GDPR and UK GDPR, you have the following rights:
  • Right of access — obtain a copy of your personal data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data ("right to be forgotten")
  • Right to restriction — limit how we process your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interests
  • Right to withdraw consent — withdraw consent at any time without affecting prior processing
  • Right not to be subject to automated decision-making — we do not make solely automated decisions with legal effect

To exercise any of these rights, contact us at privacy@lucerno.pl. We will respond within one month (or up to three months for complex requests, with notification).

11. Supervisory Authorities

If you believe your data has been processed unlawfully, you have the right to lodge a complaint with the relevant supervisory authority:
  • UK residents: Information Commissioner's Office (ICO) — ico.org.uk
  • Ireland residents: Data Protection Commission (DPC) — dataprotection.ie
  • EU residents: Your local Data Protection Authority
  • You may also contact us first at privacy@lucerno.pl and we will endeavour to resolve your concern

12. AI & Automated Processing

Where our services include AI-powered features (such as chatbots), we are transparent about their use:
  • AI chatbots are clearly identified as automated systems
  • No automated decision-making with legal or similarly significant effects is carried out
  • You may request human intervention at any time when interacting with AI features

13. Contact Us

For any questions about this privacy policy or how we handle your data: Email: privacy@lucerno.pl Lucerno (World Leap sp. z o.o.) Poland, European Union

14. Policy Changes

This privacy policy may be updated periodically to reflect changes in law or our practices. We will notify you of significant changes by posting a notice on our website. The "last updated" date at the top of this policy indicates when it was last revised.