1. Introduction

This Policy governs the rules for the collection and processing of personal data through the Lunarium mobile application. The following terms used in this Policy have the following meanings:The controller of personal data is the company Lunarium s.r.o., ID No.: 14025957, with registered office at Záhřebská 157/24, 120 00 Prague 2, Vinohrady (hereinafter referred to as the "Company").A user is a personal data subject, i.e. any natural person who creates a user account and becomes a member of the Application and thus enters into a service agreement with the Company for the purpose of using the Application.
The term Application refers to the mobile software application operated by the Administrator under the name Lunarium. The App is available in the AppStore and Google Play store and by using the Company's website.
Legislation means applicable legislation relating to the protection of personal data processed by the Controller, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR").Personal data refers to any information about an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific elements of that natural person's physical, physiological, genetic, mental, economic, cultural or social identity.
Processing is any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automated processes, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other disclosure, alignment or combination, restriction, erasure or destruction.A processor is a natural or legal person, public authority, agency or other entity that processes personal data for the Controller.This Privacy Policy may be amended or supplemented by the Company from time to time. In the event of a change or amendment to this Policy, the Company will notify the User by email in a timely manner, 30 days prior to the effective date of such changes. In the event of User's disagreement with any change or amendment to the Policy, User shall have the right to terminate the Service Agreement without penalty.

2. Processed personal data

SThe Controller determines the purposes and means of processing personal data in the context of operating the Application. The Controller collects, processes, stores and protects the following personal data of Users in the following categories based on your prior consent:- Users' login details for all types of user accounts, including products
security keys or other codes generated for the User
- IP or MAC addresses of devices from which Users access the ApplicationSpecifically, the data collected by the Application is as follows:- first and last name
- birth date
- zodiac sign
- email address (e-mail)
- bank and billing information
- the IP addresses of the devices from which you logged into the Application

3. Purposes and grounds of processing

The Administrator processes the above personal data in order to enable the User to use the functions of the Application, based on the User's explicit consent. This purpose is as follows:Creating and arranging access to the Application, including arranging payment of subscriptions.Fulfillment of the purpose of the Application, i.e. the contract concluded between the Company and the User, which was concluded on the basis of the User's acceptance of the terms and conditions of the Application.Sending personalised communications based on the legitimate interest of the Company and/or the User's explicit consent.

4. Duration of processing

The personal data processed for the purpose of using the Application is stored for the duration of the User's account and therefore for the duration of the contract between the Company and the User, but no longer than 10 years from the end of the contract.In the event that the User withdraws his/her consent to the processing of personal data and there is no other lawful reason for further processing of the personal data concerned, the Administrator shall terminate the processing of personal data without undue delay.Withdrawal of consent to the processing of personal data will, by its nature, result in the cancellation of the User's account, as it will not be possible to process the necessary data any further. However, the withdrawal of consent does not affect the lawfulness of the processing of personal data based on consent prior to its withdrawal.

5. The method of processing

The controller shall always process personal data only to the extent reasonably relevant and limited in relation to the purpose of their processing, while respecting the time limitation of the storage of personal data.The controller shall ensure that the personal data is accurate and, where necessary, updated. If it becomes aware of inaccuracies, it will correct them in accordance with the Legislation.Personal data is confidential to the Administrator. With the exceptions described in this Policy, the Controller does not transfer Personal Data to any third parties.

6. Processors of personal data

The User hereby acknowledges and expressly agrees that personal data may also be processed by third parties under the conditions set out in the Policy.The Company ensures the functionality and operation of the Application and undertakes to maintain it regularly and to make it available to the User. The maintenance and servicing of the Application by the Company is purely incidental in nature, consisting of the need for bug fixes and system maintenance. The User consents to the use of other processors whose processing consists of storing data on cloud servers and self-employed persons if this is necessary to secure or ensure the functionality of the Application.No other Processor will be involved in the processing without the User's consent or without entering into a contract that binds the sub-processor to substantially similar obligations with respect to the processing of personal data to which the Company is bound.In the event that the Company intends to involve another Processor in the processing, the Company is obliged to inform the User. Any instructions to other Processors will be in accordance with data protection legislation. The Company will always take care to select Processors appropriately.There is always an appropriate contract between the Controller and the Processor for the processing of personal data in accordance with the Legislation, by which the Processor has undertaken to protect personal data.

7. Personal data protection

The Controller makes efforts to achieve the high standards of data protection required by the Legislation. All personal data processing operations are carried out with appropriate security against theft, loss, alteration or misuse. The Controller has taken appropriate technical and organisational measures to this end and requires the same standard of protection of personal data from its Processors.Processors and employees of the Controller who come into contact with personal data are always bound by the obligation of confidentiality.All personal data processed in electronic form are stored on secure servers of the Controller's processors and are subject to control by the Controller and supervisory authorities.In the event of a personal data breach, the Controller shall notify the competent supervisory authority without undue delay, but no later than 72 hours after the discovery of the personal data breach, unless it can prove, in accordance with the principle of accountability, that the personal data breach is unlikely to result in a risk to the rights and freedoms of Users. If the notification to the supervisory authority is not made within 72 hours, the reasons for the delay must be given at the same time. If a particular personal data breach is likely to result in a high risk to the rights and freedoms of Users, the controller shall notify the affected Users of the breach without undue delay.The controller shall document any personal data breaches, indicating the facts relating to the breach, its effects and the corrective measures taken. This documentation shall enable the supervisory authority to verify compliance with Article 33 of the GDPR.

8. Rights of the user

According to the Legislation, every personal data subject has:- The right to withdraw consent to the processing of personal data.
- The right of access to the User's personal data processed and information on the method and purpose of processing personal data, including information on the transfer of the User's personal data to other Processors.
- Right to rectification of incomplete or inaccurate personal data of the User.
- The right to delete the User's personal data due to the withdrawal of consent to the processing of personal data, the unnecessary further processing of the User's personal data, the lack of legitimate interest of the Company in the further processing of the User's personal data, violation of the Legal - Regulations in the processing of the User's personal data by the Company. However, this right shall not apply in cases where further processing of the User's personal data is necessary to comply with the Company's legal obligations.
- The right to limit the processing of the User's personal data.
- The right to portability of the User's personal data to another controller.
- The right to object to the processing of the User's personal data in cases where the processing of personal data is based on a legitimate interest of the Company.
- The right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, located at Pplk. Sochor 27, 170 00 Prague 7.

9. Contact

If you have any questions or comments regarding the protection of personal data, you can contact the Administrator at info@lunarium.app.At this e-mail address, it is possible to exercise the User's rights concerning the Controller, in particular to withdraw consent to the processing of personal data or to request an update of personal data.