Data protection and information security are essential elements at luca.
The protection of your data and your trust are very important to us. Therefore, we have implemented technical and organisational measures to ensure the security of processing, which we are continuously developing.
luca meets all requirements of the EU General Data Protection Regulation and is data protection compliant according to the EU GDPR.
Download our TÜV Saarland certificate
If you would also like to check the validity of this certificate, you can do so here using the TÜV Saarland certificate database.
Got questions about data privacy in general?
Yes. luca meets all requirements of the EU General Data Protection Regulation and is data protection compliant according to the EU GDPR. This was recently certified by TÜV Saarland. In accordance with the EU GDPR, we have checked our product for the essential legal requirements such as data protection through technical design and data protection-friendly default settings (Art. 25 EU GDPR) or the support of customers in safeguarding data subject rights – such as the right to deletion, the right to information or the right to data portability (Chapter 3 EU GDPR) and have made the appropriate adjustments.
For one thing, we require all employees to observe confidentiality and data protection in general and familiarise them with the consequences in the event of a breach. In addition, we regularly hold training sessions on data protection law in our company.
We align ourselves organisationally with the requirements of ISO/IEC 27001 and strive for the continuous improvement of processes and structures in data protection and information security.
In the unexpected event of a data breach at luca, in which personal data of customers is affected and the breach is likely to result in a risk to the rights and freedoms of operators and users, luca will immediately notify the affected person in accordance with its legal and contractual obligations.
Yes. Data protection is an essential part of our product strategy and thus we already pay attention to principles such as data economy and the use of state-of-the-art measures to ensure an appropriate level of protection when developing luca. In the context of the EU GDPR, we have also reviewed the entire application regarding the default settings and adapted it to the extent that it achieves the highest possible level of data protection friendliness while remaining user-friendly. In addition, the settings are basically designed in a way that customers can adjust them according to their needs. In order to ensure this on an ongoing basis, we have also defined a process to continuously feed legal requirements into the product development process and then review the application at regular intervals.
If you have any further questions, you can contact our appointed data protection officer. You can reach her via privacy@culture4life.de.
You want to use luca Pay in your location? Who is responsible for what?
The responsibility lies with you as the operator:in the location. You initiate the payment and thus also the collection of the data for the settlement of the invoice of your customers.
We act as a technical service provider. This means that we connect you with Rapyd, the payment service provider, and provide you with the necessary support at any time.
After successfully creating a luca Locations account, you have concluded an Data Processing Agreement (DPA) with us. It regulates how we handle data related to your account. This contract is stored in your profile. You can access it via your luca Locations account.