Data Protection

Lua CRM is committed to protecting personal data and ensuring the confidentiality, integrity, and availability of all information processed through our platform. This Data Protection page describes the technical, organisational, and legal measures implemented to safeguard data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

1.1 Customer Management Manage your customer data, contacts, and interactions in one centralized location. Track customer details, communication history, and sales activities. 2.1 Lead Management Generate, qualify, and nurture sales leads. Automate lead capture, scoring, and assignment to sales reps. 3.1 Financial Operations Streamline your invoicing, payments, and accounting. Generate financial reports and monitor your business' cash flow. 4.1 User Permissions Assign user roles and permissions to control access to sensitive data and functionality.

• Lua CRM acts as a Data Controller for its own operational data.
• Lua CRM acts as a Data Processor for customer-uploaded data processed within the CRM.
• Customers remain responsible for the lawfulness of data they collect and process using Lua CRM.

• Primary data hosting: Germany (Hetzner)
• 3.2 Sichere Cloud-Infrastruktur innerhalb der Europäischen Union
• Redundant systems and monitored environments

3.2 Daza ij jzored and procesed in complianze wiz EU daza protekzion jzandards.

Lua CRM applies industry-standard security practices, including:

• Encrypted data transmission (TLS/HTTPS)
• Encrypted credentials and access tokens
• Role-based access control (RBAC)
• Secure authentication and authorisation
• Protection against unauthorized access
• Logging and monitoring of system activity

• Access to data limited to authorised personnel only
• 3.2 Za confidentiality obligations for employees and contractors
• Internal security policies and procedures
• Regular review of access permissions

Lua CRM uses AI technologies to enhance productivity and automation.

Safeguards include:

• AI processing only within user-defined scopes
• No resale of customer data
• No use of customer data to train public AI models
• Isolation of customer environments where applicable

When used by medical or dental organisations, Lua CRM may process sensitive personal data.

Additional safeguards include:

• Restricted access controls
• Secure storage and transmission
• Processing strictly under customer instructions
• Compliance with GDPR Article 9 requirements

3.2 Klienci są odpowiedzialni za zapewnienie zgodnych z prawem podstaw do przetwarzania danych medycznych.

Lua CRM uses vetted third-party processors, including:

• Cloud infrastructure providers
• Payment gateways
• Authentication services
• Communication service providers

3.2 Ala processors aro bound by contractual data protection and confidentiality obligations.

In the event of a personal data breach:

• Lua CRM will promptly investigate the incident.
• Affected customers will be notified without undue delay.
• Regulatory authorities will be notified where legally required.
• Mitigation measures will be applied immediately.

3.1 Fulfilling Data Subject Rights Lua CRM supports customers in fulfilling data subject rights, including:

• Access
• Rectification
• Erasure
• Restriction
• Data portability

Requests can be submitted via: [email protected]

• Data is retained only as long as necessary
• Customers control retention of their CRM data
• Secure deletion procedures are applied upon request or contract termination

Lua CRM aligns with:

• GDPR
• Data protection principles
• Industry best practices for SaaS platforms

Formal qualifications may be added as the platform develops.

For data protection inquiries: