Luart Logo

Privacy Policy

1. DEFINITIONS

  • Controller – shall mean the LUT INVESTMENTS Limited Liability Company in organization, a company established under the laws of Georgia with its seat in Tbilisi, address: Ilia Chavchavadze Avenue 60b, Floor 16, Office 65, Tbilisi, Georgia.
  • Personal data – shall mean information about a natural person identified or identifiable by one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity, including device IP, Internet identifier and information collected through cookies and other similar technology.
  • Policy – this Privacy Policy.
  • GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC.
  • Platform – the website operated by the Controller at: https://www.luart.io/.
  • User – any natural person visiting the Platform or using one or more services or functionalities described in the Policy.

2. DATA PROCESSING IN CONNECTION WITH THE USE OF THE SERVICE

  • In connection with the use of the Platform by the User, the Controller collects data to the extent necessary to provide the services offered on the Platform, as well as information on the User's activity on the Platform. The detailed principles and purposes of processing of the Personal data collected during the use of the Platform by the User are described in the subsequent provisions of the Policy.

3. PURPOSES AND LEGAL BASIS OF DATA PROCESSING ON THE PLATFORM

[USE OF THE PLATFORM - NON LOGGED USERS]
  • Personal Data of all persons using the Platform (including IP address or other identifiers and information collected through cookies or other similar technologies), who are not logged in Users (i.e. persons who have not connected their Terra Station wallet to the Service), are processed by the Controller:
  • for the purpose of rendering electronic services within the scope of providing Users with access to the contents collected on the Website – the legal basis for such processing is the necessity of processing for performance of a contract (Article 6(1)(b) GDPR);
  • for analytical and statistical purposes – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of User activity, as well as of User preferences in order to improve functionalities and services provided;
  • if necessary, in order to establish and assert claims or to defend against claims – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights;
  • for marketing purposes of the Controller and other entities, in particular related to presenting behavioural advertisement – the rules of processing the Personal data for marketing purposes are described in Point 4 of this Policy.
  • User activity on the Platform, including his/her Personal data, are recorded in system logs (special computer program used for storing a chronological record containing information about events and actions related to the IT system used for rendering services by the Controller). The information collected in the system logs is processed mainly for the purposes related to the provision of services. The Controller also processes them for technical and administrative purposes, to ensure the security of the IT system and to manage the system, as well as for analytical and statistical purposes – in this regard the legal basis of the processing is the Controller's legitimate interest (Article 6(1)(f) GDPR).
[USE OF THE PLATFORM - LOGGED IN USERS]
  • Persons who wish to use the full range of services provided on the Platform may connect their Terra Station wallet to the Platform. The Controller will only retrieve from the User's Terra Station wallet the data necessary to use the services provided through the Service, such as the wallet address.
  • Personal data shall be processed:
    • for the purpose of granting access to and providing the full range of services available on the Platform – the legal basis for such processing is the necessity of processing for performance of a contract (Article 6(1)(b) GDPR);
    • for analytical and statistical purposes – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of User activity, as well as of User preferences in order to improve functionalities and services provided;
    • if necessary, in order to establish and assert claims or to defend against claims – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights;
    • for marketing purposes of the Controller and other entities – the rules of processing the Personal data for marketing purposes are described in Point 4 of this Policy.
[NFT MARKETPLACE]
  • By means of the Platform, the Controller enables the Users to sell and/or purchase goods from other Users. The use of the NFT Marketplace functionality, including the placement of an order (purchase or sale of goods) by the User requires the connection of the Terra Station wallet and involves the processing of the Personal Data made available through it, such as the wallet address. Provision of such data is required in order to use the NFT Marketplace functionality, and failure to provide such data results in the inability to use the above-mentioned services.
  • Personal data shall be processed:
    • for the purpose of fulfilling a transaction on the NFT Marketplace – the legal basis for such processing is the necessity of processing for performance of a contract (Article 6(1)(b) GDPR);
    • for the purpose of fulfilling statutory obligations incumbent on the Controller, arising in particular from tax and accounting regulations – the legal basis for such processing is a legal obligation (Article 6(1)(c) GDPR);
    • for analytical and statistical purposes – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of User activity, as well as of User preferences in order to improve functionalities and services provided;
    • if necessary, in order to establish and assert claims or to defend against claims – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights.
[STAKING]
  • By means of the Platform, the Controller enables the Users to sell, stake or purchase goods. The use of the Staking functionality, including the performance of any transaction (sale, stake or purchase of goods) by the User requires the connection of the Terra Station wallet and involves the processing of the Personal data made available through it, such as the wallet address. Provision of such data is required in order to use the Staking functionality, and failure to provide such data results in the inability to use the above-mentioned services.
  • Personal data shall be processed:
    • for the purpose of fulfilling a transaction – the legal basis for such processing is the necessity of processing for performance of a contract (Article 6(1)(b) GDPR);
    • for the purpose of fulfilling statutory obligations incumbent on the Controller, arising in particular from tax and accounting regulations – the legal basis for such processing is a legal obligation (Article 6(1)(c) GDPR);
    • for analytical and statistical purposes – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of User activity, as well as of User preferences in order to improve functionalities and services provided;
    • if necessary, in order to establish and assert claims or to defend against claims – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights.
[NFT LAUNCHPAD]
  • By means of the Platform, the Controller enables the Users to acquire the NFTs directly on the Platform. The use of the NFT Launchpad functionality requires the connection of the Terra Station wallet and involves the processing of the Personal data made available through it, such as the wallet address. Provision of such data is required in order to use the NFT Launchpad functionality, and failure to provide such data results in the inability to use the above-mentioned services.
  • Personal data shall be processed:
    • for the purpose of providing the User with the possibility to use the NFT Launchpad functionality – the legal basis for such processing is the necessity of processing for performance of a contract (Article 6(1)(b) GDPR);
    • for analytical and statistical purposes – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of User activity, as well as of User preferences in order to improve functionalities and services provided;
    • if necessary, in order to establish and assert claims or to defend against claims – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights.
[CONTACT FORMS – RECRUITMENT]
  • On the Platform the Controller allows the Users to express their interest to participate in the current recruitment processes conducted by the Controller and to send a recruitment application. As part of a recruitment application via a dedicated contact form available on the Platform, the Controller requires the User to provide the following Personal data: first name, Telegram nickname, e-mail address. Additionally, the User may optionally indicate his/her other Personal data in the field "A brief description of yourself". Providing the above-mentioned Personal data is voluntary, but necessary to make contact with the User and to initiate the recruitment process by the Controller.
  • The Controller also allows the User to express their interest to take part in future recruitment processes by sending an email using the dedicated "Let's stay in touch" button.
  • Personal data shall be processed:
    • in the case where the preferred form of employment is a civil law contract – in order to identify the User and initiate the recruitment process – the legal basis for such processing is the necessity of the processing to undertake activities prior to the conclusion of the contract at the request of the job candidate (Article 6(1)(b) GDPR); with regard to the data provided optionally, the legal basis for processing is consent (Article 6(1)(a) GDPR);
    • where the preferred form of employment is an employment contract – in order to comply with the obligations arising from the provisions of the law relating to the employment process – the legal basis for the processing is a legal obligation incumbent on the Controller (Article 6(1)(c) GDPR in relation to the provisions of labour law); with regard to the data provided optionally, the legal basis for processing is consent (Article 6(1)(a) GDPR);
    • for the purposes of future recruitment processes – the legal basis for processing is the User's consent (Article 6(1)(a) GDPR);
    • if necessary, in order to establish and assert claims or to defend against claims – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights.

4. MARKETING

  • The Controller processes the Users' Personal data in order to carry out marketing activities, which may consist in:
    • displaying marketing content to the User that is not adapted to the User's preferences (contextual advertising);
    • displaying marketing content corresponding to the User's interests (behavioural advertising);
    • sending e-mail notifications about interesting offers or content, which in some cases contain commercial information (newsletter service);
    • conducting other activities related to direct marketing of goods and services (sending commercial information by e-mail and telemarketing activities).
  • In order to carry out marketing activities, the Controller in some cases uses profiling. This means that thanks to automatic data processing the Controller evaluates selected factors concerning the Users in order to analyse their behaviour or to create a forecast for the future. This allows for better adjustment of the displayed content to the individual preferences and interests of the Users.
[CONTEXTUAL ADVERTISING]
  • The Controller processes the Users' Personal data for marketing purposes in connection with addressing contextual advertising to the Users (i.e. advertising which is not adjusted to the User's preferences). The processing of Personal data is carried out in such cases in connection with the Controller's legitimate interest (Article 6(1)(f) GDPR).
[BEHAVIOURAL ADVERTISING]
  • The Controller and its trusted partners process the Users' Personal data, including Personal data collected through cookies and other similar technologies, for marketing purposes in connection with targeting the Users with behavioural advertising (i.e. advertising that is tailored to the User's preferences). The processing of Personal data in such cases also includes profiling of Users.
  • A list of the Controller's trusted partners can be found here https://luart.io
[NEWSLETTER]
  • Subscribing to a newsletter by the Users involves the processing of their Personal data, such as the Users’ e-mail addresses. Providing the e-mail address is required in order to provide the newsletter service, and its failure results in the inability to send the newsletter. This form of communication with the User may include profiling.
  • Personal data shall be processed:
    • for the purpose of providing the newsletter service – the legal basis for such processing is the necessity of processing for performance of a contract (Article 6(1)(b) GDPR);
    • in case of sending marketing content to the User within the newsletter – the legal basis for such processing, including the use of profiling, is the Controller's legitimate interest (Article 6(1)(f) GDPR) in connection with the expressed consent to receive the newsletter;
    • for analytical and statistical purposes – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of conducting analyses of User activity, as well as of User preferences in order to improve functionalities and services provided;
    • if necessary, in order to establish and assert claims or to defend against claims – the legal basis for such processing is the Controller's legitimate interest (Article 6(1)(f) GDPR), consisting of the protection of the Controller's rights.

5. SOCIAL MEDIA

  • The Controller processes Personal data of Users who visit the Controller's profiles held in social media (Telegram, Medium, Discord, Twitter). The data is processed solely in connection with running the profile, including for the purpose of informing the Users about the Controller's activity and promoting various events, services and products. The legal basis for the processing the Personal data by the Controller for this purpose is the Controller’s legitimate interest (Article 6(1)(f) GDPR), consisting in promoting its own brand.
  • The information indicated in Point 5.1 above does not apply to the processing of Personal data by respective Controllers of the above-mentioned social media platforms (Telegram, Medium, Discord, Twitter).

6. COOKIES AND SIMILAR TECHNOLOGY

  • Cookies are small text files installed on the device of the User browsing the Platform. Cookies collect information aimed at making the Platform usage easier e.g. by storing data about the User's visits on the Platform and actions performed by him.
[NECESSARY COOKIES]
  • The Controller uses necessary cookies mainly in order to provide services and functionalities of the Platform chosen by the Users. Necessary cookies can be installed only by the Controller through the Platform.
  • The legal basis for data processing in connection with the use of necessary cookies is the necessity of processing for performance of a contract (Article 6(1)(b) GDPR);
[FUNCTIONAL AND ANALYTICAL COOKIES]
  • Functional cookies are used in order to remember and adjust the Platform to the User's choices e.g. in terms of language preferences. Functional cookies may be installed by the Controller and its partners through the Platform.
  • Analytical cookies make it possible to obtain information such as number of visits and traffic sources of the Platform. They are used to determine which pages are more popular, and to understand how Users navigate the Platform by storing statistics about the traffic on the Platform. The processing is done to improve the performance of the Platform. The information collected by these cookies is aggregated and is therefore not intended to establish the identity of the User.
  • The legal basis for the processing of Personal data in connection with the use of necessary, functional and analytical cookies by the Controller is its legitimate interest (Article 6(1)(f) GDPR), consisting of ensuring the highest quality of services provided on the Platform.
[ADVERTISING COOKIES]
  • Advertising cookies allow to match the advertising content to the interests of the Users within the Platform and outside the Platform. On the basis of information from these cookies and User's activity on other platforms a profile of User's interests is built. Advertising cookies can be installed by the Controller and its partners through the Controller's website.
  • The legal basis for the processing of Personal data in connection with the use of advertising cookies by the Controller is its legitimate interest (Article 6(1)(f) GDPR), consisting of carrying out marketing activities.

7. ANALYTICAL AND MARKETING TOOLS USED BY THE CONTROLLER'S PARTNERS

  • The Controller and its partners use various solutions and tools used for analytical and marketing purposes. Below you will find basic information about these tools. Detailed information in this regard can be found in the privacy policy of the respective partner.
[GOOGLE ANALYTICS]
  • Google Analytics cookies are cookies used by Google to analyse the use of the Platform by the Users, as well as to compile statistics and reports on the functioning of the Platform. Google does not use the collected data to identify the User nor does it combine this information to enable identification. Detailed information on the scope and principles of data collection in connection with this service can be found under the following link: https://www.google.com/intl/pl/policies/privacy/partners.
[INTERCOM]
  • Intercom is a customer communication platform. It shows who is using a product or website and facilitates personal communication with customers through targeted content, behaviour-based messages and conversational support. Information about Intercom's data processing for the above-mentioned services is available under the following link: https://www.intercom.com/legal/privacy.

8. MANAGING COOKIE SETTINGS

  • The use of cookies to collect data through them, including gaining access to data stored on the User's device, requires the User's consent. This consent may be withdrawn at any time.
  • Consent is not required only in case of cookies that are necessary for the provision of telecommunication service (data transmission to display content).
  • The Controller receives consent from the User via a cookie banner displayed on the Platform. This consent can be withdrawn at any time through the cookie banner. The User can return to the banner by clicking on the Manage cookies button.

9. DURATION OF PERSONAL DATA PROCESSING

  • The duration of data processing by the Controller depends on the type of service provided and the purpose of processing. As a rule, the data is processed for the duration of the service provision or order processing, until the withdrawal of the expressed consent or filing an effective objection to data processing in cases where the legal basis of data processing is the legitimate interest of the Controller.
  • The duration of data processing may be extended if the processing is necessary to establish and assert possible claims or to defend against claims, and thereafter only in the case and to the extent required by law. After the end of the processing time-span, the data is irreversibly deleted or anonymized.

10. RIGHTS OF THE USER

  • The User shall have the right to access the content of the data and to request rectification, erasure, restriction of processing, the right to data portability and the right to object to the processing of the data, as well as the right to lodge a complaint with the supervisory authority dealing with the protection of Personal data.
  • To the extent that the User's data are processed on the basis of consent, this consent may be withdrawn at any time by contacting the Controller by email at hello@luart.io.
  • The User has the right to object to the processing of data for marketing purposes if the processing is carried out in connection with the legitimate interest of the Controller, as well as – for reasons connected with the User's special situation – in other cases where the legal basis of the data processing is the legitimate interest of the Controller (e.g. in connection with the analytical and statistical activities).

11. DATA RECIPIENTS

  • In connection with the provision of services, Personal data will be disclosed to external entities, including in particular providers responsible for the operation of IT systems, entities such as banks and payment operators, marketing agencies (within the scope of marketing services).
  • The Controller reserves the right to disclose selected information concerning the User to competent authorities or third parties, who will submit a request for such information on the basis of an appropriate legal basis and in accordance with the provisions of the law in force.

12. TRANSFER OF DATA OUTSIDE THE EEA

  • The level of protection for Personal data outside the European Economic Area (EEA) differs from that provided by the EU law. For this reason, the Controller transfers Personal data outside the EEA only when necessary and with an adequate level of protection, primarily by:
    • cooperating with processors of Personal data in countries for which there has been a relevant European Commission decision finding an adequate level of protection for Personal data;
    • use of standard contractual clauses issued by the European Commission;
    • application of binding corporate rules approved by the relevant supervisory authority.
  • The Controller shall always give notice of its intention to transfer Personal data outside the EEA at the stage of its collection.

13. CONTACT DETAILS

  • Contact with the Controller is possible through the e-mail address hello@luart.io or the correspondence address: Ilia Chavchavadze Avenue 60b, Floor 16, Office 65, Tbilisi, Georgia.

14. CHANGES TO THE PRIVACY POLICY

  • The Policy shall be reviewed on an ongoing basis and updated as necessary.
  • The current version of the Policy has been adopted and is effective as of December 27th, 2021.