This privacy policy contains the information required by law regarding the processing of personal data processed by IT Lumier S.A. with headquarters in Warsaw (00-095), Plac Bankowy 2.

‍

I.Preliminary information and concepts used by us

In order to make the Privacy Policy clear, in places where it was only possible, we havedeparted from the use of formal, legal vocabulary. Therefore, when we write "You", "You" or "You" we mean data subject and other service user. Below is a short list of definitions that can help you betterunderstand our privacy policy:

(a) ITLUMIER S.A. with headquarters in Warsaw (00-095), Plac Bankowy 2 („IT Lumier”) is the data controller of your personal data;

(b) Trusted partners are third parties, cooperating with IT LUMIER, who process your personal data;

II. Data controller and contact information

As mentioned above, the data controller of your personal data is IT LUMIER.

In case you have any questions about this privacy policy or regarding the processing of your personal data, please contact us at:

IT Lumier S.A.

Pl. Bankowy 2

00-095 Warsaw

Email:iod@ITLumier.com.

III. Legalbasis and purposes of processing activities

Legal basesfor each processing activity might be different, depending on the purpose of processing personal data. That is why they are specified in the relevant sections. Below,in the form of a table, we present for what purpose, on what basis, and for how long we process your personal data.

IV. Do you have to provide your details?

Providing personal data is mandatory - in the scope of processing purposes pursued within the legal obligation. For the rest of the processing personal data, its provision is voluntary. However, necessary to provide services to you.

V. Who can we pass your data to?

Your personal data will not be disclosed to third parties except:

·       Trusted partners and/ or service providers who process personal data on a IT Lumiere’s behalf. Service providers may include providers of IT services, includingidentity management, website hosting and management, data analysis, databack-up, security and storage services in so far as it refers to processingactivities;

·       Governmental or regulatory authorities, courts and law enforcement authorities or agenciesas required by and/or in accordance with applicable law or regulation.

Your personal data may be transferred to countries outside the European EconomicArea (EEA) – third countries, based on art. 45 sec. 1 of the GDPR - European Commission’s adequacy decision (applies for countries, which were subject ofdecision) or art. 46 sec. 2 let. c) of the GDPR - standard data protectionclauses adopted by the European Commission.

VI. Whatare your rights?

In accordance with processing your personal data you have the following rights: right ofaccess, to rectification (updating), to erasure, to restriction of processing and to data portability and to object.  You also have the right to lodge a complaint with supervisory authority - Prezes Urzędu Ochrony Danych Osobowych.

‍