Lucah's Privacy Policy

  1. Introduction

EVIDILYA S.R.L. (“we,” “our,” or “us”) is committed to safeguarding the privacy and personal data of all users of the LucaH App (“App”). In accordance with European Regulation 2016/679 (GDPR), which protects individuals regarding the processing and free circulation of personal data, this policy informs you about our data handling practices.

  1. Data Controller and Contacts

EVIDILYA S.R.L.
Via Brisa, 3 – 20123 Milano (MI), Italy
VAT: 06957380964
Phone: +39 02 49530065
Email: privacy@evidilya.com

We have also appointed a Data Protection Officer (D.P.O.), who can be contacted at: dpo@evidilya.com

  1. Categories of Data Processed

We may process the following categories of personal data:

  • Identification Data: Provided at registration (e.g. login credentials) and any data users choose to enter later voluntarily.
  • Biometric Data: Data used for Face ID or Touch ID authentication. This information remains stored exclusively on your device and is not accessed by us.
  • Technical and Communication Data: Automatically transmitted data from your device, such as device name, OS version, app version, language preference, IP address, unique identifiers, and crash reports.

  1. Source of Personal Data

All data processed by us are directly provided by the data subject through the App.

  1. Legal Basis for Processing

Processing is based on:

  • Contractual Necessity (Art. 6(b), GDPR): To create and manage your account and provide access to App features.
  • Legitimate Interest (Art. 6(f), GDPR): To improve the App’s performance, language settings, and usability.
  • User Consent (Art. 6(a), GDPR): Required only for biometric access (Face ID/Touch ID), which is optional. Consent is requested during installation.

  1. Purpose of Data Processing

Your data is used for:

  • Account setup and management.
  • App functionality and authentication.
  • Improving usability and performance.
  • Ensuring legal and contractual compliance.

  1. Data Recipients

Your personal data may be shared with:

  • Authorized partners and consultants assisting in App operation.
  • Public authorities when required by law.

Your data will not be sold or publicly disclosed.

  1. International Transfers

Your data is stored within the European Economic Area (EEA). No transfer to non-European countries is foreseen.

  1. Data Retention

We retain your personal data only for the time necessary to fulfill the purposes outlined in this policy or as required by law. Regular reviews are performed to verify the relevance and necessity of retained data (Art. 5, GDPR).

  1. Rights of the Data Subject

You may exercise the following rights at any time:

  • Access, rectify, or delete your data.
  • Limit or object to processing.
  • Request data portability.
  • Lodge a complaint with a supervisory authority.

To do so, contact us at privacy@evidilya.com.

  1. Provision of Data

  • Mandatory: Provision of personal data is required to use the LucaH App’s features.
  • Optional: Biometric authentication is voluntary and based on consent.

  1. Data Processing Methods

Your personal data will be processed using electronic, paper, and any other suitable means, with strict adherence to GDPR and confidentiality. Appropriate technical and organizational security measures are in place to protect your data.

  1. Automated Decision-Making

No automated decision-making or profiling is performed.

  1. Account and Data Deletion

You may delete your account at any time through the App or by emailing privacy@evidilya.com. We will comply with your request according to GDPR requirements.

  1. Children’s Privacy

This App is not intended for individuals under 16 years of age. We do not knowingly collect data from minors. If such data is inadvertently collected, it will be deleted promptly.

  1. Changes to the Privacy Policy

We may periodically update this Privacy Policy. Users will be notified of significant changes via the App or our website. We encourage regular review of this policy.