Privacy policy for the ‘Lunda’ crowdfunding platform

  1. Data controller

Name of data controller: Datadat GmbH

Address: Sommerhaidenweg 98, 1190 Vienna, Austria

Company registration number: FN 544761 w


  1. Relevant statutory laws serving as legal basis for data handling

EU Regulation 2016/679 (“GDPR”)

  1. Scope of data handled and the aim of data handling

Generally, our intent is to collect only the Personal Data that is provided voluntarily by Visitors, Subscribers and Registrants so that we can offer information and services to them.

We may collect and process Personal Data, including the following:

(a) contact and registration information that allows us to communicate with you only in relation to your donations and allows you to reach your ‘Lunda’ account, i.e your name, your email address and login details, your zip code, your country, your phone number (for purposes of multi-factor authentication and to provide you with important messages) and any information you choose to provide us (such as a profile picture or other addresses).

(b) information on the use of ‘Lunda’ that helps Datadat GmbH providing a better donation experience.

We collect this information from the forms you filled in and from the interactions you had with us on ‘Lunda’.

We do not use Your Personal Data for other purposes, unless we obtain your permission, or unless otherwise required or permitted by applicable law.

  1. Legal basis of data handling

We only manage your Personal Data only if we have your agreement on it. Your opt-in can have several formats. For example, you you can fill in a form on our Website.

  1. Duration of data handling

We may store your data for 3 years after your last check-in to our IT services.

  1. Data processor and sub-processors

We use our own software to run ‘Lunda’.

Datadat GmbH uses the Google Cloud Platform service to store and access personal data provided by data processor/subprocessor Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Datadat GmbH is using full disk encryption for data storage during data processing based on the Google Cloud Platform, while the data never reaches the clouds in an unencrypted state during network transmission.

The Data Processing and Security Terms of the firms are available at:

Datadat GmbH also uses the Cloud Functions for Firebase, the Firebase Realtime Database, the Cloud Storage for Firebase services to store and access personal data provided by data processor/subprocessor Google. Google Cloud Platform, which hosts, undergoes regular independent audits for a range of standards including ISO 27001, ISO 27017, ISO 27018, SOC 2, SOC 3, CSA STAR, EU-U.S. Privacy Shield, HIPAA, and PCI DSS.

Datadat GmbH uses Datadat OÜ (Parnu mnt 139e, Tallinn, Estonia 11317, Privacy Policy: to provides software as a service, data processing services and data integration services.

A full list of Datadat GmbH sub-processors shall be provided on request made to [email protected].

  1. Access to data and measures ensuring safe data handling

Personal Data collected is stored and processed on computers in the European Union and we protect it by maintaining physical, electronic and procedural safeguards in compliance with applicable EU laws and regulations.

We maintain adequate administrative, technical and physical safeguards designed to protect the Personal Data you provide against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.

When processed as part of a hosted service, the information may be processed and stored on the servers of third party providers hired to provide the hosting, and our agreements with such parties require that they not use, disclose, or share such information.

  1. Rights of data holder and legal remedies

If we manage your Personal Data, in this context you are a Data Subject. As a Data Subject you have certain rights. We are doing our best effort to help you exercise these rights. Please contact us through our e-mail address [email protected].

You can get information and help to exercise the following rights:

(a) The data subject’s right of access which means 1) the right to know whether data concerning you are being processed and 2) if so, access it with loads of additional stipulations (GDPR Article 15).

(b) The data subject’s right to rectification. When Personal Data are inaccurate, then we need to correct them if you ask us to do so (GDPR Article 16).

(c) The right to erasure, if Personal Data has been made public and you want us to remove it, we must do so. However, we never make your Personal Data public without your explicit consent to do so. (GDPR Article 17).

(d) The data subject’s right to restriction of processing. You have the right to limit the processing of your Personal Data (GDPR Article 18).

(e) The data subject’s right to data portability. With the right to data portability, you can ask us to transfer your stored Personal Data to an entity you specify in a machine readable format (GDPR Article 20).

(f) The data subject’s right to object. You can say you don’t want the Personal Data processing to be done or going on (GDPR Article 21).

(g) The data subject’s right to lodge a complaint with the competent supervisory authority. (GDPR Article 21)

Austrian Data Protection Authority (Österreichische Datenschutzbehörde)

Wickenburggasse 8, A-1080 Vienna (Wien)

Phone: +43 1 52 152 0

Email: [email protected]