Data privacy information for customers and partners in accordance with Art.13 of the General Data Protection Regulation (GDPR)

Compliance with data privacy regulations is of high importance to us. We would therefore like to inform you below about the processing of your personal data by us and the claims and rights to which you are entitled under data protection law:


The responsible party for data processing in connection with the customer or partner relationship is the company of the LucaNet Group with whom you have concluded your contract. You can find the corresponding contact details in your contract, or you can request them by sending an e-mail to

Further information about our company, you can find in the imprint.

Purposes and legal basis of data processing

Which data is processed in detail depends primarily on the services you have commissioned or on the type of partner relationship.

Groups of data subjects: Employees of the customer / business partners / employees of business partners / users of the products and services / other persons whose data are processed in the course of providing the agreed service.

Categories of data: Name/ contact data (e-mail; telephone number; address) / communication data/ support messages/ log data.

Purpose of data processing: The data received from you, will only be processed for the purposes for which we received or collected them. This is the provision of the service agreed in the customer contract or pre-contractual services / implementation of the agreed LucaNet.Consulting services including planning, expert advice, guidance/training, data collection and validation, data migration, implementation, troubleshooting and software development/provision of the financial performance management software for consolidated financial statement preparation, financial planning, analysis and reporting in the LucaNet. Cloud including provision of the LucaNet server (LucaNet.Financial OLAP Server and LucaNet.Financial Warehouse) as licensed, configured and used by the Responsible Party and its Users; troubleshooting (prevention, detection and resolution of technical problems); continuous product enhancements including provision of updates; ensuring reliability, quality and security of the Licensed Product/provision of the service agreed in the Partner Agreement or pre-contractual services.

Duration: The duration of the processing depends on the term of the customer or partner contract.

Origin of your data: We have received the data from you as part of the pre-contractual contact or implementation of the contract.

Legal basis: The legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR (implementation of pre-contractual measures and performance of a contract) and Art. 6 para. 1 lit. f GDPR (legitimate interests, based on our interest in contacting potential as well as existing customers and business partners).

Data deletion

All data collected by us will be destroyed or deleted as soon as they are no longer required for the establishment, implementation or termination of the contractual relationship or our legitimate interest in processing no longer outweighs your interests requiring protection and statutory retention periods do not prevent deletion. Legal retention and documentation obligations may arise, among other regulations, from the German Commercial Code (HGB) and the German Fiscal Code (AO) and may amount to six to ten years. In addition, we may have to observe statutory periods of limitation for the storage period, which according to §§ 195 of the German Civil Code (BGB) may generally be three years, but in certain cases may also be up to 30 years.

Other recipients

As a matter of principle, your data will not be disclosed to third parties.  A transfer to third parties, e.g. other companies of the LucaNet Group, only takes place if this is necessary for the implementation of the contractual relationship.

In addition, we share your data with service providers who support us in the processing of personal data as part of a commissioned processing pursuant to Art. 28 GDPR. These are, for example, hosting service providers for the storage of your data in a secure data center, CRM service providers and service providers for the maintenance and analysis of databases. Our service providers are strictly bound by instructions and contractually obligated to comply with data protection regulations.

We also use service providers located in third countries outside the European Union to process your data. Specifically, some of the service providers we use are located in the United States. Countries outside the European Union handle the protection of personal data differently than countries within the European Union. We have therefore taken special measures to ensure that your data is processed as securely in third countries as it is within the European Union. As far as we use service providers in third countries, we use the standard contractual clauses for the transfer of personal data to third countries in accordance with Regulation (EU) 2016/679, which provide appropriate safeguards for the protection of your data with a service provider in a third country. You can request a copy of these standard contractual clauses using the contact details provided.

Your rights

As a data subject, you have the right to obtain information about the personal data concerning you (Art. 15 GDPR), to have inaccurate data corrected (Art. 16 GDPR) and to have it deleted if one of the reasons stated in Art. 17 GDPR applies, e.g. if the data is no longer needed for the purposes pursued. There is also the right to restriction of processing if one of the conditions specified in Art. 18 GDPR is present and in the cases of Art. 20 GDPR the right to data portability.

If the processing of data is based on your consent, you are entitled to revoke your consent to the processing of your data at any time in accordance with Art. 7 GDPR. Please note that a revocation is only effective for the future. Processing that took place before the revocation is not affected.

In cases where we process your personal data on the legal basis of Art. 6 I (e) or (f) GDPR, you have the right to object at any time on reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate reasons for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.

In addition, as a data subject, you have the right to submit a complaint to a supervisory authority if you believe that the processing of data concerning you violates data protection law. The right of complaint may be asserted in particular before a supervisory authority in the Member State of your residence or the place of the alleged infringement.


Our data privacy officer

In fulfilling our obligations under data privacy law, we are supported by our data privacy officer. The contact details of our data privacy officer are:

datenschutz nord GmbH
Branch Berlin
Kurfürstendamm 212
10719 Berlin