GDPR & Data Protection
Driver 90/180 Day Planner by LucaSystems
EU Regulation 2016/679 Compliant
1. Data Controller
LucaSystems is the data controller for all personal data processed through the Driver Planner App and website.
Contact: privacy@lucasystems.com
2. What Data We Process
We process only the minimum data necessary:
- Account data: Name, email, encrypted password hash
- Driver data: Names and dates you enter for tracking
- Preferences: Language, notification settings
- Technical: IP address (for security), browser type
3. Legal Basis for Processing
Under GDPR Article 6, we process data on the following legal bases:
- Contract: To provide the sync service you signed up for
- Consent: For optional notifications and cookies
- Legitimate interest: For security and fraud prevention
4. Your GDPR Rights
As an EU resident, you have the following rights:
- Right to access: Request a copy of all data we hold about you
- Right to rectification: Correct inaccurate data
- Right to erasure ("right to be forgotten"): Delete your account and all data
- Right to restrict processing: Temporarily pause data processing
- Right to data portability: Export your data in JSON format
- Right to object: Object to processing for legitimate interests
5. How to Exercise Your Rights
Send an email to privacy@lucasystems.com with your request. We will respond within 30 days. You may also delete your account directly in the App under Account Settings.
6. Data Retention
We retain your data only as long as your account is active. Upon account deletion:
- All personal data is permanently deleted within 30 days
- Backups are purged within 90 days
- Anonymous usage statistics may be retained for analytics
7. Data Transfers
Our servers are located in the European Union. We do not transfer personal data outside the EEA without appropriate safeguards (e.g., Standard Contractual Clauses).
8. Cookies and Local Storage
The web app uses:
- Essential local storage: Login token, language preference, driver data (required for functionality)
- No tracking cookies: We do not use Google Analytics, Facebook Pixel, or similar trackers
9. Data Breach Notification
In the unlikely event of a data breach, we will notify affected users and the relevant supervisory authority within 72 hours as required by GDPR Article 33.
10. Supervisory Authority
If you believe your rights have been violated, you have the right to lodge a complaint with your national data protection authority:
11. Changes
We may update this GDPR notice to reflect changes in law or our practices. Significant changes will be communicated via email to registered users.