Privacy policy

1. About us

We are Luppa (“Luppa”, “we”, “us” or “our”), a company headquartered in the Republic of Croatia, Zagreb, Slavonska avenija 6, register number (MB): 081455782, personal identification number (OIB): 65417465418, and we operate a software named Luppa for improving employee performance, engagement, and overall workplace satisfaction.

2. Applicability of this Privacy Policy

This Privacy Policy explains how Luppa collects, uses, and discloses Personal data and what choices you have with respect to your Personal data. We respect the fundamental principles of Personal data protection; therefore in this legal text we will explain your rights regarding the protection of your Personal data. We will present it to you in a clear and understandable way how Personal data may only be processed on a valid legal basis, in a fair and transparent manner towards you and the purpose of the processing for which the Personal data is collected.

This Privacy Policy describes (unless a different privacy notice is displayed) our privacy practices regarding the Personal data we collect from individuals in the usual course of business, including when you:

  • Visit our website ( or our social media pages; or register for, attend and/or otherwise take part in any of our events, tutorials, webinars or contests (collectively “Visitors”), when we act as a controller of your Personal data and
  • Register to or otherwise use any of the Luppa Services as a Customer’s representative or an employee of one of our Customers (collectively “Users”), when we act as a Service provider and Data processor of your Personal data.

"You" may, depending on the context, be a Visitor or a User of one or more of the Luppa Services. 

This Privacy Policy does not apply to Personal data relating to Luppa’s employment or recruitment-related activities.  Also, this Privacy Policy does not apply to any third party applications or software that integrate with the Services through the Luppa platform (“Third Party Services”), or any other third party products, services or businesses.

If you do not agree with the terms, do not access or use the Services, website or any other aspect of Luppa’s business.

3. Luppa as a Service provider

Luppa’s Customers are organizations who use the Luppa Services as employers to help them measure and compare employee satisfaction that leads to better tactics for increasing employee engagement.  Luppa processes Personal data in these Services only according to our Customer's instructions, as defined in our Customer agreements concluded with Customers. If you have questions about Personal data you have entered into the Luppa Services used by one of our Customers – your employer, or want to exercise any of your rights regarding your Personal data, some of our Customer Agreement may require that we redirect your inquiry back to that Customer – your employer. 

Luppa is not responsible for the privacy or security practices of our Customers, which may differ from those set out in this Privacy Policy. Please review the relevant Customer's privacy policy to understand more about their data processing activities.

4. Privacy principles

When providing our Services, we follow four main principles in order to protect Personal data and privacy of the Visitors and Users:

  1. We do not collect any more Personal data than is necessary to provide the Services or to fulfill our legitimate business purposes;
  2. We only use your Personal data for the purposes we specify in this Privacy Policy, unless you are notified otherwise;     
  3. We do not keep your Personal data after it is no longer needed; and
  4. Other than as specified in this Privacy Policy, we do not share your Personal data with third parties and are not in the business of selling your Personal data.

5. Important definitions

  1. “Luppa”: the entity that provides its Services and acts as the Controller or Processor of your Personal data, depending on the context, as explained in this Privacy Policy.
  2. The “Services”: Luppa software, website, online tools and other interactions (e.g., Customer service inquiries, user conferences, etc.) you may have with Luppa.
  3. The “Customer”: the entity that entered into the Customer Agreement with Luppa (e.g., employer or another entity or person) and to which the Services are being provided to.
  4. The “Customer Agreement”: the agreement between Luppa and the Customer that governs delivery, access and use of the Services.
  5. the “Customer data”: any messages, files or other content submitted through Service accounts by a Customer and Customer’s representatives and employees (collectively, “Customer data”). 
  6. The “User”: an individual who is granted with access to the Services on the behalf of the Customer or employees employed by the Customer.
  7. The “Personal data”: any personal information relating to an identified or identifiable individual (e.g., name, address, e-mail address, or phone number), who may, depending on the context, act in the capacity of Visitor or User when using the Services. 
  8. The “Controller”: a natural or legal person who determines the purposes for which and the means by which Personal data is processed. 
  9. The “Processor”: a natural or legal person who processes Personal data on behalf of the Controller.

6. What information do we collect and process

Luppa’s software is an online tool for measuring and comparing employee satisfaction that leads to better tactics for increasing employee engagement and in order to provide that, Luppa may collect and process following data and information.

1. INFORMATION ABOUT VISITORS ("Visitor Perosnal data")

1.1. Information Visitors provide to us

When a Visitor to our website contacts us and/or registers for information, content or an event sponsored by Luppa, we will collect certain personal information so that we may fulfill the Visitor’s request or keep in touch with them in connection with our sales and marketing activities (always in accordance with a Visitor's marketing preferences chosen when contacts us).  The Visitor’s Personal data we collect may include:

  • Identifiers, such as your name and business e-mail address;
  • Professional or employment-related information, such as company name, job level, functional role and title; and
  • Any other information you provide to us when completing any "free text" boxes in our forms or when you interact with us in the context of troubleshooting and support.

1.2. Information we collect automatically from Visitors

‍As is true of most websites, when you visit our sites or interact with our e-mails, we gather certain technical information from your browser or device automatically and store it in log files.  The Visitor’s Personal data we may collect include:

  • Identifiers, such as your internet protocol (IP) addresses and browser type; and
  • ‍Internet or other electronic network activity, such as your internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.

We use this information to analyze trends, to improve and personalize our marketing activities and website, to administer our website and guarantee their security and continued proper functioning, to track Visitors’ movements around the website and to gather non-identifiable, demographic information about our user base as a whole. In some cases, we may use cookies and related technologies to collect or manage certain information from your browser and computer. Please see the section on Cookies below for more information.


2.1. Information Users provide to us

If you are a User, you personally (or your team administrator as Customer representative) may provide certain Personal data to us through the Luppa Services. The Personal data we collect may include:

  • Business information (such as your name, job title, the person you report to, phone number, e-mail address and country);
  • Personal data that you provide to us or that is collected on behalf of our Customer as it relates to your employment (such as gender or birth date);
  • Troubleshooting and support data (which is data you provide or we otherwise access in connection with support queries we receive from you); and
  • Billing information (including your credit card numbers and associated identifiers, billing address and background information, but only where you pay for the Luppa Services as our Customer).

2.2. Information we collect automatically from Users

‍ When a User interacts with the Luppa Services, we automatically collect or receive certain information through our Services (for example in log files) and through other technologies (such as cookies) about User’s device and usage of the Luppa Services. The information we collect includes:

  • Log and usage data, which is service-related, diagnostic, usage and performance information our servers automatically collect when you access or use the Luppa Services and which we record in log files. This log data may include the Internet Protocol (IP) address, device information, browser type and settings and information about your activity in the Services (such as the date/ time stamps associated with your usage, device event information (such as system activity, error reports and hardware settings));
  • ‍Device data, such as information about your computer, phone, tablet or other device you use to access the Luppa Services. This device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system and system configuration information;
  • Location data, such as information about your device's location, which can be either precise or imprecise. How much of this information we collect depends on the type and settings of the device you use to access the Luppa Services. .

Information about Users of our Services is used to provide, update, maintain and protect our Services, website and business. Collecting and processing the information about User is used to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities. Also, information about User is collected and processed for developing and providing search, learning and productivity tools and additional features of the Service. 

2.3. Information we generate through our Services

Data that Users enter as answers to questionnaires in the Luppa software or form are answers to multiple choice questions, rating questions and open – ended questions. These questions do not ask Users to provide either directly identifying information (e.g., name, address, phone number, etc.) or demographic information to such a level of specificity that a User can be indirectly identified. Once answers are provided from a User, they become the basis for calculating statistical data for measuring and comparing employee satisfaction.

Such statistics are completely anonymized and cannot be linked in any way to the person who completed the questionnaire and as such do not represent User’s Personal data.


In order to enhance our ability to provide relevant marketing, offers and services to you and update our records, we may obtain information about you from other sources, such as public databases, joint marketing partners, affiliate programs, data providers, social media platforms, as well as from other third parties. This information may include your: web site usage, mailing address, job title, functional role, business email, phone numbers, social media profiles.  We process this data for the purposes of: updating our records; targeted advertising; event promotion; optimizing our sites and the Luppa Services; for our sales and marketing activities, including to send marketing emails.


Luppa uses a technology called "cookies" to store session information. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. 

We use necessary cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set only if you accept. 

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

We'd like to set Google Analytics cookies as analytics cookies to help us improve our website by collecting and reporting information on how you use it. These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in a way that does not directly identify anyone, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited. Further information on how Google collects and uses this data can be found at You can opt-out of all Google supported analytics within the Services by visiting  

We can also partner with third-party ad networks to manage our advertising on other sites and with third-party analytics companies to assist us with analyzing the use of our own website. These third-party companies use cookies, web beacons, pixel tags, and related technologies to collect information about your activities on this and other websites to provide you targeted advertising based upon your interests and to provide measurement and analytic services.  

You can also accept or decline some or all of your cookies by adjusting your browser settings. You can find information on how to change your settings for some of the most commonly used Internet browsers: Mozilla Firefox, Google Chrome, Microsoft Internet Explorer, Apple Safari, Opera.You can also delete cookies previously set up in your browser by selecting an option to delete your browsing history, including the deleting cookies option. More detailed information about cookies and setting your browser preferences can be found on the website.

7. How we use Personal data 

In regards to the other Personal data collected from Visitors, Luppa acts as the Controller in accordance to Visitors’ consent and in furtherance of our legitimate interests in operating our Services, website and business. More specifically, Luppa uses such information:

  • To communicate with you by responding to your requests, comments and questions. 
  • To send emails about new product features, promotional communications or other news about Luppa. These are marketing messages so you can control whether you receive them and opt out of them any time.
  • To provide, update, maintain and protect our Services, website and business. 
  • To investigate and help prevent security issues and abuse.
  • As required by applicable law, legal process or regulation.

In regards to the Customer data and User’s Personal data collected through our Services, Luppa acts as the Processor and such data will be collected and processed by Luppa in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law therefore Luppa. More specifically, Luppa uses such information:

  • To provide, update, maintain and protect our Services, websites and business. This includes use of Personal data to support delivery of the Services under a Customer Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at a Customer’s request.
  • To send e-mails and other communications. We may send you service, technical and other administrative e-mails, messages and other types of communications. We may also contact you to inform you about changes in our Services, our Services offerings, and important Services-related notices, such as security and fraud notices. These communications are considered part of the Services and you may not opt out of them. In addition, we sometimes send e-mails about new product features, promotional communications or other news about Luppa. These are marketing messages so you can control whether you receive them.
  • For billing, account management and other administrative matters. Luppa may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.

If information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Luppa may use it for any business purpose because this information does not represent Personal data. 

8. Data retention

We keep Visitor’s Personal data for as long as it is necessary to fulfill the purposes for which it was collected as described in this Privacy Policy. This may include keeping Visitor’s Personal data for the period of time needed for Luppa to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements. 

Luppa will retain Customer data and User Personal data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and as required by applicable law. Depending on the Services plan, Customer data and User’s Personal data is retained as long as the Customer uses Services. Once the Customer cancels use of Services, Customer data and User’s Personal data is retained for the period of 1 year after which is going to be permanently deleted. The Customer may ask Luppa to delete its Customer data at any moment after canceling the use of Services by sending a request to Luppa by contacting us using the contact details provided under the "How to contact us" section below.

9. How we share and disclose Customer data and User Personal data 

This section describes how Luppa may share and disclose Customer and Personal data. 

Our Customers determine their own policies and practices for the sharing and disclosure of Customer data including User’s Personal data collected through the Services, and Luppa does not control how they or any other third parties choose to share or disclose such data. So, having that in mind, Customer data and User’s Personal data collected by using Services could be shared and disclosed only in the following cases:

  • Customer’s Instructions. Luppa will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use of Services functionality, and in compliance with applicable law and legal process.
  • Customer Access. Owners, administrators, authorized Users, and other Customer representatives and personnel may be able to access, modify, or restrict access to User Personal data. This may include, for example, your employer using Service features to export logs of Customer’s activity, or accessing or modifying your profile details.
  • During a Change to Luppa’s Business. If Luppa engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Luppa’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Customer and User’s Personal data may be shared or transferred, subject to standard confidentiality arrangements.
  • Statistical and anonymized data. We may disclose or use anonymized data for any purpose. For example, we may share anonymized data with prospects or partners for business or research purposes.
  • To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property, or safety of Luppa or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
  • With Consent. Luppa may share User’s Personal data with third parties when we have consent to do so.

10. Links to third party websites 

Where we provide links to websites of other organizations, this Privacy Policy does not cover how that organization processes personal information. We encourage you to read the privacy notices and policies on the other websites you visit.

11. Security

Luppa takes the security of data very seriously. Luppa works hard to protect Customer and Personal data provided to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Customer and Personal data we collect, process, and store, and the current state of technology. Luppa maintains a comprehensive written information security program that complies with applicable law and generally accepted industry standards. Our program includes appropriate administrative, technical and physical safeguards, procedures and practices to protect Personal data submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, however, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our website, the Luppa software or the Luppa Services, please contact us using the contact information below.

When you enter sensitive information (such as a credit card number) on our order forms, we encrypt the transmission of that information using secure socket layer technology (SSL).

Luppa and its representatives will never request your account credentials. You should never share your Luppa account information, including your username and password, with anyone else. We recommend that you use a unique password for your Luppa account that is not associated with other websites. You should check your Luppa account regularly to ensure that your Personal data has not been tampered with or altered. Any suspicious activity regarding your account, including automated messages or calls from parties you cannot identify, should be reported to your site administrator and Luppa using the contact information below.

12. Age limitations

To the extent prohibited by applicable law, Luppa does not allow the use of our Services and website by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with Personal data, please contact us and we will take steps to delete such information.

13. What are your rights

Complete transparency in the protection of Personal data is something we strive for in business, as it is the only way to build a relationship of trust between us.

When acting as a Controller, and depending on your location, your jurisdiction, and subject to applicable law, whether you are a Customer, a Visitor or a User, you may have the rights below with regard to the Personal data we process about you. 

  • The right of access means that you have the right to request that we disclose what Personal data we have collected, used and disclosed about you. You can do so at any time by contacting us using the contact details provided under the "How to contact us" section below.
  • The right of deletion means that you have the right to request that we delete Personal data collected or maintained by us, subject to certain exceptions. As mentioned above, you can do so at any time by contacting us using the contact details provided under the"How to contact us" section below.
  • The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
  • You can also ask us to correct or update your Personal data; object to the processing of your personal information; ask us to restrict processing of your Personal data or request the portability of your Personal data. Again, you can exercise these rights by contacting us using the contact details provided under the "How to contact us" section below.
  • While you cannot opt out of service-related e-mails if you are an account holder, as this is an essential part of the Luppa Services, you have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you, or you can contact us using the contact information below.
  • Similarly, if we have collected and processed your Personal data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal data conducted in reliance on lawful processing grounds other than consent
  • You have the right to complain to a data protection authority about our collection and use of your Personal data. For more information, please contact your local data protection authority.
  • Luppa does not engage in any automated decision making with User Personal data.

On the other hand, if your Personal data has been submitted to us by or on behalf of our Customer (your employer) in which case we act as a Processor, and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable Customer directly. For more information on how your employer uses your Personal data, please see your employer’s privacy policy.

14. Changes to this Privacy Policy

Luppa may change this Privacy Policy from time to time. Laws, regulations, and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, Luppa will provide additional notice, such as via e-mail or through the Services. If you disagree with the changes to this Privacy Policy, you should deactivate your Services account. If you wish to request the removal of Personal data under Customer’s control, please contact the Customer. 

15. International data transfer

Your Personal data may be transferred to, and processed in the Republic of Croatia and in any other country where Luppa or its affiliates, subsidiaries or third party service providers maintain facilities or personnel.  

These countries may have data protection laws that are different to the laws of your country (and, in some cases, may not be as protective). We follow applicable data protection laws when transferring Personal data. If you are resident in or a visitor from the EEA, United Kingdom or Switzerland, we will protect your Personal data when it is transferred outside of such locations by processing it in a territory which the European Commission has determined provides an adequate level of protection for Personal data; or otherwise implementing appropriate safeguards to protect your Personal data, including through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission.  

16. How we may contact you

If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in each of these emails, or you can contact us using the contact information below.

Luppa will send a welcome email to our Customers as account holders and for billing purposes, and at times may send Service-related announcements. You cannot opt out of service-related emails if you are an account holder, as this is part of the Luppa Services. 

17. How to contact us

Please use the contact details below, if you would like to learn more about your rights or our privacy practices, exercise your rights or for any questions related to this Privacy Policy, or about any of your rights. 

You may contact us:

  • by sending an e-mail at [email protected] or 
  • at our mailing address Luppa d.o.o., Republic of Croatia, 10000 Zagreb, Slavonska avenija 6.