Lumina Omnibus Privacy Policy

PRIVACY MISSION STATEMENT

Lumina Analytics, LLC (“Lumina,” “we,” “us”), is committed to the protection of the individual privacy rights and personally identifiable information (“Personal Data”) of our clients, applicants, employees, contractors, and third party users of our websites and applications (“ you,” “your”). 

1 SCOPE OF POLICY

This privacy policy applies to the collection and processing of Personal Data that Lumina controls, processes, or collects from any person and by any means in the course of providing services to its clients and hiring its personnel. 

2 CONTROLLING AND PROCESSING DATA

The controlling and processing of your Personal Data may be subject to the General Data Protection Regulations (“GDPR”) if you are a resident of the European Union. As defined therein, a "Controller" is a person or entity that determines the purposes and means of the processing of Personal Data, while a “Processor” merely stores, maintains, and processes data on behalf of a Controller, but does not decide which items of Personal Data are stored or how Personal Data is used. Depending upon the services provided by Lumina, Lumina may be considered to be a Controller or Processor in various circumstances. 

Whether as Controller or Processor, we will adhere to the provisions in this privacy policy. Generally, Personal Data will be processed lawfully, fairly, and transparently. Upon request, we will be clear and transparent about how your Personal Data is going to be processed, by whom, and why. Personal Data will be collected only for specific legitimate purposes, and it will be relevant and limited to that which is necessary for the purpose. Provided that you communicate to us updated information, we will keep your Personal Data accurate and up to date. We will only store your Personal Data for so long as is necessary for the purpose, and we will ensure appropriate security, integrity, and confidentiality against unauthorized or accidental processing, loss, destruction, and damage.

3 TYPES OF PERSONAL DATA

The GDPR identifies two types of Personal Data: regular and “special categories” of Personal Data. Regular Personal Data includes a person’s name, address, email address, photo, IP address, location data, online behavior (cookies), and profiling and analytics data. Special categories of Personal Data includes race, religion, political opinions, trade union membership, sexual orientation, health information, biometric data, and genetic data.

The GDPR expressly prohibits the processing of the above special categories of Personal Data without the explicit consent of the subject of the Personal Data, or, absent such consent, where processing is necessary in certain limited circumstances, including without limitation: 

  • for the purposes of carrying out obligations and exercising specific rights of the Controller or of the subject of the Personal Data in the field of employment, social security, and social protection law;
  • where the Personal Data at issue has manifestly been made public by the subject;
  • for the establishment, exercise, or defense of legal claims or whenever courts are acting in their judicial capacity;
  • for reasons of substantial public interest under EU law;
  • for certain, limited healthcare and public health purposes; and
  • for certain, limited archival purposes for scientific and historical research in the public interest.

4 COLLECTION OF PERSONAL DATA

Lumina collects Personal Data, whether as a Controller or Processor, for a number of legitimate business reasons. The use of Personal Data collected will be limited to its express purpose as reflected by the scope of your express consent, except and unless Lumina has a compelling and legitimate interest to use the information absent your consent or otherwise to protect against security threats, or where disclosure is legally compelled. Generally, most Personal Data is retained only for as long as necessary for its intended purpose. Certain information must be kept to comply with legal obligations under local employment and tax laws. Notwithstanding the foregoing, Lumina may otherwise maintain and retain Personal Data in accordance with the procedures outlined below.

BY AGREEING TO THE TERMS OF LUMINA’S PRIVACY POLICY, YOU ARE PROVIDING TO LUMINA YOUR FREE, INFORMED AND EXPRESS CONSENT FOR LUMINA TO COLLECT, CONTROL AND PROCESS (OR RETAIN A THIRD PARTY TO PROCESS) YOUR PERSONAL DATA FOR THE APPLICABLE FOLLOWING PURPOSES:

  • Employees:
    • Personal Data collected may include an applicant’s or employee’s name, postal address, telephone number, email address, photograph, interests, skills, education history, employment history, date of birth, place of birth, address history, criminal records, police records, court records, drug test results, professional credentials, credit history, identity documents and numbers, appearance on government watch or sanctions lists, professional sanctions, nationality, citizenship or immigration status, sex or gender, referrals, race, ethnicity, sexual preference, minority status, hours worked, reasons for leave or tardiness, medical information, family information, disability information, marital status, transportation records, vehicle information, charitable donation information, professional development and education information, personal concerns or problems, loan information, wage garnishment information, banking information, network use, login/logout records, IP address, login credentials, file access, internet browsing, email activities, chat activities, telephone calls, home office information, mobile device information, voicemails, emergency contact information, survey results, exit interviews, biometric data, entry and exit records, video and audio recordings, medical screening, social and news media, interpersonal relationships, complaints, internal and external communications, computer and network activity, performance appraisals, and training records.
    • The purpose of Personal Data collection is for identification, relationship management, recruiting, selection, and screening (both pre-employment and ongoing), attendance, accommodation management, benefits management, payroll and tax management, data security, emergencies, feedback, improvement, physical security, health and safety, code of conduct enforcement, complaint resolution, protection of company brand and integrity, performance tracking, and quality management. 
    • Data collection and processing is necessary for Lumina to carry out its obligations and exercise specific rights in the field of employment and social security and social protection law, to fulfill legal obligations under employment law, to fulfill contractual obligations, to protect your and third parties’ vital interests, and to ensure the employer/employee relationship is harmonious with Lumina’s values and standards.

     

  • Marketing:
    • Personal Data collected may include your name, contact information, IP address, and location, and your activity while interacting with us on our websites, receiving our newsletters, attending our webinars, and the like.
    • Personal Data may be accessible to social media platforms, ad networks, analytics providers, communications providers, and IT service providers. We use these services to better understand the use of our marketing materials, advertise our services, and manage our technical infrastructure.
    • Personal Data will be used to identify users to enable us to provide services, including whether you need services and what type of services you may need. In most cases, we need to know how to get in touch with you. Personal Data that you voluntarily share with us may be placed into our customer relationship management database to ensure continuity of the relationship and institutional memory. We also may monitor some phone calls for quality assurance, training purposes, and to improve our services. Personal Data may also be used for tracking usage and security of web sites to identify users, respond to web inquiries, and to establish and manage relationships with clients, prospective clients, and consumers.
    • Some Personal Data is obtained by tracking information gathered as you navigate through our marketing web sites, review our email newsletters and other email messages, like or share content through social media, and enter information into our online contact forms. This Personal Data may be used to measure traffic patterns, assist us in setting marketing priorities, provide targeted advertising, identify and gather publicly available information about you and your employer to better target marketing and sales activities, and to provide you with information you may request from time to time.
    • We collect and process your Personal Data through our marketing web sites based on a legitimate business interest to market and sell our services with your consent, after which you can provide your Personal Data and receive our messages. Most information we collect through your use of our marketing web sites is only collected, stored, and used in anonymized, aggregate format, from which you cannot be identified. We may, however, collect your IP address, your location, and your web navigation activities, which may be considered Personal Data in some jurisdictions. When an advertisement or social media icon appears on one of our web pages, the platform that provides that content may be able to gather limited tracking information, such as your IP address, location, page views, and clicking behavior, through processes we don’t control. There is content on our marketing sites from the numerous providers, including without limitation Google Analytics and HubSpot, Google AdWords and LinkedIn, and others that we may use in the future. 
    • We collect a limited amount of Personal Data from our clients and prospective clients. We use such Personal Data to communicate about our services in general, either proactively or in response to an inquiry, and to communicate about our relationship with a client or about specific transactions.

     

  • Security Services:
    • Personal Data may be collected by Lumina for our services on behalf of our client, who may be your present or prospective employer or business contact. Some of our services require the use of your Personal Data to identify you in furtherance of a screening and/or security check. The Personal Data we collect will depend on the scope of the services ordered by our client. We may collect numerous elements of Personal Data, including without limitation photographs, addresses, and other information to verify your identity and your history, and possibly to contact you. We may be asked by our client to verify your identity, or we may be required to do so to complete our services. If so, we may collect ID cards or other documents from you or our client. We may request your sex or gender to verify your identity. Some clients wish to review sex offender registry data or other criminal records as part of their screening/security program, so we may locate you there if you are listed. We may verify your identity based on prior employment or activity history over a certain period of time in order to complete services. We may need to verify your identity based on your educational history. Some clients wish to check for presence on government watch or sanctions lists. Some clients wish to review litigation history in civil court. Some services require a place of birth to complete. Some clients wish to search various other public record sources for information. We may occasionally seek your feedback about your interactions with us to improve the quality of our service.
    • Personal Data may be used for security and/or screening before and during employment, in furtherance of volunteer or contractual relationships, in furtherance of security policies and procedures,  and to conduct due diligence research for investments, acquisitions, directorships, and other business relationships. When we collect Personal Data for our security services, our client is the Controller under the GDPR and is responsible for determining which Personal Data we collect and how we use it, establishing a legitimate basis to collect and process Personal Data, ensuring that the collection and processing complies with applicable law, ensuring that you are notified of the collection and processing of your Personal Data, and that you have consented thereto, in accordance with applicable law, and complying with any legal obligations it may have as the Controller.

5 COMMUNICATION OF PERSONAL DATA

Generally, Lumina communicates Personal Data when necessary to provide services to its customers or results to our clients. When we provide services to a client, we may transmit Personal Data back to that client through our secure web platforms and occasionally by phone, email, fax, or mail. In exceptional circumstances we may be asked to communicate personal information to law enforcement agencies, national security agencies, courts, or other public bodies in any jurisdiction where we are subject to the law, regardless of where personal information is stored. If we receive a production order, warrant, subpoena, or other enforceable demand, we will comply as required by law. If we receive a request to provide Personal Data voluntarily, we will consider your interests, our business interests, the interests of our clients, public safety implications, and our legal obligations prior to deciding whether to communicate Personal Data. In any case where the Personal Data in question was collected from or on behalf of a client, we will consult with the client before proceeding unless prohibited by law. We may proactively communicate Personal Data to law enforcement or other third parties if necessary to investigate or report a violation of the law or a contractual agreement, or if otherwise appropriate and permitted by law.

Where and when applicable, Personal Data may be disclosed to third parties for limited purposes such as to conduct screening or security services. We may also need to provide information about you to outside parties, such as government agencies. We may also share your Personal Data with our business contacts and vendors including without limitation payroll providers, data storage and delivery providers, data centers, cloud providers, applicant tracking systems, recruiting systems, human resources information systems, IT support services, background screening and consumer reporting companies, court runners, drug testing labs,  translation agencies, credit bureaus, benefits providers, healthcare providers, and financial institutions.

While most of our work is done by our employees or authorized personnel who access Personal Data directly from our systems and whose activities are under our direct control, we use third-party service providers for certain specialized tasks. These tasks include storage of data, information technology support, and certain marketing activities.

6 TRANSFER OF PERSONAL DATA BETWEEN COUNTRIES

We store Personal Data in the US only. Our employees and contractors may temporarily access Personal Data through virtual desktop interfaces in numerous global jurisdictions. We also use service providers in various other countries, usually to collect or translate information from that a local service provider’s country or region. If your Personal Data is subject to European Union (EU) or Swiss law, it may be transferred outside of the EU or Switzerland based on the fact that relevant authorities have issued a decision that Personal Data will benefit from an adequate level of protection in the country to which it is transferred. This is the case for Canada and, under the EU-US and Swiss-US Privacy Shield Framework, the United States. In all cases, we ensure that appropriate safeguards are in place to ensure the protection of your Personal Data. By agreeing to the terms of this Privacy Policy, you are providing your consent for us to transfer Personal Data outside of the EU or Switzerland to the United States and/or Canada and allow us to carry out services for you or on behalf of a client.

7 THE EU-US & SWISS-US PRIVACY SHIELD FRAMEWORK

Lumina complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU and Switzerland to the United States (and Canada). Lumina has certified (or such certification is pending) to the Department of Commerce that it adheres to the Privacy Shield Principles. Lumina remains responsible for Personal Data that is communicated to third parties for processing. 

8 ACCURACY OF PERSONAL DATA

Much of the Personal Data we collect comes directly from you, in which case you are in control of its accuracy. Our processes for collecting and transcribing Personal Data are automated to the greatest extent possible and are subject to rigorous quality controls. Information that is found to be inaccurate, either through our own audits or following your request for correction, is updated as reasonably practicable.

9 REUSE OF PERSONAL DATA

We will not reuse Personal Data for a new purpose other than the original one(s) for which it was collected, unless the new use is compatible with the original one, we have notified you of the new use and given you an opportunity to object to it, or the new use is permitted or required by law.

10 USE OF PERSONAL DATA FOR RESEARCH

We do not use or maintain Personal Data for general research purposes, unless the Personal Data is anonymized and aggregated with the Personal Data of other data subjects.

11 CHOOSING HOW AND WHETHER WE CAN USE YOUR PERSONAL DATA

In most cases, providing your information to us is voluntary. The list below explains how to make choices about the collection and use of your Personal Data for various purposes, and the consequences of your choice not to provide any Personal Data. Whenever our legitimate basis for collecting and using Personal Data is your consent, you can withdraw or modify your consent for future collection or use of your Personal Data at any time.


Figure 1: Choices about collection and use of Personal Data

Purpose for collectionHow to exercise choiceConsequences
Our own tracking on our web sitesDo not use our web sites.You will not view our web content.
Third-party tracking on our web sitesActivate ad blocking functionality in your browser.You will not receive advertising that is tailored to your interests and activities.
ScreeningDo not fill out our form(s) or do not consent to our data collection.You may be rejected for employment or other position for which our client was conducting the background check.
Sales and marketingAsk us not to contact you or opt out of certain mailing lists. If you are unsure of how to do so, contact us.You will not receive proactive sales and marketing communication from us, or those communications will be limited to those you have selected.
Employment with LuminaDo not fill out our form(s) or do not consent to our data collection.You may be ineligible for initial or continued employment by Lumina.



In some cases, providing your Personal Data is mandatory. For example, this is the case when we are required by law to collect Personal Data from our workers (such as for tax or workers’ compensation purposes), when the collection is necessary to fulfill our contract with you (such as for payroll purposes), and when we have determined that the collection is in our legitimate interest and is done in accordance with your rights (such as for background screening). 

To understand whether it is mandatory or optional to provide your Personal Data, and the consequences of choosing not to provide it, you may contact our Privacy Personnel at privacy@luminaanaltyics.com.

12 COOKIES POLICY

Cookies are pieces of information shared between your web browser and a website. Cookies enable the website to collect information about your activities and provide you with a faster and easier experience. When you access our site, we ask for your consent to use cookies. There are different kinds of cookies with different functions:

  • Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
  • Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
  • First-party cookies: the function of this type of cookie is to retain your preferences for a particular website for the entity that owns that website. They are stored and sent between Lumina’s servers and your computer’s hard drive. They are not used for anything other than for personalization as set by you. These cookies may be either session or persistent cookies.

Third-party cookies: the function of this type of cookie is to retain your interaction with a particular website for an entity that does not own that website. They are stored and sent between the third party’s server and your computer’s hard drive. These cookies are usually persistent cookies.

Our marketing websites use session cookies to track your use of the sites and persistent cookies to remember any preferences you select, such as your location. Our service platforms, which we use to collect information from you and our clients, do not use third-party cookies. They may use first-party session cookies to track your use of the sites and first-party persistent cookies to remember any preferences you select, such as your location.

The major browsers have attempted to implement the draft “Do Not Track” (“DNT”) standard of the World Wide Web Consortium in their latest releases. As this standard has not been finalized, our sites are not compatible with DNT and so do not recognize DNT settings.

We use cookies for the following purposes:

  • Where strictly necessary. These cookies are essential in order to enable you to move around the site and use its features, such as accessing secure areas of the site. Without these cookies, services you have asked for, such as viewing certain areas of the site or using web forms, cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
  • Performance. These cookies collect information about how visitors use a site, for instance which pages visitors go to most often, and if they get error messages from web pages. They also allow us to record and count the number of visitors to the site, all of which enables us to see how visitors use the site in order to improve the way that our site works. These cookies do not collect information that identifies a person, as all information these cookies collect is anonymous and is used to improve how our site works.
  • Functionality. These cookies allow our site to remember choices you make (such as your language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customize. They may also be used to provide services you have requested such as viewing or commenting on content on the site. The information these cookies collect is usually anonymized.

Cookies may also be used to track usage and security of our secure platform. Information about your activity on our secure platforms is collected to ensure the integrity and security of our systems and data in our custody, and is used to audit system access and investigate suspicious activity. Collection of Personal Data for security purposes is done based on our legitimate interest and legal obligation to ensure Personal Data in our custody is protected. The following types of information, some of which may be Personal Data, are logged when you access our secure platforms:

  • IP address;
  • location;
  • login credentials for our systems;
  • dates, times, and length of session;
  • access to and modification of data;
  • browser type and version.

Please consult your web browser’s ‘Help’ documentation or visit www.aboutcookies.org for more information about how to turn cookies on and off for your browser.

GDPR and Privacy Shield Compliance

Scope

The following provisions apply to EU residents.

Purpose and effect

Your use of our service (“Service”) is voluntary. We must obtain Personal Data about you in order to provide you with certain features of the Service. By using our Service or requesting that we provide the Service to you, you agree to disclose certain of your Personal Data to us and you are authorizing us to use and disclose your Personal Data pursuant to the provisions of this Privacy Policy.

Your Personal Data

Personal Data will be processed lawfully, fairly, and transparently. Upon request, we will be clear and transparent about how your Personal Data is going to be processed, by whom, and why. Personal Data will be collected only for legitimate purposes, and it will be relevant and limited to that which is necessary. Provided that you communicate to us updated information, we will keep your Personal Data accurate and up to date. We will only store it for as long as is necessary, and we will ensure appropriate security, integrity, and confidentiality against unauthorized or accidental processing, loss, destruction, or damage.

In the event of any data breach, you will be notified without undue delay and, in no event, later than 72 hours of our discovery of the breach, including whether we believe there is any risk to your rights and freedoms, e.g., identity theft, personal safety. You may not be notified if the data breach is unlikely to result in any harm to you. In the event of a breach that we suspect may result in harm to you, you will be notified of: (1) a description of the data breach, including the numbers of data subjects affected and the categories of data affected; (2) the name and contact details of our privacy personnel; (3) the likely consequences of the data breach; and (4) any measures taken to remedy or mitigate the breach. We may be exempt from this enhanced notice requirement if the risk of harm is remote because the affected data are protected (e.g., through strong encryption), we have taken measures to protect against the harm (e.g., suspending affected accounts), or the notification requires disproportionate effort (in which case a public notice of the breach is required). We will keep records of all data breaches, including the facts and effect of the breach and remedial action taken. Credit card information is used solely for billing purposes, and is encrypted and transmitted securely for processing. 

When we are operating as a Processor, we will have a written agreement with each Controller, in which we commit to: (1) only act on Personal Data in accordance with the instructions of the Controller or the requirements of EU law or the national laws of EU member states; (2) impose confidentiality obligations on all personnel who process Personal Data; (3) ensure the security of Personal Data; (4) not appoint a sub-processor without the prior written consent of the Controller; (5) implement measures to assist the Controller in complying with the rights of Personal Data subjects; (6) assist the Controller in obtaining approval from EU regulatory authorities; (7) at the Controller's election, either return or destroy the Personal Data at the end of the relationship; and (8) provide the Controller with information necessary to demonstrate compliance with the GDPR.

Your Personal Data remains your property at all times, subject to the permissive uses granted hereunder.

How we use your Personal Data

When we are operating as a Controller, any Personal Data submitted to us through our app, website, or by other means will be used for the purposes specified in this policy above, including without limitation to the following:

  • administering our website, application, and business;
  • personalizing our website tools or databases for you;
  • enabling your use of the Services;
  • sending you software or software tools purchased through our app or website;
  • supplying Services to you;
  • sending statements, invoices, and payment reminders to you, and collecting payments from you;
  • sending you marketing or non-marketing communications;
  • sending you email notifications that you have specifically requested;
  • providing third parties with statistical information about our users (but those third parties will not be able to identify any
  • individual user from that information);
  • providing Personal Data to our Processor(s) for processing in accordance with our instructions;
  • dealing with inquiries and complaints made by or about you relating to our Services;
  • keeping our app and website secure and to prevent fraud;
  • verifying compliance with the terms and conditions governing the use of our Services; and
  • other uses, which may be added hereto.

If you submit Personal Data for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us. 

We will not, without your express consent, supply your Personal Data to any third party (other than our Controller or Processor, as the case may be) for direct marketing.

Storage, Objection, Correction, Erasure, Information

Personal Data will be stored by us, our Processor or Controller. Personal Data will be stored in a manner that ensures appropriate security, integrity, and confidentiality against unauthorized or accidental processing, loss, destruction, or damage. We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your Personal Data. We will store the Personal Data you provide on our secure (password and firewall-protected) servers. All electronic financial transactions entered into through our app or website will be protected by encryption. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping the password you use for accessing our app, services, or website confidential; we will not ask you for your password except when you log in to our website.

Personal Data will be stored in a format that allows for easy portability. Portability means your Personal Data will be stored in a manner that allows you to obtain and reuse your Personal Data for your own purpose by transferring it to a different environment. Upon your written request, you will be provided with the ability to access your Personal Data to verify its accuracy, download it in an easily-portable format, or obtain a copy of it. Personal Data that we process for any purpose shall not be kept for longer than is necessary for that purpose.

You have the right to object in writing to the processing of your Personal Data. If we receive your written objection, your Personal Data will not be processed, unless we demonstrate compelling and legitimate grounds for the processing that override your interests, rights, and freedoms, or we require the data to establish, exercise, or defend legal rights. You further have the right to object to the processing of your Personal Data for the purpose of direct marketing, including profiling. Where Personal Data are processed for scientific and historical research purposes or statistical purposes, you have the right to object, unless the processing is necessary for the performance of a task carried out for reasons of public interest. If you object to the processing of your Personal Data, you agree to the termination of the Services in the event that we determine, in our sole discretion, that we are unable to perform the Services due to your objection to the processing of your Personal Data. This objection right is given free of charge, although we may charge a reasonable fee for repetitive requests or manifestly unfounded or excessive requests for additional copies of information you request. You also have the right to object and prevent any decision that could have a legal or similarly significant effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable EU law, or is based on your explicit consent.

Upon termination of the Services for any reason, and upon your written request, your Personal Data may be erased. Or we may elect to have it anonymized. Additionally, you have the right at any time to demand that inaccurate or incomplete Personal Data are erased or rectified. You have the right of erasure if:

  • Personal Data are no longer needed for the original purpose and no new purpose exists;
  • the lawful basis for the processing is your consent, you withdraw that consent, and no other lawful ground exists;
  • you exercise your right to object and we have no overriding grounds for continuing the processing;
  • the Personal Data have been processed unlawfully; or
  • erasure is necessary for compliance with EU law or the law of a country bound by the terms of the GDPR. 

You have the right to obtain the following information:

  • confirmation of whether, and where, we are processing your Personal Data;
  • information about the purposes of the processing;
  • information about the categories of data being processed;
  • information about the categories of recipients with whom the Personal Data may be shared;
  • information about the period for which the Personal Data will be stored (or the criteria used to determine that period);
  • where the Personal Data were not collected from you, information as to the source of the Personal Data; and
  • information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you.

Upon your request for any of the above-referenced information, we will, within one month of receiving your written request, provide such requested information. In the event we fail to meet this deadline, you may complain to the governing Data Protection Authority in the EU and may seek a judicial remedy. In the event we receive a large number of requests, or complex requests, the time limit may be extended by a maximum of two additional months. You also have the right to bring a claim directly against the Processor (of not Lumina), although the Processor is liable for the damage caused by its processing activities only where it has: (1) not complied with obligations under the GDPR that are specifically directed to Processors; or (2) acted outside or contrary to lawful instructions of the Controller.

We will not refuse to give effect to your rights unless we cannot identify you through the use of reasonable efforts to verify your identity. Where we have reasonable doubts as to your identity, we may request the provision of additional information to confirm your identity.

You may restrict processing of your Personal Data, meaning the Personal Data may only be held by us, and may only be used for limited purposes, if the accuracy your Personal Data is contested (and only for as long as it takes to verify accuracy), the processing is unlawful and you request restriction (as opposed to exercising the right to erasure), we no longer need the Personal Data for their original purpose but the Personal Data are still required by us to defend legal rights, or verification of overriding grounds is pending in the context of an erasure request.

Disclosing your Personal Data

We may disclose your Personal Data to any of our employees, officers, insurers, professional advisers, agents, suppliers, subcontractors, and subsidiaries as reasonably necessary for the purposes set out in this Policy. We may disclose your Personal Data:

  • to the extent that we are required to do so by law;
  • in connection with any ongoing or prospective legal proceedings;
  • to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
  • to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
  • to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personal Data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personal Data.

Except as provided in this Policy, we will not provide your Personal Data to third parties.

International data transfers

Personal Data that we collect may be stored, processed in, and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy. Personal Data that we collect may be transferred to countries, including the United States, which do not have data protection laws equivalent to those in force in the European Economic Area. Personal Data transferred to the United States will comply with the Privacy Shield. Personal Data that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others. You expressly agree to the transfers of Personal Data described in this Section.

EU-US and Swiss-US Privacy Shield Framework

This policy incorporates all of the above with respect to GDPR compliance, and further applies to personal data from the European Union and from Switzerland that is collected, used, and retained in the United States. 

Lumina complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States, respectively. Lumina has certified (or such certification is pending) to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

Lumina is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with regard to the Privacy Shield Frameworks.

In compliance with the US-EU and Swiss-US Privacy Shield Principles, Lumina commits to resolve complaints about your privacy and our collection or use of your Personal Data. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact privacy@luminaanalytics.com.

Lumina has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

This Site is operated in the United States. If you are located in the European Union or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using our site or app, participating in any of our Services, or providing us with your information, you consent to this transfer.

Consent

By indicating your acceptance, you hereby accept all of the provisions of this Privacy Policy. Your acceptance indicates that you acknowledge that your consent to use your Personal Data for the purposes identified herein is freely given. Should you feel that this consent is in any way unclear or ambiguous, please contact our privacy personnel at the following address with any questions prior to your accepting the privacy policy: privacy@luminaanalytics.com. You further understand that use of the Services is expressly conditional on your consenting to processing activities described herein.

IN ACCORDANCE WITH THE ABOVE STATEMENT, YOU HEREBY ACKNOWLEDGE, UNDERSTAND, AND AGREE THAT, BY CLICKING THE “I AGREE” BUTTON, WHEN PRESENTED, YOU EXPRESSLY CONSENT TO THE USE OF YOUR PERSONAL DATA IN THE MANNER SET FORTH HEREIN.

Consent may be refused by not affirmatively acknowledging this Privacy Policy or otherwise using the Service. 

Consent Withdrawal

Consent may be withdrawn at any time by written notice to our privacy personnel at: privacy@luminaanalytics.com.