Lumina Omnibus Privacy Policy

Effective Date:  March 8, 2019

PRIVACY MISSION STATEMENT

Lumina Analytics, LLC (“Lumina,” “we,” “us”), is committed to the protection of the individual privacy rights and personally identifiable information (“Personal Data”) of our clients, applicants, employees, contractors, and third party users (“you,” “your”) of our products, websites, software, services and applications (“Services” or “Products”)

SCOPE OF POLICY

This privacy policy applies to the collection and processing of Personal Data that Lumina controls, processes, or collects from any person and by any means in the course of providing services to its clients and hiring its personnel. 

This privacy policy does not apply to that Lumina’s customers may use on their own websites, to other companies’ or organizations’ sites to which we link, or to companies that Lumina does not own or control, even if such companies are contractors or business partners of Lumina. 

Lumina may change this privacy policy at any time.  By continuing to access or use Lumina’s Services, you accept any changes or revisions to this Privacy Policy. 

BY AGREEING TO THE TERMS OF LUMINA’S PRIVACY POLICY, YOU ARE PROVIDING TO LUMINA YOUR FREE, INFORMED AND EXPRESS CONSENT FOR LUMINA TO COLLECT, CONTROL AND PROCESS (OR RETAIN A THIRD PARTY TO PROCESS) YOUR PERSONAL DATA FOR THE APPLICABLE FOLLOWING PURPOSES:

INFORMATION LUMINA COLLECTS AND HOW IT IS USED

Public Information

Lumina aggregates publicly available information from the Internet, such as websites, social media, blogs, news sources and anything else available publicly on the Internet (“Public Information”).  This Public Information may be made available to users and customers through Lumina’s products and services.  Lumina does not verify and cannot guarantee the accuracy of this Public Information. 

The Personal Data we collect from Public Information will depend on the scope of the services ordered by our client.  The majority of our Products only collects and processes the names of individuals and entities that clients provide us.  Lumina does not verify the identity of individuals or the accuracy of the information provided through our Products.  Sometimes, we may collect numerous elements of Personal Data, including without limitation photographs, addresses, and other information publically available.  We may be asked by our clients to verify your identity, or we may be required to do so to complete our services.  If so, we may collect ID cards or other documents from you or our client. We may request your sex or gender to verify your identity. Some clients wish to review sex offender registry data or other criminal records as part of their security program, so we may locate you there if you are listed. We may need to verify your identity based on your educational history. Some clients wish to check for presence on government watch or sanctions lists. Some clients wish to review litigation history in civil court. Some services require a place of birth to complete. Some clients wish to search various other public record sources for information. We may occasionally seek your feedback about your interactions with us to improve the quality of our service.

Personal Data may be used by our clients for security and/or screening before and during employment, in furtherance of volunteer or contractual relationships, in furtherance of security policies and procedures, security clearances, and to conduct due diligence research for investments, acquisitions, directorships, and other business relationships

To request that your Personal Data we obtained from Public Information be removed from Lumina’s databases and products, please email us at privacy@luminaanalytics.com. We cannot guarantee that such information will be removed.

Information You Provide.

We collect information that you voluntarily provide to us while using our Services, such as when you register an account, make a purchase of one of our products or services, respond to customer surveys, communicate with our customer service team, or apply for a job.    

Employees:

  • Personal Data collected may include an applicant’s or employee’s name, postal address, telephone number, email address, photograph, interests, skills, education history, employment history, date of birth, place of birth, address history, criminal records, police records, court records, drug test results, professional credentials, credit history, identity documents and numbers, appearance on government watch or sanctions lists, professional sanctions, nationality, citizenship or immigration status, sex or gender, referrals, race, ethnicity, sexual preference, minority status, hours worked, reasons for leave or tardiness, medical information, family information, disability information, marital status, transportation records, vehicle information, charitable donation information, professional development and education information, personal concerns or problems, loan information, wage garnishment information, banking information, network use, login/logout records, IP address, login credentials, file access, internet browsing, email activities, chat activities, telephone calls, home office information, mobile device information, voicemails, emergency contact information, survey results, exit interviews, biometric data, entry and exit records, video and audio recordings, medical screening, social and news media, interpersonal relationships, complaints, internal and external communications, computer and network activity, performance appraisals, and training records.
  • The purpose of Personal Data collection is for identification, relationship management, recruiting, selection, and screening (both pre-employment and ongoing), attendance, accommodation management, benefits management, payroll and tax management, data security, emergencies, feedback, improvement, physical security, health and safety, code of conduct enforcement, complaint resolution, protection of company brand and integrity, performance tracking, and quality management. 
  • Data collection and processing is necessary for Lumina to carry out its obligations and exercise specific rights in the field of employment and social security and social protection law, to fulfill legal obligations under employment law, to fulfill contractual obligations, to protect your and third parties’ vital interests, and to ensure the employer/employee relationship is harmonious with Lumina’s values and standards.

Marketing:

  • Personal Data collected may include your name, contact information, IP address, and location, and your activity while interacting with us on our websites, receiving our newsletters, attending our webinars, and the like.
  • Personal Data may be accessible to social media platforms, ad networks, analytics providers, communications providers, and IT service providers. We use these services to better understand the use of our marketing materials, advertise our services, and manage our technical infrastructure.
  • Personal Data will be used to identify users to enable us to provide services, including whether you need services and what type of services you may need. In most cases, we need to know how to get in touch with you. Personal Data that you voluntarily share with us may be placed into our customer relationship management database to ensure continuity of the relationship and institutional memory. We also may monitor some phone calls for quality assurance, training purposes, and to improve our services. Personal Data may also be used for tracking usage and security of web sites to identify users, respond to web inquiries, and to establish and manage relationships with clients, prospective clients, and consumers.
  • Some Personal Data is obtained by tracking information gathered as you navigate through our marketing web sites, review our email newsletters and other email messages, like or share content through social media, and enter information into our online contact forms. This Personal Data may be used to measure traffic patterns, assist us in setting marketing priorities, provide targeted advertising, identify and gather publicly available information about you and your employer to better target marketing and sales activities, and to provide you with information you may request from time to time.
  • We collect and process your Personal Data through our marketing web sites based on a legitimate business interest to market and sell our services with your consent, after which you can provide your Personal Data and receive our messages. Most information we collect through your use of our marketing web sites is only collected, stored, and used in anonymized, aggregate format, from which you cannot be identified. We may, however, collect your IP address, your location, and your web navigation activities, which may be considered Personal Data in some jurisdictions. When an advertisement or social media icon appears on one of our web pages, the platform that provides that content may be able to gather limited tracking information, such as your IP address, location, page views, and clicking behavior, through processes we don’t control. There is content on our marketing sites from the numerous providers, including without limitation Google Analytics and HubSpot, Google AdWords and LinkedIn, and others that we may use in the future. 
  • We collect a limited amount of Personal Data from our clients and prospective clients. We use such Personal Data to communicate about our services in general, either proactively or in response to an inquiry, and to communicate about our relationship with a client or about specific transactions.

Lumina S4 (See Something Say Something).

  • Contact information:  We use your contact information, such as your email address or phone number, to authenticate your account and keep it–and our services–secure, and to help prevent spam, fraud, and abuse. We also use contact information to personalize our services, enable certain account features (for example, for login verification), and to send you information about our services. We also use your contact information to provide services to our clients or to protect the safety and lives of you or others and to prevent crimes.  If you report a suspicious activity, your contact information, device location or ID number, IP address, or other geographic location may be provided to a third party with jurisdiction over the matter, such as a law enforcement agency or school/University.   If you do not wish for us to provide your personal information to a client, school or University, or law enforcement agency, please do not provide your personal information to us directly.  If you do not wish for us to provide your IP Address, device location, geo-location, or ID number to a client, law enforcement, or other authority with jurisdiction, do not use the application.   If you email us, we will keep the content of your message, your email address, and your contact information for as long as we deem necessary in our sole discretion.
  • Location information:  We require information about your signup and current location, which we get from signals such as your IP address or device settings, to securely and reliably set up and maintain your account and to provide our services to you and others.  Subject to your settings, we may collect, use, and store additional information about your location– such as your current precise position–to operate or personalize our services. We may provide this information to our clients in order to complete our services.  We also may provide this information to law enforcement, clients, third parties with jurisdiction, or schools/Universities for security purposes, crime prevention, or for the safety of you or others. 
  • Links:  If you click on an external link or ad on our services, that advertiser or website operator might figure out that you came from the App, along with other information associated with the ad you clicked such as characteristics of the audience it was intended to reach. They may also collect other personal data from you, such as cookie identifiers or your IP address.
  • Log data:  We receive information when you view content on or otherwise interact with the App, which we refer to as “Log Data,” even if you have not created an account. For example, when you sign into our services, use the App, or interact with our email notifications, we may receive information about you. This Log Data includes information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information (including device and application IDs), and cookie information. We use Log Data to operate our services and ensure their secure, reliable, and robust performance.  We may provide this information to third parties such as clients, law enforcement, schools/Universities, or other authorities with jurisdiction for security and safety purposes or to prevent harm to you or others. 
  • Laws, regulations, and public safety:  Notwithstanding anything to the contrary in this Privacy Policy or controls we may otherwise offer to you, we may preserve, use, or disclose your personal data if we believe that it is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to protect the safety or integrity of our platform, including to help prevent spam, abuse, or malicious actors on our services, or to explain why we have removed content or accounts from our services; to address fraud, security, or technical issues; or to protect our rights or property or the rights or property of those who use our services. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your personal data.

HOW INFORMATION LUMINA COLLECTS IS SHARED OR COMMUNICATED

Generally, Lumina communicates Personal Data when necessary to provide Services to our customers, or for security and safety reasons.  When we provide Services to a client, we may transmit Personal Data back to that client through our secure web platforms and occasionally by phone, email, fax, or mail.  In some circumstances we may communicate Personal Data to law enforcement agencies, schools, national security agencies, courts, or other public bodies in any jurisdiction where we are subject to the law, regardless of where personal information is stored.  If we receive a production order, warrant, subpoena, or other enforceable demand, we will comply as required by law. If we receive a request to provide Personal Data voluntarily, we will consider your interests, our business interests, the interests of our clients, public safety implications, and our legal obligations prior to deciding whether to communicate Personal Data. In any case where the Personal Data in question was collected from or on behalf of a client, we will consult with the client before proceeding unless prohibited by law. We may proactively communicate Personal Data to law enforcement or other third parties with jurisdiction if necessary to investigate or report a violation of the law or a contractual agreement, for the safety reasons, or if otherwise appropriate and permitted by law.

Where and when applicable, Personal Data may be disclosed to third parties for limited purposes such as to conduct security services. We may also need to provide information about you to outside parties, such as government agencies. We may also share your Personal Data with our business contacts and vendors including without limitation payroll providers, data storage and delivery providers, data centers, cloud providers, applicant tracking systems, recruiting systems, human resources information systems, IT support services, background screening and consumer reporting companies, court runners, drug testing labs, translation agencies, credit bureaus, benefits providers, healthcare providers, and financial institutions.

While most of our work is done by our employees or authorized personnel who access Personal Data directly from our systems and whose activities are under our direct control, we use third-party service providers for certain specialized tasks. These tasks include storage of data, information technology support, and certain marketing activities.

Usage of IP Addresses

Some Lumina products and services collect and use IP addresses to help clients and users detect and prevent risks and threats that could potentially be life threatening. Lumina does not collect additional personally identifying information associated with the IP Addresses it collects.   

TRANSFER OF PERSONAL DATA BETWEEN COUNTRIES

We store Personal Data in the US only. Our employees and contractors may temporarily access Personal Data through virtual desktop interfaces in numerous global jurisdictions. We also use service providers in various other countries, usually to collect or translate information from that a local service provider’s country or region. If your Personal Data is subject to European Union (EU) or Swiss law, it may be transferred outside of the EU or Switzerland based on the fact that relevant authorities have issued a decision that Personal Data will benefit from an adequate level of protection in the country to which it is transferred. This is the case for Canada and, under the EU-US and Swiss-US Privacy Shield Framework, the United States. In all cases, we ensure that appropriate safeguards are in place to ensure the protection of your Personal Data. By agreeing to the terms of this Privacy Policy, you are providing your consent for us to transfer Personal Data outside of the EU or Switzerland to the United States and/or Canada and allow us to carry out services for you or on behalf of a client.

THE EU-US & SWISS-US PRIVACY SHIELD FRAMEWORK

Lumina complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the EU and Switzerland to the United States (and Canada). Lumina has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. Lumina remains responsible for Personal Data that is communicated to third parties for processing. 

ACCURACY OF PERSONAL DATA

Much of the Personal Data we collect comes directly from you, in which case you are in control of its accuracy. Information that is found to be inaccurate, either through our own audits or following your request for correction, is updated as reasonably practicable.

REUSE OF PERSONAL DATA

We will not reuse Personal Data for a new purpose other than the original one(s) for which it was collected, unless the new use is compatible with the original one, we have notified you of the new use and given you an opportunity to object to it, or the new use is permitted or required by law.

CHOOSING HOW AND WHETHER WE CAN USE YOUR PERSONAL DATA

In most cases, providing your information to us is voluntary. The list below explains how to make choices about the collection and use of your Personal Data for various purposes, and the consequences of your choice not to provide any Personal Data. Whenever our legitimate basis for collecting and using Personal Data is your consent, you can withdraw or modify your consent for future collection or use of your Personal Data at any time.


Figure 1: Choices about collection and use of Personal Data you or our client’s provide


Purpose for collectionHow to exercise choiceConsequences
Our own tracking on our web sitesDo not use our web sites.You will not view our web content.
Third-party tracking on our web sitesActivate ad blocking functionality in your browser.You will not receive advertising that is tailored to your interests and activities.
Security and safety reasonsDo not fill out our client’s form(s), our forms, and/or do not use our services or applications.You may not be able to use our services, or you may not be eligible for certain transactions with our clients.
Sales and marketingAsk us not to contact you or opt out of certain mailing lists. If you are unsure of how to do so, contact us.You will not receive proactive sales and marketing communication from us, or those communications will be limited to those you have selected.
Employment with LuminaDo not fill out our form(s) or do not consent to our data collection.You may be ineligible for initial or continued employment by Lumina.



In some cases, providing your Personal Data is mandatory. For example, this is the case when we are required by law to collect Personal Data from our workers (such as for tax or workers’ compensation purposes), when the collection is necessary to fulfill our contract with you (such as for payroll purposes), and when we have determined that the collection is in our or our legitimate interest, and is done in accordance with your rights.

In other cases, we collect and process your Personal Data from Public Information and we provide that to clients or third parties for legitimate, vital and public safety reasons.  If you believe that information we have from Public Information is inaccurate, please contact us at privacy@luminaanalytics.com.

As discussed previously, Lumina may share information we have about you in our databases with our customers and third parties (including but not limited to Personal Data and IP geolocation data). If you want to opt-out of Lumina sharing your database information with our customers and third parties, please send your request to privacy@luminaanalytics.com or to the address set forth in the Notice section herein. This opt-out has several important qualifications:

(a) You will only be able to opt-out to the extent that we can identify information we have about you. It is possible that even after you opt-out our databases will contain some residual information about you.

(b)  Lumina will cease sharing your information in any databases created after your opt-out date. Our customers may continue to have access to legacy database information.

(c) Even if you do opt-out of having us share the information we have about you in our databases, Lumina must continue to gather, retain, use, and share such information for security and public safety purposes or contractual purposes with clients.

Data subjects in Europe have additional rights as set forth in the section entitled “GDPR” below.


COOKIES POLICY

Cookies are pieces of information shared between your web browser and a website. Cookies enable the website to collect information about your activities and provide you with a faster and easier experience. When you access our site, we ask for your consent to use cookies. There are different kinds of cookies with different functions:

  • Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. They usually store an anonymous session ID allowing you to browse a website without having to log in to each page. They do not collect any information from your computer.
  • Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser. The cookie can be read by the website that created it when you visit that website again.
  • First-party cookies: the function of this type of cookie is to retain your preferences for a particular website for the entity that owns that website. They are stored and sent between Lumina’s servers and your computer’s hard drive. They are not used for anything other than for personalization as set by you. These cookies may be either session or persistent cookies.

Third-party cookies: the function of this type of cookie is to retain your interaction with a particular website for an entity that does not own that website. They are stored and sent between the third party’s server and your computer’s hard drive. These cookies are usually persistent cookies.

Our marketing websites use session cookies to track your use of the sites and persistent cookies to remember any preferences you select, such as your location. Our service platforms, which we use to collect information from you and our clients, do not use third-party cookies. They may use first-party session cookies to track your use of the sites and first-party persistent cookies to remember any preferences you select, such as your location.

The major browsers have attempted to implement the draft “Do Not Track” (“DNT”) standard of the World Wide Web Consortium in their latest releases. As this standard has not been finalized, our sites are not compatible with DNT and so do not recognize DNT settings.

We use cookies for the following purposes:

  • Where strictly necessary. These cookies are essential in order to enable you to move around the site and use its features, such as accessing secure areas of the site. Without these cookies, services you have asked for, such as viewing certain areas of the site or using web forms, cannot be provided. These cookies do not gather information about you that could be used for marketing or remembering where you have been on the internet.
  • Performance. These cookies collect information about how visitors use a site, for instance which pages visitors go to most often, and if they get error messages from web pages. They also allow us to record and count the number of visitors to the site, all of which enables us to see how visitors use the site in order to improve the way that our site works. These cookies do not collect information that identifies a person, as all information these cookies collect is anonymous and is used to improve how our site works.
  • Functionality. These cookies allow our site to remember choices you make (such as your language or the region you are in) and provide enhanced features. These cookies can also be used to remember changes you have made to text size, font and other parts of web pages that you can customize. They may also be used to provide services you have requested such as viewing or commenting on content on the site. The information these cookies collect is usually anonymized.

Cookies may also be used to track usage and security of our secure platform. Information about your activity on our secure platforms is collected to ensure the integrity and security of our systems and data in our custody, and is used to audit system access and investigate suspicious activity. Collection of Personal Data for security purposes is done based on our legitimate interest and legal obligation to ensure Personal Data in our custody is protected. The following types of information, some of which may be Personal Data, are logged when you access our secure platforms:

  • IP address;
  • location;
  • login credentials for our systems;
  • dates, times, and length of session;
  • access to and modification of data;
  • browser type and version.

Please consult your web browser’s ‘Help’ documentation or visit www.aboutcookies.org for more information about how to turn cookies on and off for your browser.

CHILDREN’S PRIVACY

Lumina is directed to people who are at least 13 years old, and Lumina does not knowingly collect Personal Information from anyone under the age of 13. If You are aware that Lumina has collected Personal Information from someone under the age of 13, please alert Lumina at Privacy@luminaanalytics.com and the information will be removed from our system as soon as is reasonably possible.

Lumina does not knowingly aggregate or provide Public Information about people under the age of 13.   Some of Lumina’s technology and services may collect and process, and communicate to third parties Public Information about children between the ages of 13 and 18 because this Public Information originates from third-party social networking sites and websites that permit children who are 13 years and older to create public profiles. To remove any Lumina results, including a result that contains information about a person under the age of 13, contact us at  Privacy@luminaanalytics.com

PRIVACY SHIELD COMPLIANCE

International data transfers

Personal Data that we collect may be stored, processed in, and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy. Personal Data that we collect may be transferred to countries, including the United States, which do not have data protection laws equivalent to those in force in the European Economic Area. Personal Data transferred to the United States will comply with the Privacy Shield. Personal Data that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others. You expressly agree to the transfers of Personal Data described in this Section.

EU-US and Swiss-US Privacy Shield Framework

This policy applies to personal data from the European Union and from Switzerland that is collected, used, and retained in the United States. 

Lumina complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of Personal Data transferred from the European Union and Switzerland to the United States, respectively. Lumina has applied for certification to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/

Lumina is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) with regard to the Privacy Shield Frameworks.

In compliance with the US-EU and Swiss-US Privacy Shield Principles, Lumina commits to resolve complaints about your privacy and our collection or use of your Personal Data. European Union or Swiss individuals with inquiries or complaints regarding this privacy policy should first contact Lumina at:

Lumina Analytics, LLC

501 E. Kennedy Blvd, Ste 801

Tampa, FL, 33611

privacy@luminaanalytics.com

Lumina has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the European Union (EU) Data Protection Authorities, operated by the  United States Counsel for International Business (USCIB).  The USCIB is the American affiliate of the International Chamber of Commerce, the Business and Industry Advisory Committee to the OECD, and the International Organization of Employers, and has agreed to act as a trusted third party on behalf of the EU Data Protection Authorities.    If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.uscib.org/privacy-shield/ for more information and to file a complaint. The services of USCIB are provided at no cost to you.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

This Site is operated in the United States. If you are located in the European Union or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using our site or app, participating in any of our Services, or providing us with your information, you consent to this transfer.

U.S. Subsidiaries

Lumina’s wholly owned Subsidiaries, Lumina Employment Corp. and Lumina WE ApS, also adhere to the Privacy Shield Principals.

Choice

Individuals have the opportunity to make choices regarding certain Lumina Personal Data practices as provided in this Privacy Policy and in notices and other materials Lumina may provide to you in connection with Lumina’s services.  Individuals may contact Lumina at privacy@luminaanalytics.com or at Lumina Analytics, LLC 501 E. Kennedy Blvd., Ste. 801, Tampa, Florida, 33602.    Lumina will provide individuals with reasonable methods to exercise their choices. 

Lumina may disclose Personal Data without offering an opportunity to opt out (1) to service providers Lumina has retained to perform services on its behalf; (2) if it is required to do so by law or legal process, (3) to law enforcement or other government authorities, (4) when Lumina believes disclosure is necessary to prevent physical harm or financial loss, or (5) in connection with an investigation of suspected or actual illegal activity.  Lumina also reserves the right to transfer Personal Data in the event it sells or transfers all or a portion of its business or assets including in the event of a reorganization, dissolution, or liquidation).  Should such a sale or transfer occur, Lumina will use reasonable efforts to direct the transferee to use the Personal Data in a manner that is consistent with Lumina privacy policies.

Onward Transfer Accountability

Lumina may share Personal Data with non-affiliated parties as indicated in the “Choice” section above.  Lumina also may share Personal Data as specified in notices and other materials Lumina may provide to personnel or others in connection with Lumina’s services.  Except as permitted or required by applicable law, Lumina will obtain assurances from employees and vendors that they will safeguard Personal Data consistent with our Privacy Policy.  Lumina will take all steps in accordance with the Privacy Policy to prevent, contain, or stop disclosure contrary to such entity’s confidentiality obligations.

Enforcement

Lumina will use its best commercial efforts to ensure that compliance with this Privacy Policy is maintained and that the Privacy Policy is accurate, comprehensive, and continues to conform to applicable law.  

GDPR

Scope

The following provisions apply to European Union (EU) residents. We are based in the U.S. and the information we collect is governed by U.S. law.  We do not knowingly collect or process Personal Data of EU residents.   

Purpose and effect

Your use of our services (“Service”) is voluntary. We must obtain Personal Data about you in order to provide you with certain features of the Service. By using our Service or requesting that we provide the Service to you, you agree to disclose certain of your Personal Data to us and you are authorizing us to use and disclose your Personal Data pursuant to the provisions of this Privacy Policy.

CONTROLLING AND PROCESSING DATA

The controlling and processing of your Personal Data may be subject to the General Data Protection Regulations (“GDPR”) if you are a resident of the European Union. As defined therein, a “Controller” is a person or entity that determines the purposes and means of the processing of Personal Data, while a “Processor” merely stores, maintains, and processes data on behalf of a Controller, but does not decide which items of Personal Data are stored or how Personal Data is used. Depending upon the services provided by Lumina, Lumina may be considered to be a Controller or Processor in various circumstances. 

Whether as Controller or Processor, we will adhere to the provisions in this privacy policy. Generally, Personal Data will be processed lawfully, fairly, and transparently. Upon request, we will be clear and transparent about how your Personal Data is going to be processed, by whom, and why. Personal Data will be collected only for specific legitimate purposes, and it will be relevant and limited to that which is necessary for the purpose. Provided that you communicate to us updated information, we will keep your Personal Data accurate and up to date. We will only store your Personal Data for so long as is necessary for the purpose, and we will ensure appropriate security, integrity, and confidentiality against unauthorized or accidental processing, loss, destruction, and damage.

TYPES OF PERSONAL DATA

The GDPR identifies two types of Personal Data: regular and “special categories” of Personal Data. Regular Personal Data includes a person’s name, address, email address, photo, IP address, location data, online behavior (cookies), and profiling and analytics data. Special categories of Personal Data includes race, religion, political opinions, trade union membership, sexual orientation, health information, biometric data, and genetic data.

The GDPR expressly prohibits the processing of the above special categories of Personal Data without the explicit consent of the subject of the Personal Data, or, absent such consent, where processing is necessary in certain limited circumstances, including without limitation: 

  • for the purposes of carrying out obligations and exercising specific rights of the Controller or of the subject of the Personal Data in the field of employment, social security, and social protection law;
  • where the Personal Data at issue has manifestly been made public by the subject;
  • for the establishment, exercise, or defense of legal claims or whenever courts are acting in their judicial capacity;
  • for reasons of substantial public interest under EU law;
  • for certain, limited healthcare and public health purposes; and
  • for certain, limited archival purposes for scientific and historical research in the public interest.

COLLECTION OF PERSONAL DATA

Lumina collects Personal Data, whether as a Controller or Processor, for a number of legitimate business reasons. When we collect Personal Data for our safety and security Services, our client is the Controller under the GDPR and is responsible for determining which Personal Data we collect and how we use it, establishing a legitimate basis to collect and process Personal Data, ensuring that the collection and processing complies with applicable law, ensuring that you are notified of the collection and processing of your Personal Data, and that you have consented thereto, in accordance with applicable law, and complying with any legal obligations it may have as the Controller.

Lumina has a compelling and legitimate interest to use the information absent your consent or otherwise to protect against security threats, other exemptions, or where disclosure is legally compelled. Generally, most Personal Data is retained only for as long as necessary for its intended purpose. Certain information must be kept to comply with legal obligations under local employment and tax laws. Notwithstanding the foregoing, Lumina may otherwise maintain and retain Personal Data in accordance with the procedures outlined below.

Lumina relies upon the following lawful grounds to collect and use your Personal Data:

  1. It is necessary for the performance of a contract; or
  2. Your consent; or
  3. Lumina’s or a third party’s legitimate interests, vital interests, or for the public’s interest, including but not limited to, public safety, the safety of an individual’s life or limb, national security, prevention of fraud, and identity verification, or on behalf of a government authority acting lawful. 

Your Personal Data

Personal Data will be processed lawfully, fairly, and transparently. Upon request, we will be clear and transparent about how your Personal Data is going to be processed, by whom, and why. Personal Data will be collected only for legitimate purposes, and it will be relevant and limited to that which is necessary. Provided that you communicate to us updated information, we will keep your Personal Data accurate and up to date. We will only store it for as long as is necessary, and we will ensure appropriate security, integrity, and confidentiality against unauthorized or accidental processing, loss, destruction, or damage.

In the event of any data breach, you will be notified without undue delay and, in no event, later than 72 hours of our discovery of the breach, including whether we believe there is any risk to your rights and freedoms, e.g., identity theft, personal safety. You may not be notified if the data breach is unlikely to result in any harm to you. In the event of a breach that we suspect may result in harm to you, you will be notified of: (1) a description of the data breach, including the numbers of data subjects affected and the categories of data affected; (2) the name and contact details of our privacy personnel; (3) the likely consequences of the data breach; and (4) any measures taken to remedy or mitigate the breach. We may be exempt from this enhanced notice requirement if the risk of harm is remote because the affected data are protected (e.g., through strong encryption), we have taken measures to protect against the harm (e.g., suspending affected accounts), or the notification requires disproportionate effort (in which case a public notice of the breach is required). We will keep records of all data breaches, including the facts and effect of the breach and remedial action taken. Credit card information is used solely for billing purposes, and is encrypted and transmitted securely for processing. 

When we are operating as a Processor, we will have a written agreement with each Controller, in which we commit to: (1) only act on Personal Data in accordance with the instructions of the Controller or the requirements of EU law or the national laws of EU member states; (2) impose confidentiality obligations on all personnel who process Personal Data; (3) ensure the security of Personal Data; (4) not appoint a sub-processor without the prior written consent of the Controller; (5) implement measures to assist the Controller in complying with the rights of Personal Data subjects; (6) assist the Controller in obtaining approval from EU regulatory authorities; (7) at the Controller’s election, either return or destroy the Personal Data at the end of the relationship; and (8) provide the Controller with information necessary to demonstrate compliance with the GDPR.

Your Personal Data remains your property at all times, subject to the permissive uses granted hereunder.

How we use your Personal Data

When we are operating as a Controller, any Personal Data submitted to us through our app, website, or by other means will be used for the purposes specified in this policy above, including without limitation to the following:

  • administering our website, application, and business;
  • personalizing our website tools or databases for you;
  • enabling your use of the Services;
  • sending you software or software tools purchased through our app or website;
  • supplying Services to you;
  • sending statements, invoices, and payment reminders to you, and collecting payments from you;
  • sending you marketing or non-marketing communications;
  • sending you email notifications that you have specifically requested;
  • providing third parties with statistical information about our users (but those third parties will not be able to identify any
  • individual user from that information);
  • providing Personal Data to our Processor(s) for processing in accordance with our instructions;
  • dealing with inquiries and complaints made by or about you relating to our Services;
  • keeping our app and website secure and to prevent fraud;
  • verifying compliance with the terms and conditions governing the use of our Services; and
  • other uses, which may be added hereto.

If you submit Personal Data for publication on our website, we will publish and otherwise use that information in accordance with the license you grant to us. 

We will not, without your express consent, supply your Personal Data to any third party (other than our Controller or Processor, as the case may be) for direct marketing.

Storage, Objection, Correction, Erasure, Information

Personal Data will be stored by us, our Processor or Controller. Personal Data will be stored in a manner that ensures appropriate security, integrity, and confidentiality against unauthorized or accidental processing, loss, destruction, or damage. We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your Personal Data. We will store the Personal Data you provide on our secure (password and firewall-protected) servers. All electronic financial transactions entered into through our app or website will be protected by encryption. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping the password you use for accessing our app, services, or website confidential; we will not ask you for your password except when you log in to our website.

Personal Data will be stored in a format that allows for easy portability. Portability means your Personal Data will be stored in a manner that allows you to obtain and reuse your Personal Data for your own purpose by transferring it to a different environment. Upon your written request, you will be provided with the ability to access your Personal Data to verify its accuracy, download it in an easily-portable format, or obtain a copy of it. Personal Data that we process for any purpose shall not be kept for longer than is necessary for that purpose.

You have the right to object in writing to the processing of your Personal Data. If we receive your written objection, your Personal Data will not be processed, unless we demonstrate compelling and legitimate grounds for the processing that override your interests, rights, and freedoms, or we require the data to establish, exercise, or defend legal rights. You further have the right to object to the processing of your Personal Data for the purpose of direct marketing, including profiling. Where Personal Data are processed for scientific and historical research purposes or statistical purposes, you have the right to object, unless the processing is necessary for the performance of a task carried out for reasons of public interest. If you object to the processing of your Personal Data, you agree to the termination of the Services in the event that we determine, in our sole discretion, that we are unable to perform the Services due to your objection to the processing of your Personal Data. This objection right is given free of charge, although we may charge a reasonable fee for repetitive requests or manifestly unfounded or excessive requests for additional copies of information you request. You also have the right to object and prevent any decision that could have a legal or similarly significant effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable EU law, or is based on your explicit consent.

Upon termination of the Services for any reason, and upon your written request, your Personal Data may be erased. Or we may elect to have it anonymized. Additionally, you have the right at any time to demand that inaccurate or incomplete Personal Data are erased or rectified. You have the right of erasure if:

  • Personal Data are no longer needed for the original purpose and no new purpose exists;
  • the lawful basis for the processing is your consent, you withdraw that consent, and no other lawful ground exists;
  • you exercise your right to object and we have no overriding grounds for continuing the processing;
  • the Personal Data have been processed unlawfully; or
  • erasure is necessary for compliance with EU law or the law of a country bound by the terms of the GDPR. 

You have the right to obtain the following information:

  • confirmation of whether, and where, we are processing your Personal Data;
  • information about the purposes of the processing;
  • information about the categories of data being processed;
  • information about the categories of recipients with whom the Personal Data may be shared;
  • information about the period for which the Personal Data will be stored (or the criteria used to determine that period);
  • where the Personal Data were not collected from you, information as to the source of the Personal Data; and
  • information about the existence of, and an explanation of the logic involved in, any automated processing that has a significant effect on you.

Upon your request for any of the above-referenced information, we will, within one month of receiving your written request, provide such requested information. In the event we fail to meet this deadline, you may complain to the governing Data Protection Authority in the EU and may seek a judicial remedy. In the event we receive a large number of requests, or complex requests, the time limit may be extended by a maximum of two additional months. You also have the right to bring a claim directly against the Processor (of not Lumina), although the Processor is liable for the damage caused by its processing activities only where it has: (1) not complied with obligations under the GDPR that are specifically directed to Processors; or (2) acted outside or contrary to lawful instructions of the Controller.

We will not refuse to give effect to your rights unless we cannot identify you through the use of reasonable efforts to verify your identity. Where we have reasonable doubts as to your identity, we may request the provision of additional information to confirm your identity.

You may restrict processing of your Personal Data, meaning the Personal Data may only be held by us, and may only be used for limited purposes, if the accuracy your Personal Data is contested (and only for as long as it takes to verify accuracy), the processing is unlawful and you request restriction (as opposed to exercising the right to erasure), we no longer need the Personal Data for their original purpose but the Personal Data are still required by us to defend legal rights, or verification of overriding grounds is pending in the context of an erasure request.

Disclosing your Personal Data

We may disclose your Personal Data to any of our employees, officers, insurers, professional advisers, agents, suppliers, subcontractors, clients and subsidiaries as reasonably necessary for the purposes set out in this Policy. We may disclose your Personal Data:

  • to the extent that we are required to do so by law;
  • in connection with any ongoing or prospective legal proceedings;
  • to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
  • to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
  • to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personal Data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personal Data.
  • For public safety reasons, or for the security and safety of you or third parties.
  • To clients with legitimate business interests
  • To authorities with appropriate jurisdiction who are using the Personal Data for lawful reasons. 

Except as provided in this Policy, we will not provide your Personal Data to third parties.

Consent

By indicating your acceptance, you hereby accept all of the provisions of this Privacy Policy. Your acceptance indicates that you acknowledge that your consent to use your Personal Data for the purposes identified herein is freely given. Should you feel that this consent is in any way unclear or ambiguous, please contact our privacy personnel at the following address with any questions prior to your accepting the privacy policy: privacy@luminaanalytics.com. You further understand that use of the Services is expressly conditional on your consenting to processing activities described herein.

IN ACCORDANCE WITH THE ABOVE STATEMENT, YOU HEREBY ACKNOWLEDGE, UNDERSTAND, AND AGREE THAT, BY CLICKING THE “I AGREE” BUTTON, WHEN PRESENTED, YOU EXPRESSLY CONSENT TO THE USE OF YOUR PERSONAL DATA IN THE MANNER SET FORTH HEREIN.

Consent may be refused by not affirmatively acknowledging this Privacy Policy or otherwise using the Service. 

Consent Withdrawal

Consent may be withdrawn at any time by written notice to our privacy personnel at: privacy@luminaanalytics.com.