Effective Date: April 23, 2021
Information We Collect
When you register for or use one of our services, send us an email, chat with us or activate your account, we collect, use and maintain the personal information you give us, such as your name, organization and position, address, email address, and registration and participation information. If you purchase goods, services or a subscription from us, we also collect your payment information such as your credit card number. We use this information to establish and maintain your account, create your user profile, improve our customer service to you and generally, process payments, communicate with you about your account, and, if you choose to receive them, send you emails about LUMA news, upcoming events and special offers. We share your personal information only under the limited circumstances described below.
As is true of most websites, we gather certain information automatically. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We use this information to analyze trends in the aggregate and administer the site.
User Data Supplementation
We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you may include: Address information about you from third party sources, such as the U.S. Postal Service, to verify your address so we can properly ship your order to you and to prevent fraud; and/or marketing data that is combined with information we already have about you, to create more tailored advertising and products.
Sharing with Service Providers
We use service providers to help us provide and support the Service or certain features of the Service. These include cloud hosting and service providers, customer support and reporting providers and customer-relationship management and communication services providers. We share information with these companies in order to enable them to provide their services to us and to you. These companies are authorized to use your personal information only as necessary to provide these services to us. We also use data analytics services from third parties to help us understand how visitors use our site and to improve our services. For example, we use Google Analytics to measure and analyze Service usage. You can read more about how Google uses such data at www.google.com/policies/privacy/partners/
When you navigate or are redirected to a third-party’s website, your activities and information will be governed by the terms and policies of such third-party.
LUMA’s Service Providers
LUMA utilizes the following service providers (e.g. sub-processors) in the delivery of LUMA’s digital offerings. A service provider is an external service or provider that is enlisted by LUMA to deliver our services to end users. As part of that service delivery, LUMA may be required to share personal information collected about you with these providers to deliver our services.
Please contact LUMA for more details regarding sub-processors related to a specific LUMA product or service, including sub-processors utilized to deliver services that do not process PII. LUMA Workplace has a SOC 2 Type 2 report available upon request.
We may disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your consent.
Email or Newsletter Preferences
You may sign up to receive emails about our content, new products and services, and other updates. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in the emails we send to you or at your member profile on our website or by contacting us at email@example.com.
Basis for Use; Consent
Most of the data collection and uses described in this Policy are required in order for you to be able to use the Service pursuant to our Terms of Service or other written agreement between you or your organization and us. For example, if you have a paid account, your payment information is required in order for us to be able to process your payment. If you do not agree with such uses, you may not be able to use the Service. Some of the data collection and uses described in this Policy are not strictly necessary for us to provide the Service, but are related, and our basis for such collection and use is for legitimate interests we may have, such as to analyze and improve the Service, or to market our products and services. You may object to or, in some cases, opt out of, such collection and processing, and we will address your objection or opt-out request promptly. Finally, some of the data collection and uses are optional, and our basis for such collection and use is your consent. Where that is the case, we always give you a choice, and you may use the Service even if you have not provided consent (or if you withdraw your consent) to the particular use. By activating your account or browsing our content on our website, you acknowledge that you understand our data collection and use practices, and you consent to our collection and use of the optional information described above for the purposes described in this Policy or in our Terms of Service or other written agreement between you or your organization and us. We may ask you for permission to use your personal information for other purposes, in which case we will provide you with an opportunity to say no. We are not in the business of selling personal information to third parties, and we will not use your name in marketing statements without your permission. You may withdraw your consent for us to contact you for purposes other than those relating to your account at any time by contacting us at the email or mail addresses below. You may also withdraw your consent for us to contact you generally and for the continued collection, use or disclosure of your information by terminating your account and refraining from visiting our site.
The security of your personal information is important to us. We take reasonable technical and organizational precautions to protect your personal information from unauthorized or unlawful use and against accidental loss, destruction or damage. We also follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. You acknowledge, however, that no method of transmission over the Internet or electronic storage is fully secure. If you have any questions about the security of your personal information, you can contact us at firstname.lastname@example.org.
Access; Other Rights; Data Retention
Upon reasonable request, we will provide you with information about any of your personal information in our possession, and you may view, correct, or request deletion of your personal information. You may use the Individual Rights button in the Questions and Contact Information section, or send your request to email@example.com. We will respond to your request within a reasonable timeframe. In most cases, LUMA has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our clients and would no longer like to be contacted by that client, please contact the client directly.
You may have additional rights under applicable data protection laws, including the EU General Data Protection Regulation. For example, you may have the right to lodge a complaint with the data protection supervisory authority in your country. You may also have the right to request access to and rectification or erasure of personal information or restriction of processing of your personal information, or to object to processing, as well as the right to data portability.
We respect the privacy rights of all of our users. The use of information collected through our Service shall be limited to the purposes set forth in this Policy or in our Terms of Service or other written agreement between you or your organization and us, which include providing the products and services for which we have been engaged.
We may transfer personal information to companies that help us provide our Service, as described in this Policy, our Terms of Service, or other written agreement between you or your organization and us. Transfers of information to third parties are covered by our service agreements with such third parties.
We will retain personal data we process on behalf of any of our clients for as long as needed to provide services to such client. We will retain such personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Age of Consent
We do not knowingly collect personal information from minors without a written agreement. By using this site, you represent that you are at least the age of majority in your state or province of residence. If you or your organization wish to use the Service or any LUMA content in connection with activities involving minors, such as applying our methodologies in a school, you must enter into a special, written agreement with us specifying the terms of such use.
Notice to Non-U.S. Residents; EU-U.S. Privacy Shield
Our production servers, service providers, and routine backups are located in the U.S. If you are located outside of the U.S., please be aware that any information provided to us, including personal information, will be transferred from your country to the U.S. Except in the case of data transfers under the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework (collectively, the “Privacy Shield Frameworks”), your decision to provide such data to us, or to allow us to collect such data through the Service, constitutes your consent to this data transfer. The Privacy Shield Frameworks (and the Privacy Shield Principles reflected in them) govern the collection, transfer, use and retention of personal information transferred from EU member countries and Iceland, Liechtenstein, Norway and Switzerland to the US.
LUMA Institute is responsible for the processing of personal data it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, LUMA is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, LUMA may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection and use of your personal information. We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution provider located in the U.S.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. For more information, please visit the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint. In the event that we appoint a representative in your country or region, such as an EU representative, we may direct inquiries from you or the applicable data protection supervisory authority to our representative, as applicable and appropriate.
Changes to This Policy
We may update this Policy to reflect changes to our information practices or applicable law. If we make any material changes, we will notify you by means of a notice on this website prior to the change becoming effective. Please periodically review this page for the latest information on our privacy practices.
Questions and Contact Information
If you have questions or comments about this Policy, please contact our Privacy Compliance Officer by email at firstname.lastname@example.org or by conventional mail at:
LUMA Institute LLC
Attn: Privacy Compliance Officer
500 Grant St.
Pittsburgh, PA 15219
LUMA Institute has also appointed DataRep as their Data Protection Representative in the European Union so that you can contact them directly in your home country. DataRep has locations in each of the 27 EU countries and the UK. If you want to raise a question to LUMA Institute, or otherwise exercise your rights in respect of your personal data, you may also do so by contacting DataRep online at https://www.datarep.com/data-request or by mailing your inquiry to DataRep at their most convenient mailing address. Please ensure your request is addressed to ‘DataRep’. United Kingdom: DataRep, BPM 335368, 372 Old Street, EC1V 9AU, London, United Kingdom