LUMA Institute Privacy Policy
Effective Date: Nov 3, 2022
This Privacy Policy (this “Policy”) applies to our information website www.luma-institute.com and our service website www.lumaworkplace.com (collectively, the “Service”). The Service is owned and operated by LUMA Institute (“LUMA,” “we” or “us”). This Policy describes how LUMA collects, uses, shares and secures the personal information you provide. It also describes your choices regarding the use, access and correction of your personal information.
Notice
This notice under LUMA’s Privacy Policy is to inform you that LUMA has been acquired by Tactivos, Inc. dba MURAL, a Delaware corporation (the “Transaction”), making LUMA a wholly owned subsidiary of MURAL. MURAL, a collaborative intelligence company, is already a service provider to LUMA. Following the transaction, you can expect to still receive the same great service from the experienced LUMA team, and we will continue to share personal information with MURAL to deliver the LUMA services to you. We may also need to share personal information with MURAL for purposes in connection with the Transaction. If you would like to receive more information about MURAL, please visit: https://www.mural.co/collaborative-intelligence
Information We Collect
When you register for or use one of our services, send us an email, chat with us or activate your account, we collect, use and maintain the personal information you give us, such as your name, organization and position, address, email address, and registration and participation information. If you purchase goods, services or a subscription from us, we also collect your payment information such as your credit card number. We use this information to establish and maintain your account, create your user profile, improve our customer service to you and generally, process payments, communicate with you about your account, and, if you choose to receive them, send you emails about LUMA news, upcoming events and special offers. We share your personal information only under the limited circumstances described below.
Passive Collection
As is true of most websites, we gather certain information automatically. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We use this information to analyze trends in the aggregate and administer the site.
Tracking Technologies
We and our partners use cookies or similar technologies to analyze trends, administer and improve the website and our partners’ services, track users’ movements around the website, and to gather demographic information about our user base as a whole. You can set or adjust your cookie preferences by following the applicable link on our homepage, which identifies individual cookies by function and source, and where you decide whether to allow or disallow cookies based on function. You can also control the use of cookies at the individual browser level. Either way, please note that if you choose to limit or disable cookies, your use of certain features or functions of the Service may be limited or unavailable.
Regarding advertising in particular, we partner with a third party to manage our advertising on other sites. Our third party partner may use cookies or similar tracking technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising click here https://optout.aboutads.info or if located in the European Union click here http://www.youronlinechoices.eu/. Please note that you may continue to receive generic ads.
User Data Supplementation
We may receive information about you from other sources, including publicly available databases or third parties from whom we have purchased data, and combine this data with information we already have about you. This helps us to update, expand and analyze our records, identify new customers, and provide products and services that may be of interest to you. If you provide us personal information about others, or if others give us your information, we will only use that information for the specific reason for which it was provided to us.
Examples of the types of personal information that may be obtained from public sources or purchased from third parties and combined with information we already have about you may include: Address information about you from third party sources, such as the U.S. Postal Service, to verify your address so we can properly ship your order to you and to prevent fraud; and/or marketing data that is combined with information we already have about you, to create more tailored advertising and products.
Sharing with Service Providers
We use service providers to help us provide and support the Service or certain features of the Service. These include cloud hosting and service providers, customer support and reporting providers and customer-relationship management and communication services providers. We share information with these companies in order to enable them to provide their services to us and to you. These companies are authorized to use your personal information only as necessary to provide these services to us. We also use data analytics services from third parties to help us understand how visitors use our site and to improve our services. For example, we use Google Analytics to measure and analyze Service usage. You can read more about how Google uses such data at www.google.com/policies/privacy/partners/
When you navigate or are redirected to a third-party’s website, your activities and information will be governed by the terms and policies of such third-party.
LUMA’s Service Providers
LUMA utilizes the following service providers (e.g. sub-processors) in the delivery of LUMA’s digital offerings. A service provider is an external service or provider that is enlisted by LUMA to deliver our services to end users. As part of that service delivery, LUMA may be required to share personal information collected about you with these providers to deliver our services.
Sub-processor | Purpose | Country |
---|---|---|
Amazon Web Services (AWS) | Infrastructure as a service | USA |
AskNicely | Customer engagement (NPS) | USA |
Course Merchant | E-commerce platform | USA |
Dropbox | File storage | USA |
Eventbrite | E-commerce platform | USA |
FullStory | Customer support and product usage research | USA |
Google Drive | File storage | USA |
Hootsuite | Social media | Canada |
Intercom | Customer engagement | USA |
Mailchimp | Email marketing and marketing automation | USA |
Microsoft Teams | Video conferencing and training delivery | USA |
Mode Analytics | Application usage analytics and reports | USA |
Moodle | LMS Platform hosting provider | USA |
MURAL | Digital Workspace | USA |
Netsuite | Customer ERP Platform | USA |
PayEezy | eCommerce Payments | USA |
Recurly | eCommerce Payments | USA |
Segment | Platform usage analytics | USA |
Shipstation | Physical product shipping | USA |
WebEx Training | Video conferencing and training delivery | USA |
Zendesk | Customer support ticketing and knowledge base | USA |
Zoom | Video conferencing and training delivery | USA |
Please contact LUMA for more details regarding sub-processors related to a specific LUMA product or service, including sub-processors utilized to deliver services that do not process PII. LUMA Workplace has a SOC 2 Type 2 report available upon request.
Legal Notice
We may disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. If we are involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your consent.
Email or Newsletter Preferences
You may sign up to receive emails about our content, new products and services, and other updates. If you would like to discontinue receiving this information, you may update your email preferences by using the “Unsubscribe” link found in the emails we send to you or at your member profile on our website or by contacting us at privacy@luma-institute.com.
Basis for Use; Consent
Most of the data collection and uses described in this Policy are required in order for you to be able to use the Service pursuant to our Terms of Service or other written agreement between you or your organization and us. For example, if you have a paid account, your payment information is required in order for us to be able to process your payment. If you do not agree with such uses, you may not be able to use the Service. Some of the data collection and uses described in this Policy are not strictly necessary for us to provide the Service, but are related, and our basis for such collection and use is for legitimate interests we may have, such as to analyze and improve the Service, or to market our products and services. You may object to or, in some cases, opt out of, such collection and processing, and we will address your objection or opt-out request promptly. Finally, some of the data collection and uses are optional, and our basis for such collection and use is your consent. Where that is the case, we always give you a choice, and you may use the Service even if you have not provided consent (or if you withdraw your consent) to the particular use. By activating your account or browsing our content on our website, you acknowledge that you understand our data collection and use practices, and you consent to our collection and use of the optional information described above for the purposes described in this Policy or in our Terms of Service or other written agreement between you or your organization and us. We may ask you for permission to use your personal information for other purposes, in which case we will provide you with an opportunity to say no. We are not in the business of selling personal information to third parties, and we will not use your name in marketing statements without your permission. You may withdraw your consent for us to contact you for purposes other than those relating to your account at any time by contacting us at the email or mail addresses below. You may also withdraw your consent for us to contact you generally and for the continued collection, use or disclosure of your information by terminating your account and refraining from visiting our site.
Security
The security of your personal information is important to us. We take reasonable technical and organizational precautions to protect your personal information from unauthorized or unlawful use and against accidental loss, destruction or damage. We also follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. You acknowledge, however, that no method of transmission over the Internet or electronic storage is fully secure. If you have any questions about the security of your personal information, you can contact us at privacy@luma-institute.com.
Access; Other Rights; Data Retention
Upon reasonable request, we will provide you with information about any of your personal information in our possession, and you may view, correct, or request deletion of your personal information. You may use the Individual Rights button in the Questions and Contact Information section, or send your request to privacy@luma-institute.com. We will respond to your request within a reasonable timeframe. In most cases, LUMA has no direct relationship with the individuals whose personal data it processes. If you are a customer of one of our clients and would no longer like to be contacted by that client, please contact the client directly.
You may have additional rights under applicable data protection laws, including the EU General Data Protection Regulation. For example, you may have the right to lodge a complaint with the data protection supervisory authority in your country. You may also have the right to request access to and rectification or erasure of personal information or restriction of processing of your personal information, or to object to processing, as well as the right to data portability.
We respect the privacy rights of all of our users. The use of information collected through our Service shall be limited to the purposes set forth in this Policy or in our Terms of Service or other written agreement between you or your organization and us, which include providing the products and services for which we have been engaged.
We may transfer personal information to companies that help us provide our Service, as described in this Policy, our Terms of Service, or other written agreement between you or your organization and us. Transfers of information to third parties are covered by our service agreements with such third parties.
We will retain personal data we process on behalf of any of our clients for as long as needed to provide services to such client. We will retain such personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Age of Consent
We do not knowingly collect personal information from minors without a written agreement. By using this site, you represent that you are at least the age of majority in your state or province of residence. If you or your organization wish to use the Service or any LUMA content in connection with activities involving minors, such as applying our methodologies in a school, you must enter into a special, written agreement with us specifying the terms of such use.
Notice to Non-U.S. Residents; EU-U.S. Privacy Shield
Our production servers, service providers, and routine backups are located in the U.S. If you are located outside of the U.S., please be aware that any information provided to us, including personal information, will be transferred from your country to the U.S. Except in the case of data transfers under the EU-U.S. Privacy Shield Framework or the Swiss-U.S. Privacy Shield Framework (collectively, the “Privacy Shield Frameworks”), your decision to provide such data to us, or to allow us to collect such data through the Service, constitutes your consent to this data transfer. The Privacy Shield Frameworks (and the Privacy Shield Principles reflected in them) govern the collection, transfer, use and retention of personal information transferred from EU member countries and Iceland, Liechtenstein, Norway and Switzerland to the US.
LUMA Institute complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland, as applicable to the United States in reliance on Privacy Shield. LUMA Institute has certified to the Department of Commerce that it adheres to the Privacy Shield Principles with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/list.
LUMA Institute is responsible for the processing of personal data it receives under each Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, LUMA is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, LUMA may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection and use of your personal information. We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution provider located in the U.S.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. Under certain conditions, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted. For more information, please visit the Privacy Shield website at https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint. In the event that we appoint a representative in your country or region, such as an EU representative, we may direct inquiries from you or the applicable data protection supervisory authority to our representative, as applicable and appropriate.
Changes to This Policy
We may update this Policy to reflect changes to our information practices or applicable law. If we make any material changes, we will notify you by means of a notice on this website prior to the change becoming effective. Please periodically review this page for the latest information on our privacy practices.
Questions and Contact Information
If you have questions or comments about this Policy, please contact our Privacy Compliance Officer by email at privacy@luma-institute.com or by conventional mail at:
LUMA Institute LLC
Attn: Privacy Compliance Officer
500 Grant St.
Suite 2900
Pittsburgh, PA 15219
Finally, you have the right to lodge a complaint with the data protection authority in your jurisdiction.
General Data Protection Regulation (GDPR) – European Representative
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), LUMA Institute LLC has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
- by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
- by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
UK General Data Protection Regulation (GDPR) – UK Representative
Pursuant to Article 27 of the UK GDPR, LUMA Institute LLC has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
- by using EDPO’s online request form: https://edpo.com/uk-gdpr-data-request/
- by writing to EDPO UK at 8 Northumberland Avenue, London WC2N 5BY, United Kingdom