Published: April 22, 2019

Overview

The General Data Protection Regulation in effect in the European Union has introduced a new era of privacy rights for individuals in EU countries.

At LUMA, we believe protecting personal information is important for all people, no matter where they live or work.

We are committed to respecting the privacy rights of anyone for or from whom we collect, use and share personal information, and doing so in accordance with applicable law, including GDPR.

As a demonstration of our commitment, LUMA has earned certification under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, as administered by the U.S. Department of Commerce and approved by the European Commission. We are dedicated to complying with all applicable Privacy Shield Principles. Learn more about the Privacy Shield Frameworks and the Privacy Shield Principles.

Our Approach

LUMA acts as both a data controller and a data processor, depending on the different functions of our business and the products and services we provide to clients.

In consultation with legal counsel and technology and privacy rights experts, we are building privacy-by-design into our products and services, as well as our business practices, processes and policies.

As LUMA improves and develops our offerings, we are establishing GDPR requirements and privacy rights as core business requirements for any products and services we develop and launch into the marketplace.

LUMA works with vendors that provide important products or services we use in managing our business. In some cases, they act as data processors on our behalf and may, in turn, have data sub-processors for the products and services LUMA uses.

To ensure accountability throughout these relationships, LUMA has an on-going program of vendor reviews, including audits of their GDPR compliance. Where appropriate, we enter into data processing agreements, known as DPAs, to formalize vendors’ data privacy obligations to us and our customers.

For prospective new vendors, LUMA will conduct a thorough review of the organization’s terms and conditions, privacy policy, and approach to GDPR compliance. Where appropriate, we will require the vendor to enter into a DPA with us.

Engaging with us online

LUMA’s Privacy Policy explains how we collect and use the personal data of people who visit our company websites — luma-institute.com, lumaworkplace.com and resources.luma-institute.com.

The Privacy Policy also identifies the tracking technologies and third-party services we use to run and manage our websites so our visitors have clear information for choosing how to interact with us online.

On our websites, we offer tools that let users choose what personal information they share with us and manage that information and its uses going forward:

• The Individual rights manager gives visitors a way to request: (1) access to their personal data; (2) correction of personal data; and (3) deletion of their personal data.
• Cookie consent tools allow visitors to see what tracking cookies are used on our websites and set their individual preferences.
• Our direct marketing consent manager collects consent from anyone providing personal information to us so that we can follow up with information or assistance about our products and services.

Questions or comments

If you have questions about how LUMA supports data privacy and protection, including GDPR compliance, in client engagements, please contact us.

Please send questions or comments about LUMA’s Privacy Policy directly to our Privacy Compliance Officer at privacy@luma-institute.com.

Please check our Privacy Policy regularly for updates.