Compliance and Ethics

LumApps Privacy & Data Protection Statement

Data Protection is of the utmost importance to us. And we know that trust is central when communicating with your employees.

We built this page in the form of a series of Q&A to present to you how Privacy and Data Protection principles will apply to the use of our platform.

1. What is LumApps’role when providing its services?

When providing our services we process personal data on behalf of our clients. Our clients have the control over the personal data that is integrated in the platform. We only process personal data to provide the services and in accordance with clear written instructions of our clients as detailed in the Data Processing Agreement (DPA).

2. Which Categories of Data Are Processed by LumApps?

We collect and process the data that our clients decide to use with our services. This information may contain the name, title, email address, photos, videos of clients’ employees.

3. How Does LumApps Use This Personal Data?

We process the personal data described above to carry out our obligations arising from any contracts entered between our clients and us. We don’t sell or use such data for marketing or commercial purposes.

4. How long is data retained?

We keep data only as long as it is necessary to provide our services.

5. How We Share Information Collected?

Only the authorized employees at LumApps process and store the data. We don’t communicate the data to any other entity, except to our third party providers (listed here) that carry out processing activities on such data and enabling us to provide our services.

In this case, our security and legal teams review the security standards and contractual obligations of these third party providers before LumApps engages new vendors. We also request them, by way of a contract, to provide sufficient guarantees that the appropriate technical and organizational measures are implemented in such a manner that the processing shall meet the requirement of the applicable law.

International data transfers after the Schrems II case

In light of the decision by the European Court of Justice in the so-called ‘Schrems II case’, we’d like to highlight that we have concluded standard model clauses with all of our non-EU subprocessors. Despite the invalidation of the EU-US Privacy Shield, the standard model clauses approved by the European Commission remain a valid transfer mechanism. More information about our subprocessors, the hosting location of relevant data and the applicability of the standard model clauses can be found on our subprocessor page.

We will continue to closely follow the European Data Protection Board’s and other relevant authorities’ recommendations related to the Schrems II case going forward.

6. How have we engaged in complying with the laws?

We implement reasonable and appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the data processed.

Our obligations are set out in the Data Protection Attachment which the clients can access at any time on this page. For more detailed information on our security measures please visit this page.

7. Do We Have a Data Protection Officer (DPO)?

Yes, we have appointed a DPO to oversee our privacy and data protection compliance. Our DPO is always reachable at privacy@lumapps.com.

8. Do we have a Data Breach Response?

Our support, security, and legal teams will make sure any data breach involving personal data will be handled with the greatest care. We have set up data breach response plans to promptly and effectively identify, solve, and mitigate incidents that involve personal data of our clients.

9. Do We Have a Training and Privacy Awareness Program?

Within LumApps’ Legal & Compliance team we have privacy experts with knowledge of and experience with both EU, UK, and US data protection laws.

For all of our employees, we provide annual online training as well as frequent security awareness updates about recent security risks. Those training are mandatory for all staff to fulfil.

All developers at LumApps have regular security training to be up-to-date for common security risks in development, as well as the data privacy of our client’s data.

All employees and contractors agree to comply with defined security policies, which include confidentiality, data privacy, and incident reporting.

Ethics

At Lumapps we are committed to promoting and complying with the highest legal, security and ethical standards.

We have established a Code of Conduct providing an overview of the standards in which we expect all our staff members to operate.

This Code of Conduct is available upon request.