General Data Protection Regulation (en)

LumApps Compliance with GDPR

Within the framework of the services and the services which we offer our customers, we identified the data we need:

  1. Authentication Data: email address. Password (for precise purposes such as the authentication)
  2. Directory Data: first name, last name, title, position (if need for organization chart). Location (if necessary). An ID interns.
  3. The Data summarized from the G SUITE profile

All these data are collected for precise purposes, and are kept only for the duration required for the service, thus we define shelf-life according to our services:

  1. The user’s KPIs on the use of LUMAPPS are kept 3 months and are then anonymized.
  2. All the user’s Data are deleted when the user is deleted.

LUMAPPS: How do we respond to the GDPR? (the data used)

We implement the protection of personal Data from conception, by defining for example the collection and the conservation of the traces of consent. We also take into account the portability of the data by the possible export of the data users by our APIs. The users are notified that we use their personal data when they log in for the first time. We are therefore at your disposal “End User Licence Agreement.”

In accordance with the regulations, users can:

  • Modify personal data (directory)
  • Make the request to export their personal data to support@lumapps.com. Eventually, users can export their personal data themselves through LumApps.
In accordance with the regulations, Lumapps has planned various modules of purge to allow the controllers of data (the customer) to choose the type of suppression according to its own charter user:
  • Deletion of all user data suppression
  • Deletion of data from the directory, anonymization of other data (posts, KPIs, Gamification).

LUMAPPS: How do we respond to the GDPR ? (the data protection)

To meet your challenges, we have defined a “security” framework:

    • Training and sensitization of our staff on the issues of data protection and security: we have at your disposal the register of training for our staff.
    • Confidentiality agreement of our staff and contractors

Google Cloud infrastructure compliant with GDPR requirements (Google Infrastructure Security Design and Google Cloud Platform)

  • Encryption of our databases: we use Google Encryption.
  • Anonymization of Data not necessary for treatments
  • Enhanced access management (systematic and periodic reviews): sharing Privacy policy
  • Audits of our subcontractors
  • Surveillance and detection of possible weaknesses
  • Deletion of personal data in accordance with European regulations
  • Secure development taking into account good security practices and the protection of personal data (anonymous or fictitious test data)
  • Implementation of processes with our customers for escalation or incidents
  • Security certification process

LUMAPPS: How do we respond to the GDPR? (our commitments)

Our commitments:

    • We process only the Data which are entrusted to us for precise and defined purposes
    • We act on instruction of our customers
    • We guarantee the confidentiality and the integrity of the data
      Our subcontractors are required to respect the obligations and instructions of our customers
    • We collaborate with our customers so that they can answer their obligations in particular in term of exercising the rights of concerned people or carrying out impact analysis
    • We ensure the security of entrusted Data
    • We are committed to implementing the reversibility of entrusted data
    • We formalize and give to our customers all the necessary documentation to demonstrate the respect for our obligations
    • We guarantee that the levels and access rights granted to LumApps employees depend on their position and role. The employees only have access to information that is essential to perform their duties.

LUMAPPS: How do we respond to the GDPR? (our commitments)

Our commitments

  • We will provide each client with a description of the purpose for the processing we do on personal Data:
    • Authentication
    • KPIs (Roadmap)
    • Gamification (Roadmap)
    • Machine learning
  • This description contains for each data:
    • Storage life
    • Recipients or categories of recipients

    The customer’s obligations with GDPR

    Customers: your obligations regarding GDPR?

    • The LUMAPPS customers are responsible for controlling the personal data they provide to LUMAPPS as part of their use of services. The Data controllers define the purpose of personal data and how it is processed.
    • The Customers are responsible for the control of the data. They are responsible for putting in place appropriate technical and organizational measures to guarantee and prove that the data are processed according to the GDPR. Their obligations concern the principles of legality, fairness, transparency, restriction of purpose, minimization and accuracy of data as well as respect for the rights of the people concerned about their data.