Effective Date: March 8, 2019
Last Modified: September 28, 2022
Lumina Analytics, LLC (“Lumina,” “we,” “us,” or “our”), is committed to the protection of the individual privacy rights and personally identifiable information (“Personal Data”) of our customers, users, applicants, employees, contractors, and third party users (“you,” “your”) of our products, software, services and applications (“Services” or “Products”), and www.luminaanalytics.com (the “Website”).
SCOPE OF POLICY
INFORMATION LUMINA COLLECTS AND HOW IT IS USED
Public Information Collected in Connection With The Services.
Lumina Services include functionality that aggregates publicly available information from the Internet, such as websites, social media, blogs, news sources and anything else available publicly on the Internet (“Public Information”). This Public Information may be made available to our customers and our customer’s users of Lumina’s products and services. Lumina does not independently verify and cannot guarantee the accuracy of the aggregated Public Information.
Pursuant to our terms of the Services, any information that is retrieved by a customer or a customer’s user in connection with their use of the Services, including any Personal Data, must only be used in compliance with all applicable laws, rules, regulations, treaties, and conventions. Common uses for our Services include security and/or screening before and during employment, in furtherance of volunteer or contractual relationships, in furtherance of security policies and procedures, security clearances, and to conduct due diligence research for investments, acquisitions, directorships, and other business relationships.
Information You Provide to Us.
We collect information that our customers or our customers’ users voluntarily provide to us while using our Services, such as when a customer or a user registers for an account, makes a purchase of one of our Products or Services, responds to customer surveys, communicates with our customer service team, or when an individual applies for a job to work with Lumina.
Current and Prospective Lumina Employees:
- Personal Data collected from current or prospective Lumina employees include an applicant’s or employee’s name, postal address, telephone number, email address, photograph, interests, skills, education history, employment history, date of birth, place of birth, address history, criminal records, police records, court records, drug test results, professional credentials, credit history, identity documents and numbers, appearance on government watch or sanctions lists, professional sanctions, nationality, citizenship or immigration status, sex or gender, referrals, race, ethnicity, sexual preference, minority status, hours worked, reasons for leave or tardiness, medical information, family information, disability information, marital status, transportation records, vehicle information, charitable donation information, professional development and education information, personal concerns or problems, loan information, wage garnishment information, banking information, network use, login/logout records, IP address, login credentials, file access, internet browsing, email activities, chat activities, telephone calls, home office information, mobile device information, voicemails, emergency contact information, survey results, exit interviews, biometric data, entry and exit records, video and audio recordings, medical screening, social and news media, interpersonal relationships, complaints, internal and external communications, computer and network activity, performance appraisals, and training records.
- We use the Personal Data we collect from current and prospective Lumina employees for identification, relationship management, recruiting, selection, and screening (both pre-employment and ongoing), attendance, accommodation management, benefits management, payroll and tax management, data security, emergencies, feedback, improvement, physical security, health and safety, code of conduct enforcement, complaint resolution, protection of company brand and integrity, performance tracking, and quality management.
- Data collection and processing of Personal Data from current and prospective Lumina employees is necessary for Lumina to carry out its obligations and exercise specific rights in the field of employment and social security and social protection law, to fulfill legal obligations under employment law, to fulfill contractual obligations, to protect your and third parties’ vital interests, and to ensure the employer/employee relationship is harmonious with Lumina’s values and standards.
- When you opt-in to receive our newsletters, or attend our webinars, we will collect Personal Data including your name, email address, mailing address, and telephone number for purposes of enrolling you to receive the newsletter or to view the webinar, consistent with your particular request. You may opt-out of receiving our newsletter or any other promotional or marketing communications from us at any time by following the instructions to unsubscribe from our mailing list, which is provided at the bottom of each such communication from us.
- In connection with authenticating users into the Website for use of the Services, we utilize cookies and collect Personal Data from you including your login credentials, which we use to authenticate you as a valid user and to grant you access to the Services. We also use this Personal Data to verify compliance with our terms and conditions governing the use of our Services, and to monitor, detect, and prevent against fraud on our App and Website.
- If you contact us to request a consultation, we request your first name, last name, email address, phone number, company name, industry, and whatever details you want to include in your message to us, which we use to respond to your inquiry. The information you voluntarily share with us is entered into and stored in our customer relationship management database to ensure continuity of the relationship and institutional memory of our contact with you. We use this information to send you information and materials you request from us or that are required in connection with a sales transaction, including statements, invoices, payment reminders, and payment receipts. We will also use such Personal Data to communicate with you about a specific transaction to the extent you request customer support.
- If you choose to comment on a blog posting on our Website, we will collect any comment you provide, which we use to post to the Website and is available for others to see.
Lumina S4 (See Something Say Something).
- Contact information: We collect and use your basic device information (which is also Personal Data), such as the International Mobile Equipment Identity (IMEI) number, device type, and internet protocol address for the device that you use if you choose to report an incident through our App (collectively, “Basic Device Information”). When you report an incident, we will collect: (i) information regarding the type of incident, (ii) a description of the incident, (iii) the date and time the incident occurred, (iv) where the incident occurred, which utilizes your geographic location with your consent, (v) any online resources that may be relevant to the incident, including a web address (“Basic Incident Information”). You have the option to choose to share the incident posting with the community and to grant permission to be contacted about the incident by adding your telephone number or email address (“Incident Contact Information”). You have the option to: (a) add people to your incident, including the name of a person or a general description, (b) provide information about any relevant vehicle that is relevant to an incident, including the make, model and license plate of such vehicle, and (c) upload media such as images, videos, and sounds to an incident if you so choose (collectively, “Detailed Incident Information”). Certain features of the App require registration. If you desire to see incidents near your location or desire to use the App in connection with an Event that sponsors use of the App, you will be asked to register for an account. If you choose to register for an account, we will collect your first name, last name, email address, phone number, and desired password (collectively, “Registration Information”). When you choose to see incidents near you, we will use your geographic location, with your consent, to show incidents near you. If you choose to use our App in connection with attending an event, then you will be able to submit incident reports after authenticating yourself at an event with the applicable event QR code.
We use your Registration Information to create and authenticate your account each time you login to the App with your email address and password. We take commercially reasonable efforts to keep your Registration Information—and our Services—secure, and to help prevent spam, fraud, and abuse. We use Registration Information to personalize our Services, enable certain account features (for example, for login verification), and to send you information about our Services, to the extent you opt-in to receive such messages. We also use your Basic Device Information, Registration Information, Basic Incident Information, Incident Contact Information and Detailed Incident Information, to the extent you provide each of the foregoing, to provide Services to you, our customers and their users or to protect the safety and lives of you or others and to prevent crimes. If you report a suspicious activity or other incident, your Basic Device Information, Basic Incident Information, Registration Information, and Incident Contact Information will be provided to a third party with jurisdiction over the matter, such as a law enforcement agency or school/university. If you do not wish for us to provide your personal information to a customer, school or University, or law enforcement agency, please do not provide your personal information to us directly. If you do not wish for us to provide your IP address, device location, geographic location, or ID number to a customer, law enforcement, or other authority with jurisdiction, do not use the mobile application. If you email us, we will keep the content of your message, your email address, and your contact information for as long as we deem necessary in our sole discretion.
- Location information: In connection with your use of certain features of the App and Services, we require information about you as outlined in the foregoing section and, with your consent, your current geographic location, which we get from signals such as your IP address or device settings, to securely and reliably set up and maintain your account and to provide our Services to you and, where applicable, third parties such as in a circumstance where we must provide information to a third party with jurisdiction over the matter. Subject to your consent, we will also collect, use, and store additional information about your location— such as your current precise position—to operate or personalize our Services on the App. We will provide this information to our customer in order to complete our Services. For example, if your report concerns a customer company, we would provide information about your report to the customer and, where applicable, we also provide this information to law enforcement, third parties with jurisdiction, or schools/Universities for security purposes, crime prevention, or for the safety of you or others.
- Hyperlinks: If you click on an external link or advertisement on our Services, that advertiser or website operator might be able to determine that you came from the App, along with other information associated with the advertisement that you clicked on such as demographic characteristics of the audience it reached. Those third parties may also collect other personal data from you, such as cookie identifiers or your IP address. Please consult the privacy policies of any linked website or advertisement. We have no liability or responsibility for any content, information, business practices, or privacy policies of any third party website or advertisement.
- Log data: We receive information when you view content on or otherwise interact with the App, which we refer to as “Log Data,” even if you have not created an account. For example, when you sign into our Services, use the App, or interact with our email notifications, we receive information about you. This Log Data includes information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information (including device and application IDs), and cookie information. We use Log Data to operate our services and ensure their secure, reliable, and robust performance. We may provide this information to third parties such as clients, law enforcement, schools/Universities, or other authorities with jurisdiction for security and safety purposes or to prevent harm to you or others.
- Session cookies: these are only stored on your computer during your web session. They are automatically deleted when the browser is closed. These cookies store an anonymous session ID allowing you to browse a website without having to log in to each page.
- Persistent cookies: a persistent cookie is one stored as a file on your computer, and it remains there when you close your web browser until it expires or you delete it. The cookie is read by the website that created it when you visit that website again.
- First-party cookies: these are cookies deployed by us and the function of this type of cookie is to retain your preferences for a particular web page on our Website. These cookies may be either session or persistent cookies.
- Third-party cookies: these are cookies deployed by third party service providers, such as analytics providers, advertising networks, and social media platforms and the function of these types of cookie is to collect information about your interaction with a particular website or websites, including our Website, which the third party utilizes in connection with the services they provide to us. These cookies are sent by the third party’s server to your computer’s hard drive.
As noted above, our first party cookies are used by our Website to remember your preferences while browsing the Website. Our Website also utilizes third-party cookies, which are used by our third party service providers to collect information. This information includes your internet protocol address, computing device type, operating system, browser type, language preference, geographical region, web history, the amount of time you spent browsing web pages on our Website, and demographic information, such as gender, and age. Where a particular page visit can be linked to a company, we receive information about the company. All of the foregoing information is provided to us on an aggregated basis, which means we are unable to link any of the information back to an identifiable person. This information is provided to us by our analytics services providers, such as Google Analytics, Power My Analytics, and netfactor. The Website also uses pixel technologies from social network providers. This pixel technology allows us to place targeted advertisements on social media that are displayed to you while you browse such social media networks such as Facebook, Twitter, or LinkedIn. We use the foregoing information, in aggregated form, to assess the effectiveness of our marketing materials, to plan our marketing strategy and priorities, to identify the most popular content and functionality on our Website, to identify and troubleshoot network traffic issues, to optimize and improve your browsing experience by identifying the computing device and internet browser types most often used to visit our Website, to combat and prevent fraud, malicious, and criminal activity on our Website, and to identify individuals and entities that might have an interest in purchasing our Services.
For more information about Google Analytics and choices you have regarding your information, please visit: https://tools.google.com/dlpage/gaoptout. You may also consult your web browser’s ‘Help’ documentation or visit www.aboutcookies.org for more information about how to turn cookies on and off for your browser. Please note that by disabling or rejecting cookies, not all functionality on the Website may work properly for you.
We utilize a third party marketing communications provider who distributes our newsletter to those who enroll to receive such communications. In connection with those services, our third party service provider provides us with analytics regarding recipient interactions with the newsletter content, which we utilize to gauge the effectiveness of our marketing content.
In connection with your use of our services, which are made available on our secure platform, we collect information about your activity on the secure platform to ensure the integrity and security of our systems and data in our custody, and we use this information to audit system access and investigate suspicious activity. Collection of Personal Data for security purposes is done based on our legitimate interest and legal obligation to ensure Personal Data in our custody is protected. The following types of information, some of which may be Personal Data, are logged when you access our secure platforms:
- IP address;
- login credentials for our systems;
- dates, times, and length of session;
- access to and modification of data; and
- browser type and version.
“Do Not Track” (“DNT”) Signals
Many internet web browsers have attempted to implement the draft “Do Not Track” (“DNT”) standard of the World Wide Web Consortium in their latest releases. As this standard has not been finalized, our sites are not compatible with DNT and so do not recognize DNT settings.
HOW INFORMATION LUMINA COLLECTS IS SHARED OR COMMUNICATED
- Lumina communicates Personal Data contained in search results when necessary to provide Services to our customers, or for security and safety reasons in connection with use of the Services.
- When we provide Services to a customer, we transmit Personal Data, including search results, back to that customer through our secure web platforms and occasionally by phone, email, fax, or mail.
- Where appropriate in connection with use of the App or our discovery of a suspicious IP address, under circumstances involving health, human safety, or criminal activity, we communicate Personal Data to law enforcement agencies, schools, national security agencies, courts, or other public bodies in any jurisdiction where we are subject to the law.
- If we receive a production order, warrant, subpoena, or other enforceable demand, we will comply as required by law.
- If we receive a request to provide Personal Data voluntarily, we will consider your interests, our business interests, the interests of our clients, public safety implications, and our legal obligations prior to deciding whether to communicate Personal Data. In any case where the Personal Data in question was collected from or on behalf of a customer, we will consult with the customer before proceeding unless prohibited by law.
- We reserve the right to proactively communicate Personal Data to law enforcement or other third parties with jurisdiction if necessary to investigate or report a violation of the law or a contractual agreement, for safety reasons, to exercise or defend our legal rights, and if otherwise appropriate and permitted by law.
- In connection with administering our Website and Services and making them available to you, Personal Data is disclosed to third parties, such as government agencies, business contacts, and third party service providers who provide services directly to Lumina, including data storage and hosting, email, delivery services, IT, applicant tracking, employee recruiting, background screening, consumer reporting, messenger, drug testing, and translation services providers, credit bureaus, and financial institutions.
- Personal Data of Lumina employees are disclosed to payroll, human resources, benefits, and healthcare service providers, who provide services to Lumina as required by law and in accordance with Lumina’s employment procedures.
CALIFORNIA SPECIFIC DISCLOSURES
California residents are entitled to certain disclosures in accordance with California law. Please follow this link for more information.
CHOOSING HOW AND WHETHER WE CAN USE YOUR PERSONAL DATA
Figure 1: Choices about collection and use of Personal Data you or our client’s provide:
|Purpose for collection||How to exercise choice||Consequences|
|Our own tracking on our websites.||Do not use our websites.||You will not view our web content.|
|Security and safety reasons.||Do not fill out our client’s form(s), our forms, and/or do not use our services or applications.||You may not be able to use our services, or you may not be eligible for certain transactions with our clients.|
|Sales and marketing.||Don’t opt-in to receive certain mailings from us, if unsure of how to do so, contact us.||You will not receive proactive sales and marketing communication from us, or those communications will be limited to those you have selected.|
|Employment with Lumina.||Do not fill out our form(s) or do not consent to our data collection.||You may be ineligible for initial or continued employment by Lumina.|
In other cases, we collect and process your Personal Data from Public Information and we provide that to customers or third parties (each, a data controller), for whom we act as a processor, and such controller is contractually required to maintain a lawful basis for the processing, such as by consent, contract, a legal obligation for which the controller is subject, to protect the vital interests of the data subject or of another natural person, the performance of a task carried out in the public interest or the exercise of official authority vested in the controller, or a legitimate interest of the controller.
As discussed previously, Lumina will share information we have about you in our databases with our customers and third parties (including but not limited to Personal Data, IP address, and geolocation data), to the extent relevant to a customer’s use of the Services. If you want to request deletion of your information in our database, please consult the section below regarding Your Choices Over the Information We Have About You. Data subjects in Europe have additional rights as set forth in the section entitled “GDPR” below.
Storage, Objection, Correction, Erasure, Information
Personal Data will be stored by us, or our service provider (a processor). We will use our best efforts (and will cause our service providers to do the same) to maintain appropriate security, integrity and confidentiality over Personal Data that we store so as to prevent unauthorized or accidental processing, loss, destruction, or damage. We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your Personal Data. We store the Personal Data you provide on our secure (password and firewall-protected) servers. All electronic financial transactions entered into through our app or website will be protected by encryption. You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping the password you use for accessing our app, services, or website confidential; we will not ask you for your password except when you log in to our Website.
YOUR CHOICES OVER THE INFORMATION WE HAVE ABOUT YOU
If you would like to update, suppress, delete, or access the Personal Data we maintain on you, please contact us at [email protected] and please describe your request to us with your name and email address so that we may fulfill your request, to the extent we are not otherwise required to retain such Personal Data pursuant to applicable law.
Lumina is directed to people who are at least 13 years old, and Lumina does not knowingly collect Personal Information from anyone under the age of 13. If You are aware that Lumina has collected Personal Information from someone under the age of 13, please alert Lumina at Privacy©luminaanalytics.com and the information will be removed from our system as soon as is reasonably possible.
Lumina does not knowingly aggregate or provide Public Information about people under the age of 13. Some of Lumina’s technology and services may collect and process, and communicate to third parties Public Information about children between the ages of 13 and 18 because this Public Information originates from third-party social networking sites and websites that permit children who are 13 years and older to create public profiles. To remove any Lumina results, including a result that contains information about a person under the age of 13, contact us at Privacy©luminaanalytics.com
The following provisions apply to European Union (EU) data subjects. We are based in the U.S. and the information we collect is governed by U.S. law. Every effort is undertaken in our contracts with our customers to ensure that we are not provided or otherwise receive any Personal Data that is subject to the General Data Protection Regulation (Regulation (EU) 2016/679). We do not knowingly collect or process Personal Data of EU data subject.
Purpose and effect
Identity of the Controller
Under circumstances where we act as the Controller, the Controller is:
Lumina Analytics, LLC
101 E. Kennedy Blvd, Ste 2330
Tampa, FL, 33602
CONTROLLING AND PROCESSING DATA
The controlling and processing of your Personal Data may be subject to the General Data Protection Regulations (“GDPR”) if you are located within the European Union. As defined therein, a “Controller” is a person or entity that determines the purposes and means of the processing of Personal Data, while a “Processor” is the person or entity that processes the Personal Data on behalf of a Controller. “Processing” is any operation or set of operations performed on Personal Data, such as collection, recording, structuring, storing, and transmission. Depending upon the Services provided by Lumina, Lumina may be considered to be a Controller or Processor. For example, in connection with providing access to the App to a customer’s user, we are a controller with respect to the user’s Personal Data collected in connection with establishing the user’s account for access to the Services. When processing Personal Data as part of the Services, such as in response to running a search for Public Information, we act as a processor.
TYPES OF PERSONAL DATA
The GDPR identifies two types of Personal Data: regular and “special categories” of Personal Data. Regular Personal Data includes information such as a person’s name, address, email address, photo, IP address, location data, online behavior (cookies), and profiling and analytics data. Special categories of Personal Data include race, religion, political opinions, trade union membership, sexual orientation, health information, biometric data, and genetic data.
The GDPR expressly prohibits the processing of the above special categories of Personal Data without the explicit consent of the subject of the Personal Data, or, absent such consent, where processing is necessary in certain limited circumstances, including without limitation:
- for the purposes of carrying out obligations and exercising specific rights of the Controller or of the subject of the Personal Data in the field of employment, social security, and social protection law;
- where the Personal Data at issue has manifestly been made public by the subject;
- for the establishment, exercise, or defense of legal claims or whenever courts are acting in their judicial capacity;
- for reasons of substantial public interest under EU law;
- for certain, limited healthcare and public health purposes; and
- for certain, limited archival purposes for scientific and historical research in the public interest.
BASIS FOR PROCESSING PERSONAL DATA
In addition to the foregoing, Lumina maintains a legitimate interest to process the information in connection with the Services to protect against security threats, or where disclosure is legally compelled. Processing of Personal Data under some circumstances, in connection with our customers’ use of the App, is also necessary to protect the vital interests of the data subject or another natural person where public safety or grave personal danger is involved. Except as otherwise required to comply with legal and regulatory obligations, Personal Data is only retained for as long as necessary to achieve the intended purpose for collection.
How we use your Personal Data
EU Data Subject – Data Rights
You have the right to exercise the data rights set forth herein to the data controller.
Right of Data Portability
Personal Data will be stored in a format that allows for data portability. Portability means your Personal Data will be stored in a manner that allows you to obtain a copy of the Personal Data we have on you for purposes of enabling you to transfer it to a different environment. Upon your written request, you will be provided with the ability to access your Personal Data to verify its accuracy, or to download it in an easily-portable format. Personal Data that we process for any purpose shall not be kept for longer than is necessary to achieve that purpose, except where we are required to retain such Personal Data to in accordance with a legal or regulatory obligation imposed on us.
Right to Object
You have the right to object to the processing of your Personal Data, which you may do in writing to us. You have the right to object on grounds relating to your particular situation, to processing which is based on the public interest or exercise of official authority vested in the Controller, or processing that is necessary for the purposes of the legitimate interests pursued by the Controller or by a third party or profiling that is grounded in either basis. If we receive your written objection, your Personal Data will not be processed, unless we demonstrate compelling and legitimate grounds for the processing that override your interests, rights, and freedoms, or we require the data to establish, exercise, or defend legal claims. You further have the right to object to the processing of your Personal Data for the purpose of direct marketing, including profiling. Where Personal Data are processed for scientific and historical research purposes or statistical purposes, you have the right to object, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
If you object to the processing of your Personal Data, you agree to the termination of the Services in the event that we determine, in our sole discretion, that we are unable to perform the Services due to your objection to the processing of your Personal Data. This objection right is given free of charge, although we may charge a reasonable fee for repetitive requests or manifestly unfounded or excessive requests for additional copies of information you request. You also have the right to object and prevent any decision that could have a legal or similarly significant effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable EU law, or is based on your explicit consent.
Right to Erasure
Upon termination of the Services for any reason, and upon your written request, your Personal Data will be erased so long as it meets the criteria below:
- Your Personal Data is no longer needed for the original purpose;
- the lawful basis for the processing of your Personal Data was your consent, which such consent you are withdrawing, and no other lawful ground exists;
- you exercise your right to object and we have no overriding grounds for continuing the processing;
- the Personal Data have been processed unlawfully; or
- erasure is necessary for compliance with EU law or the law of a country bound by the terms of the GDPR.
Right to Rectification
You have the right at any time to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you.
Right to Access
You have the right to obtain the following information from the data controller:
- confirmation of whether or not Personal Data concerning the data subject is being processed, and where this is the case:
- information about the purposes of the processing;
- the categories of Personal Data concerned;
- the recipients or the categories of recipients with whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations;
- where possible, the anticipated period for which the Personal Data will be stored (or the criteria used to determine that period);
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject, or to object to such processing;
- the right to lodge a complaint with a supervisory authority;
- where personal data is not collected from the data subject, any available information as to their source; and
- the existence of automated decision-making, including profiling, and an explanation of the logic involved, and the significance and anticipated consequences of such processing for the data subject.
Upon your request for any of the above-referenced information, we will, within one month of receiving your written request, provide such requested information. In the event we receive a large number of requests, or complex requests, the time limit may be extended by a maximum of two additional months.
We will not refuse to give effect to your rights unless we cannot identify you through the use of reasonable efforts to verify your identity. Where we have reasonable doubts as to your identity, we may request the provision of additional information to confirm your identity.
Right to Restrict Processing
You may restrict processing of your Personal Data, meaning the Personal Data may only be held by us, and may only be used for limited purposes, if the accuracy your Personal Data is contested (and only for as long as it takes to verify accuracy), the processing is unlawful and you request restriction (as opposed to exercising the right to erasure), we no longer need the Personal Data for their original purpose but the Personal Data are still required by us to defend legal rights, or verification of overriding grounds is pending in the context of an erasure request.
Disclosing your Personal Data
IN ACCORDANCE WITH THE ABOVE STATEMENT, YOU HEREBY ACKNOWLEDGE, UNDERSTAND, AND AGREE THAT, BY CLICKING THE “I AGREE” BUTTON, WHEN PRESENTED, YOU EXPRESSLY CONSENT TO THE USE OF YOUR PERSONAL DATA IN THE MANNER SET FORTH HEREIN.
Consent may be withdrawn at any time by written notice to our privacy personnel at: [email protected]