DATA PROTECTION NOTICE
Last Revision: October 2022
1. Overview
This document describes the data protection guidelines implemented by Lumitex AI ("we," "us," or "our") regarding our offerings and solutions (the "Solutions") and platform (the "Platform"). Protecting your privacy and maintaining the security of your information is essential for us when providing our Solutions and operating the Platform.
Our Solutions and Platform may link to external sites and solutions. We are not responsible for the privacy practices of these external entities. It is recommended to review their privacy policies before interacting with them.
All information obtained by us in relation to our Solutions is treated as confidential. We use comprehensive technical, security, and organizational measures to protect Personal Data (as defined below) against unauthorized processing, accidental loss, destruction, damage, theft, or disclosure.
When you submit your information through our platform, you may be asked to provide personal information, such as your name, email, phone number, date of birth, and various identification details. This information may be used, among other things, to verify identity, manage information, provide technical support, and fulfill legal or contractual requirements. We may send important details through notifications, and with your authorization, share information about products and solutions via SMS, email, etc. You can control notification preferences and opt out of certain communications.
2. Platform; Visitors and Users
2.1. Overview
This section outlines data collection details for different groups: visitors to the Platform ("Visitors"), users ("Users"), and business partners (collectively "Partners"). Personal Data includes IP address, name, contact details, and information on the relationship with us, as specified by applicable data protection regulations.
2.2. Collection and Use
By accessing the Platform, you consent to the collection and use of your Personal Data. If you disagree with these terms, you should not access the Platform. We may collect information through page-view activity, IP addresses, and cookies. We also process data submitted through forms and registration.
2.3. Purpose of Personal Data Processing
We process Personal Data to improve, understand, and personalize our Platform and Solutions. This includes improving accuracy, communication about the Solutions, support, contractual requirements, and collaboration with partners. Authorization or legal basis is required for any processing.
The table below summarises the purposes and legal bases on which we process Personal Data:
| Account registration and setup | Your consent; Performance of the Solutions or contractual obligations |
| Provision and use of the Solutions | Performance of the Solutions or contractual obligations |
| Service updates and notifications | Performance of the Solutions or contractual obligations |
| Responding to enquiries and providing support | Legitimate interests or performance of the Solutions |
| Personalised solutions, advertising and marketing | Legitimate interests or your consent |
| Enhancing and developing new Solutions | Consent and legitimate interests |
| Sending promotional and marketing materials | Your consent |
| Measuring marketing campaign performance | Legitimate interests or consent |
| Carrying out various support activities | Legitimate interests or performance of the Solutions |
| Analytics, including statistical assessment | Legitimate interests |
| Safeguarding interests, rights and assets | Legitimate interests or legal requirements |
2.4. Sharing of Personal Data
We may share information with service providers, Partners and contractors. For Visitors and Users in the European Data Region, data processing is carried out in accordance with the GDPR and other applicable Data Protection Laws and regulations.
3. Partners
3.1. Overview
In order to deliver the Solutions and work together with Partners, we collect and process certain categories of data. Partners remain responsible for their own data, and we may access such data through secure channels.
3.2. Processing of Personal Data
We rely on the Partner’s consent or on legitimate interests to process Personal Data. Aggregated Data sets may be created to support product development and overall quality improvement.
3.3. Controller/Processor
Depending on the data type, we may act either as Controller or Processor:
- Visitor/User Data: Controller
- Partner Data: Processor
- All data is hosted securely in line with high industry security standards. We apply physical, technical and organisational safeguards.
3.4. External Data Protection
If the Solutions involve processing Personal Data on an external platform:
- We act as a Processor
- We follow the instructions of the external party
- We apply appropriate security measures
- We notify relevant parties of data breaches
- We do not subcontract processing without prior authorization
- We do not process data outside the European Economic Area without approval
- For electronic marketing communications, consent and opt-out mechanisms are provided.
4. Security
We use administrative, organisational and technical safeguards to protect Personal Data from unauthorised access, disclosure, alteration, loss, misuse or damage. When information is shared with external parties, we require them to uphold equivalent levels of data protection, and contractual obligations are put in place to ensure secure and limited processing consistent with this Notice.
If there is any suspicion that interactions with us have been compromised, Visitors, Users or Partners should inform us without delay. Please note that, despite our efforts, no system is entirely immune to external attacks, and Users acknowledge the inherent risks and possibility of security incidents.
5. Cookies
Please refer to our Cookie Policy for detailed information about the types of cookies and tracking technologies used on the Platform, why we use them, and how you can accept or decline them.
6. Links to External Sites
While using the Platform, Users may encounter links to external websites that are outside our control. We are not responsible for the content or privacy practices of those third-party sites. Users are encouraged to review the privacy policies of such external websites and solutions before sharing any Personal Data.
7. Retention and Deletion
Data, including Personal Data, will not be stored for longer than is reasonably necessary. Visitors and/or Users with active accounts are responsible for removing their data in a timely manner where appropriate. When an account or partnership ends, related Personal Data collected via the Platform and/or Solutions will be deleted in line with applicable laws and our internal retention policies.
If consent for processing Personal Data is withdrawn, this may affect or restrict access to some or all of the requested Solutions, and such limitations do not give rise to claims or disputes.
8. Your Rights
Users are entitled to exercise a number of rights in relation to their Personal Data:
8.1. Right of Access
- Confirm whether Personal Data is being processed
- Obtain access to Personal Data and related information
- Receive details on processing purposes, categories, recipients, retention periods, rights, and the existence of profiling
8.2. Right to Rectification
- Request correction of inaccurate Personal Data
- Request completion of incomplete Personal Data
8.3. Right to Erasure
- Request deletion of Personal Data under specific legal grounds
8.4. Right to Restrict Processing
- Request restriction of processing in certain situations
8.5. Right to Data Portability
- Receive Personal Data in a structured, commonly used and machine-readable format
- Transmit Personal Data to another controller
8.6. Right to Object
- Object to processing based on legitimate interests or direct marketing
- Require that processing ceases unless compelling legitimate or legal grounds apply
8.7. Right to Withdraw Consent
- Withdraw consent to the processing of Personal Data at any time
9. Advertising and Marketing Materials
We obtain consent to use Personal Data and contact details for the purpose of sending advertising and marketing materials. You may withdraw this consent at any time by sending a written request to the email address provided.
10. Acceptance of this Notice
By using the Platform and/or the Solutions, Visitors, Users and/or Partners are deemed to have read and accepted this Notice. If you do not agree with any part of it, you should refrain from using the Platform. We reserve the right to update this Notice, and Users are encouraged to review it regularly. Continued use of the Platform after changes have been made will be treated as acceptance of the updated version.
11. Legal Requirement to Disclose Personal Data
Personal Data may be disclosed without prior permission if we reasonably believe it is necessary to identify, contact or initiate legal proceedings against individuals suspected of infringing rights or property. Disclosure will also be made where required by law.
12. Data Protection Officer
For questions about privacy and data protection, a designated “Data Protection Officer” can be contacted at