Privacy Policy

Last revised: June 24, 2019

To print this privacy policy, please use the Print Command CTRL+P (Windows) or Command+P (Apple OS).

Your privacy is important to Lumu. Our full legal name is Lumu Technologies Inc., a
Delaware duly incorporated company.

In this privacy policy, we refer to –

“Applications” as our technology to identify and mitigate security breaches. Our technology comprises of the various software components listed in the “Product” section of our website at www.lumu.io (the “Lumu Public Site”);

“Customer” as our customer with whom we have entered into an agreement to provide the Services;

“Digital Properties” as the Lumu Public Site, each Lumu Private Site (if any), each Lumu Software Components (if any) and all of the Intellectual Property Rights of Lumu.

“Lumu Solutions” as those solutions designated on the Lumu Public Site that we have developed for one or more of our Applications or Third Party Applications;

“Services” as the various software-as-a-service (SaaS) offerings that we make available to our Customers for their authorized user’s access to and use of the Applications online through a password-protected, specific site that we make available to our Customers.

This privacy policy sets out how we collect and treat personal information provided, or made available, to us.

Information that we collect and how we use that information

(a) Information we collect from the Lumu Public Site

Voluntarily Provided Information – We collect the following information on the Lumu Public Site: if you voluntarily provide this information to us from the various web submission forms on the Lumu Public Site (collectively “Voluntarily Provided Information”): your first name, your last name, your company name, the state or region of your location, your email address, your phone number, your comments to us, your LinkedIn_address, our products that you indicate you are interested in learning more information about, the services that you indicate you are interested in learning more information with regard to how our products integrate with our Applications or any third-party applications. These web submission forms on the Lumu Public Site include, but are not limited to, demo requests, datasheet requests, contact requests, survey requests, recording requests and job application requests. We collect Voluntarily Provided Information to respond to your requests to contact you regarding demos, product information or product integration information or your requests regarding job opportunities at Lumu. Lumu may use Voluntarily Provided Information to contact you about our products and services or about job opportunities at Lumu, depending on the nature of your inquiry to Lumu. We will never provide your Voluntarily Provided Information to third-party product or service providers to market their products and services to you. You may opt-out of Lumu using your Voluntarily Provided Information by contacting us at privacy@lumu.io. Within ten (10) days after our receipt of your opt-out request, we will delete all of your Voluntarily Provided Information in our possession or control and cease any further attempt to contact you about our products and services or job opportunities at Lumu.

(b) Information that we collect from the Digital Properties

With respect to each active Customer, we maintain a separate database of that Customer’s information that is accessible through a Lumu Private Site that is specific to that Customer. The following are the types of information that we collect on the Lumu Private Site (collectively, the “Customer Provided Information”): (i) the Customer’s account information such as the Customer’s name, mailing address, website address, and phone number; (ii) name, email address and mailing address for each of Customer’s principal contacts; (iii) name, username and password specific to the Lumu Private Site, job title, organization department, phone number and email address for each Customer’s authorized user for the Lumu Private Site; (iv) Customer prospect information to enable use of our Services which information includes, but is not limited to: account name, contact name, title and phone number; and (v) any information necessary to enable integration of an Application with Customer’s networks, if any.

With respect to our Customers who enable integration of an Application with any Lumu Solution, the following metadata may be collected in order to obtain the maximum value of the Lumu Solutions: IP Addresses, DNS Queries, networks summaries in the form of Netflow or a similar technology specification, and emails categorized as SPAM by the antispam technology implemented by the Customer. Lumu Applications never collect full packet capture of encrypted or unencrypted traffic in Customer’s network.

During the term of each Customer’s agreement with Lumu, our Customer has the ability to delete and export its Customer Provided Information stored in the Applications. After the end of the term of Lumu’s agreement with its Customer, Lumu will continue to maintain the Customer Provided Information until the earlier of (i) Lumu electing to delete the information, or (ii) within (10) days after Customer’s authorized representative has directed Lumu to delete all Customer Provided Information. We only retain and use a Customer’s Customer Provided Information to provide that Customer the Services that the Customer has entered into agreement with Lumu to provide, and as described in the “Other disclosures” section below.

(c) Site usage information that we collect on our Digital Properties

Through the use of cookies (as further described below), information is collected automatically when you access our Digital Properties through a web browser or communicate with us through a web browser on those sites. This information includes data about your visit, including the pages you view, the links you click, and other actions taken in connection with our Services. We also collect certain standard information that your browser sends to our Digital Properties that you visit, such as your IP address, browser type and language, access times, and referring website addresses. When you receive our newsletters or promotional emails, we may use Web beacons (described below), customized links, or similar technologies to determine whether the email has been opened and which links you click in order to tailor our newsletters and promotional emails to your interests.

With respect to our Customers, we require each Customer’s authorized users to log-in to the Applications to use our Services. We monitor and collect certain usage information in connection with the use of our Services. For example, we track the computer or other devices that an authorized user is logging in from, the Applications and Services that are used by the authorized user, and other usage data such as the date and time the Applications and Services were used.

Cookies – When you visit our Digital Properties we send one or more “cookies” to your computer or other devices. Cookies are alphanumeric identifiers stored on your computer or device through your web browser and are used by most websites to help personalize your web experience. Some cookies may facilitate additional site features for enhanced performance and functionality such as remembering preferences, allowing social interactions, analyzing usage for site optimization, providing custom content and serving images or videos from third party websites. Some features on our Digital Properties will not function if you do not allow cookies. We may link the information we store in cookies to any Voluntary Provided Information or Customer Provided Information that you submit while on any of our Digital Properties. We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies enable us to track and target the interest of our users to enhance their experience on our Digital Properties. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file. Functional cookies, persistent and session type, store information to enable core site functionality, such as Live Chat and login credential remembrance. Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our Digital Properties and our marketing campaigns. If you reject cookies, you may still use the Digital Property pertaining to the deleted cookie, but some features on that site will not function properly.

Web Beacons – We use Web Beacons alone or in conjunction with cookies to compile information about our Digital Properties. A Web Beacon is a tiny graphic object that is embedded in a web page or email and is usually invisible to the user but allows checking that a user has viewed the page or email. Web Beacons may be used within the Digital Properties to track email open rates, web page visits or form submissions. In some cases, we tie the information gathered by Web Beacons to the Voluntarily Provided Information or the Customer Provided Information. For example, we use clear gifs in our HTML-based emails to let us know which emails to potential respondents have been opened. This allows us to gauge the effectiveness of certain communications and the effectiveness of our services.

Third-Party Tracking Technologies – The use of cookies and web beacons by any tracking utility company or third-party service provider is not covered by this privacy policy. We do not have access or control over these cookies and web beacons.

Analytics Software – We and our third-party tracking-utility partners use log files on the Lumu Public Site to gather certain information automatically and store it for analytical purposes. This information includes internet protocol (“IP”) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to track and aggregate non-personally identifiable information to analyze trends, administer our Digital Properties, track users’ movements around our Digital Properties and to gather demographic information about our user base in the aggregate.

Social Media Features and Widgets – The Lumu Public Site includes social media features such as Facebook, Instagram, Twitter, and LinkedIn. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social Media Features and widgets are either hosted by a third party or hosted directly on our Digital Properties. Your interactions with these Features are governed by the policy of the company providing it. We do not enable social media features on the Lumu Private Site.

“Do not track” and similar mechanisms – Some web browsers may transmit “do-not-track” signals to websites with which the browser communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are even aware of them. Participants in the leading Internet standards-setting organization that is addressing this issue are in the process of determining what, if anything, websites should do when they receive such signals. Lumu currently does not take action in response to these signals. If and when a final standard is established and accepted, we will reassess how to respond to these signals.

Other disclosures

In addition to the disclosures reasonably necessary for the purposes identified elsewhere in this privacy policy, we may disclose Voluntarily Provided Information and Company Provided Information in the following circumstances: (i) to the extent that we are required to do so by law; (ii) in connection with any legal proceedings or prospective legal proceedings; (iii) in order to establish, exercise or defend our legal rights; and (iv) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Security

We will take reasonable precautions to prevent the loss, misuse or alteration of your personal information. Data transmission over the Internet is inherently insecure and we cannot guarantee the security of data sent over the Internet. Lumu requires the use of Secure Socket Layer (SSL) encryption while utilizing our Services which ensures that our Customer’s data is encrypted during the transmission between a Customer’s authorized user’s browser and Lumu’s servers. Data encryption mitigates the risk that no unauthorized changes are made to the data during transmission and mitigates the risk that the data will be viewed during transmission by any unauthorized party. Each Customer’s data set in our possession or control is stored in a separate database in our data center which is compliant with the SSAE 16 SOC 1 Type II standards. In addition, Lumu performs quarterly external audits on Lumu external facing servers and equipment. Each Customer’s authorized user is responsible for keeping his or her password to our Applications confidential. We will not ask you for your passwords.

Policy amendments

We may update this privacy policy from time-to-time by posting a new version on the Lumu Public Site. We encourage you to periodically review this privacy policy to be informed of how Lumu is protecting your information.

Third-party websites

The Lumu Public Site may contain links to other websites. We are not responsible for the privacy policies of third-party websites or such site operators’ actions including the collection or use of your personal information.

Accountability for Onward Transfers

Lumu uses a limited number of third-party service providers to assist us in providing our Services to Customers. These third-party providers assist with the transmission of data and provide data storage services and assist with certain call handling features that require manual intervention (“Call Handlers”). Call Handlers only receive temporary encrypted remote access to that set of data necessary to perform their services and Customer Provided Information is not stored on Call Handler computers or devices. Lumu’s data transmission and data storage service providers all certify compliance with the EU-U.S. Privacy Shield Framework and Call Handlers are restricted from direct access to Voluntary Provided Information and Customer Provided Information but, if necessary, may be granted access to such information only to the extent necessary to permit them to perform their contracted services, are bound by confidentiality agreements are restricted from using the information for other purposes.

Access

Upon request, Lumu will grant individuals reasonable access to their personal information in Lumu’s possession or control and allow the individual to correct, amend or delete information that is demonstrated to be inaccurate or incomplete, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or where the rights of persons other than the individual would be violated. In this regard, Lumu depends on its Customers to update and correct personal information to the extent necessary for the purposes for which the information was collected or subsequently authorized by the individuals. Customers may contact Lumu as indicated below to request that Lumu update or correct relevant personal information.

Contact

If you have any questions about this privacy policy or our treatment of your personal information, please write to us by email to info@lumu.io or by mail to Lumu Technologies. Inc., 8333 N.W. 53rd Street Suite 450, Doral, FL 33166.

In compliance with the EU-U.S. Privacy Shield Principles, Lumu commits to resolve complaints about your privacy and our collection or use of your personal information. EU residents with inquiries or complaints regarding this privacy policy should first contact Lumu at:

Lumu Technologies, Inc.
c/o Legal Affairs
8333 N.W. 53rd Street Suite 450
Doral, FL 33166
Or at: info@lumu.io

EU-U.S. Privacy Shield Framework (EU Residents)

This section of our privacy policy is only applicable to EU residents.

Lumu complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Lumu has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability, and the 16 Supplemental Principles (collectively, “Privacy Shield Principles“). Such adherence is subject to investigation and enforcement by the U.S. Federal Trade Commission.

Lumu processes data submitted by our Customers for the purpose of us providing our Services to our Customers. To fulfill these purposes, Lumu may access the data to provide the Services, to correct and address technical or service problems, or to follow instructions of our Customer who submitted the data, or in response to contractual requirements.

Lumu’s participation in the Privacy Shield applies to all personal information that is subject to this privacy policy and is received by or on behalf of Lumu from the European Union and European Economic Area. The personal information collected would be (i) the Customer’s account information such as the Customer’s name, mailing address, website address, and phone number; (ii) name, email address and mailing address for each of Customer’s principal contacts; (iii) name, username and password specific to the Lumu Private Site, job title, organization department, phone number and email address for each Customer’s authorized user for the Lumu Private Site; (iv) Customer prospect information to enable use of our Services which information includes, but is not limited to: account name, contact name, title and phone number; and (v) any information necessary to enable integration of an Application with Customer’s networks, if any.

Lumu and all of its entities and/or subsidiaries including but not limited to Lumu Technologies S.A.S and all the entities incorporated afterwards, will comply with the Privacy Shield Principles in respect of such personal information. If there is any conflict between the terms of this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern in respect of such personal information. Lumu’s adherence to the Privacy Shield Principles may be limited to the extent necessary to meet national security, public interest, or law enforcement requirements.

Lumu’s accountability for personal information that it receives under the Privacy Shield framework and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Lumu remains responsible and liable under the Privacy Shield Principles if third-party agents that we engage to process personal information on our behalf do so in a manner inconsistent with the Privacy Shield Principles, unless we prove that we are not responsible for the event giving rise to the damage.

EU residents have rights to access personal data about them and to limit the use and disclosure of their personal data. With our Privacy Shield certification, Lumu has committed to respect those rights. Because Lumu personnel have limited ability to access data our Customers submit to our services, if you wish to request access, to limit use, or to limit disclosure, please provide the name of the Lumu Customer who submitted your data to our Services. We will refer your request to that Customer, and will support them as needed in responding to your request.

In addition, Lumu provides individuals with certain choices regarding how we use and disclose personal information we receive under the Privacy Shield framework. First, if Lumu uses your personal information for a materially different purpose than that for which it was originally collected or discloses your personal information to a third party (other than third-party providers acting on our behalf), we will first provide you with a clear, conspicuous, and readily available mechanism to opt-out of any such use or disclosure (for example, by sending you an email seeking your consent). Further, all of our email communications include the ability to opt-out from receiving future emails, except those emails that are necessary to provide you with the Services that are Customers have contracted with us to provide. If you have any questions about your choices regarding how we use and disclose your personal information, or how to exercise these choices, please contact us according to the “Contact” section above.

Dispute Resolution

Customer would have the possibility to invoke binding arbitration, under the following conditions:

Within the scope of this privacy notice, if a privacy complaint or dispute cannot be resolved through Lumu Technologies’ internal processes, Lumu Technologies has agreed to participate in the VeraSafe Privacy Shield Dispute Resolution Procedure. Subject to the terms of the VeraSafe Privacy Shield Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe under the Privacy Shield Dispute Resolution Procedure, please submit the required information to VeraSafe here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

To learn more about the Privacy Shield program, please visit www.privacyshield.gov. To view our certification, please visit www.privacyshield.gov/list.