Luminance Legal - Privacy Policy

INTRODUCTION

Welcome to Luminance's privacy policy.

Luminance is committed to protecting your personal data and respecting your privacy. This policy will inform you on how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

WHO IS POLICY INTENDED FOR

Any individual whose personal data may be processed by us as further detailed in this policy. If you are an existing business customer of Luminance, the relevant contract between you and us (or your employer and us if you are acting in a business capacity) will govern the processing relationship between us.

PURPOSE OF THIS NOTICE

This policy referred to set outs the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following privacy policy to understand how we collect and use your personal data, for example when you contact us, visit our website (the "Site"), apply for a job, or use our products and services.

The Site is not intended for children, and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

CONTROLLER

For the purposes of processing your data, Luminance is made up of Luminance Technologies Ltd or Luminance, Inc ("Luminance Group"). This privacy policy is issued on behalf of the Luminance Group so when we mention "Luminance", "we", "us" or "our" in this privacy policy, we are referring to the relevant company in the Luminance Group.

Our privacy team is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, please contact the team at [email protected] .

You have the right to make a complaint at any time to the Information Commissioner's Office, the United Kingdom (“UK”) regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner's Office, so please contact us in the first instance.

THIRD-PARTY LINKS

Our Site may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website you visit . If you follow a link to any of these websites, please note that Luminance does not accept any responsibility or liability for these policies.

THE DATA WE MAY COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

Luminance may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

HOW IS YOUR DATA COLLECTED?

IP ADDRESSES

Luminance may collect information about your computer, including your IP address, operating system, browser type and system admiration.

COOKIES

Cookies are small text files that websites save to your computer. These pieces of information are used to improve services for you through, for example:

Session cookies allow us to track your actions during a single browser session, for example to remember the items returned from a search. They do not remain on your device beyond your session.

Persistent cookies remain on your device between sessions and allow us to authenticate you and to remember your preferences.

Session and persistent cookies can be either first or third-party cookies. A first-party cookie is set by the website being visited. A third-party cookie is issued by a different website to that being visited.

Our Site may use a third-party cookie provided by Google Analytics to gather anonymized information for the benefit of all web users. Luminance do not use behavioural targeting cookies. All our cookies fall within the International Chamber of Commerce classifications Strictly Necessary, Functionality and Performance and none within the classification Behavioural Targeting.

If at any time you wish to disable our cookies you may do so through the settings on your browser, but if you do so you will not be able to use certain important features of our service.

To learn more about cookies and how to manage them, visit AboutCookies.org .

JOB APPLICANTS

If you are making a job application or inquiry, you may provide us with a copy of your CV or other relevant information. We may use this information for the purpose of considering your application or inquiry. Except when you explicitly request otherwise, we may keep this information on file for future reference.

PROVIDING PRODUCTS AND SERVICES

If you purchase or use our products or services, we may use your personal data for purposes which include but are not limited to:

Certain products and services may include features that collect additional personal data for other purposes, as described in the applicable customer agreement. For detailed information, please also refer to the applicable product or service description.

WHERE IS YOUR PERSONAL DATA STORED?

Your personal data is securely stored by Luminance on the Luminance servers located in Cambridge, United Kingdom. Luminance has set up systems and processes to prevent unauthorized access or disclosure of your data.

HOW WE USE YOUR PERSONAL DATA?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following ways:

Please see the Glossary to find out more about the types of lawful basis that we will rely on to process your personal data.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA

We have set out below, in table format, a description of all the ways in which we may use your data and the legal bases on which we rely to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity

Type of Data

Lawful Basis for processing (including basis of legitimate interest)

To register you as a new customer

(a) Identity

(b) Contact

Performance of a contract with you

To process and deliver your order, including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include

(a) Notifying you about changes to our terms or privacy policy (or otherwise as applicable)

(b) Asking you to leave a review, provide feedback or take a survey

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business and this Site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To use data analytics to improve our Site, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy)

The retention of results, learning and tagging data from the usage of our tools and/or products for the purposes of improving the tools and/ product, provided no Personal Data is contained in the retained data

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Site updated and relevant, to develop our business and to inform our marketing strategy)

MARKETING

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box on the form on which Luminance collects your data. We will not sell or rent your data to third parties or share your data with third parties for marketing purposes. We may use third party software to send you information for marketing purposes but such third parties will not have access to or be able to read your personal information.

TRANSFERRING PERSONAL DATA

As a global company, we have international sites and users all over the world. Many of our external third parties are based outside the UK so their processing of your personal data will involve a transfer of data outside the UK. When you give us personal data, that data may be used, processed or stored anywhere in the world, including countries outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers.

Luminance places substantial importance on protecting the confidentiality of personal information and seeks the cooperation of all its suppliers in furthering this goal. Luminance will only transfer personal information to a supplier where the supplier has provided assurances that they will provide at least the same level of privacy protection as is required by this policy. Where Luminance has knowledge that a supplier is using or sharing personal information in a way that is contrary to this policy, Luminance will take reasonable steps to prevent or stop such processing.

We take appropriate safeguards to protect your privacy, your fundamental rights and freedoms, and the ability to exercise your rights. For example, if we transfer personal information from the EEA, the UK, and/or Switzerland to another country, such as the United States, we will implement an appropriate data transfer instrument, such as entering into standard data protection clauses approved by the European Commission or competent governmental authority (as applicable) with the data importer. Following the adequacy decision by the European Commission and the UK Government, Luminance currently relies on the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. Data Privacy Framework as a legal framework for transfers of personal information from the EU to the United States and from the UK to the United States, respectively.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

DATA PRIVACY FRAMEWORK

ADEQUACY DECISIONS

On 10 July 2023, the European Commission’s adequacy decision for the EU-U.S. DPF entered into force, followed by the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) on 17 July 2023 and the UK extension to the EU-U.S. DPF on 12 October 2023.

Luminance complies with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce. Luminance has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Luminance relies on the EU-U.S. DPF, the Swiss-U.S. DPF and the UK Extension to the EU-U.S. DPF as a legal framework for transfers of personal information received from European Union, Switzerland and the United Kingdom.

We have certified to the U.S. Department of Commerce that we adhere to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

Our certification may be located here.

COMPLAINTS

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Luminance commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF should first contact Luminance at [email protected].

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Luminance commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities and the UK Information Commissioner’s Office and the Gibraltar Regulatory Authority and the Swiss Federal Data Protection and Information Commissioner with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

ARBITRATION

You may, under certain conditions, invoke binding arbitration for complaints regarding DPF compliance which may not be resolved by any of the other DPF mechanisms. Further information regarding this option may be found at Annex I to the DPF Principles, located here: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf?tabset-35584=2.

JURISDICTION OF THE FEDERAL TRADE COMMISSION

The Federal Trade Commission has jurisdiction over Luminance’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

ONWARD TRANSFERS TO THIRD PARTIES

We remain responsible for all the personal information we receive under the DPF and that we subsequently transfer to third parties acting as agents on our behalf if they process personal information in a manner inconsistent with the DPF principles, unless we prove we are not responsible for the event giving rise to the damage.

SECURITY

Luminance endeavours to hold all personal data securely in accordance with our internal security procedures and applicable law.

We update and test our security on an ongoing basis. Luminance will do its best to protect your personal data, but Luminance cannot guarantee the security of your data transmitted to our site through the internet; any such transmission is at your own risk. Once we have received your information, we will maintain the appropriate administrative, physical, technical and organizational measures to protect your personal data accessed or processed by us against unauthorized or unlawful processing or accidental loss, destruction, damage or disclosure.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If you receive an email which claims to come from us but does not use our domain, or if you are suspicious that an email may not be approved by us, then please send a copy of the email to [email protected] so we can investigate.

DISCLOSURE OF YOUR INFORMATION

We may share your personal data with the parties set out below for the purposes set out in the table above.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

YOUR RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please see the Glossary to find out more on how the rights listed below:

NO FEE USUALLY REQUIRED

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

WHAT MAY WE NEED FROM YOU?

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

TIME LIMIT TO RESPOND

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

CHANGES TO OUR PRIVACY & DATA PROTECTION POLICY

Luminance reserves the right to amend this policy at any time, for any reason, without notice to you. You should check our Site to see the current policy that is in effect and any changes that may have been made to it.

This policy was last amended on 5 January 2024.

GLOSSARY

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.

INTERNAL THIRD PARTIES

EXTERNAL THIRD PARTIES

YOUR LEGAL RIGHTS

You have the right to:

Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

(end of policy)

Luminance Technologies Ltd — Anti-Slavery Policy Statement

Pursuant to s54 of the Modern Slavery Act 2015, this Policy Statement confirms the steps Luminance Technologies Ltd (“We”) has taken and will continue to take to prevent modern slavery and human trafficking in any part of our business and supply chain.

Our Business & Risk

We have offices in the UK and the US and are a primarily a hosted technology company. In light of where we do business, where our suppliers are based and the industry in which we operate, we consider that there is a very low risk that modern slavery and human trafficking may affect our business.

Our Policies

We have adopted policies and procedures which are designed to:

Our Supply Chain

Our process for contracting with suppliers includes checks to remain vigilant to any risk of modern slavery and human trafficking. We require staff engaged in the process for the selection of suppliers to conduct reasonable checks and due diligence to ensure that modern slavery and human trafficking does not affect any supplier or partner. This due diligence may include (but is not limited to) raising enquiries with the supplier / partner, asking them to provide a copy of relevant policies and their employee handbook and, where necessary, verifying the physical working conditions for the supplier's / partner's staff and contractors.

We also include appropriate contractual commitments and protections in our agreements with our suppliers where necessary, requiring those suppliers to implement effective systems and controls to prevent slavery and human trafficking from affecting any part of their business and supply chain. We also require them to provide us with a summary of the steps they take from time to time to prevent modern slavery and human trafficking (including details of any relevant staff and supplier policies and details of due diligence conducted on their suppliers.

In respect of staff employed by the company, our Employee Handbook makes clear to employees the actions and behaviour expected of them when representing the organisation. We strive to maintain the highest standards of employee conduct and ethical behaviour when operating and managing our supply chain.

In addition, our HR team continues to ensure that we comply with all applicable laws in the territories in which we are based and we only use specified, reputable employment agencies to source labour. We are proud of the work environment we provide to our staff and the vibrant culture that permeates our business.

Training

Our staff are advised to take particular care for organisations that provide services from higher risk territories. Staff are also advised to notify the legal and HR teams immediately if they have any concerns so that we can then take appropriate action.

Luminance Lumi Go terms

Version Release: 11 December 2024

LUMI GO 

Terms of Use

These terms ("Terms") govern your use of any Services or Outputs (each as defined below) that you access via Luminance's Tool. The Terms shall govern the agreement between you and us (“Agreement”). 

Please review these Terms carefully. By accessing and using the Services, you agree to be bound by these Terms and to comply with them. If you do not agree with these Terms, then you must not use the Services.

If you are a Business User (as defined below), you agree that you are entering these Terms on behalf of your Business and that you are fully authorised to do so on its behalf. These Terms will not apply to a Business (or its Business Users) which has entered separate terms and conditions for the provision of services by us (such as a master hosted agreement or otherwise). 

If you have any problems accessing these Terms or the Services, please contact [email protected] (and, where applicable, your account executive). Please see section 11 for the definitions which are found within the Terms. 

Please read the following important information regarding the Services:

  1. Access to and use of Tool

 

  1.   The Services are intended to help you determine what may and may not be deemed as 'common' within a range of documents and materials (from a statistical basis as compared with similar documents and materials), as analysed through our Tool.  It follows that any analysis, reports, Outputs and/or documentation or other visual representations relating to your document and materials, as may be generated by the Services are used entirely at your own risk and, save as set out in these Terms, we have no liability for any reliance which you may place on them. 
  2.   DISCLAIMER TO CONSUMER USERS: The Services (including any Outputs) are not intended to be, do not constitute and must not be used as, legal advice or a substitute for obtaining independent legal advice which is relevant and appropriate to your specific requirements. No lawyer-client relationship will be created between us and you as a result of the use of the Services or any Outputs and you acknowledge and agree that in no circumstances will Luminance (or its directors, officers, employees or agents) be providing legal or other qualified professional advice. You must always consult your own lawyers or other professionals for legal or other advice where appropriate. You accept that any use of the Services or any Outputs made available via the Services is entirely at your own risk. Save as set out in these Terms, in no circumstances shall we have any liability to you for any reliance on information or content obtained through the use of the Services or contained in any Outputs.  See also section 9.2 on the limits of our liability to you.
  3.   DISCLAIMER TO BUSINESS USERS: If you are a lawyer, accountant or other professional or service provider using the Services and Outputs, you acknowledge that: (i) the rules or codes of professional conduct ("Rules") of the jurisdiction in which you are authorised to practice may apply to your use of the Services and Outputs and that you will abide by such Rules; and (ii) the Services (including any Outputs) do not constitute, are not intended to be and must not be used by you to provide legal advice to your clients.  You acknowledge and agree that neither Luminance nor its directors, officers, employees or agents is responsible or liable for your compliance with any Rules applicable to you or any other user or for any reliance on or use of information or content obtained through the use of the Services or any Outputs. See also section 9.3 on the limits of our liability to you.
  4.    In all cases, you expressly acknowledge and agree that the Services and Outputs are intended for use primarily in the United Kingdom, North America or European Union (as applicable) and any use outside these jurisdictions is at your own risk. You must not access or use the Services in any jurisdiction where its use, or the distribution of any Outputs, would be contrary to any applicable law. We may restrict access to the Services as we believe may be reasonably necessary to comply with applicable law (including sanctions and applicable export control law, restriction, or regulation).
  5.   If we grant you access to the Services, we will allocate you an account with a registered username and password. You must act as set out below (and are solely responsible for these actions):
    1.        keep your username and password secure and ensure that no other person obtains access to them;
    2.        update your password when prompted to do so (or your account may be locked);
    3.        not allow anyone else to use the Services under your account details;
    4.        notify us immediately of any unauthorised use of your account or if you become aware of a security breach or that another person may know your password; and
    5.        promptly update your profile and notify us to reflect any changes to any of the information you provided upon registration or subsequently.

 

  1.   You must comply with such security requirements that we may reasonably specify in connection with your access to or use of the Services and/or your account with us.
  2.   We provide you with a limited, non-exclusive, non-transferable, non-sublicensable right during the term of this Agreement to access and use the Services for the Permitted Purpose, subject always to your compliance with these Terms.
  3.   All software we may provide to access and use the Services is proprietary to Luminance or, as applicable, its licensors. We grant you a limited, non-exclusive, non-transferable, revocable right to use such software strictly in accordance with and subject to these Terms. Such right does not grant or transfer any ownership rights in the software to you or any other person or imply any rights other than those expressly set forth in these Terms.
  4.   IMPORTANT: You acknowledge and agree that the Services are not intended for distribution to, or use by, any other person or entity outside the Permitted Purpose.  This means that: (a) if you are a Consumer, you must use the Services and/or Outputs purely for your own private purposes and not share the Outputs with any other person or entity; or (b) subject to section 1.3, if you are a Business User, you must use the Outputs purely for the internal purposes of your Business and for assisting you in the provision of your Business services to your clients. 
  5.            You shall:
    1.             be responsible for making all arrangements necessary to facilitate your access to and use of the Services and for ensuring that you have all necessary consents and authorisation to enter into these Terms;
    2.             provide us with all other necessary information as we may reasonably require to provide you with access to the Services;
    3.             comply will all applicable laws with respect to your use of the Services and any Outputs; 
    4.             comply with such policies, usage restrictions or limitations relating to the Services as we may reasonably determine should apply to your use of the Services, as we may notify to you in writing from time to time;
    5.             not use all or part of the Services or any materials provided in connection with them for any unlawful purpose or in a manner not authorised by us;
    6.               not attempt to obtain, or assist any other person or entity in obtaining, unauthorised access to the Services;
    7.             not use the Services in a way that could harm the Services or impair or interrupt anyone else's use of them, including by taking or facilitating any action that puts us, our systems, other users or their data at risk, in any manner;
    8.             not use the Services in any manner, for any activities, which would cause you, or us to contravene applicable local, national or international law or regulation or in a way which violates the rights of any third party;
    9.               not attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the software applications forming part of or used in relation to the Services; and 
    10.               use your reasonable endeavours not to transmit any viruses or any other malicious software to the Services or the systems provided to access them.
  1.        User Data and anonymisation
    1.   Subject to section 2.2, you acknowledge and agree that we may access and use any User Data to the extent necessary for us to operate, maintain and improve the Services (including by analysing, retaining, storing and utilising the results of any usage, Outputs, learnings or trends to develop the Services for use by you and our other users) and to generate Outputs for all users.  You grant us a non-exclusive, non-transferable, perpetual, royalty-free licence of your User Data for these purposes.
    2.   We use reasonable endeavours to keep your User Data confidential (see also section 5 below), save that you expressly acknowledge and agree that we may carry out analytics and other review and storage processes on your User Data using anonymisation, pseudonymisation and other similar techniques in order to:
      1.        generate Outputs for you and other users of the Tool; and 
      2.        identify potential improvements to the Tool and Outputs (in both cases including after termination of this Agreement).  This means that we will not share directly identifiable information about you (including personal data) from your User Data with our other users, except as expressly permitted by Section 5 but are not restricted in improving the quality of user experience for you or other users with your User Data. 
    3.   You acknowledge and agree that any User Data you make available via the Services is entirely at your own risk and that, irrespective of any breach by you of the representations and warranties at section 2.4 below, you shall retain primary responsibility for the User Data (including with respect to the backup of any such User Data).
    4.   You undertake, represent and warrant that:
      1.        you own all rights to the User Data that you upload or you otherwise have the full right to upload or share such User Data (including where such data is owned by a third party) and grant the rights set out in these Terms;
      2.        you are solely responsible for the accuracy, integrity, legality, reliability and appropriateness of all User Data;
      3.        you will comply with all applicable laws with respect to your use and uploading or sharing of the User Data and
      4.        the use and uploading or sharing of the User Data to the Tool by you does not breach these Terms and will not infringe the intellectual or proprietary rights of any other person.
    5.   Business Indemnity. If you are a Business, you represent and warrant that you are solely responsible for your use of the Services and the activities of your Business Users, and for the accuracy, integrity, legality, reliability and appropriateness of all User Data. As we have no control of User Data uploaded to the Services, you represent and warrant that you are responsible for ensuring that you have the full right to upload or share such User Data and that the uploading of such User Data complies with applicable law (including international data protection laws and regulations governing the international or cross-border data transfer of information).  Accordingly, you agree to indemnify Luminance and its employees, agents, affiliates, officers and directors against any claims actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with your (or a Business User’s) breach of section 1.10 or this section 2. 
  2.        How we may improve and modify our Services over time
    1.   You agree that we determine the way the Services (including all content) are provided to you and that this may change from time to time.  This includes updating, modifying, withdrawing, or temporarily suspending any or all aspects of the Services at any time, including (a) to reflect changes in relevant laws and regulatory requirements; (b) subject only to your right to terminate in section 3.2, to make technical adjustments and improvements, for example to address a security threat; or (c) to update our Services, provided they continue to match to a substantial degree the description of the applicable Service(s) at the time you purchased them. 
    2.   We shall endeavour to make you aware of any material changes which are likely to negatively impact your use of the Services, but you acknowledge and agree that we need not do so where it is necessary to take immediate action for security or confidentiality reasons or because of technical difficulties which would otherwise adversely affect the Services. Except for the changes described in sections 3.1 (a) and (c), if any changes to the Services materially reduce the functionality of the Services or are not acceptable to you, you can terminate this Agreement in accordance with section 8.
    3.   We are constantly evolving, fixing bugs and correcting errors we find in the Services and we shall be entitled (at our discretion) to introduce modifications, upgrades and new releases of any part of the Services. Therefore, you agree to always use the latest version of the Tool.
  3.        Our commitment to you
    1.   Subject to the rest of this section 4, we warrant that the Services will: (a) operate in all material respects in accordance with the functionality currently described for the Services from time to time; and (b) be performed with reasonable skill and care.
    2.   Notwithstanding section 4.1, we do not guarantee, warrant or represent that the operation of the Services will be continuous, uninterrupted, timely, secure or error-free or that it will be free from viruses, worms, trojans or other harmful elements.  We recommend that you protect your equipment by having appropriate anti-virus software in place. Save where expressly stated otherwise in these Terms, the Services, the Outputs and all other information and content accessible through or via the Services, is provided "as-is" and we disclaim and exclude any and all representations, warranties, conditions or other terms, whether express or implied, including without limitation implied representations, warranties, conditions or other terms as to merchantability, satisfactory quality, fitness for a particular purpose or non-infringement to the maximum extent permitted by applicable law.
    3.   While we will take reasonable measures to ensure that the Outputs provided through the Services are as accurate as possible, neither the Services nor any Outputs can be relied upon by you and/ or any third party as a guarantee of any particular result, nor do the Services or any Outputs constitute any form of advice, recommendation or endorsement by us. PLEASE INFORM US IF ANY PART OF THE SERVICES OR OUTPUTS APPEAR TO BE INCORRECT OR INACCURATE.
    4.   Luminance is not responsible for, and you shall have no recourse against Luminance for, any delays, delivery failures or any other loss or damage resulting from the transfer of data over communications networks and facilities including the internet. You acknowledge that the Services may be subject to limitations, delays and other problems inherent in the use of such communication facilities.
  4.        Confidentiality
    1.   Both you and we undertake that we shall not: (a) at any time disclose to any person any confidential information concerning these Terms or the business, assets, affairs, Business Users, clients or suppliers of the other party except as permitted by section 2 or section 5.2; or (b) use such confidential information other than to exercise our rights and perform our obligations under or in connection with these Terms.
    2.   Each party may disclose the other party's confidential information: (a) to its employees, officers, representatives, contractors, subcontractors or advisers ("Representatives") who need to know such information for the purposes of exercising the party's rights or carrying out its obligations under or in connection with these Terms provided such Representatives are made aware of and comply with this section 5; and (ii) as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
  5.        Intellectual property rights
    1.   Except as expressly set out in these Terms, nothing in these Terms grants either party any rights, implied or otherwise, to the other’s intellectual property.
    2.   Luminance and/or its licensors retain all right, title and interest in and to the Services (including as may subsist in related software and systems), any Outputs and related documentation, including all enhancements, error correction, new releases, updates, derivations and modifications from time to time. These are protected by copyright laws and treaties around the world.  All rights are reserved.   You agree to inform Luminance promptly of any infringement of its intellectual property that comes to your attention.
    3.   To the extent applicable, you retain and/or shall own all right, title and interest in and to User Data. See also section 2.1.
    4.   We provide you with a non-exclusive, royalty-free, fully paid-up, non-exclusive, non-transferable, perpetual, irrevocable licence during the term and following termination of this Agreement, to use any Outputs solely for the Permitted Purpose, subject always to your compliance with these Terms.
  6.        Data protection
    1.     You acknowledge that in order to provide access to the Services, we will collect and process your personal data.
    2.     You must ensure that you have permission to share the personal data of any individuals (including yourself) with us, including as may be contained in any User Data and that you have a valid and lawful basis for doing so.
    3.     If you are a Consumer, you agree that we will collect and process personal data as described in our Privacy Policy, which may be seen at https://www.luminance.com/legal.html. This explains how we may collect and use any personal information you submit via the Services.
    4.     Save as set out in section 7.5, if you are a Business, you and we agree to comply with the data processing requirements as set out in Appendix 1.
    5.     If you are a Business User, you agree that we will collect and process personal data as described in our Privacy Policy for the purposes of section 2.1. If you are a Business, you must ensure that any employees, contractors or other individuals engaged by you who access the Services are aware of this Privacy Policy.
  7.        Terminating this Agreement
    1.     We may, at our sole discretion and without incurring any liability to you, terminate or suspend your right to access the Services, with and/or without notice, in the following instances (without limitation):
      1.        at any time following a period of 1 (one) year's inactivity (as determined by us in our reasonable discretion, including by reference to a failure to log-in during that period);
      2.        immediately on written notice to you, if you are in material breach of any of these Terms and, if capable of remedy (as determined by us in our reasonable discretion), you fail to remedy such breach within thirty (30) days of our written notice to do so; 
      3.        if you are a Business and you take or have taken against you (other than in relation to a solvent restructuring) any step or action towards you entering bankruptcy, administration, provisional liquidation or any composition or arrangement with your creditors, applying to court for or obtaining a moratorium under Part A1 of the Insolvency Act 1986, being wound up (whether voluntarily or by order of the court), being struck off the register of companies, having a receiver appointed to any of your assets, or if the step or action is taken in another jurisdiction, in connection with any analogous procedure in the relevant jurisdiction; and/or
      4.        if a court, or other government authority having jurisdiction, issues an order prohibits us from providing the Services to you.

 

  1.     We may (but are not obliged to) before taking any action under section 8.1 provide you with a period of time to remedy or address any cause which may lead us to terminate or suspend your right to access the Services. Where such an opportunity is provided by us this does not prevent us from taking action under section 8.1 if we choose to do so.
  2.     You may terminate this Agreement with us at any time by ending your access to the Services.

 

  1.     Subject to section 8.5, when this Agreement ends:
    1.        you must cease to use the Services and not otherwise attempt to gain access to the Services after such time; and
    2.        subject to our rights in sections 2 and 3, each party will delete, destroy or (at the other party's request) return to the other party all documents and materials (and any copies) containing, reflecting, incorporating or based on the other party's confidential information.

 

  1.     For a period of thirty (30) days from any notice of termination by either party or termination by you via your registered account with us, we will maintain User Data and may you access to the Services to allow you to download and delete any User Data or Outputs. Thereafter, subject to our rights in sections 2 and 3, we will delete or destroy all copies of User Data (including Outputs) without liability or additional notice, unless legally prohibited from doing so. User Data (including Outputs) cannot be recovered once deleted or destroyed.
  1.        Our Liability to you
    1.     Nothing in these Terms is intended to exclude or limit any liability that cannot be excluded or limited by law. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors and for fraud or fraudulent misrepresentation.
    2.     Limitation of liability for Consumers.  If you enter these Terms as a Consumer, then subject to section 9.1:
      1.        you agree not to use our Services for any commercial or business purposes, and we have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity. We are responsible for losses you suffer caused by us breaching these Terms, unless the loss is not a reasonably foreseeable consequence of our negligence or breach of these Terms. A loss is reasonably foreseeable if either it is obvious that it will happen or if, at the time you entered into these Terms, both we and you knew it might happen (e.g. if you and we discussed it); and
      2.        our total liability to you under these Terms shall be limited to the greater of £100.00, in each case for any one event or series of connected events.
    3.     Limitation of liability for Businesses.If you are a Business, then subject to section 9.1:
      1.        we shall not be liable to you, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any loss of profit, business, or revenue; business interruption; loss of anticipated savings; loss of business opportunity, goodwill or reputation; or any indirect or consequential loss arising under or in connection with these Terms; and
      2.        our total liability to you for all other losses arising under or in connection with these Terms between us, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall be limited to £100.00.

 

  1.     General
    1.  Links. Where the Services contain links to other sites and resources provided by third parties, these links are provided for your information only. Such links should not be interpreted as approval by us of those linked websites or information you may obtain from them. We have no control over the contents of those sites or resources. We reserve the right in our absolute discretion to prohibit any link from another site to materials or information through the Services without our prior agreement. You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists.  
    2.  Notices. Any notices to be given under or in relation to these Terms shall be in writing and sent, when sent by you to Luminance to [email protected] and [email protected] (or such email addresses updated in writing by the parties) or, when sent by us to you, by sending it to the relevant email address you provided as part of signing up to these Terms. Any notices required to be given in writing to Luminance or any questions concerning these Terms should be addressed to [email protected], the General Counsel, Luminance Technologies Ltd, Nine Hills Road, Cambridge, CB2 1GE, United Kingdom.
    3.  Force Majeure. No party shall be liable for any failure or delay in the performance of any obligation under these Terms (except any payment obligation) by reason of any event beyond the reasonable control of that party including but not limited to strike, lock-out, labour dispute, act of God, war, riot, civil commotion, act of terrorism, pandemic, epidemic, restrictions due to the spread or possible spread of disease fire, flood, storm, any cyber-attack or similar assault on the technology of either party. We will contact you as soon as reasonably possible to let you know and do what we reasonably can to reduce the delay. Provided we do this, we will not compensate you for the delay, save that if the delay is likely to be substantial you can contact us to terminate this Agreement.
    4.  Changes to these Terms. We may update or change these Terms from time to time by providing you with updated Terms. This may include sending you the updated Terms by email or advising of the updated Terms when you next log on to the Services. Such changes shall take effect on the date specified (which will usually be not less than 30 days following the updated terms being provided to you where material updates or changes are made). If you are a Consumer and any material changes to these Terms are not acceptable to you, you must cease using the Services by contacting us to terminate this Agreement. Where you continue to use the Services after the changes to these Terms take effect, you are agreeing to the updated Terms. No other changes to these Terms shall be valid unless it is expressly approved in writing and signed by Luminance.
    5.  Assignment. Your ability to access the Services is specific to you and you may not assign or transfer your rights or obligations under these Terms to anyone else or authorise anyone else to access the Services even if this is on your behalf. We may assign, transfer or novate any of our rights and obligations under these Terms. We will contact you to let you know if we plan to do this. If you are a Consumer and you are unhappy with the assignment, transfer or novation you can contact us to terminate this Agreement.
    6.  Third Party Rights. Nothing in these Terms is intended to confer any benefit on any person who is not a party to these Terms, and no third party shall have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its terms.
    7.  Waiver. No single or partial exercise, or failure or delay in exercising any right, power or remedy by either you or us shall constitute a waiver by you or us of, or preclude any further exercise of, that or any right, power or remedy arising under these Terms or otherwise.
    8.  Severability. If these Terms or any part of them should be determined to be illegal, invalid or otherwise unenforceable under the laws of any state or country in which these Terms are intended to be effective, then to the extent that they are so illegal, invalid or unenforceable, they shall in that state or country be treated as severed and deleted from these Terms and the remaining Terms shall survive and remain in full force and effect and continue to be binding and enforceable in that state or country.
    9.  Entire Agreement. These Terms govern your use of the Services and supersede any prior terms that were previously provided to you in relation to the Services. No other terms apply.
    10.   Governing Law. If you are a Consumer, you and we both agree that any competent court in the country of your main residence will have exclusive jurisdiction over any claim or dispute that arises out of or in relation to these Terms, their subject matter and their formation and the laws of that country will apply without regard to conflict of law provisions . If you are a Business, these Terms, their subject matter and their formation (and any non-contractual disputes or claims) are governed by English law and we both agree to the exclusive jurisdiction of the courts of England and Wales.
  2.     For the purposes of these Terms:

"Business": means a company, corporation, limited liability partnership or other legal entity. 

"Business User": means such person(s) as are authorised to enter this Agreement on behalf of a Business and/or access the Services on its behalf. 

Consumer”: means a person who enters these Terms in an individual capacity for their own purposes, acting as a consumer and not as a Business User.

include”, “includes”, “including”: shall be construed as if they were followed by the words “without limitation”.  

Luminance”, "we", "us" or "our": means Luminance Technologies Ltd (company number 09857705) whose registered address is at Nine Hills Road, Cambridge, England, CB2 1GE and its affiliates.

Outputs” means any analysis, reports, Outputs and/or documentation or other visual representations relating to your document and materials, as may be generated by the Services.

"Permitted Purpose": means your right to view and use the Outputs (including by way of download, print and/or storage): (a) if you are a Consumer, for your own private purposes; or (b) if you are a Business, for the internal purposes of your Business and for providing a service to your clients, in all cases subject to and in accordance with these Terms. 

"Services": means any content you access via Luminance's Tool whether online, through an app, email and/or via any other platform.

“Tool”: means any proprietary software developed and maintained by us, including but not limited to Lumi Go, which is made available to you (either directly by Luminance and/or a Luminance customer) for the purpose of providing the Services and generating Outputs. This includes any updates, modifications, and new releases of the software.

"you" or "your": means, as applicable depending on the context, (a) the person entering into these Terms, either as a Consumer or a Business User; and/or (b) the Business on whose behalf any Business User enters into this Agreement.

"User Data": means such agreements, documents, data or other information (including all related metadata) which you upload or otherwise provide to us via the Tool for the purpose of receiving the Services.

 

 


Appendix 1 (business user)

Data Processing Addendum

 

Definitions. 

  1. For the purposes of this Data Processing Addendum (“DPA”), the terms used herein shall have the meanings set forth in the Agreement. Any terms not specifically defined by this DPA or the Agreement shall have the meanings given by EU GDPR or UK GDPR, as applicable.

Nature, Purpose and Scope of Processing

  1. This DPA applies to the processing of Business User Personal Data under the Agreement.

 

  1. The Parties agree that the Business User is the Data Controller and Luminance is the Data Processor. The Parties each agree that they shall comply with the Data Protection Laws (as such laws apply to a Data Controller and Data Processor, respectively) in exercising their rights and performing their obligations under this Agreement.

 

  1. The Data Controller instructs the Data Processor to take such steps in the processing of Personal Data as are reasonably necessary for the performance of the Data Processor’s obligations under the Agreement and agrees that such instructions as provided herein constitute its full and complete instructions as to the means by which Personal Data shall be processed.

 

  1. The duration of the processing under this DPA shall equal the Term of the Agreement.

Types and Categories of Personal Data

  1. The categories of Controller Personal Data may include but are not limited to the Data Controller’s clients, employees, contractors, suppliers and professional advisors and any other categories of Personal Data that may be contained in the Controller Personal Data uploaded to the Product. 

 

  1. The types of Personal Data may include, but are not limited to names, phone numbers, addresses, and any other types of Personal Data that may be contained in the Controller Personal Data uploaded to the Product.

Data Processor Obligations

  1. The Data Processor shall not use Personal Data save for the purposes of providing the Product and Support as instructed herein unless required to do so by applicable law, in which case the Data Processor shall, to the extent legally permissible, inform the Data Controller of that legal requirement before processing.  

 

  1. The Data Processor shall immediately inform the Data Controller if, in the Data Processor’s opinion, an instruction from the Data Controller infringes the Data Protection Laws.

Confidentiality and Security

  1. The Data Processor shall take reasonable steps to ensure the reliability of any persons authorised to process any Personal Data, and it shall ensure that all such persons have committed themselves to confidentiality.

 

  1. Taking into account the nature, scope, context and purposes of processing, the Data Processor has implemented and will maintain for the Term the appropriate administrative, physical, technical and organisational measures to protect any Personal Data accessed or processed by it against unauthorised or unlawful processing or accidental loss, destruction, damage or disclosure.

Subprocessing

 

  1. Save as expressed herein, the Data Processor shall not without the prior written consent of Controller, engage any subprocessors for the processing of Personal Data under this Agreement.

 

  1. The Data Controller hereby gives its prior and general authorisation to the Data Processor to authorise the Data Processor’s subprocessors (as set out in Appendix 2) to act for the Data Processor in the provision of the Product, provided that:

 

  1. The subprocessors are subject to comply with the obligations imposed on the Data Processor and applicable Data Protection Laws;  

 

  1. The Data Processor shall inform the Data Controller of any intended changes concerning the addition or replacement of the subprocessors; and

 

  1. The Data Processor shall be fully liable for any breach by the subprocessors of any of the data protection obligations hereunder.

Cross-Border Transfers

  1. Save as expressed herein, if Personal Data originates in the United Kingdom or the European Economic Area (“EEA”), the Data Processor will not transfer such Personal Data outside the EEA or the United Kingdom without the prior written consent of Controller and without implementing the appropriate data transfer instrument and adequate safeguards of (as defined by the Information Commissioner’s Office, from time to time) in accordance with the Data Protection Laws. 

 

  1. Business User Data will be hosted in the AWS Region specified in the Product Order Form. Notwithstanding the foregoing, Controller acknowledges and consents to the processing of Personal Data outside of the EEA or the the United Kingdom, solely and to the extent necessary for the Data Processors to provide Support and for which purposes the applicable data transfer instrument shall apply.

 

  1. Luminance will rely on the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. Data Privacy Framework as a legal framework for transfers of personal information from the EU to the United States, and from the UK to the United States, respectively.

 

  1. Luminance will rely on the Swiss-U.S. DPF (“Swiss-U.S. DPF”) as a legal framework to transfer personal information from Switzerland to the United States, once the applicable local authorities approve the adequacy decisions. Until such date, Luminance continues to rely on the SCCs for the purposes of Swiss Data Protection Laws.

 

  1. Save as set out in clause 16 of the DPA, any transfer of Personal Data from the UK or the EEA to third countries which do not ensure an adequate level of data protection where processors are established shall be in accordance with the SCCs. The SCCs shall come into effect and be incorporated from the date of the first relevant transfer. Any processing of such Personal Data shall be (i) under the SCCs; (ii) reflect the subject matter, purpose and scope of Personal Data processed under this DPA; and (iii) subject to the technical and organisational measures provided for by the Data Processor. Either Party may, at any time with not less than 30 days’ notice, revise this Clause 7.3 by replacing it with any applicable form of SCC with the agreement of both Parties by way of amendment to the Product Order Form.

Data Subject Requests and Assistance

  1. The Data Processor shall notify Controller within three (3) days if it receives: (a) A request from a Data Subject to have access to that person’s Personal Data; or (b) A complaint or request relating to the Business User’s obligations under the Data Protection Laws; or (c) Any other communication relating directly or indirectly to the Processing of any Personal Data in connection with this Agreement.

 

  1. Taking into account the nature of processing and the information available to the Data Processor, the Data Processor will provide reasonable support to the Data Controller in (i) in complying with any legally mandated request for access to or correction of any Personal Data by a data subject under Chapter III GDPR; (ii) in responding to requests or demands made to the Data Controller by any court or governmental authority responsible for enforcing privacy or data protection laws; and (iii) in its preparation of a Data Protection Impact Assessment.

Personal Data Breach

  1. In the event that the Data Processor suffers or becomes aware of a Personal Data Breach it will inform the Data Controller within twenty-four (24) hours of becoming aware of the same and take reasonable steps to mitigate the effects and to minimise any damages resulting from such breach.

 

  1. To the extent reasonably possible, the notification to the Data Controller shall include: (i) a description of the nature of the incident, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned; (ii) the name and contact details of the Data Processor’s data protection officer or another contact point where more information can be obtained; (iii) a description of the likely consequences of the incident; and (iv) a description of the measures taken or proposed to be taken by the Data Processor to address the incident including, where appropriate, measures to mitigate its possible adverse effects.

Audit

  1. On the Data Controller’s written request, and subject to appropriate confidentiality obligations, the Data Processor will make available to the Data Controller: (i) a copy of its current ISO 27001 certification; and (ii) Information reasonably requested by the Data Controller with regards to the Data Processor’s processing of Personal Data under this DPA. The Data Controller agrees to exercise any right it may have to conduct an audit or inspection under GDPR (or the EU Model Clauses if they apply) in the first instance by requesting the foregoing information. 

 

  1. In the event that the foregoing does not confirm the Data Processor’s compliance with the obligations laid down herein or an onsite inspection is required by a supervisory authority, then the Data Processor will, subject to appropriate security and confidentiality arrangements, allow for and contribute to such inspection, and the Data Controller shall bear any costs associated with such audit.

Data Return and Destruction. 

  1. On termination of the Agreement and in accordance with the Agreement, the Data Processor shall delete or return to Controller’s (in accordance with Controller’s written instructions) all Personal Data in its and/or its subprocessors' possession or control.

Data Privacy Framework

  1. On 10 July 2023, the European Commission’s adequacy decision for the EU-U.S. DPF entered into force, followed by the Swiss-U.S. Data Privacy Framework on 17 July 2023 and the UK extension to the EU-U.S. DPF on 12 October 2023.

 

  1. Luminance complies with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce.  Luminance has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the EU and the UK in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. 

 

  1. Luminace certified to the United States Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. 

 

  1. Further details on the Data Privacy Framework Program may be seen here https://www.dataprivacyframework.gov/. Luminance’s certification may be located here.

Order of Precedence. 

  1. In a conflict between this Appendix (Data Protection) and the Agreement, the provisions that offers greater protection for Personal Data will apply. 

 


 Appendix 2:    List of Subprocessors 

 

Luminance, in its role as a Processor, currently uses the following subprocessors in the processing of personal data for the purposes of providing the Product:

 

Product Support

 

Subprocessor

Service Provided

Location

Data Processed

Further Details

Luminance, Inc

24/7 Support services

United States

Limited data as needed.

n/a

 

 

Hosting of Business User Data 

 

Subprocessor

Service Provided

Location

Data Processed

Further Details

AWS

Cloud-hosting

The location is dependent on the geographic hosting location, the list of AWS entities can be found here: 

 

https://aws.amazon.com/compliance/sub-processors/

Data which is uploaded to the Product by Controller.

n/a

 

 

Functionalities using Additional Generative Models

 

Subprocessor

Service Provided

Location

Data Processed

Further Details

Microsoft Azure

Provision of Additional Generative Models within secured Microsoft Azure servers

 

Luminance runs  dedicated, segregated Microsoft Azure servers for secure hosting of Additional Generative Models for the provision of additional functionalities (including but not limited to Ask Lumi) 

1: European Union or United Kingdom 

 

Default will be selected allocated to reflect the relevant AWS hosting location but may be switched between UK and EU at Luminance’s discretion for optimal service delivery.

 

Limited data as needed to provide generative natural language prompts and replies (including, but not limited to Ask Lumi question and answers) to the Controller of the data. 

 

No data passed to OpenAI or directly to any other provider of Additional Generative Models.

Additional Generative Model approval (“Generative Model Approval”) is only required to utilise functionality hosted segregated secure Azure servers for external LLMs or third party integrations for specific functionalities within the Product (including, but not limited to Ask Lumi).

 

Controller may ‘opt out’ of the additional functionalities which utilise Additional Generative Models by raising a Support ticket to disable. 

2: United States may be used as choice of server location or if AWS hosting location is based outside of the UK or EU

OpenAI, L.L.C (“OpenAI”)

Provision of Additional Generative Models by OpenAI.

 

Luminance may utilise OpenAI directly for the use of Additional Generative Models for the provision of additional functionalities (included by not limited to Ask Lumi)

United States

Limited data as needed to provide generative natural language prompts and replies (including, but not limited to Ask Lumi question and answers) to the Controller of the data. 

 

Data is deconstructed and redacted by Luminance prior to any transfer of transformed data or metadata.

Generative Model Approval is only required to utilise functionality hosted segregated secure Azure servers for external LLMs or third party integrations for specific functionalities within the Product (including, but not limited to Ask Lumi).

 

Controller may ‘opt out’ of the additional functionalities which utilise Additional Generative Models by raising a Support ticket to disable.

 

The Controller recognises and agrees that by opting in to using functionalities (including, but not limited to Ask Lumi) which utilise Additional Generative Models, in certain circumstances redaction may not be possible (for example with respect to the actual words/data entered as a query or requested redraft), and that the Processor shall not be responsible or liable for any confidentiality or intellectual property issues which may arise as a direct result (superseding any terms set out in the Agreement).

 

 

 

 


Appendix 3 (CONSUMER USER)

Privacy Policy

 https://www.luminance.com/legal.html