There are plenty of ways you can use our services to share information, communicate with other people, or create content.
When you share information with us, like by opening a Lumiform account, we can improve our Services- to help you connect with other people or make sharing faster and easier. When using our services, we want to be clear on how we use your information and how you can protect your privacy.
To the extent our processing of your information is covered by the General Data Protection Regulation 2016/679 ("GDPR") or the California Consumer Privacy Act ("CCPA"), the sections of this Privacy Policy in Appendix 1 - Your Rights - apply to you.
Our Privacy Policy explains:
We have made an effort to keep it as simple as possible, however if you are unfamiliar with terms such as cookies, IP addresses, and browsers, please read information about those keywords first. Your privacy is principal to us; please take the time to learn about our practices - and if you have any questions, please contact us at any time.
Our objective is to clarify what information we collect so that you can make knowledgeable choices about how the information is used and control with whom you share it. By providing us with personal information, you consent to our collection, storage, use, and disclosure of your personal information under this Privacy Policy. You are under no obligation to provide us with personal information, but your failure to do so may impact your use of this Site or the products and services offered.
You can also set your browser to block or display all cookies, including those related with our services. However, it is important to remember that many of our services may not work properly if your cookies are disabled. For example, you may not be able to log in to Lumiform.
We collect information to provide better services to all of our users - from simple things like what language you speak to more complex things like which of our content is most important to you.
We collect information in the following ways:
Information you provide - We collect information about you and your business when:
use, access, or interact with our Services or our websites (including, but not limited to, uploading, downloading, collaborating, or sharing content, including photos and videos).
For example, most of our Services require you to register for an account. When you do so, we ask for personal information like your name, email address, phone number, or credit card. We may associate your name, email address, or picture with other users in your organization or with your account to help you share or refer you.
Information we acquire through your use of our services - We may collect information about the Services you use and how you use them, such as when you visit a website that uses our Services or when you view and interact with our content. This information includes:
Log Information - When you use our Services or view any of our content, we may automatically collect and store certain information in server logs.
It may include:
Details about how you used our Service, such as your search queries;
Telephony log information such as your phone number, caller ID, call forwarding numbers, time and date of calls, duration of calls, SMS routing information, and call types
Internet Protocol address
Device event information such as crashes, system activity, hardware settings, browser type, browser language, date and time of your request, and referral URL
Cookies that uniquely identify your browser or account.
Location Information - If you use a Lumiform location-based service, we may collect and process information about your current location, like GPS signals sent from a mobile device. We may also use different technologies to pin-point your location, such as sensor data from your device that may offer information about nearby Wi-Fi access points and cell towers, for example.
Unique application numbers - Specific services include a unique application number. This number and information about your installation (such as the type of operating system and version number of the application) may be sent to us when you install or uninstall that service or regularly contact our servers.
Local Storage - We may collect and store information (including Personal Information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
Cookies and Anonymous Identifiers - We employ numerous technologies to collect and store information when you use our Services. This may include sending cookies or anonymous identifiers to your device. We also use cookies and anonymous identifiers when you interact with services we offer to our partners, such as advertising services or Lumiform features that may appear on other websites.
We may collect information from any of our Services, including your Data and Transaction Data, from any location where ZYP.ONE operates or conducts business. Currently our location is in Germany, Berlin. We may use this information for the following purposes:
Our systems may need to access, review, store, record, and scan your information to use the collected data. Where relevant or required by privacy laws, we will demand your consent before using information for purposes differing to those stated in this Privacy Policy.
We will manage your personal data for the time needed to provide our services or for other purposes mentioned in this Privacy Policy. You can solicit that we stop managing your data or delete it at any moment.
It is required by law to retain some of your data for defined periods. When we no longer need your data, we will guarantee that your information is destroyed or de-identified.
We may need to keep certain personal information after we stop providing products or services to apply our terms and conditions, prevent fraud, identify, present or resolve legal claims, and maintain adequate accounting documentation.
ZYP.ONE processes personal information on our servers in multiple countries. If you desire, we will process your personal information on a server in the country where you reside. Please notify us of this request immediately after the contract is finalized.
We may share personal data outside of Germany with third parties as listed in Appendix 2 - Third-Party Service Providers.
By providing us with your personal data, you consent to the transfer of your personal data to third parties outside Germany. In the case that we do share your personal data with third parties: we will take judicious actions to guarantee that any party outside Germany treats such data in a manner accordant with German and European data protection principles.
We do not share personal information with companies, organizations, and individuals outside of ZYP.ONE unless one of the following circumstances applies:
With your consent
With account administrators:
If your account is managed for you by an organization administrator, your organization administrator and resellers who offer user support for your organization will access your information (including your email and other data).
Your account administrator may be able to:
View statistics about your account;
Modify your account password;
Suspend or terminate your account access;
Access or retain information stored as part of your account;
Manage your account information to comply with applicable laws, regulations, legal process, or enforceable government requests;
Restrict your capacity to delete or edit information.
For more information, please refer to your account administrator's privacy policy.
With external service providers:
We may share personal information with:
Third-party service providers to facilitate their supply of services without limitations, including IT service providers, data storage providers, web hosting and server providers, debt collection companies, maintenance or problem resolution providers, marketing or advertising providers, and payment system operators;
Our existing or potential agents or business partners;
Third parties, including agents or subcontractors: who assist us in providing information, products, services, or direct marketing.
Our current third-party vendors (as updated from time to time) are listed in Appendix 2.
To address fraud, security, or technical issues:
We will share your personal information with reliable third parties when required to identify, prevent, or otherwise address fraud, security, or technical issues.
For legal reasons:
We may disclose your information when required to do so by applicable law, regulation, or as part of actual or expected legal process (including when reasonably necessary to enforce applicable Terms of Use or establish, exercise, or defend our legal rights). If we receive a request from a regulatory agency or law enforcement authority, and if permitted by GDPR, the CCPA, and other laws, we may disclose certain information to such agencies or authorities.
Merger or Acquisition
If we merge with or are acquired by another company, we may divulge your personal information with the company’s new owners and advisors. We will continue to ensure the confidentiality of all personal information and notify affected users (like by sending a message to the email address associated with your account) before transferring personal information or subjecting it to a different privacy policy.
We may share compilated, non-personally identifiable information publicly and with our partners, such as publishers, advertisers, or affiliated websites. For example, we may make information publicly available to show trends in the general use of our services. This includes government agencies, industry groups, insurance companies, and educational/training institutions.
We have imposed vigorous procedures concerning the safety of the personal information we collect and store (including through the use of network and database security procedures). We will make fitting efforts to protect your personal information from unauthorized access or unauthorized modification, disclosure, or destruction. Specifically:
The transferral of information through the Internet is not entirely safe. While we do our best to protect your personal data, we cannot guarantee the safety of your data transmitted to our servers over third-party networks; any transmission is at your own risk. Once we receive your information, we use meticulous procedures and security attributes to prevent unauthorized access.
Our Privacy Policy applies to all services offered by ZYP.ONE and its associates, including services provided on other websites, excluding services that have disparate privacy policies that do not include this Privacy Policy.
Our Privacy Policy does not apply to services provided by other companies or individuals, including products or websites that appear in search results, websites that may contain Lumiform services or other websites that connect to our services. Our Privacy Policy does not apply to the information procedures of other companies and organizations that promote our Services.
We frequently assess compliance with our privacy policy. We also obey copious self-regulatory frameworks. When we receive formal written complaints, we contact the individual who made the complaint to be able to investigate further. We work together with pertinent regulatory authorities, including local data protection authorities, to rectify personal information transfers that we cannot fix directly with our users.
You may decide to limit the collection or use of your personal information. Assume you have previously consented to the use of your personal information for direct marketing purposes: in this case, you may change your preferences on any occasion by contacting us using the contact details provided below.
You may request details of the personal information we have relating to your person. There may be an administrative fee for providing this information. In some instances, as set out in the Privacy Act 1988 (Cth), we may deny your request.
If you believe that any information we have about you is inaccurate, outdated, insufficient, irrelevant, or deceiving, please contact us using the contact details provided below. We will take reasonable steps to correct your information.
If you believe that we have breached the German Federal Data Protection Act (BDSG) and you would like to file a complaint, please contact us using the contact information provided below and provide us with complete details of the alleged infringement. We will directly investigate your complaint and respond to you in writing, detailing the result of our investigation and the measures we will implement to address your complaint.
Please be aware that by clicking on links and advertising banners on our websites, your browser may be accessing a third-party website with a different privacy policy than ZYP.ONE.
We are not responsible for and have no control over the information transferred to or collected by these third parties, and you should revise their specific privacy policies.
We may review this Privacy Policy periodically and publish the most recent version on our website. If a revision restricts your rights or entails a material change in the manner that we process your personal information, we will duly notify you.
If you have any questions or would like to contact us about the processing of your personal data, please do through one of the methods listed below.
When you contact us, we will ask you to verify your identity.
Contact Name: Data Protection Officer
Email: privacy@lumiformapp.com
Mail:
ZYP.ONE Ltd.
The data protection officer
Torstrasse 75
10119 Berlin - Germany
For this Privacy Policy, the owner of the Personal Data is ZYP.ONE GmbH or one of its subsidiaries ("ZYP.ONE"), and our contact details are set in the "Contact Us" section above.
Following the GDPR, the base of our reliance for personal data processing collected through our websites and services are as follows:
As stated above, we share your personal information with reliable third parties when we have commissioned them to supply services that you or our customers have solicited and conduct maintenance or answer to technical issues affecting our services. Our current third-party service providers are listed in Appendix 2.
When we share personal information with third parties, we require third parties to preserve minimum confidentiality and privacy standards.
When personal data is transferred to or accessed by third parties outside the EEA, we ensure that approved protection, such as standard contractual clauses, are engaged to guarantee compliance with the General Data Protection Regulation ("GDPR") and the EU Charter of Fundamental Rights ("CFR").
ZYP.ONE processes personal information on our servers in multiple countries. We may process your personal data on a server located outside the country where you live, including outside the EEA. The primary storage location for user data and data uploaded to our products is a data center in Germany operated by our third-party cloud hosting provider, Amazon Web Services ("AWS"). AWS guarantees that customers can rely on the AWS GDPR Data Processing Addendum, which involves standard contractual policies. The Data Processing Addendum guarantees that AWS offers customers the same level of security, privacy, and data protection as required by the GDPR and CFR.
We will preserve your personal data for the time necessary to provide you with our services or for other purposes detailed in this Privacy Policy, and you may request that we stop processing your data or destroy it at any time (see the section below on your rights).
You have certain rights regarding the personal data we hold about you. Details of these rights and how you can employ them are set out below. We will need to corroborate your identity before we can respond to your request.
You have the right to request a copy of the personal data we hold about you at any point in time. If we have an adequate reason and the GDPR permits, we may deny your request for a copy of your personal data or can deny certain details of the request. If we deny your request or any part of it, we will notify you of our grounds for doing so.
If the personal information we have about you is inaccurate, outdated, insufficient, irrelevant, or deceiving, you have the right to rectify, update, or complete it. You can let us know by contacting us at privacy@lumiformapp.com.
Under specific circumstances, you have the right to request the cancellation of your personal data stored by us. For example: if the data is no longer needed for the purposes for which it was collected or processed, or if our processing of the data is based on your consent and no further legal grounds justify the processing of the data.
In specific circumstances, you have the right to oppose our processing of your personal data by contacting us at privacy@lumiformapp.com. For example, if we process your data based on our legitimate interests and there are no compelling legitimate grounds for our processing that nullify your rights and interests. You also have the right to oppose the use of your personal data for direct marketing purposes.
You also have the right to limit our use of your data. For example, if you have questioned the precision of the data and during the period in which we corroborate the precision of the data.
In some instances, you have the right to obtain any personal data we hold about you in an organized, regularly used, and machine-readable format. You may request us to transfer this information to you or directly to a third-party organization.
The above right exists only regarding personal data, which:
We welcome such requests but cannot ensure technical agreement with third-party systems. We are also unable to complete requests relating to the personal data of others without their consent.
You may employ any of the above rights by contacting us through any of the methods listed in the "Contact Us" section above. Most of the above rights are subject to limitations and exceptions. We will provide reasonable grounds if we are unable to comply with a request to exercise your rights.
If we process your data based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the details in the "Contact Us" section above.
Automated decision-making occurs when an electronic system utilizes personal data to make decisions without human intervention. It is precisely regulated in the GDPR when alike decisions are made that have a legal or another notable impact on the individual. It is authorized in the following circumstances:
You will not be subject to a resolution that has a material effect on you merely due to automated processing unless we have a legitimate basis for doing so. We will inform you and give you the right to defy the decision or to request that an individual make the decision.
If you disagree with our use of your personal information, you may contact us using the information in the "Contact Us" section below.
As stated in this Privacy Policy:
| THIRD-PARTY SERVICE PROVIDERS | Purpose | Country |
| Atlassian | Ticketing system and team collaboration page | USA |
| AWS Amazon | Data hosting | Germany |
| Fullstory | User experience research | USA |
| Google Cloud, G-Suite | Document management, email, analytics | USA |
| Hubspot | Customer relationship management | USA |
| Intercom | Customer support system | USA |
| Sendgrid | Email service provider | USA |
| Slack | Internal communication tool | USA |
| Stripe | Payment processing | USA |
ZYP.ONE treats the protection of customer data as one of its highest priorities.
Below, we have shared relevant information about the General Data Protection Regulation (GDPR), how it impacts you, and what ZYP.ONE is doing.
The GDPR extends the rights of individuals to decide how their data is collected and processed. The GDPR sets out different obligations for organizations to take further responsibility for data protection.
For more information, have a look at the EU's GDPR guide:
GDPR concerns companies that process personal data about individuals in the EU.
You have control over the materials and information you and your users upload or provide to us when you use our products and services. We do not have control over the content you collect or whether it is personally identifiable. Accordingly, as a data controller, you are accountable for guaranteeing that the data you collect when conducting inspections or reporting incidents complies with the principles of the GDPR.
We take our responsibilities under GDPR solemnly.
Below is an overview of what we have done so far:
Under GDPR, our customers are considered Data Controllers and ZYP.ONE is regarded as a Data Processor. GDPR defines requirements for Controllers relating to the personal data for which they are responsible, including the requirement that when using Data Processing, these Processors offer adequate guarantees that they will abide with the GDPR and will protect the rights of Data Subjects.
We host our customer, audit, and expiration data on Amazon Web Services (AWS), a best-in-class third-party data hosting provider.
For more information about AWS's approach to GDPR compliance, see https://aws.amazon.com/compliance/gdpr-center
Sometimes, ZYP.ONE hosts or processes personal data outside the European Economic Area - this is probably the case with your user data rather than audit or expiration data. The GDPR requires that this data remain protected by adequate safeguards following EU law. ZYP.ONE accomplishes this by entering into the European Commission's standard contractual clauses with the entity to which the data is transferred.
