There are plenty of ways you can use our services to share information, communicate with other people, or create content.
When you share information with us, like by opening a Lumiform account, we can improve our Services- to help you connect with other people or make sharing faster and easier. When using our services, we want to be clear on how we use your information and how you can protect your privacy.
We have made an effort to keep it as simple as possible, however if you are unfamiliar with terms such as cookies, IP addresses, and browsers, please read information about those keywords first. Your privacy is principal to us; please take the time to learn about our practices - and if you have any questions, please contact us at any time.
You can also set your browser to block or display all cookies, including those related with our services. However, it is important to remember that many of our services may not work properly if your cookies are disabled. For example, you may not be able to log in to Lumiform.
We collect information to provide better services to all of our users - from simple things like what language you speak to more complex things like which of our content is most important to you.
We collect information in the following ways:
Information you provide - We collect information about you and your business when:
use, access, or interact with our Services or our websites (including, but not limited to, uploading, downloading, collaborating, or sharing content, including photos and videos).
For example, most of our Services require you to register for an account. When you do so, we ask for personal information like your name, email address, phone number, or credit card. We may associate your name, email address, or picture with other users in your organization or with your account to help you share or refer you.
Information we acquire through your use of our services - We may collect information about the Services you use and how you use them, such as when you visit a website that uses our Services or when you view and interact with our content. This information includes:
Log Information - When you use our Services or view any of our content, we may automatically collect and store certain information in server logs.
It may include:
Details about how you used our Service, such as your search queries;
Telephony log information such as your phone number, caller ID, call forwarding numbers, time and date of calls, duration of calls, SMS routing information, and call types
Internet Protocol address
Device event information such as crashes, system activity, hardware settings, browser type, browser language, date and time of your request, and referral URL
Cookies that uniquely identify your browser or account.
Location Information - If you use a Lumiform location-based service, we may collect and process information about your current location, like GPS signals sent from a mobile device. We may also use different technologies to pin-point your location, such as sensor data from your device that may offer information about nearby Wi-Fi access points and cell towers, for example.
Unique application numbers - Specific services include a unique application number. This number and information about your installation (such as the type of operating system and version number of the application) may be sent to us when you install or uninstall that service or regularly contact our servers.
Local Storage - We may collect and store information (including Personal Information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
We may collect information from any of our Services, including your Data and Transaction Data, from any location where ZYP.ONE operates or conducts business. Currently our location is in Germany, Berlin. We may use this information for the following purposes:
It is required by law to retain some of your data for defined periods. When we no longer need your data, we will guarantee that your information is destroyed or de-identified.
We may need to keep certain personal information after we stop providing products or services to apply our terms and conditions, prevent fraud, identify, present or resolve legal claims, and maintain adequate accounting documentation.
ZYP.ONE processes personal information on our servers in multiple countries. If you desire, we will process your personal information on a server in the country where you reside. Please notify us of this request immediately after the contract is finalized.
We may share personal data outside of Germany with third parties as listed in Appendix 2 - Third-Party Service Providers.
By providing us with your personal data, you consent to the transfer of your personal data to third parties outside Germany. In the case that we do share your personal data with third parties: we will take judicious actions to guarantee that any party outside Germany treats such data in a manner accordant with German and European data protection principles.
We do not share personal information with companies, organizations, and individuals outside of ZYP.ONE unless one of the following circumstances applies:
With your consent
With account administrators:
If your account is managed for you by an organization administrator, your organization administrator and resellers who offer user support for your organization will access your information (including your email and other data).
Your account administrator may be able to:
View statistics about your account;
Modify your account password;
Suspend or terminate your account access;
Access or retain information stored as part of your account;
Manage your account information to comply with applicable laws, regulations, legal process, or enforceable government requests;
Restrict your capacity to delete or edit information.
With external service providers:
We may share personal information with:
Third-party service providers to facilitate their supply of services without limitations, including IT service providers, data storage providers, web hosting and server providers, debt collection companies, maintenance or problem resolution providers, marketing or advertising providers, and payment system operators;
Our existing or potential agents or business partners;
Third parties, including agents or subcontractors: who assist us in providing information, products, services, or direct marketing.
Our current third-party vendors (as updated from time to time) are listed in Appendix 2.
To address fraud, security, or technical issues:
We will share your personal information with reliable third parties when required to identify, prevent, or otherwise address fraud, security, or technical issues.
For legal reasons:
Merger or Acquisition
We may share compilated, non-personally identifiable information publicly and with our partners, such as publishers, advertisers, or affiliated websites. For example, we may make information publicly available to show trends in the general use of our services. This includes government agencies, industry groups, insurance companies, and educational/training institutions.
We have imposed vigorous procedures concerning the safety of the personal information we collect and store (including through the use of network and database security procedures). We will make fitting efforts to protect your personal information from unauthorized access or unauthorized modification, disclosure, or destruction. Specifically:
The transferral of information through the Internet is not entirely safe. While we do our best to protect your personal data, we cannot guarantee the safety of your data transmitted to our servers over third-party networks; any transmission is at your own risk. Once we receive your information, we use meticulous procedures and security attributes to prevent unauthorized access.
You may decide to limit the collection or use of your personal information. Assume you have previously consented to the use of your personal information for direct marketing purposes: in this case, you may change your preferences on any occasion by contacting us using the contact details provided below.
You may request details of the personal information we have relating to your person. There may be an administrative fee for providing this information. In some instances, as set out in the Privacy Act 1988 (Cth), we may deny your request.
If you believe that any information we have about you is inaccurate, outdated, insufficient, irrelevant, or deceiving, please contact us using the contact details provided below. We will take reasonable steps to correct your information.
If you believe that we have breached the German Federal Data Protection Act (BDSG) and you would like to file a complaint, please contact us using the contact information provided below and provide us with complete details of the alleged infringement. We will directly investigate your complaint and respond to you in writing, detailing the result of our investigation and the measures we will implement to address your complaint.
We are not responsible for and have no control over the information transferred to or collected by these third parties, and you should revise their specific privacy policies.
If you have any questions or would like to contact us about the processing of your personal data, please do through one of the methods listed below.
When you contact us, we will ask you to verify your identity.
Contact Name: Data Protection Officer
The data protection officer
10119 Berlin - Germany
Following the GDPR, the base of our reliance for personal data processing collected through our websites and services are as follows:
As stated above, we share your personal information with reliable third parties when we have commissioned them to supply services that you or our customers have solicited and conduct maintenance or answer to technical issues affecting our services. Our current third-party service providers are listed in Appendix 2.
When we share personal information with third parties, we require third parties to preserve minimum confidentiality and privacy standards.
When personal data is transferred to or accessed by third parties outside the EEA, we ensure that approved protection, such as standard contractual clauses, are engaged to guarantee compliance with the General Data Protection Regulation ("GDPR") and the EU Charter of Fundamental Rights ("CFR").
ZYP.ONE processes personal information on our servers in multiple countries. We may process your personal data on a server located outside the country where you live, including outside the EEA. The primary storage location for user data and data uploaded to our products is a data center in Germany operated by our third-party cloud hosting provider, Amazon Web Services ("AWS"). AWS guarantees that customers can rely on the AWS GDPR Data Processing Addendum, which involves standard contractual policies. The Data Processing Addendum guarantees that AWS offers customers the same level of security, privacy, and data protection as required by the GDPR and CFR.
You have certain rights regarding the personal data we hold about you. Details of these rights and how you can employ them are set out below. We will need to corroborate your identity before we can respond to your request.
You have the right to request a copy of the personal data we hold about you at any point in time. If we have an adequate reason and the GDPR permits, we may deny your request for a copy of your personal data or can deny certain details of the request. If we deny your request or any part of it, we will notify you of our grounds for doing so.
If the personal information we have about you is inaccurate, outdated, insufficient, irrelevant, or deceiving, you have the right to rectify, update, or complete it. You can let us know by contacting us at firstname.lastname@example.org.
Under specific circumstances, you have the right to request the cancellation of your personal data stored by us. For example: if the data is no longer needed for the purposes for which it was collected or processed, or if our processing of the data is based on your consent and no further legal grounds justify the processing of the data.
In specific circumstances, you have the right to oppose our processing of your personal data by contacting us at email@example.com. For example, if we process your data based on our legitimate interests and there are no compelling legitimate grounds for our processing that nullify your rights and interests. You also have the right to oppose the use of your personal data for direct marketing purposes.
You also have the right to limit our use of your data. For example, if you have questioned the precision of the data and during the period in which we corroborate the precision of the data.
In some instances, you have the right to obtain any personal data we hold about you in an organized, regularly used, and machine-readable format. You may request us to transfer this information to you or directly to a third-party organization.
The above right exists only regarding personal data, which:
We welcome such requests but cannot ensure technical agreement with third-party systems. We are also unable to complete requests relating to the personal data of others without their consent.
You may employ any of the above rights by contacting us through any of the methods listed in the "Contact Us" section above. Most of the above rights are subject to limitations and exceptions. We will provide reasonable grounds if we are unable to comply with a request to exercise your rights.
If we process your data based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the details in the "Contact Us" section above.
Automated decision-making occurs when an electronic system utilizes personal data to make decisions without human intervention. It is precisely regulated in the GDPR when alike decisions are made that have a legal or another notable impact on the individual. It is authorized in the following circumstances:
You will not be subject to a resolution that has a material effect on you merely due to automated processing unless we have a legitimate basis for doing so. We will inform you and give you the right to defy the decision or to request that an individual make the decision.
If you disagree with our use of your personal information, you may contact us using the information in the "Contact Us" section below.
|THIRD-PARTY SERVICE PROVIDERS||Purpose||Country|
|Atlassian||Ticketing system and team collaboration page||USA|
|AWS Amazon||Data hosting||Germany|
|Fullstory||User experience research||USA|
|Google Cloud, G-Suite||Document management, email, analytics||USA|
|Hubspot||Customer relationship management||USA|
|Intercom||Customer support system||USA|
|Sendgrid||Email service provider||USA|
|Slack||Internal communication tool||USA|
ZYP.ONE treats the protection of customer data as one of its highest priorities.
Below, we have shared relevant information about the General Data Protection Regulation (GDPR), how it impacts you, and what ZYP.ONE is doing.
The GDPR extends the rights of individuals to decide how their data is collected and processed. The GDPR sets out different obligations for organizations to take further responsibility for data protection.
For more information, have a look at the EU's GDPR guide:
GDPR concerns companies that process personal data about individuals in the EU.
You have control over the materials and information you and your users upload or provide to us when you use our products and services. We do not have control over the content you collect or whether it is personally identifiable. Accordingly, as a data controller, you are accountable for guaranteeing that the data you collect when conducting inspections or reporting incidents complies with the principles of the GDPR.
We take our responsibilities under GDPR solemnly.
Below is an overview of what we have done so far:
Under GDPR, our customers are considered Data Controllers and ZYP.ONE is regarded as a Data Processor. GDPR defines requirements for Controllers relating to the personal data for which they are responsible, including the requirement that when using Data Processing, these Processors offer adequate guarantees that they will abide with the GDPR and will protect the rights of Data Subjects.
We host our customer, audit, and expiration data on Amazon Web Services (AWS), a best-in-class third-party data hosting provider.
For more information about AWS's approach to GDPR compliance, see https://aws.amazon.com/compliance/gdpr-center
Sometimes, ZYP.ONE hosts or processes personal data outside the European Economic Area - this is probably the case with your user data rather than audit or expiration data. The GDPR requires that this data remain protected by adequate safeguards following EU law. ZYP.ONE accomplishes this by entering into the European Commission's standard contractual clauses with the entity to which the data is transferred.