Lumiform Mobile audits & inspections
Get App Get App

There are plenty of ways you can use our services to share information, communicate with other people, or create content.

When you share information with us, like by opening a Lumiform account, we can improve our Services- to help you connect with other people or make sharing faster and easier. When using our services, we want to be clear on how we use your information and how you can protect your privacy.

To the extent our processing of your information is covered by the General Data Protection Regulation 2016/679 ("GDPR") or the California Consumer Privacy Act ("CCPA"), the sections of this Privacy Policy in Appendix 1 - Your Rights - apply to you.

Our Privacy Policy explains:

We have made an effort to keep it as simple as possible, however if you are unfamiliar with terms such as cookies, IP addresses, and browsers, please read information about those keywords first. Your privacy is principal to us; please take the time to learn about our practices - and if you have any questions, please contact us at any time.


Our objective is to clarify what information we collect so that you can make knowledgeable choices about how the information is used and control with whom you share it. By providing us with personal information, you consent to our collection, storage, use, and disclosure of your personal information under this Privacy Policy. You are under no obligation to provide us with personal information, but your failure to do so may impact your use of this Site or the products and services offered.

You can also set your browser to block or display all cookies, including those related with our services. However, it is important to remember that many of our services may not work properly if your cookies are disabled. For example, you may not be able to log in to Lumiform.


We collect information to provide better services to all of our users - from simple things like what language you speak to more complex things like which of our content is most important to you.

We collect information in the following ways:


We may collect information from any of our Services, including your Data and Transaction Data, from any location where ZYP.ONE operates or conducts business. Currently our location is in Germany, Berlin. We may use this information for the following purposes:

Our systems may need to access, review, store, record, and scan your information to use the collected data. Where relevant or required by privacy laws, we will demand your consent before using information for purposes differing to those stated in this Privacy Policy.


We will manage your personal data for the time needed to provide our services or for other purposes mentioned in this Privacy Policy. You can solicit that we stop managing your data or delete it at any moment.

It is required by law to retain some of your data for defined periods. When we no longer need your data, we will guarantee that your information is destroyed or de-identified.

We may need to keep certain personal information after we stop providing products or services to apply our terms and conditions, prevent fraud, identify, present or resolve legal claims, and maintain adequate accounting documentation.


ZYP.ONE processes personal information on our servers in multiple countries. If you desire, we will process your personal information on a server in the country where you reside. Please notify us of this request immediately after the contract is finalized.

We may share personal data outside of Germany with third parties as listed in Appendix 2 - Third-Party Service Providers.

By providing us with your personal data, you consent to the transfer of your personal data to third parties outside Germany. In the case that we do share your personal data with third parties: we will take judicious actions to guarantee that any party outside Germany treats such data in a manner accordant with German and European data protection principles.


We do not share personal information with companies, organizations, and individuals outside of ZYP.ONE unless one of the following circumstances applies:

For more information, please refer to your account administrator's privacy policy.

We may share compilated, non-personally identifiable information publicly and with our partners, such as publishers, advertisers, or affiliated websites. For example, we may make information publicly available to show trends in the general use of our services. This includes government agencies, industry groups, insurance companies, and educational/training institutions.


We have imposed vigorous procedures concerning the safety of the personal information we collect and store (including through the use of network and database security procedures). We will make fitting efforts to protect your personal information from unauthorized access or unauthorized modification, disclosure, or destruction. Specifically:

The transferral of information through the Internet is not entirely safe. While we do our best to protect your personal data, we cannot guarantee the safety of your data transmitted to our servers over third-party networks; any transmission is at your own risk. Once we receive your information, we use meticulous procedures and security attributes to prevent unauthorized access.


Our Privacy Policy applies to all services offered by ZYP.ONE and its associates, including services provided on other websites, excluding services that have disparate privacy policies that do not include this Privacy Policy.

Our Privacy Policy does not apply to services provided by other companies or individuals, including products or websites that appear in search results, websites that may contain Lumiform services or other websites that connect to our services. Our Privacy Policy does not apply to the information procedures of other companies and organizations that promote our Services.


We frequently assess compliance with our privacy policy. We also obey copious self-regulatory frameworks. When we receive formal written complaints, we contact the individual who made the complaint to be able to investigate further. We work together with pertinent regulatory authorities, including local data protection authorities, to rectify personal information transfers that we cannot fix directly with our users.


You may decide to limit the collection or use of your personal information. Assume you have previously consented to the use of your personal information for direct marketing purposes: in this case, you may change your preferences on any occasion by contacting us using the contact details provided below.


You may request details of the personal information we have relating to your person. There may be an administrative fee for providing this information. In some instances, as set out in the Privacy Act 1988 (Cth), we may deny your request.


If you believe that any information we have about you is inaccurate, outdated, insufficient, irrelevant, or deceiving, please contact us using the contact details provided below. We will take reasonable steps to correct your information.


If you believe that we have breached the German Federal Data Protection Act (BDSG) and you would like to file a complaint, please contact us using the contact information provided below and provide us with complete details of the alleged infringement. We will directly investigate your complaint and respond to you in writing, detailing the result of our investigation and the measures we will implement to address your complaint.


Please be aware that by clicking on links and advertising banners on our websites, your browser may be accessing a third-party website with a different privacy policy than ZYP.ONE.

We are not responsible for and have no control over the information transferred to or collected by these third parties, and you should revise their specific privacy policies.


We may review this Privacy Policy periodically and publish the most recent version on our website. If a revision restricts your rights or entails a material change in the manner that we process your personal information, we will duly notify you.


If you have any questions or would like to contact us about the processing of your personal data, please do through one of the methods listed below.

When you contact us, we will ask you to verify your identity.

Contact Name: Data Protection Officer




The data protection officer

Torstrasse 75

10119 Berlin - Germany



For this Privacy Policy, the owner of the Personal Data is ZYP.ONE GmbH or one of its subsidiaries ("ZYP.ONE"), and our contact details are set in the "Contact Us" section above.


Following the GDPR, the base of our reliance for personal data processing collected through our websites and services are as follows:


As stated above, we share your personal information with reliable third parties when we have commissioned them to supply services that you or our customers have solicited and conduct maintenance or answer to technical issues affecting our services. Our current third-party service providers are listed in Appendix 2.

When we share personal information with third parties, we require third parties to preserve minimum confidentiality and privacy standards.


When personal data is transferred to or accessed by third parties outside the EEA, we ensure that approved protection, such as standard contractual clauses, are engaged to guarantee compliance with the General Data Protection Regulation ("GDPR") and the EU Charter of Fundamental Rights ("CFR").

ZYP.ONE processes personal information on our servers in multiple countries. We may process your personal data on a server located outside the country where you live, including outside the EEA. The primary storage location for user data and data uploaded to our products is a data center in Germany operated by our third-party cloud hosting provider, Amazon Web Services ("AWS"). AWS guarantees that customers can rely on the AWS GDPR Data Processing Addendum, which involves standard contractual policies. The Data Processing Addendum guarantees that AWS offers customers the same level of security, privacy, and data protection as required by the GDPR and CFR.


We will preserve your personal data for the time necessary to provide you with our services or for other purposes detailed in this Privacy Policy, and you may request that we stop processing your data or destroy it at any time (see the section below on your rights).


You have certain rights regarding the personal data we hold about you. Details of these rights and how you can employ them are set out below. We will need to corroborate your identity before we can respond to your request.

Right of access

You have the right to request a copy of the personal data we hold about you at any point in time. If we have an adequate reason and the GDPR permits, we may deny your request for a copy of your personal data or can deny certain details of the request. If we deny your request or any part of it, we will notify you of our grounds for doing so.

Right to rectification or completion

If the personal information we have about you is inaccurate, outdated, insufficient, irrelevant, or deceiving, you have the right to rectify, update, or complete it. You can let us know by contacting us at

Right to cancellation

Under specific circumstances, you have the right to request the cancellation of your personal data stored by us. For example: if the data is no longer needed for the purposes for which it was collected or processed, or if our processing of the data is based on your consent and no further legal grounds justify the processing of the data.

Right to object to or restrict processing

In specific circumstances, you have the right to oppose our processing of your personal data by contacting us at For example, if we process your data based on our legitimate interests and there are no compelling legitimate grounds for our processing that nullify your rights and interests. You also have the right to oppose the use of your personal data for direct marketing purposes.

You also have the right to limit our use of your data. For example, if you have questioned the precision of the data and during the period in which we corroborate the precision of the data.

Right to data portability

In some instances, you have the right to obtain any personal data we hold about you in an organized, regularly used, and machine-readable format. You may request us to transfer this information to you or directly to a third-party organization.

The above right exists only regarding personal data, which:

We welcome such requests but cannot ensure technical agreement with third-party systems. We are also unable to complete requests relating to the personal data of others without their consent.

You may employ any of the above rights by contacting us through any of the methods listed in the "Contact Us" section above. Most of the above rights are subject to limitations and exceptions. We will provide reasonable grounds if we are unable to comply with a request to exercise your rights.

If we process your data based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the details in the "Contact Us" section above.


Automated decision-making occurs when an electronic system utilizes personal data to make decisions without human intervention. It is precisely regulated in the GDPR when alike decisions are made that have a legal or another notable impact on the individual. It is authorized in the following circumstances:

You will not be subject to a resolution that has a material effect on you merely due to automated processing unless we have a legitimate basis for doing so. We will inform you and give you the right to defy the decision or to request that an individual make the decision.


If you disagree with our use of your personal information, you may contact us using the information in the "Contact Us" section below.


As stated in this Privacy Policy:


AWS Amazon Data hosting Germany
Google Cloud, G-Suite Document management, email, analytics EU
Hubspot Customer relationship management Germany
Intercom Customer support system USA
Sendgrid Email service provider USA
Slack Internal communication tool USA
Stripe Payment processing EU


ZYP.ONE treats the protection of customer data as one of its highest priorities.

Below, we have shared relevant information about the General Data Protection Regulation (GDPR), how it impacts you, and what ZYP.ONE is doing.

What is the GDPR?

The GDPR extends the rights of individuals to decide how their data is collected and processed. The GDPR sets out different obligations for organizations to take further responsibility for data protection.

For more information, have a look at the EU's GDPR guide:

Guide to the GDPR

Does the GDPR impact you?

GDPR concerns companies that process personal data about individuals in the EU.

You have control over the materials and information you and your users upload or provide to us when you use our products and services. We do not have control over the content you collect or whether it is personally identifiable. Accordingly, as a data controller, you are accountable for guaranteeing that the data you collect when conducting inspections or reporting incidents complies with the principles of the GDPR.

What does ZYP.ONE do?

We take our responsibilities under GDPR solemnly.

Below is an overview of what we have done so far:

Who is the Data Processor, and who is the Data Controller?

Under GDPR, our customers are considered Data Controllers and ZYP.ONE is regarded as a Data Processor. GDPR defines requirements for Controllers relating to the personal data for which they are responsible, including the requirement that when using Data Processing, these Processors offer adequate guarantees that they will abide with the GDPR and will protect the rights of Data Subjects.

Where does ZYP.ONE store customer data?

We host our customer, audit, and expiration data on Amazon Web Services (AWS), a best-in-class third-party data hosting provider.

For more information about AWS's approach to GDPR compliance, see

How does ZYP.ONE comply with EU data export restrictions?

Sometimes, ZYP.ONE hosts or processes personal data outside the European Economic Area - this is probably the case with your user data rather than audit or expiration data. The GDPR requires that this data remain protected by adequate safeguards following EU law. ZYP.ONE accomplishes this by entering into the European Commission's standard contractual clauses with the entity to which the data is transferred.