Lumiform

Transparency and selection

Our goal is to make it clear what information we collect so that you can make informed choices about how the information is used and control with whom you share it. By providing us with personal information, you consent to our collection, storage, use and disclosure of your personal information in accordance with this Privacy Policy. You do not have to provide us with any personal information, but if you do not, it may affect your use of this website or the products and/or services offered on or through it.

You can also set your browser to block or indicate all cookies, including those associated with our services, when a cookie is set by us. However, it is important to remember that many of our services may not function properly if your cookies are disabled. For example, you may not be able to log in to ZYP.ONE or use other services.

Information collected by us

We collect information in order to provide better services to all our users - from simple things like what language you speak to more complex things like what content of ours is most important to you.

We collect information in the following ways:

• Information you give us. We collect information about you and your business when you register for an account with us, create or change your profile, use, access or interact with our services or our websites (including but not limited to uploading, downloading, collaborating or sharing content, including photos and videos). For example, many of our services require you to register for an account with us. When you do, we ask for personal information such as your name, email address, phone number, or credit card. We may associate your name, email address or image with other users in your organization or otherwise with your account to assist you in sharing or referring you.
• Information that we obtain through your use of our services. We may collect information about the services you use and how you use them, for example, when you visit a website that uses our services or when you view and interact with our content. This information includes:
  • Device Information - We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers and mobile network information including your telephone number). We may associate your device IDs or phone number with your account.
  • Log Information - When you use our services or view content provided by us, we may automatically collect certain information and store it in server logs. This may include:
    • Details of how you have used our service, such as your search queries;
    • Telephony log information such as your telephone number, caller ID, call forwarding numbers, time and date of calls, duration of calls, SMS routing information and call types;
    • Internet Protocol address;
    • device event information such as crashes, system activity, hardware settings, browser type, browser language, date and time of your request and referral URL; and
    • Cookies that can uniquely identify your browser or account.
  • Location Information - When you use a location-based ZYP.ONE service, we may collect and process information about your actual location, such as GPS signals sent from a mobile device. We may also use various technologies to determine your location, such as sensor data from your device, which may provide information about nearby Wi-Fi access points and cell phone towers, for example.
  • Location Information - If you use a ZYP.ONE location-based service, we may collect and process information about your actual location, such as GPS signals sent from a mobile device. We may also use various technologies to determine your location, such as sensor data from your device, which may provide information about nearby Wi-Fi access points and cell phone towers, for example.
  • Unique application numbers - Certain services include a unique application number. This number and information about your installation (such as the type of operating system and version number of the application) may be sent to us when you install or uninstall this service, or if this service regularly contacts our servers, for example, for automatic updates.
  • Local Storage - We may collect and store information (including personal data) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
  • Cookies and anonymous identifiers - We use various technologies to collect and store information when you visit our services, and this may involve sending one or more cookies or anonymous identifiers to your device. We also use cookies and anonymous identifiers when you interact with services we offer to our partners, such as advertising services or ZYP.ONE features that may appear on other websites.

How we use the information we collect

We may use the information we collect, including your Personal Information and Transaction Data, from any of our services at one or more of the locations where ZYP.ONE operates or otherwise conducts business (currently our location in Germany, Berlin) for the following purposes:

• for internal and service-related purposes, such as providing, maintaining, protecting, improving and personalizing our services, developing new services and protecting the rights, property or safety of ZYP.ONE and our users;
• to communicate with you to provide you with information that we believe may be useful or relevant to you;
• to promote our services and related services;
• to analyse information in order to offer aggregated, anonymised data products to third parties;
• to facilitate the exchange of aggregated and anonymised information with third parties, including transactional data. An example of anonymized information would be the number of uses of a template or location data that may be used by such third parties to inform judgments about the organization using the software, but not about individuals whose data is processed by the software;
• to enforce the privacy policy and our terms and conditions for the use of our services and websites;
• to monitor and analyze trends, usage and activities related to our services and for marketing or advertising purposes or to provide you with customized content;
• to investigate and prevent fraudulent transactions, unauthorised access to or use of our services and other illegal or unusual activities;
• to use the name you provide for your ZYP.ONE profile in any services we offer that require a ZYP.ONE account. In addition, we may replace previous names associated with your ZYP.ONE account so that you are consistently represented in all our services. If other users already have your email or other information that identifies you, we may show them your publicly visible ZYP.ONE profile information, such as your name and photo;
• if you contact us to record your communication so that we can help you resolve any problems you may have. We may use your email address to inform you about our services, for example, to notify you of upcoming changes or improvements;
• cookies and other technologies to improve your user experience and the overall quality of our services;
• to integrate information from one service, including personal information, into other ZYP.ONE services - for example, to make it easier to share things with people you know;
• as otherwise stated in this Privacy Policy.

To use the information we collect, we may need our systems to access, screen, store, film and/or scan your information. Where appropriate or required by data protection laws, we will ask for your consent before using information for any purpose other than those set out in this Privacy Policy.

Retention of personal data

We will retain your personal information for as long as necessary to provide the services we provide to you or for other purposes described in this Privacy Policy, and you may at any time request that we stop processing your personal information or delete it.

We are required by law to retain some of your data for certain periods of time. If we no longer need your data, we will ensure that your data is destroyed or de-identified.

We may need to retain certain personal information after the discontinuation of the provision of products or services in order to enforce our terms and conditions, prevent fraud, identify, issue or resolve legal claims and/or maintain proper accounting records.

Disclosure of personal information

ZYP.ONE processes personal information on our servers in many countries around the world. If you choose, we will process your personal information on a server within your country of residence. Please inform us about this wish immediately upon conclusion of the contract.

We may share personal information outside of Germany with third parties, as listed in Appendix 2 - Third Party Service Providers.

By providing us with your personal information, you consent to the transfer of your personal information to third parties living outside Germany. When we share your personal information with third parties, we will take reasonable steps to ensure that any recipient outside Germany handles such information in a manner consistent with German and European data protection principles.

Information we share

We do not share personal information with companies, organizations and individuals outside of ZYP.ONE unless one of the following circumstances applies:

• With your consent

  We may share personal information with companies, organizations or individuals outside of ZYP.ONE if we have your consent.

• With account administrators

  If your account is managed for you by an organization administrator, your organization's administrator and the resellers who provide user support for your organization will have access to your information (including your email and other data).
  • Your account administrator may be able to do this:
  • View statistics about your account;
  • change your account password;
  • suspend or terminate your account access;
  • access or retain information stored as part of your account;
  • obtain your account information to comply with any applicable law, regulation, legal process or enforceable governmental request;
  • limit your ability to delete or edit information.

For more information, see the privacy policy of your account administrator.

Information we share

We do not share personal information with companies, organizations and individuals outside of ZYP.ONE unless one of the following circumstances applies:

• With third-party service providers

  We may share personal information:
  • Third party service providers to enable them to provide their services, including (without limitation) IT service providers, data storage providers, web hosting and server providers, collection companies, maintenance or problem solving providers, marketing or advertising providers and payment system operators;
  • our existing or potential agents or business partners;
  • third parties, including agents or subcontractors, who assist us in providing information, products, services or direct marketing to you.
  Our current third-party service providers (as updated from time to time) are listed in Appendix 2.

• To address fraud, security or technical issues

  We will disclose your personal information to trusted third parties when necessary to detect, prevent or otherwise address fraud, security or technical issues.

• For legal reasons

  We may disclose your information if required to do so by applicable law, regulation or as part of any actual or anticipated legal process (including when reasonably necessary to enforce applicable terms of use or to establish, exercise or defend our legal rights). If we receive a request from a regulatory or law enforcement agency and if permitted by GDPR, the CCPA and other laws, we may disclose certain information to such agencies or authorities.

• Merger or acquisition

  If we merge with or are acquired by another company, we may share your personal information with the new owners of the company and their advisors. We will continue to ensure the confidentiality of all personal information and notify affected users (for example, by sending a message to the email address associated with your account) before personal information is transferred or becomes subject to another privacy policy.

We may share aggregated, non-personally identifiable information publicly and with our partners, such as publishers, advertisers, or affiliated websites. For example, we may make information publicly available to show trends in the general use of our services. This may include government agencies, industry groups, insurance companies and educational/training institutions.

Information Security

We have implemented robust measures regarding the security of the information we collect and store about you (including through the use of network and database security measures) and will use reasonable efforts to protect your personal information from unauthorized access or unauthorized alteration, disclosure or destruction. In particular:

• We encrypt many of our services with Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
• We review our information collection, storage and processing practices, including physical security measures, to protect against unauthorized access to systems.
• We restrict access to personal information to our employees, contractors and agents who need to know that information to process it for us and who are under strict contractual confidentiality obligations and may be disciplined or terminated if they fail to comply with these obligations.
• We have several authentication and access control measures in place to ensure that only authorized personnel can access the information.
• We enforce strong encryption of all data at rest using the Advanced Encryption Standard (AES-256).

The transmission of information over the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our servers over third-party networks; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorized access.

Registration

Our Privacy Policy applies to all services offered by ZYP.ONE and its partners, including services offered on other websites, but excludes services that have separate privacy policies that do not include this Privacy Policy.

Our Privacy Policy does not apply to services offered by other companies or individuals, including products or websites that appear in search results, websites that may contain ZYP.ONE services, or other websites that are linked to our services. Our privacy policy does not cover the information practices of other companies and organizations that advertise our services.

Enforcement

We regularly check the compliance with our data protection regulations. We also adhere to various self-regulatory frameworks. When we receive formal written complaints, we contact the person who made the complaint to investigate it. We work with the relevant regulatory authorities, including local data protection authorities, to resolve complaints regarding the transfer of personal information that we cannot resolve directly with our users.

Restriction

You may choose to limit the collection or use of your personal information. If you have previously agreed to the use of your personal information for direct marketing purposes, you can change your mind at any time by contacting us using the information below.

Access

You can request details of the personal information we hold about you. There may be an administration fee for providing this information. In certain circumstances, as set out in the Privacy Act 1988 (Cth), we may refuse to provide you with personal information we hold about you.

Correction

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information that is found to be inaccurate, incomplete, misleading or out of date.

Complaints

If you believe that we have violated the German Federal Data Protection Act (BDSG) and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged violation. We will investigate your complaint immediately and reply to you in writing, outlining the outcome of our investigation and the steps we will take to deal with your complaint.

Other Websites

Please note that by clicking on links and banner ads on our websites, your browser may access a third party website that has a different privacy policy than ZYP.ONE.

We are not responsible for and have no control over the information transmitted to or collected by these third parties and you should consult their privacy policies.

Changes

We may revise this privacy policy from time to time and will post the most current version on our website. If a revision reasonably restricts your rights or involves a material change in the way we process your personal information, we will notify you.

Contact

If you have any questions or if you would like to contact us about the processing of your personal data, please contact us in one of the ways listed below. When you contact us, we will ask you to verify your identity.

Contact name: Data protection officer

E-Mail: privacy@lumiformapp.com

Mail:
ZYP.ONE GmbH
The Data Protection Officer
Torstrasse 75
10119 Berlin - Germany

Annex 1 - Your rights

BIPR

For the purposes of this Privacy Policy, the owner of the Personal Information is ZYP.ONE GmbH or one of its subsidiaries ("ZYP.ONE") and our contact details are listed in the Contact Us section above.

The legal basis for processing your information

In accordance with the GDPR, the main reasons on which we rely when processing personal data collected through our websites and services are the following:

• Necessary for the conclusion or execution of a contract - in order to fulfil the obligations we enter into when providing a service to you, or to conclude a contract with us at your request, it is necessary for us to process your personal data;
• to fulfil a legal obligation - we are subject to certain legal requirements which may oblige us to process your personal data. We may also be required by law to disclose your personal data to a regulatory authority or law enforcement agency;
• necessary to protect legitimate interests - either we or a third party must process your personal data for the purposes of our (or the legitimate) interests of third parties, provided that we have established that these interests are not overridden by your rights and freedoms, including your right to protection of your personal data. Our legitimate interests include responding to inquiries and requests from you or third parties, improving our website, applications and customer experience, informing you about our products and services, and ensuring that our operations are conducted in a fair and efficient manner;
• Consent - we may ask for your consent to process your personal data in a specific way.

Third-party service provider

As mentioned above, we will share your personal information with trusted third parties when we have contracted them to provide services that you or our customers have requested, and to perform maintenance work or respond to technical incidents that affect our services. Our current third party providers are listed in Appendix 2.

When we share personal information with third parties, we require these third parties to meet minimum standards of confidentiality and data protection.

Processing outside the European Economic Area ('EEA')

Where personal information is transferred to third parties outside the EEA or who will access the information from outside the EEA, we will ensure that approved safeguards are in place to ensure that we comply with GDPR, such as the standard contractual clauses approved by the European Commission or the EU/US Privacy Shield.

ZYP.ONE processes personal data on our servers in many countries around the world. We may process your personal data on a server located outside the country where you live, including outside the EEA. The primary storage location for user data and data uploaded to our products is a data center in Germany, operated by our third party cloud hosting provider, Amazon Web Services ("AWS"). AWS is a participant in the EU/US Privacy Shield, under which transfers of personal data to the United States are authorized.

Retention of personal data

We will retain your personal information for as long as necessary to provide the services we provide to you or for other purposes described in this Privacy Policy, and you may at any time request that we stop processing your personal information or delete it (see the section below regarding your rights).

Your rights in relation to the information we hold about you

You have certain rights in relation to personal information that we hold about you. Details of these rights and how to exercise them are set out below. We require proof of your identity before we can respond to your request.

Right of access

You have the right at any time to ask us for a copy of the personal data stored with us. If we have good reason and if the GDPR permits, we may refuse your request for a copy of your personal data or certain elements of the request. If we refuse your request or any part of it, we will inform you of our reasons for doing so.

Right of rectification or completion

If the personal information we hold about you is incorrect, out of date or incomplete, you have the right to have the information corrected, updated or completed. You can let us know by contacting us at privacy@lumiformapp.com.

Right of cancellation

Under certain circumstances, you have the right to request the deletion of your personal data stored with us, e.g. if the data are no longer necessary for the purposes for which they were collected or processed or if our processing of the data is based on your consent and there are no other legal reasons justifying the processing of the data.

Right of opposition or restriction of processing

Under certain circumstances, you have the right to object to the processing of your personal data by us by contacting us at privacy@lumiformapp.com For example, if we process your data on the basis of our legitimate interests and there are no compelling legitimate reasons for our processing that outweigh your rights and interests. You also have the right to object to the use of your personal data for direct marketing purposes.

You may also have the right to limit the use of your personal data by us, for example in cases where you have questioned the accuracy of the data and during the period in which we verify the accuracy of the data.

Right to transferability of data

In certain cases, you have the right to receive all personal information we hold about you in a structured, commonly used and machine-readable format. You may ask us to transfer this information to you or directly to a third party organisation.

The above right exists only in respect of personal information that:

• which you have previously provided to us; and
• is automatically processed by us.

We welcome such requests, but cannot guarantee technical compatibility with third-party systems. We are also unable to fulfill requests relating to the personal data of other persons without their consent.

You can exercise any of the above rights by contacting us through any of the methods listed in the Contact Us section above.

Most of the above rights are subject to restrictions and exceptions. We will give reasons if we are unable to comply with a request to exercise your rights.

If we process your personal data on the basis of your consent, you have the right to withdraw your consent at any time. You can do so by contacting us using the details in the "Contact" section above.

Automated decision-making

Automated decision making occurs when an electronic system uses personal information to make a decision without human intervention. It is specifically regulated in the GDPR when such decisions are made that have legal or other significant effects on the individual. It is permissible in the following circumstances:

• If it is necessary to conclude or fulfil our contract with you and appropriate measures are taken to protect your rights.
• In limited circumstances, with your express written consent and where appropriate measures are in place to protect your rights.
• You will not be the subject of any decision which, solely by virtue of the automated processing, will have a material impact on you, unless we have a legitimate basis for doing so, we have notified you and given you the right to challenge the decision or demand that the decision be taken by a person.

Complaints

If you do not consent to our use of your personal information, you can contact us using the information in the "Contact Us" section below.

Annex 2 - Third party service providers