Last updated: 24 May 2018
2. Who we are
3. Our approach to privacy
4. Our companies and websites
5. Your consent
6. Where and why we collect and process your personal information
7. Our legal basis for processing your data
8. What information we collect
9. Sharing information with third parties
11. International transfers of information
12. Retention of your information
14. Your rights
15. Contact Us
[back to top]
Lumi is the leading global provider of fast, accurate and secure technologies to facilitate the smooth running of AGM, shareholder or member meetings and legislative meetings and elections – whether that is a physical in-room meeting, a virtual only meeting or a hybrid meeting. Our headquarters are in the United Kingdom, but we have offices in the USA, Europe, Asia, South Africa and Australia.
Geting Capital Ltd. is the parent company of our organisation, and we’ve provided a full list of our subsidiaries in the scope section below, where we include our registered address.
We are not required to appoint a Data Protection Officer (DPO), however, we have nominated a person to take overall responsibility for matters of data protection and privacy. This is our Head of Information Security and you can contact them with any questions or concerns about your data by emailing email@example.com (for more contact details see below).
[back to top]
We do not sell your personal data to third parties for marketing or promotional purposes. We do not abuse or misuse your personal data, or let it fall into the wrong hands. We only collect or process your information for the reasons we say we do.
As a business, we supply mobile technology products and services to collect and analyse information to help our customers (“Clients”) better understand a group of people. That information is as important to us as it is to you.
We only collect and process your information in accordance with our Clients’ instructions. If they are ethical, moral and legal, then we comply with their directions as to how they want us to collect, process and analyse the information. We also try to ensure that any obligations our Clients have given you about privacy are carried out, subject to applicable laws.
We share your personal information with our Clients, who control your information and have provided it to us and/or asked us to collect information and process it by using our technology and services. They have their own privacy policies that apply to your information and must be able to provide you with a copy.
[back to top]
The following companies are within scope for this policy;
- Geting Capital Ltd. (our parent company)
- Lumi Holdings Ltd.
- Lumi AGM UK Ltd.
- IML US Inc.
- Lumi Technologies SA (Pty) Ltd.
- Lumi Technologies Pty Ltd.
- Lumi Technologies BVBA
- Lumi Technologies BV
- Lumi France SAS
- IML Asia Ltd.
- Interactive Meetings Singapore Pte Ltd.
The following websites are within scope for this policy;
This policy also covers any additional personal data collected in the following, which are our online web applications;
[back to top]
- The transfer of your personal information to within the U.S. and to other countries outside the EU.
However, as we’ve stated above – we do not sell your information to third parties for marketing purposes. If you do not want your personal information to be used in any of the ways listed above, then please do not use our products, services or websites.
[back to top]
We collect your personal information from the following sources;
- When you visit our website(s).
- When you contact us for help or support.
- When you use one of our products or services (e.g. completing a survey, downloading an app, sending a message, responding to an electronic poll, visiting a web app, liking a comment, etc.).
Because our business revolves around helping our Clients to reach and better understand groups of people, we may also receive your personal data from those Clients, who have analysed the information they already have about you or you have provided directly.
We process your information for one or more of the following purposes;
[back to top]
- You have come to us for our help (this could be enquiring about our technology or technical support if you already use it).
- You have consented to our Clients who are using our services.
- You are visiting our website.
- To provide you with information you have requested from us.
- To fulfil a contract that we have entered into with you or with an entity that you represent.
- To ensure the safe operation and security of our websites and underlying business infrastructure.
- To manage any communication between us and you.
There are two reasons we collect, process and store your data;
[back to top]
- If you are using one of our products or services (for example an electronic keypad or event app on a mobile device), then the legal basis upon which we hold and process your data is contractual. We assume you have provided consent to our Client (the data controller) and we process the data in order to fulfil our obligations of a contract which is in place between our Client and us (where we act as the data processor).
- If you have come to our website or contacted us for help or information. This will either be through submitting your details in our ‘Contact Us’ form on the website, initiating a ‘live chat’ with us on our website or contacting our Support team for technical assistance. Here, our legal basis to process data is consent. If you do not provide consent then we are unable to take your details and contact you, have a ‘live chat’ with you or provide technical support.
Our products and services collect and analyse a range of information. Depending on the particular app or technology you are using, this may include;
- Biographical information that you have supplied to us or to our Clients.
- Location information, meaning data which reveals an approximate geographical location of you and your mobile device. We only collect this information where you have agreed to us doing so and also by agreeing to a notification on your mobile device.
- Information about the type of mobile device you own.
- App ‘metadata’, which means information about the way in which our application is used and how it functions on your mobile device (for example, which app screens you use most, how long it takes to transmit information to us, the volume of information, etc.). Metadata does not include any personal information about you. We collect metadata via Google Analytics in order to improve the usability, security and performance of our apps.
- Survey, voting or any other data requested by our Clients and provided by you, which means information contained in the responses you give to surveys or electronic votes, or other information you provide or enter in the app, an online dashboard or website. Please note that participation is always voluntary and you do not have to provide any information.
- Information received from other sources including other websites we operate or the other services we provide.
If you are visiting our website or trying to contact us for information, assistance or technical support, then the data we collect or may ask for could include;
[back to top]
- Your name
- Your contact details, such as a phone number and/or email address
- Your approximate location (depending on the settings on your device)
- Technical data such as an Internet Protocol (IP) address, time zone, operating system and platform and information about your internet browser application
- Which of our products and/or services you use
- Which pages on our website you have visited, including where you have clicked your mouse and what buttons you have pressed (i.e. where you came to us from, where you went in our site, how you got there and where you went to after visiting).
- Which Client of ours you represent, and your role within that organisation (for example your job title).
- Information about our hardware which you own or use and information about the mobile device accessing our online products and services.
- Any technical or diagnostic information we deem necessary to fix a problem or resolve an issue you are experiencing with our products or services.
We may share your personal information with;
- Our Clients, who have asked us to collect, process or analyse it on their behalf.
- Our partners, sub processors or vendors working on our behalf, who provide us with IT and support services to help us manage and store information, and who may require such information for the performance of any contract we enter into with them to conduct our business (for example Microsoft-controlled subsidiaries, Amazon Web Services, etc.).
- Our group companies as listed in the scope section above, who may provide related or ancillary services.
- Internationally recognised legal or regulatory bodies.
We will only share your personal information in the following circumstances;
[back to top]
- If we believe that it is reasonably necessary to comply with a law, regulation or legal request (e.g. to assist in matters of public interest or safety).
- If we sell, transfer or otherwise share some or all of our assets in connection with a merger, acquisition, reorganisation or sale of assets, or in the event of bankruptcy. We endeavour to provide you with notice prior to the transfer of your personal information to a successor entity.
- To complete any transaction or provide any product or service you have requested or authorised.
- To maintain the security of our products and services.
- To protect ours, yours and our Clients’ rights and property.
We have what we believe are robust, appropriate and sufficient security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our Information Security Management System (ISMS), which is aligned to ISO/IEC 27001 standards. We plan to update this policy soon, once we have achieved accredited certification. Although even with that, we have no control over what happens between your mobile device and the perimeter of our information infrastructure. You should be aware of the many cyber security risks that exist and take appropriate steps to safeguard your own information.
We accept no liability in respect of breaches that occur beyond our sphere of control. However, we take the privacy and protection of your personal information very seriously and use a number of methods to try to keep your personal information secure from loss or unauthorised use or access when it is in our possession or control. These methods include reasonable physical, technical and organisational measures to restrict access to your personal information. For example, your personal information is encrypted at rest (i.e. whilst it is being stored) but also whilst in transit by us using the latest TLS and encryption technologies. Access to your data (for example amongst our employees and Clients) is strictly controlled by a combination of secure passwords, permissions-based user roles, tried and tested processes, multi factor authentication and more.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website and/or apps, you are responsible for keeping this password confidential. You should never share a password with anyone and you should ensure that you do not reuse or recycle passwords.
Where required by applicable law, we will notify you or our Clients of any loss of or unauthorised access to your personal information, and we will cooperate with the appropriate authorities to investigate such incidents in a timely fashion.
[back to top]
We are a global company with service providers and Clients operating in several countries around the world. We use “cloud-based” storage solutions, meaning that your personal information may be transferred and stored in locations outside of your state, province or country, where the privacy laws may not be as protective as those in your jurisdiction. This includes countries outside United States. Our Clients may also operate in such locations and may require that we transfer your personal information to them in those locations.
[back to top]
We keep your personal information for as long as is necessary to fulfil the purposes for which it was collected. This purpose is usually for one of the two reasons as listed above in the section on our legal basis to process your data, namely to help you or to carry out our obligations of a contract. In most cases, this will be the duration of a particular meeting, event, project or campaign for which our Client has asked us to collect and process information about you. However, we are subject to our Clients’ instructions and they may ask us to retain it for longer or to delete it sooner. We regularly audit the information we hold to ensure that it remains relevant to our current requirements and those of our Clients.
We maintain a permanent record of anonymized location, demographic and survey data. This data is used to produce aggregated consumer insights and cannot be used to identify individuals.
[back to top]
We do not knowingly collect personal information or data of minors or children. We have no control over who contacts us, or means of verifying their age, but we do not conduct business with anyone under 18 years of age. For our Clients (the data controller), if they are using our products and services to collect or process data of children, then they must comply with the data protection laws applicable to them. In these very rare circumstances, our Clients are obliged to obtain express consent from the children’s parents or legal guardians prior to the use of our service.
[back to top]
As a data subject whose personal information we collect and process, you have certain rights. If you wish to exercise any of these rights, then please email firstname.lastname@example.org or use the contact details supplied below. In order to process your requests, we will ask you to provide two valid forms of identification for verification purposes. Depending on the reasons we are holding or processing the data, we may have to refer you to our Client which you represent and have provided consent to (i.e. as the data processor, we will have to refer you to the data controller to make such requests).
Your rights are as follows:
[back to top]
- The right to be informed. As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this policy and any related communications we may send to you. As a data processor, we acknowledge requests made through the data controller (our Client) and commit to satisfying these in a timely fashion.
- The right of access. You may request a copy of the personal information we hold about you. We will always provide this free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following;
- The categories of personal data concerned
- The purpose for processing the personal data
- If applicable, who we have disclosed the data to
- The proposed or planned retention period for that data
- The source of personal data, if collected from a third party
- The right to rectification. If you feel we hold inaccurate or incomplete personal data about you, you may exercise your right to correct or complete it. This may be used in conjunction with the right to restrict processing (see below) to make sure that incorrect or incomplete information is not processed until it has been rectified.
- The right to erasure. Often referred to as the ‘right to be forgotten’. Where no overriding legal basis or legitimate reason continues to exist for processing your personal information, you have the right to request that we delete that data. We will always take all reasonable steps to ensure the erasure or deletion of your data.
- The right to restrict processing. You have the right to ask us to stop processing your personal data. We will still store the information, but will not process it further. This right is an alternative to the right to erasure. If any of the following conditions apply, then you may exercise your right to restrict processing;
- You contest accuracy of your personal data and we are verifying it.
- Your data has been unlawfully processed.
- We no longer need the personal data for processing but the personal data is required for part of a legal process (e.g. establishing, exercising or defending a legal claim).
- You have exercised your right to object and processing is restricted pending a decision on the status of that processing.
- The right to data portability. You may request personal data which we hold, to be transferred to you, another controller, processor or third party. We must ensure we provide it in a commonly used and machine readable format. This right only applies because our lawful basis for processing is either consent or for the performance of a contract.
- The right to object. You have the right to object to our processing of your information. This applies when processing is;
- Based on your legitimate interests (or those of a third party)
- For the purposes of direct marketing
- For research purposes (scientific, historic or statistical)
- Based upon public tasks or legitimate interests
Should you have any questions, comments or concerns about this policy or how we handle and process your data then please email email@example.com
As an alternative, you can get in touch with us at our headquarters using the following postal address or phone number;
Lumi Holdings Ltd.
Ordnance Business Park
Tel: +44 (0)3300 583 952
Our UK hours of operation are 09:00 – 17:30, Monday to Friday.
If English is not your first language, then please visit the Contact Us
page on our website to find telephone numbers and addresses for our regional offices.
[back to top]
If you wish to complain or discuss any grievances with us, please don’t hesitate to contact us using the details provided above. All complaints are treated confidentially. Should you be unhappy with how we are handling or have handled your data, or about any former complaints you have made to us, then you are entitled to escalate your complaint to a supervisory authority within the region you are based. As detailed above, our company headquarters are based in the United Kingdom, where the Information Commissioner’s Office (ICO) is the supervisory authority for data protection (https://ico.org.uk/
[back to top]
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
||This cookie is used by our video player to remember where you are in a video so that if playback is interrupted (for example, by losing your internet connection) then you can get right back to where you left off.
||Used by third party provider to identify logged in use
|__ga (Google Analytics)
||Used to distinguish users
|__gat (Google Analytics)
||Used to throttle request rate
||Used to remember the region of the User
||Used to remember the language of the User
||Used by Hubspot to distinguish Users
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
Except for essential cookies, all cookies will expire after 1 year from creation.
[back to top]