Privacy Policy

Lumanity is committed to protecting your personal information and this privacy policy states how we collect your personal information, how we store it and how we use it.

This privacy policy applies worldwide and is based on global data protection regulations and covers the products and services which are offered by the Lumanity group of companies.

If you have any queries about this policy or your personal information please contact:

Data Protection Officer
Lumanity
Great Suffolk Yard, 2nd Floor
131 Great Suffolk St.
London
SE1 1PP

Email: privacy@lumanity.com

Call: +44 (0)20 7608 9300

About this privacy policy
This privacy policy, together with any agreement between us, explains how we collect, use, share and transfer your personal data.

We think carefully about our use of personal data, and below you can find the details of what we do to protect your privacy. This policy covers, among other topics:

Information about your rights and our obligations
Clarity about our dealings with you and transparency about how we collect and use your personal data
Commitments on how we protect your personal data
Commitments on how we will facilitate your rights and respond to your questions

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you; this will ensure that you are fully aware of how and why we are using your data. This privacy policy supplements other agreements, notices and privacy policies and is not intended to override them.

Personal data is any information about you by which you can be identified. This can include information such as: your name, date of birth, email address, postal address, phone number, mobile number; debit card details; information about your device (such as the IP address, which is a numerical code to identify your device that can provide information about the country, region or city where you are based); and information relating to your personal circumstances and how you use our site and services.

Sometimes our site may contain links to third party sites and services. These sites and services have their own privacy policies. If you follow a link to a third party, you should read the privacy policy shown on their site.

Who we are
Lumanity was formed to bring together diverse perspectives and unique clinical, scientific, and functional expertise to uncover innovative, yet pragmatic approaches to address the complex set of challenges on the path to market.

As the data controller, we are responsible for deciding how and why we hold and use your personal data

What personal data we collect and how
We may collect, use, store and transfer different kinds of personal information about you that we have grouped together as follows:

Identity data– name, username, marital status, title, photographs, date of birth and gender
Contact data– email address or telephone numbers, billing address, delivery address, social media addresses
Professional data – your qualifications and employment history
Technical data– internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website
Profile data– feedback and survey responses
Usage data– information about how you use our website
Marketing and communications data– your preferences in receiving marketing from us and your communication preferences

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

How we collect personal data
We may collect, store and transfer personal information about you from the following sources: data you give us, data we collect when you use our services and data from third parties we work with.

Data you give to us:

When you use our services
When we deal with you on behalf of a client
When you provide us with the information
When you or your business provide services to us or our clients
When you visit our website
When you fill in forms on our website
When you enquire about working with us or apply to work with us
In certain circumstances, when you have previously worked with us
When you provide us with information for the purpose of us providing you with details of our services or for inviting you to events
When you talk to us on the phone
When you email or send letters to us for any reason
When you engage with us on social media
If you take part in our competitions or promotions
When you give us feedback, comments and service reviews
When you book any kind of appointment with us
When you send us photographs and images of yourself

Data we collect when you use our services:

Direct Interactions
You may give us your identity data and contact data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

Apply for our products or services
Create an account on our website
Subscribe to our services or publications
Request marketing to be sent to you
Give us feedback or contact us

Visitors to our website
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out information such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we want to collect personally identifiable information through our website, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Cookies and similar technology
When you visit our site, we may collect personal data from you automatically using cookies or similar technology. A cookie is a small file that can be placed on your device that allows us to recognize and remember you.

Visitors to our offices
When you visit us at any of our offices, we have CCTV systems in operation for the security of clients and employees and these systems may record your image.

Posting comments on our social media accounts
When you post information on a Lumanity social media feed or comment publicly on a post on one of our feeds, the information you post and your username are publicly accessible. This information can be viewed online and collected by other people. We are not responsible for the way other people use this information. When contributing to a discussion, we strongly recommend you avoid sharing any personal details, and, especially, information that can be used to identify you directly such as your name, age, address and the name of your employer. We are not responsible for the privacy of any identifiable information that you post on our social media accounts.

Data from third parties we work with:

Companies that introduce you to us
Social networks
Agents/agencies working on our behalf
Government and law enforcement agencies
Identity and contact data from publicly availably sources

How and why we use your personal data
We will only use your personal data where we have legal ground to do so. We determine the legal grounds based on the purposes for which we have collected and used your personal data. In every case, the legal ground will be one of the following:

Where we need to perform the contractwe are about to enter into or have entered into with you (for example, where we have agreed to send you certain products or services, we will collect your address details to deliver materials and we may pass them to our courier)
Where it is necessary for our legitimate interests(or those of a third party), and your interests and fundamental rights do not override those interests. For example, we may use your personal details to provide you with information about the services we provide, to provide industry updates and to market our services
Where we need to comply with a legal or regulatory obligation(for example, we pass on details of people involved in fraud or other criminal activity affecting us to law enforcement agencies)
Where we can collect and process your data with your consent(for example, when you tick a box to receive email newsletters)

Security of your personal data
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal or transactional information stored on our website and systems. For more information on how we protect your personal information please contact our Data Protection Officer (contact details at the top of the page).

Who we share your personal data with
We do not share your personal data with other people or organizations that are not directly linked to us except under the following circumstances:

We may share your data with other organizations that provide services on our behalf such as dealing with online payments and other forms of payment processing, i.e. credit card transactions and preventing fraud
We may share your data with other affiliated organizations that co-host events with Lumanity, such as registration information, details of the event and contact details to receive marketing information on the companies involved
We may reveal your personal data to any law enforcement agency, court, regulator, government authority or other organization if we are required to do so to meet a legal or regulatory obligation, or otherwise to protect our rights or the rights of anyone else
We may reveal your personal data to any other organization that buys, or to which we transfer all, or substantially all, of our assets and business. If this sale or transfer takes place, we will use reasonable effort to make sure that the organization we transfer your personal data to uses it in line with our privacy policy
To third party client companies. We will have strict agreements with these companies to limit what they can do with the data we give them. We will always ask for you consent before passing on your personal information in this way.

Any organizations that access your data in the course of providing services on our behalf will be governed by strict contractual restrictions to make sure that they protect your data and keep to all data privacy laws that apply. We may also independently audit these service providers to make sure that they meet our standards.

Some of our webpages may use social plug-ins from other organizations (such as the ‘Facebook Recommend’ function, Twitter’s retweet function, Google+ function). These other organizations may receive and use personal data about your visit to our site. If you browse our site, information they collect may be connected to your account on their site. For more information on how these organizations use personal data, please read their privacy policies

Marketing
We believe in being open, honest and transparent with our clients and suppliers and want you to feel comfortable about your decision to give us your personal information and how we use it.

Lumanity may share your personal data with other affiliated companies.

We will use the details you provide to us to communicate with you about how we can help you in your role and help your company achieve its objectives.

We promise that will only communicate with you in the way you wish us to and we will always respect your privacy. You can change your mind at any time and it’s quick and easy to let us know that you no longer want to hear from us by contacting our Data Protection Officer (contact details at the top of the page).

We will always respond to your wishes in a sensitive, timely, courteous and professional way.

Please be assured that we will take appropriate measures to keep your personal information safe and secure and we promise not to over contact. We will never pass your personal information on to other organisations for them to use for their own marketing purposes.

International data transfers
Data we collect may be transferred to, stored and processed in any country or territory where one or more of our Lumanity group companies, our clients or service providers are based or have facilities. While other countries or territories may not have the same standards of data protection as those in your home country, we will continue to protect personal data that we transfer in line with this privacy policy.

Whenever we transfer your personal data out of the European Economic Area (EEA) or UK, we ensure similar protection and put in place at least one of these safeguards:

We will only transfer your personal data to countries that have been found to provide an adequate level of protection for personal data
We may also use specific contracts with our service providers that are based in countries outside the EEA or UK. These contracts give your personal data the same protection it has in the EEA or UK
Where we use service providers outside the EEA or UK, we may transfer your personal information from your home country to the US (or other countries) based on the following legal bases:
- Legitimate business interests: we could not provide our services or comply with our legal obligations without transferring your personal information to that country
- Our use of standard contractual clauses (also known as ‘model clauses’) where appropriate

How long we keep your personal data
We only keep your personal data for as long as we need to (this will be dependent on the type of relationship we have with you). How long we need your personal data depends on what we are using it for, as set out in this privacy policy. For example, we may need to use it to answer your queries about a service we have provided and, as a result, may keep personal data while you are still using our services. Job applicant data may be stored to enable us to check repeat applications, show reasons for hiring decisions and/or to notify candidates of future relevant job opportunities. We may also need to keep your personal data for accounting purposes. If we no longer need your data, we will delete it or make it anonymous by removing all details that identify you. If we have asked for your permission to process your personal data and we have no other lawful grounds to continue with that processing, and you withdraw your permission, we will delete your personal data. However, if you unsubscribe from marketing communications, we will keep your email address to ensure that we do not send you any marketing in future.

Your rights with regard to the personal data that we hold about you
At any point while we are in possession of your personal information, you have the following rights:

The right to access your personal information
The right to edit and update your personal information
The right to request to have your personal information deleted
The right to restrict processing of your personal information
The right to object
The right to lodge a complaint with a supervisory authority

The right to access your personal information
You have a right to obtain confirmation that your personal information is being processed. You also have the right to request a copy of your personal information we hold.

We will provide a copy of your personal information within 30 days of receiving the written request. Should you wish to exercise these rights we require you to prove your identity with two pieces of approved identification (photo ID and proof of address such as utility bill). Please address requests to our Data Protection Officer (contact details at the top of the page).

The right to edit and update your personal information
The accuracy of your personal information is important to us. You can edit your personal information, including your address and contact details at any time. Please address requests to our Data Protection Officer (contact details at the top of the page).

Please provide as much information as possible about the nature of your contact with us to help us locate your records. Any changes you have requested may take up to 28 days before they take effect so you may receive communication within this period.

The right to request to have your personal information deleted
You have the right to request the deletion of your personal information which we will review on a case by case basis.

Should you wish to exercise this right please address requests to our Data Protection Officer (contact details at the top of the page).

The right to restrict processing of your personal information
You have the right to ‘block’ or suppress processing of your personal information. However, we will continue to store your data, but not process it any further. We do this by retaining just enough of your personal information so we can ensure that the restriction is respected in the future.

Should you wish to exercise these rights please address requests to our Data Protection Officer (contact details at the top of the page).

The right to object
You have the right to object to your personal information being processed, to marketing (including profiling) and for research purposes. From the very first communication from us and every marketing communication we send after, you will have the right to object to marketing.

Alternatively, you can exercise this right by contacting our Data Protection Officer (contact details at the top of the page).

Please provide as much information as possible about the nature of your contact with us to help us locate your records. Any changes you have requested may take up to 28 days before they take effect.

If we process your personal information for the exercise or defence of legal claims or we can demonstrate compelling grounds that override your rights and freedoms we may not be able to fulfil your request. However, we will contact you to discuss further.

Your right to lodge a complaint with a supervisory authority
If you wish to lodge a complaint or seek advice from a supervisory authority please contact:

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Website: www.ico.org.uk
Tel: +44 (0) 01625 545 745

California Online Privacy Protection Act
CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require a person or company in the United States (and conceivably the world) that operates websites collecting personally identifiable information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals with whom it is being shared, and to comply with this policy. – See more at: https://consumercal.org/about-cfc/cfc-education-foundation/california-online-privacy-protection-act-caloppa-3/

According to CalOPPA we agree to the following:

Users can visit our site anonymously
Once this privacy policy is created, we will add a link to it on our home page, or as a minimum on the first significant page after entering our website.

Our Privacy Policy link includes the word ‘Privacy’ and can be easily be found on the page specified above.

Users will be notified of any privacy policy changes:

On our Privacy Policy Page

Users are able to change their personal information:

By emailing us
By calling us

How does our site handle ‘do not track’ signals?
We do not enable cookies or analytics unless you accept our cookie policy, so our systems require you to opt-in, rather than requiring that you utilize “do not track” signals to opt out.

Does our site allow third party behavioural tracking?
It’s also important to note that we do not allow third party behavioural tracking.

COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under 13.

Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify the users via email without unreasonable delay.
We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.