If in doubt, the governing law of this policy is that of England.
We are registered with the UK Information Commissioner’s Office as a Data Controller, and have in place a comprehensive Company data protection policy and code of practice.
1. Purpose of this Policy
We provide you (the “User”) with access to the online and mobile services associated with Lumata, including but not limited to, www.lumata.com and all associated sub-domains (the “Website”), and any Lumata mobile application (the “App”), collectively the “System”.
We may collect and process information provided by filling in forms on the System, including information provided during completion of surveys, sleep diaries and other online tools, posting of comments in the Community or requesting further services, information provided when purchasing a product or paying for access to restricted content, entering a competition or promotion and when you report a problem with our System. If you contact us, we may also keep a record of that correspondence.
Throughout your use of the System we may collect and process information, such as: personal information (name, date of birth, email address, etc.); pre-existing medical conditions; lifestyle; environment; medication; other health profile information and details of your visits to the System and the resources that you access (including, but not limited to, traffic data, location data, weblogs and other communication data), whether this is required for our own billing purposes or otherwise.
We are required by law to maintain the privacy of the information described in this Policy and to provide you with this notice of our legal duties and privacy practices with respect to it. When we use or disclose this information, we are required to abide by the terms of this Policy (or other Policy in effect at the time of the use or disclosure).
IP addresses and cookies
We may collect information about your device, including where available your IP address, operating system, browser type and screen size. We may use this: to, provide you with customer support, for system administration; to tailor your experience of the System; to report aggregate information internally, to advertisers; and for research; or as described in ‘How we use your information’
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your device. Cookies help us to give you a smooth user experience, improve the System and deliver a better and more personalized service. They enable us:
· To recognize you when you return to our system.
· To maintain data you have entered e.g. during completion of a survey.
· To speed up your searches.
· To estimate our audience size and usage pattern.
· To store information about your preferences, and so allow us to customize the System according to your individual interests.
Both Lumata and third-party vendors, including Google, may use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize, and serve ads based on your past visits to the System on sites across the Internet (also known as 'remarketing'). If you would like to opt out of this you can do so via your Google Ads Preferences Manager.
2. How we use your information
Lumata understands that your identifiable health information is private and personal and is dedicated to maintaining its confidentiality and integrity. As such, we will never sell or rent it and have policies and procedures and other safeguards to help protect it from improper use and disclosure.
We follow a Minimum Necessary Access Policy so any required disclosure of your data is minimized. The following categories describe the ways in which we use your identifiable health information and the rare instances that require us to disclose it to persons and entities outside of Lumata. We have not listed every use or disclosure within the categories below, but all permitted uses and disclosures will fall within one of the following categories. In addition, there are some uses and disclosures that may require your specific authorization.
How much identifiable health information is used or disclosed without your written permission will vary depending, for example, on the intended purpose of the use or disclosure, and appropriate laws.
· Operations: We may use and disclose your information for our internal operations, which include administration, planning and various activities that assess and improve the quality and cost effectiveness of the service that we deliver to you. Examples are using information about you to improve quality of the service, satisfaction surveys, customer services and internal training.
· Emails: We may receive a confirmation when you open an email from us, or click on a link in an email, if your computer supports this type of program. We use this confirmation to help us make emails more interesting and helpful. When you receive an email from us, you can opt out of receiving further emails by following the included instructions to unsubscribe. However, by opting out of further email communications after you sign up, you may limit program reminders and other valuable program content and components.
· Reminders and notifications: We may use and disclose your identifiable information to contact you as a reminder to interact with, or complete tasks relating to your use of the System.
· Business associates and partners: There are some services provided in our organization through contracts with business associates and partners. Examples of business associates include accounting services, server hosting and email delivery. Partners may include reputable companies in the industry who subcontract to us. We may disclose your identifiable health information to our business associates and partners so that they can perform the job that is required of them. To protect your identifiable information, we require our business associates to sign a contract or written agreement stating that they will appropriately safeguard your it.
· Threat to health or safety: We may use and disclose your identifiable information when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
· As required by law: Certain laws permit or require certain uses and disclosures of identifiable information for example, law enforcement. In these instances, Lumata will only use or disclose your identifiable information to the extent the law requires.
· Personal representatives or persons involved with your care: We must use and disclose your identifiable health information to anyone who has the legal right to act for you (your personal representative) in order to administer your rights.
· Transfer of business assets: In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. If Lumata or substantially all of its assets are acquired by a third party, personal data held by it about its customers will be one of the transferred assets.
3. Where we store your personal data
Information you provide to us is stored in encrypted form on secure servers located in the UK, which are owned and operated by Rackspace.
Your data may be transferred to, and stored at, other destinations inside the EEA by or to staff who work for Lumata or one of our suppliers. Such staff may be engaged in, among other things the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
Unfortunately, despite these measures, the transmission of information via the internet (especially by email) is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any of your data transmitted to the System, or transmitted from the System to you, and any transmission is at your own risk. Once we have received your information, we will use strict procedures to try to prevent unauthorized access in accordance with our Company data protection policy and code of practice, appropriate laws, and responsibilities as a registered Data Controller in the UK.
4. Your rights regarding your identifiable health information
You have certain rights with respect to your identifiable health information. If we do not agree to a request by you regarding your identifiable health information, please consult the Lumata Privacy and Security Officer whose contact information is below.
· Restrictions: You have the right to request in writing that we do not disclose certain information about you. We do not have to agree to any restriction that you request. To request a restriction, please contact the Privacy and Security Officer whose contact information is below.
· Confidential Communications: You have the right to request in writing that we restrict the way in which we communicate information regarding your health and health care services, such as ceasing to send email or SMS messages to notify or remind you about aspects of Lumata’s Systems. We will make reasonable efforts to accommodate your request, or to provide alternative means of communication where possible.
· Access: You have the right to inspect and copy most of your Health Information maintained by us. Normally, we will provide you with access within 30 days of your request. We may charge a reasonable fee for doing this.
· Amendment: You have the right to request that we amend your written identifiable health information. For instance, you can request that we correct an incorrect date of birth in your records. We will generally amend your information within 60 days of your request, and will notify you when we have amended your information. We can deny your request in certain circumstances, such as when we believe that your information is accurate and complete. We cannot take responsibility for actions based on information incorrectly provided by you, such as emails sent to incorrect addresses.
· Accounting: You have the right to request an accounting from us of certain disclosures made by us. We will generally provide you with your accounting within 60 days of your request. In addition, we will notify you as required by law if there has been a breach of the security of your identifiable health information.
6. Amending this Policy
Questions relating to revisions to this Policy may be addressed to the Privacy and Security Officer whose contact information is below. This Policy will be promptly revised if there is a material change to a policy described herein.
Concerns or Complaints
If you believe that any of your rights with respect to your or others’ identifiable health information have been violated by us, our employees or agents, please communicate with the Lumata Privacy and Security Officer at:
Privacy and Security Officer firstname.lastname@example.org
Effective Date: This Policy is effective as of June 23rd, 2016