Privacy Policy

Last Updated: January 21, 2021

This privacy policy (“Privacy Policy”) governs how we, Lumigo Ltd. (together, “Lumigo” “we”, “our” or “us”) use, collect and store Personal Data we collect or receive from or about you (“User”, “you”) such as in the following use cases:

• When you browse or visit our website, https://www.lumigo.io/ (“Website”);
• When you make use of, or interact with, our Website
  1. When you request a free trial
  2. When you register to our blog
  3. When we process your job application
  4. When you sign up for a webinar
  5. When you contact us (e.g. customer support, help, submit a request)
• When you make use of our platform https:https://platform.lumigo.io/ (“Platform”)
  1. When you sign up for an account, login and purchase our services
  2. When you create administrators for your use of the Platform
  3. When your administrator user create users for your use of the Platform
• When you attend a marketing event and/or we exchange business cards and you provide us with your Personal Data When we use the Personal Data of our service providers
• When we use the Personal Data of our customers
• When you interact with us on our social media profiles (e.g., Facebook, LinkedIn, Twitter, Instagram)

We greatly respect your privacy, which is why we make every effort to provide a platform that would live up to the highest of user privacy standards. Please read this Privacy Policy carefully, so you can fully understand our practices in relation to Personal Data. “Personal Data” or “Personal Information” means any information that can be used, alone or together with other data, to uniquely identify any living human being. Please note that this is a master privacy policy and some of its provisions only apply to individuals in certain jurisdictions. For example, the legal basis in the table below is only relevant for GDPR-protected individuals.

Important note: Nothing in this Privacy Policy is intended to limit in any way your statutory right, including your rights to a remedy or means of enforcement.

Table of contents:

1. What Personal Data we collect, why we collect it, and how it is used
2. How we protect and store your Personal Data
3. How we share your personal data
4. Additional information regarding transfers of Personal Data
5. Your rights
6. Use by children
7. How can I delete my account?
8. Links to and interaction with third party product
9. Log files
10. Analytics tools
11. California privacy rights
12. Our California do not track notice
13. How to contact us

This Privacy Policy can be updated from time to time and therefore we ask you to check back periodically for the latest version of the Privacy Policy, as indicated below.  If there will be any significant changes made to the use of your Personal Data in a manner different from that stated at the time of collection, we will notify you by posting a notice on our Website or by other means.

1. WHAT INFORMATION WE COLLECT, WHY WE COLLECT IT, AND HOW IT IS USED

Data we collect		Why is the data collected and for what purposes?	Legal basis (GDPR only)	Consequences of not providing the data
When you browse or visit our Website
Cookies   For more information, please read our Cookies Policy https://lumigo.io/cookie-policy/		marketing, analytics and statistics, to provide better service	Consent   Legitimate interest (e.g. essential cookies)	Cannot collect and store the information   Cannot use or access some parts of the Website
When you make use of, or interact with, our Website
When you request a free trial
Full name Email address Company name Phone number Any other data that you decide to supply/provide us		To provide a free trial	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.   Legitimate interest (e.g., To provide a free trial)	Cannot provide a free trial
Full name Email address		To send marketing communications	Consent	Cannot send marketing communications
When you register for our blog
Email address Google and/or Facebook log-in Message / comments		To add you to our blog distribution list To allow you to post in our blog	Consent   Legitimate interest (e.g. to allow you to post in our blog)	Cannot add you to our blog distribution list   Cannot allow you to post in our blog
When we process your job application
First name Last name Email address Phone number Resume LinkedIn profile Personal website Cover letter Portfolio Personal note Any other data that you decide to supply/provide us		To process your job application   To assess the candidate	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract   Legitimate interest (e.g. process your job application)	Cannot process your job application   Cannot assess your suitability as a candidate
When you sign up for a webinar
Full name Email address Company name Phone number Any other data that you decide to supply/provide us	To register and reserve a spot for you for the webinar To send you webinar-related communications (e.g., to send you the link of the websinar, to send you a reminder of the websinar)		Depending on the context, legitimate interest (e.g. webinar registration) or processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract	Cannot register for the webinar [Text Wrapping Break]Cannot send you webinar-related communications
Full name Email address	To send marketing communications		Consent	Cannot send you marketing communications
When you contact us (e.g. customer support, help, submit a request)
Full name Email address Company name Phone number Message Any other data that you decide to supply/provide us		To process and answer questions   To provide support (e.g., to solve problems, bugs or issues)   To customize your experience	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract   Legitimate interest (e.g. respond to a query sent by you)	Cannot assist you and respond your query   Cannot provide support   Cannot customize your experience
Full name Email address		To send marketing communications	Consent	Cannot send marketing communications
When you make use of our Platform
When you sign up for an account, login and purchase our services
Full name Email address Company address Company name Job position Phone number User name Password Payment methods Any other data you decide to provide/supply		To create an account   To fulfill your requests for products and/or services and for related activities (e.g., product and service, account management)   To perform/execute the agreement   To grant you access to the services (our Platform)	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.   Legitimate interest (e.g. sign up to the service).	Cannot create an account   Cannot fulfill your request for products and/or services   Cannot perform the agreement   Cannot grant you access to the services
Full name Email address		To send marketing communications	Consent	Cannot send you marketing communications
When you create administrators for your use of the Platform
Full name Email address Phone number User name Password Any other data you decide to provide/supply		To create administrator users for your use of the Platform   To perform/execute the agreement   To grant you and your admin users access to the services (our Platform)	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.   Legitimate interest (e.g. to create administrator users).	Cannot create administrator users for your use of the Platform   Cannot perform the agreement   Cannot grant you access to the services
Full name Email address		To send marketing communications	Consent	Cannot send you marketing communications
When your administrator user create users for your use of the Platform
Full name Email address Phone number User name Password Any other data you decide to provide/supply		To create users for the use of the Platform   To perform/execute the agreement   To grant you, your admin users, and users access to the services (our Platform)	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.   Legitimate interest (e.g. to create users).	Cannot download the app   Cannot perform the agreement   Cannot grant you access to the services
Full name Email address		To send marketing communications	Consent	Cannot send you marketing communications
When you attend a marketing event and/or we exchange business cards and you provide us with your Personal Data
Full name Company name Job position Email address Phone number Any other data that you decide to supply/provide us		To establish a business connection To send marketing communications	Depending on the context, consent or legitimate interest (e.g. send you more information about Lumigo) and/or discussions prior to entering into a contract (e.g. showing you certain products and features that you have shown an interest in)	Cannot establish a business connection   Cannot send you marketing communications
When we use the Personal Data of our service providers and suppliers
Full name Company name Job title Email address Phone number Any other data that you decide to supply/provide us		To contact our service providers To perform the applicable agreement	Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract   Legitimate interest (e.g. perform the contract, send contract-related communications)	Cannot communicate with you   Cannot perform the agreement
When we use the Personal Data of our customers
Full name Company name Email address Phone number Any other data that you decide to supply/provide us		To provide our products and services   To perform the applicable agreement   To communicate with our customers/clients	Processing is necessary for the performance of a contract to which our customer is a party.   Compliance with a legal obligation (e.g. tax laws, bookkeeping laws, etc.).   Legitimate interest (e.g. send you contract-related communications)	Cannot provide the services and/or our products   Cannot perform the agreement   Cannot communicate with you
Full name Email address		To send marketing communications	Consent	Cannot send you marketing communications
When you interact with us on our social media profiles (e.g., Facebook, LinkedIn, Twitter, Instagram)
Full name Company name Email address Phone number Any other data that you decide to supply/provide us		To reply and/or respond to your request or question To establish a first business connection/discussion To send marketing communications	Depending on the context, legitimate interest (e.g. replying your requests/questions), pre-contractual discussions (e.g. if you show interest in our products/services) or consent	Cannot reply or respond to your request   Cannot establish a business connection   Cannot send you marketing communications

Finally, please note that some of the abovementioned Personal Data will be used for detecting, taking steps to prevent, and prosecution of fraud or other illegal activity, to identify and repair errors, to conduct audits, and for security purposes. Personal Data may also be used to comply with applicable laws, with investigations performed by the relevant authorities, law enforcement purposes, and/or to exercise or defend legal claims. In certain cases, we may or will anonymize or de-identify your Personal Data and further use it for internal and external purposes, including, without limitation, to improve the services and for research purposes. “Anonymous Information” means information which does not enable identification of an individual user, such as aggregated information about the use of our services. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them).

2. HOW WE PROTECT AND STORE YOUR PERSONAL DATA

1. Security. We have implemented appropriate technical, organizational and security measures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to such information appropriate to the nature of the information concerned. However, please note that we cannot guarantee that the information will not be exposed as a result of unauthorized penetration to our servers. As the security of information depends in part on the security of the computer, device or network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information.
2. Retention of your Personal Data. Your Personal Data will be stored until we delete the record and we proactively delete it or you send a valid deletion request, please note that in some circumstances we may store your Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. Regarding retention of cookies, you can read more in our cookie policy https://lumigo.io/cookie-policy/.

3. HOW WE SHARE YOUR PERSONAL DATA

In addition to the recipients described in Section 1, we may share your information as follows:

• With our business partners with whom we jointly offer products, services, partnerships and/or webinars. We may also share Personal Data with our affiliated companies.
• To the extent necessary, with regulators, courts or competent authorities, to comply with all applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order;
• If, in the future, we sell or transfer some or all of our business or assets to a third party, we will (to the minimum extent required) disclose information to a potential or actual third party purchaser of our business or assets. In the event that we are acquired by or merged with a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer or assign Personal Data in connection with the foregoing events.
• We use third party platforms in the context of the use cases mentioned in Section 1. For more information on Lumigo sub-processors please email privacy@lumigo.io.
• Where you have provided your consent to us sharing the Personal Data (e.g., where you provide us with marketing consents or opt-in to optional additional services or functionality); and
• Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Data is disclosed.

If you want to receive the list of the current recipients of your Personal Data, please make your request by contacting us to privacy@lumigo.io.

4. ADDITIONAL INFORMATION REGARDING TRANSFERS OF

• Storage: We store our information in AWS located in Oregon, US.
• Following the Court of Justice of the European Union’s invalidation of the EU-US Privacy Shield Framework in Case C-311/18, Lumigo will no longer rely on the EU-US Privacy Shield as a mechanism of international data transfer until further notice. Lumigo will however remain committed to maintaining its self-certification under the EU-US Privacy Shield Principles and respect its principles, as an additional measure of protection of its users’ privacy, until further notice.
• When Lumigo engages in such transfers of personal information, it relies on i) Adequacy Decisions as adopted by European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR) (for example, when we access from Israel), or ii) Standard Contractual Clauses issued by the European Commission. Lumigo also continually monitors the circumstances surrounding such transfers in order to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the GDPR.
• External Transfers: Where we transfer your Personal Data outside of EU/EEA, for example to third parties who help provide our products and services, we will obtain contractual commitments from them to protect your Personal Data. Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Data is disclosed.
• Internal Transfers: We ensure transfers within the Lumigo group will be covered by an agreement entered into by members of the Lumigo group (an intra-group agreement) which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to

5. YOUR RIGHTS

The following rights (which may be subject to certain exemptions or derogations), shall apply to certain individuals (some of which only apply to individuals protected by the GDPR):

• You have a right to access information held about you. Your right of access may ly be exercised free of charge, however we reserve the right to charge an appropriate administrative fee where permitted by applicable law;
• You have the right to request that we rectify any Personal Data we hold that it is inaccurate or misleading;
• You have the right to request the erasure of the Personal Data that relates to you. Please note that there may be circumstances in which we are required to retain your data, for example for the establishment, exercise or defense of legal claims;
• The right to object, to or to request restriction, of the processing. However, there may be circumstances in which we are legally entitled to refuse your request;
• The right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller;
• You have the right to object to profiling;
• You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority;
• The right to withdraw your consent. Please note that there may be circumstances in which we are entitled to continue processing your data, in particular if the processing is required to meet our legal and regulatory obligations.
• You also have a right to request details of the basis on which your Personal Data is transferred outside the European Economic Area, but you acknowledge that data transfer agreements may need to be partially redacted for reasons of commercial confidentiality.

You can exercise your rights by contacting us at privacy@lumigo.io. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfil your request. When processing your request, we may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested to you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.

In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initial requested, we will address your request to the maximum extent possible, all in accordance with applicable law

6. USE BY CHILDREN

We do not offer our products or services for use by children. If you are under 18, you may not use the Website, or provide any information to the Website without involvement of a parent or a guardian. We do not knowingly collect information from, and/or about children.

7. HOW CAN I DELETE MY ACCOUNT?

Should you ever decide to delete your Account, you may do so by emailing privacy@lumigo.io. If you terminate your Account, any association between your Account and information we store will no longer be accessible through your Account. However, given the nature of sharing on the Services, any public activity on your Account prior to deletion will remain stored on our servers and will remain accessible to the public

8. LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS

The Website may enable you to interact with or contain links to your Third Party Account and other third party websites, mobile software applications and services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third Party Services. Please be aware that Third Party Services may collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policy of each Third Party Service that you choose to use or interact with

9. LOG FILES

We may make use of log files. We may use such information to analyze trends, administer the Website, track users’ movement around the Website, and gather demographic information.

10. ANALYTIC TOOLS

• Google Analytics. The Website may use a tool called “Google Analytics” to collect information about use of the Website. Google Analytics collects information such as how often users visit this Website, what pages they visit when they do so, and what other websites they used prior to coming to this Website. We use the information we get from Google Analytics to maintain and improve the Website and our products. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to this Website is restricted by the Google Analytics Terms of Service, available at http://www.google.com/analytics/terms/us.html/, and the Google Privacy Policy, available at http://www.google.com/policies/privacy/. You may learn more about how Google collects and processes data specifically in connection with Google Analytics at http://www.google.com/policies/privacy/partners/. You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout/.
• Facebook Pixels and SDKs. We use Facebook pixels or SDKs, which are tools that provide help to website owners and publishers, developers, advertisers, business partners (and their customers) and others integrate, use and exchange information with Facebook, as such the collection and use of information for ad targeting. Please note that third parties, including Facebook, use cookies, web beacons, and other storage technologies to collect or receive information from your websites and elsewhere on the internet and use that information to provide measurement services and target ads. Facebook’s ability to use and share information is governed by the Facebook Tools Terms, available at: https://www.facebook.com/legal/technology_terms/. You can prevent your data from being used by Facebook Pixels and SDKs by exercising your choice through these mechanisms: http://www.aboutads.info/ choices or http://www.youronlinechoices.eu/.

11. CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of Personal Data to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@lumigo.io. Please note that we are only required to respond to one request per customer each year.

12. OUR CALIFORNIA DO NOT TRACK NOTICE

We do not track consumers over time and across third party websites and therefore do not respond to Do Not Track signals. We do not allow third parties to collect personally identifiable information about an individual consumer’s online activities over time and across different web sites when a consumer uses the Services.

13. CONTACT US

If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at privacy@lumigo.io.

***