Last date updated: 05 September 2018
Our Platform is operated and provided by Lumminary LTD, a company incorporated in the UK, under company number 10821696 with registered office at Pacific House, 382 Kenton Road, Harrow (City), Middlesex (County), HA3 8DP, UK, (“we”, “us” and “our”)
1.1 This policy (together with our Terms of Service and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
1.2 For the purposes of European data protection laws Lumminary is a data controller. If you have any concerns about privacy, please contact our customer support team.
2 HOW WE COLLECT INFORMATION
2.1 We may collect and process the following data about you:
- (a) if you contact us, we may keep a record of that correspondence, including your email;
- (b) information that you submit when you register on your Platform or when you buy a service either provided on the Platform by us or by a third party, including but not limited to First Name, Last Name, Address, City, State, Country, Zip Code, Phone Number, Email Address, Gender, Age;
- (c) details of transactions you carry out through our Platform, if these are accessible to us;
- (d) genetic information that you upload to our Platform or that the third parties DNA sequencing providers provide following the analysis of your DNA sample.
- (e) details of your visits to our Platform including, but not limited to, traffic data, location data, weblogs and other communication data, your device’s identification information whether this is required for our own billing purposes or otherwise and the resources that you access.
2.2 Before using the Platform you represent that you are eighteen (18) years of age or older and guarantee that any saliva sample you send or genetic data you upload to the Platform is either your DNA or the DNA of a person for whom you are a parent or legal guardian or a person for whom you have obtained legal authorization and consent to provide their DNA to us.
3 USES MADE OF THE INFORMATION
3.1 Your information is not made available to other Users of the Platform.
3.2 We use information held about you in the following ways:
- 3.2.1 to ensure that our Platform is presented in the most effective manner for you and for your device;
- 3.2.2 to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- 3.2.3 to carry out our obligations arising from any contracts entered into between you and us;
- 3.2.4 to deliver and maintain a high-quality service;
- 3.2.5 to allow you to access the Platform and the services provided by third parties on the Lumminary App Store, when you choose to do so, and to enable third party providers to deliver the services you acquire;
- 3.2.6 to notify you about new projects developed by our company, our partners and/or any of our affiliates, about changes to our service, new features or new versions of the Platform;
- 3.2.7 for the purposes of compiling statistics; and
- 3.2.9 to process payments, if the case.
3.4 We may also use your email address to send you updates or news regarding our company and our products and those of our partners, but you may choose not to receive emails of this type by clicking the "Unsubscribe" button in the email.
4 DISCLOSURE OF YOUR INFORMATION
4.1 We do not disclose to any third party personal information that you provide to us unless we have your permission, or we believe the law permits or requires it.
4.2 If you provide personal information to us, you understand and agree that we may disclose your personal information to the following third parties:
- 4.2.1 member of our group of companies or affiliates, which means our subsidiaries, our ultimate holding company and its subsidiaries;
- 4.2.2 you order one of the products from our website, you grant us the permission to share with the third party the necessary part of your genetic information for that product to be executed by the third party along with your anonymized personal information.
- 4.2.3 the prospective seller, buyer or assignee of any business or assets related to the Platform or all or part of our company or any other member of our group of companies; and
- 4.2.4 a third party if we are under a duty to disclose or share your personal data with that third party in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions of use and other agreements, or to protect the rights, property, or safety of our group of companies, our customers, other registered users or others. This includes exchanging information with third parties for the purposes of fraud protection and credit risk reduction.
4.3 We will notify you when information about you may be provided to third parties in ways other than explained above, and you will have the option to prevent such information sharing at the time that we notify you.
4.4 We do not disclose personal information about you to other third parties (including advertisers or marketing companies) except those set out in this policy, but we may provide them with aggregate anonymized information about our users. We may also use such aggregate anonymized information to help partners reach the right audience when displaying offers on our Platform. You agree to these practices.
4.5 It may be necessary to transfer your personal information to other group companies or service providers located in countries outside of the European Economic Area (EEA). This may happen when we send your information or DNA sample to third parties sequencing companies, or where our servers or suppliers and service providers are based outside of the EEA or where you use our services and products while visiting countries outside of the EEA. The data protection and other laws of these countries may not be as comprehensive as those in England and Wales or the EU but in these instances, we will take steps to ensure that your privacy rights are respected. You agree that we may transfer your personal data on that basis.
5 SECURITY AND CONTROL OF YOUR PERSONAL DATA
5.2 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. You are responsible for the security of your password and our Terms of Service deal with this in more detail.
5.3 Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access. You acknowledge that we are not responsible for any intercepted information sent via the Internet, and you hereby release us from any and all claims arising out of or related to the use of intercepted information in any unauthorized manner.
6 LINKS TO THIRD PARTY WEBSITES/APPLICATIONS
7 IP ADDRESSES AND OTHER DEVICE INFORMATION
7.1 We may collect information about your device including (where available) your IP address, alphanumeric IDs, type of device, operating system and browser type, information regarding the volume and status of data transmission, click-through statistics, the name of the domain and host from which you access the Internet, the date and time you access portions of our Platform, for system administration and statistical purposes. This is statistical data about our users’ browsing actions and patterns, and we do not use them to identify any individual, except if required by the law.
8 ACCESS TO INFORMATION AND UPDATING, VERIFYING AND DELETING PERSONAL DATA
8.1 Retention of personal data
We will retain your information for the duration of the agreement with you and for up to 60 months following expiry or termination of this agreement.
8.2 Right of access
You have the right to obtain from us a confirmation as to whether or not personal information concerning you are being processed, and, where that is the case, access to the personal data and the following information:
- 8.2.1 the purposes of the processing;
- 8.2.2 the categories of personal data concerned;
- 8.2.3 the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
- 8.2.4 where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- 8.2.5 the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal information or to object to such processing;
- 8.2.6 the right to lodge a complaint with a supervisory authority;
- 8.2.7 where the personal data are not collected from you, any available information as to their source;
- 8.2.8 the existence of automated decision-making, including profiling, referred to in Art. 22 para. 1 and 4 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
You have the right to request information as to whether the personal data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transmission.
8.3 Right of rectification
You have the right to obtain from us within undue delay the rectification of inaccurate or incomplete personal information. Taking into account the purposes of the processing, you shall have the right to have incomplete personal information completed, including by means of providing a supplementary statement.
8.4 Right to erasure (‘right to be forgotten’)
You shall have the right to obtain from us the erasure of personal information concerning without undue delay and we shall have the obligation to erase personal information without undue delay where one of the following grounds applies:
- (1) the personal information is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- (2) you withdraw consent on which the processing is based according to Art. 6 para.1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, and where there is no other legal ground for the processing;
- (3) you object to the processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para 2 GDPR;
- (4) the personal information has been unlawfully processed;
- (5) the personal information has to be erased for compliance with a legal obligation in the European Union
- (6) the personal information has been collected in relation to the offer of information society services referred to in Article 8 para.1.
The right to erasure shall not apply to the extent that processing is necessary:
- (1) for exercising the right of freedom of expression and information;
- (2) for compliance with a legal obligation which requires processing by the European Union or for the performance of a task carried out in the public interest
- (3) for the establishment, exercise or defense of legal claims.
8.5 Right to restriction of processing
You shall have the right to obtain from us the restriction of processing where one of the following applies:
- 8.5.1 the accuracy of the personal data is contested by yourself, for a period enabling us to verify the accuracy of the personal data;
- 8.5.2 the processing is unlawful, and the data subject opposes the erasure of the personal information and requests the restriction of their use instead;
- 8.5.3 we no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
- 8.5.4 You have objected to processing pursuant to Art. 21 para. 1 GDPR pending the verification whether the legitimate grounds of us override those of the data subject.
Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If you have obtained restriction of processing pursuant to the above, you shall be informed by us before the restriction of processing is lifted.
8.6 Right to data portability
You have the right to receive the personal information, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal information has been provided, where:
- 8.6.1 the processing is based on consent pursuant to Art. 6 para 1 lit. a or Art. 6 para 1 lit. b or Art. 2 para 2 lit. a
- 8.6.2 the processing is carried out by automated means.
The right shall not adversely affect the rights and freedoms of others.
In exercising your right to data portability, you shall have the right to have the personal information transmitted directly from one controller to another, where technically feasible.
The exercise of this right shall be without prejudice to the right of erasure. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
8.7 Notification regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing carried to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request it.
8.8 Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning him or her which is based on Art. 6 para. 1 lit e) or lit. f). We shall no longer process the personal information unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Where personal information is processed for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal information shall no longer be processed for such purposes.
At the latest at the time of the first communication with you, the right referred to above shall be explicitly brought to your attention shall be presented clearly and separately from any other information.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise his or her right to object by automated means using technical specifications.
8.9 Right of complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the European Member State where you reside, work or suspect of infringement, if you believe that the processing of personal information concerning you is not in compliance with GDPR. The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.
8.10 At any time, you can make a written request to have access to all the personal information that we hold about you.
8.11 If you choose to delete your account and all your personal data from our system, you may do this from My Details section of My Account. Please save all your data before deleting your account, because this action is irreversible.
10 USER FEEDBACK AND COMPLAINTS