Other Covered Entities
Industries
- Information and Communications Technology
- Health Information Technology
Participation
EU-U.S. Data Privacy Framework Framework: Active
Swiss-U.S. Data Privacy Framework Framework: Active
Purpose of Data Collection
HOW WE USE PERSONAL DATA Lumeon respects an individual’s privacy and is committed to protect their personal data. We will only use personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances: • Where we need to perform the contract we are about to enter into or have entered into with an individual. • Where it is necessary for our legitimate interests (or those of a third party) and an individual’s interests and fundamental rights do not override those interests. • Where we need to comply with a legal obligation. PURPOSES FOR WHICH WE WILL USE PERSONAL DATA Lumeon has reviewed the areas of processing it undertakes and identified the main areas of activity as: • Holding and, to extent necessary for supporting customer contracts (e.g. technical support of live system), interacting with patient data as data processor (customer is data owner); • Facilitating flow of personal data relating to customers’ patients to third parties/partners where necessary/permitted under arrangements in place between customer (data owner) and 3rd party (e.g. information for patient payments); • Employee-related data needed and processed for purposes of employment of individual • Data concerning contacts at (prospective) customers, suppliers and partners processed in relation to those relationships and/or fulfilling contract rights and responsibilities. THE DATA WE COLLECT We may collect, use, store and transfer different kinds of personal data, which we have grouped together as follows: • Identity Data includes first name, last name, username or similar identifier (if a customer is seeking customer portal access). • Contact Data includes personal or business address, email address and telephone numbers. • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, devices type you use to access this website. • Profile Data includes your username and password. • Personal data, including name, date of birth, address and emergency contact/next of kin details • Additional contact details, including phone numbers and email addresses • Payroll data including tax, National Insurance and bank details • Proof of right to work at the place of employment for the entire period of employment, including copies of passports, visas and birth certificate, where needed • Compliance documents, including criminal record checks where needed and referencing information
Privacy Policy
HR Data
Employee Data Protection Policy and Procedures
The PII covered by this policy may come from various types of individuals performing tasks on behalf of the company and may include employees, applicants and independent contractors.
Non-HR Data
The policy is also published on the website.
Global Privacy Policy covering all business
The GDPR compliant Privacy policy is available on the website.
Verification Method
Self-Assessment
Dispute Resolution
Questions or Complaints?
If you have a question or complaint regarding the covered data, please contact Lumeon inc at:
Head of Legal
Boston, Massachusetts 02111
Privacy Shield organizations must respond within 45 days of receiving a complaint.
If you have not received a timely or satisfactory response from Lumeon inc to your question or complaint, please contact the independent recourse mechanism listed below
HR RECOURSE MECHANISM
NON-HR RECOURSE MECHANISM
Appropriate statutory body with jurisdiction to investigate any claims against Lumeon inc regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission