Other Covered Entities

Lumeon Inc.
Lumeon Ltd.


  • Information and Communications Technology
  • Health Information Technology


EU-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 2/8/2018
Next Certification Due Date: 1/2/2025
Data Collected: HR, NON-HR

Swiss-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 1/28/2019
Next Certification Due Date: 1/2/2025
Data Collected: HR, NON-HR

Purpose of Data Collection

HOW WE USE PERSONAL DATA Lumeon respects an individual’s privacy and is committed to protect their personal data. We will only use personal data when the law allows us to. Most commonly, we will use personal data in the following circumstances: • Where we need to perform the contract we are about to enter into or have entered into with an individual. • Where it is necessary for our legitimate interests (or those of a third party) and an individual’s interests and fundamental rights do not override those interests. • Where we need to comply with a legal obligation. PURPOSES FOR WHICH WE WILL USE PERSONAL DATA Lumeon has reviewed the areas of processing it undertakes and identified the main areas of activity as: • Holding and, to extent necessary for supporting customer contracts (e.g. technical support of live system), interacting with patient data as data processor (customer is data owner); • Facilitating flow of personal data relating to customers’ patients to third parties/partners where necessary/permitted under arrangements in place between customer (data owner) and 3rd party (e.g. information for patient payments); • Employee-related data needed and processed for purposes of employment of individual • Data concerning contacts at (prospective) customers, suppliers and partners processed in relation to those relationships and/or fulfilling contract rights and responsibilities. THE DATA WE COLLECT We may collect, use, store and transfer different kinds of personal data, which we have grouped together as follows: • Identity Data includes first name, last name, username or similar identifier (if a customer is seeking customer portal access). • Contact Data includes personal or business address, email address and telephone numbers. • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, devices type you use to access this website. • Profile Data includes your username and password. • Personal data, including name, date of birth, address and emergency contact/next of kin details • Additional contact details, including phone numbers and email addresses • Payroll data including tax, National Insurance and bank details • Proof of right to work at the place of employment for the entire period of employment, including copies of passports, visas and birth certificate, where needed • Compliance documents, including criminal record checks where needed and referencing information

Privacy Policy

HR Data

Employee Data Protection Policy and Procedures v1.5

Employee Data Protection Policy and Procedures

Effective Date: 4/1/2021
Lumeon PII Policy

The PII covered by this policy may come from various types of individuals performing tasks on behalf of the company and may include employees, applicants and independent contractors.

Effective Date: 11/3/2021

Non-HR Data


The policy is also published on the website.

Effective Date: 12/12/2022

Global Privacy Policy covering all business

Effective Date: 11/3/2021
Document: Privacy Policy

The GDPR compliant Privacy policy is available on the website.

Effective Date: 12/12/2022

Verification Method


Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Lumeon inc at:

Rachel Webber
Head of Legal
Lumeon inc
10 Leake Street London
1 Lincoln St
Boston, Massachusetts 02111

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Lumeon inc to your question or complaint, please contact the independent recourse mechanism listed below

Appropriate statutory body with jurisdiction to investigate any claims against Lumeon inc regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission