GDPR at Lumeer
Our mission is to provide you with a reliable tool that allows you to effectively perform all the tasks of a personal data controller.
This document provides answers to the following questions:
- I use Lumeer, is this service compatible with GDPR?
- I need to know if Lumeer.io s.r.o. has security processes involving GDPR.
What is GDPR
On May 25, 2018, the General Data Protection Regulation (GDPR) officially took effect. For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. For companies that process the personal data of these European individuals, GDPR requires compliance with a new set of regulations.
GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that European individuals can exercise with these companies. Further information on GDPR is available on the European Union’s official website: ec.europa.eu/info/law/law-topic/data-protection_en.
Data Processing Agreement
Lumeer.io s.r.o., as a manufacturer of Lumeer software, helps data controllers fulfill their obligations arising from the GDPR regulation.
Lumeer.io s.r.o. declares that processes, contracts, suppliers, data access and more are fully compatible with GDPR requirements.
Data controller – an entity that determines the purpose, conditions and means of personal data processing. For the purposes of this document, this is your organization.
Data processor – an entity that processes data on behalf of the data controller. The company Lumeer.io sro is a data processor. Data is processed in our cloud services.
Data of users (data controllers) in the EU are stored on servers in the EU. Data of users in the UK are stored on servers in the UK. Data of other users are stored in the USA.
Lumeer is an application that may or may not be used by the data controller to process data.
How Lumeer meets GDPR
- Coverage of GDPR in our terms and policies
- Contracts with data processing entities
- We have checked contracts with all data processing entities we work with and they are now obliged to our data processing controller to keep all personal data secret. We have provided a complete list of data processing entities that we work with.
- Duration and type of personal information we keep
- Restrict of personal information access
- In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. You can exercise these rights by emailing firstname.lastname@example.org.
- You have complete control of your data
- If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by emailing email@example.com.
Your data are by default hosted in EU. Upon request, we can host them in UK, USA, Canada, India, or Singapore.
- Obligation to sign NDAs
- We have signed Non-disclosure Agreements with all our team members and they are now obliged to maintain confidentiality.
- Technical measures
- All customer data in Lumeer are encrypted by several layers of well-proven encryption algorithms like AES.
- Security breach
- Although we do everything we are reasonably able to do to prevent any security breaches, there still may be such situations. Should there be any security breach we will inform you as soon as possible and will follow the steps necessary to minimize damage and return to normal operation.
- User account security
- All user account data are stored encrypted and we do not keep your passwords in plain text. This means that nobody including us can read your password from our database. At the moment we have only one phase authentication. Therefore we recommend you to create strong passwords for your account.
In case of any questions or problems, please contact us at www.lumeer.io/contact/.
How to Become Compatible with GDPR Step By Step
- Specify what personal information you collect in Lumeer.
- Perform an internal audit and regulation of which tables and columns personal data are and may be stored.
- Decide which Lumeer users need which access to personal information and restrict access according to previous regulations.
- If you need access to all data for all users, but some will have a limited set of data, just set your own column visibility in the views.
- Determine what additional data needs to be protected and adjust the visibility of the data accordingly.
- Improve Lumeer password settings and compliance.
- Set how long you need to keep your personal information. Create views with filters on data you already have to delete and check it regularly. You can also automate this step with automation.
- We recommend defining a project template that would formalize all the steps needed to remove personal data from all systems. If this step occurs, you can simply document that all steps have been performed according to your internal process.