GDPR at Lumeer

Privacy and security are the foundation of Lumeer’s approach to users’ data, product development and business. We continuously evaluate all our practices in an effort to safeguard your information as effectively as possible. In that vein, with the arrival of privacy rights regulations – The General Data Protection Regulation (“GDPR”) – we have prepared our Terms of Service and Privacy Policy to properly address the new requirements.

Our mission is to provide you with a reliable tool that allows you to effectively perform all the tasks of a personal data controller.

This document provides answers to the following questions:

  • I use Lumeer, is this service compatible with GDPR?
  • I need to know if s.r.o. has security processes involving GDPR.

What is GDPR

On May 25, 2018, the General Data Protection Regulation (GDPR) officially took effect. For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. For companies that process the personal data of these European individuals, GDPR requires compliance with a new set of regulations.

GDPR outlines specific requirements that these companies must satisfy, as well as specific rights that European individuals can exercise with these companies. Further information on GDPR is available on the European Union’s official website:

Data Processing Agreement

We believe that the Data Processing Agreement (DPA) is already covered by our Privacy Policy. See the following table for details. To request a user tailored DPA, please email us at

Introduction s.r.o., as a manufacturer of Lumeer software, helps data controllers fulfill their obligations arising from the GDPR regulation. s.r.o. declares that processes, contracts, suppliers, data access and more are fully compatible with GDPR requirements.

Data controller – an entity that determines the purpose, conditions and means of personal data processing. For the purposes of this document, this is your organization.

Data processor – an entity that processes data on behalf of the data controller. The company sro is a data processor. Data is processed in our cloud services.

Data of users (data controllers) in the EU are stored on servers in the EU. Data of users in the UK are stored on servers in the UK. Data of other users are stored in the USA.

Lumeer is an application that may or may not be used by the data controller to process data.

How Lumeer meets GDPR

Coverage of GDPR in our terms and policies
Lumeer’s Terms of Service and Privacy Policy properly address the GDPR requirements.
Contracts with data processing entities
We have checked contracts with all data processing entities we work with and they are now obliged to our data processing controller to keep all personal data secret. We have provided a complete list of data processing entities that we work with.
Duration and type of personal information we keep
In our Privacy Policy we define how long we keep various types of personal information and for what purpose.
Restrict of personal information access
In addition, you can object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information. You can exercise these rights by emailing
You have complete control of your data
If you wish to access, correct, update, or request deletion of your personal information, you can do so at any time by emailing
Your data are by default hosted in EU. Upon request, we can host them in UK, USA, Canada, India, or Singapore.
Obligation to sign NDAs
We have signed Non-disclosure Agreements with all our team members and they are now obliged to maintain confidentiality.
Technical measures
All customer data in Lumeer are encrypted by several layers of well-proven encryption algorithms like AES.
Security breach
Although we do everything we are reasonably able to do to prevent any security breaches, there still may be such situations. Should there be any security breach we will inform you as soon as possible and will follow the steps necessary to minimize damage and return to normal operation.
User account security
All user account data are stored encrypted and we do not keep your passwords in plain text. This means that nobody including us can read your password from our database. At the moment we have only one phase authentication. Therefore we recommend you to create strong passwords for your account.

In case of any questions or problems, please contact us at

How to Become Compatible with GDPR Step By Step

  • Specify what personal information you collect in Lumeer.
  • Perform an internal audit and regulation of which tables and columns personal data are and may be stored.
  • Decide which Lumeer users need which access to personal information and restrict access according to previous regulations.
  • If you need access to all data for all users, but some will have a limited set of data, just set your own column visibility in the views.
  • Determine what additional data needs to be protected and adjust the visibility of the data accordingly.
  • Improve Lumeer password settings and compliance.
  • Set how long you need to keep your personal information. Create views with filters on data you already have to delete and check it regularly. You can also automate this step with automation.
  • We recommend defining a project template that would formalize all the steps needed to remove personal data from all systems. If this step occurs, you can simply document that all steps have been performed according to your internal process.