External Privacy Policy

Objective

LUMIS is committed to safeguarding the privacy of our employees and job applicants. This Internal Privacy Policy clarifies your rights and our obligations regarding the processing of personal data of our employees and job applicants during their relationship with us.

Definitions

Data Processing – Processing means any operation carried out with data by LUMIS or on its behalf. This includes, for example, collection, production, use, access, transmission, processing, storage, and deletion.

LGPD – Federal Law No. 13.709/18, also known as the General Data Protection Law, regulates rights and obligations related to the Processing of Personal Data in Brazil.

Controller – A natural or legal person who is responsible for decisions regarding the Processing of Personal Data.

Co-controller – A third party who receives shared data from the Controller to carry out Processing for its own purposes. If LUMIS engages in this type of sharing, you will be informed in advance, and LUMIS will maintain an updated list in item 7.1.3 of this policy, describing the public and private entities with which Personal Data has been shared under this title.

National Data Protection Authority – ANPD – The public authority responsible for supervising the Processing of Personal Data in Brazil.

Data Protection Officer (DPO) – A natural or legal person appointed by the Controller, responsible for handling requests from Data Subjects and the ANPD. The DPO is also responsible for guiding our Employees regarding good practices in protecting Personal Data.

Purpose – The objective LUMIS seeks to achieve from the Processing of Personal Data.

Necessity – The indispensability of Personal Data for achieving the Purpose. To the extent possible, Personal Data subject to Processing will be limited to the minimum necessary to achieve the Purposes, meaning that the set of data processed must be relevant, proportional, and not excessive.

Consent – Free, informed, and unequivocal authorization by which the Data Subject agrees to the Processing of their Personal Data for a previously established Purpose. After granting consent, the Data Subject may revoke it at any time for future Processing, but the Processing already carried out until that moment will remain valid.

Services – Services made available to You through our Websites, notably, technical forum, product trials, e-book downloads, and online events.

Websites – The following publicly available websites:

✔ https://lumis.com.br
✔ https://lumisxp.lumis.com.br
✔ https://intranetnow.lumis.com.br
✔ https://lumiscx.com
✔ https://materiais.lumis.com.br

Employees – Employees, staff, partners, or any person hired for direct internal work at LUMIS.

Partners – Third parties contracted to perform data processing operations on behalf of and for the benefit of LUMIS. They are also called Operators.

Responsibilities

LUMIS must comply with Federal Law No. 13.709/18 (General Data Protection Law – LGPD) and other applicable laws, such as Federal Law No. 12.965/14 (Brazilian Internet Civil Rights Framework – MCI), as well as administrative regulations issued by competent authorities such as the ANPD. LUMIS’s obligations under these regulations are described in this Policy.

All our Employees and, where applicable, our Partners must comply with this Data Protection Policy and any other policy established by LUMIS. Non-compliance with this Policy may result in disciplinary measures.

What is Personal Data and who is the Data Subject?

Personal Data is any information related to an identified or identifiable natural person. The identified or identifiable person to whom such data refers is the Data Subject (“Data Subject” or “User”), which may include users of our Services, representatives of our Partners, and users of the websites of clients using our Services.

A person is identified if:

✔ LUMIS has their direct and unambiguous identifiers – such as full name, complete address; and/or
✔ It is reasonably likely that LUMIS can identify them by other means. For example, the number of a professional ID card that can be linked to the name of its holder, or a client reference number that can be linked to their name or address.

We do not collect Sensitive Personal Data, which refers to racial or ethnic origin, religious belief, political opinion, trade union membership, or membership of an organization of a religious, philosophical, or political nature, data relating to health or sex life, genetic or biometric data.

Specific Information on the Processing of Your Personal Data
Lawfulness and Transparency

How does LUMIS collect your personal data?
LUMIS collects Personal Data through different Services:

✔ Lumis Websites – Consumer-oriented websites operated by or for LUMIS, including websites we operate under our own domains/URLs and mini-sites we maintain on third-party social networks such as Facebook, Instagram, Twitter, and LinkedIn. We collect Data through interactions and form filling on the Websites, sending questions, and requesting downloads of materials and trial versions of software (“Trial”).
✔ Interactions with Ads – Advertisements with which the user may interact, on LUMIS’s or third-party websites. For example, if you interact with one of our ads on a third-party site managed by LUMIS, we may receive such information. It is the responsibility of such third parties to inform you whenever ads on their websites are managed by LUMIS.
✔ Data Generated by Us – During our interactions with you, we may generate Personal Data about you, for example, but not limited to creating behavioral profiles, disseminating content, and/or emails.
✔ Events – LUMIS organizes and holds public events and participates in third-party events as a sponsor and exhibitor. At these events, we may collect Personal Data from individuals interested in keeping in touch with us.

What are the Legal Bases for Processing Your Data?

We will process Personal Data only in cases where applicable laws allow it, including Processing:

✔ With the prior consent of the Data Subject;
✔ To comply with legal or regulatory obligations, as well as orders from competent authorities;
✔ Necessary for the performance of a contract or preliminary procedures related to a potential contract between you and LUMIS;
✔ Necessary for the regular exercise of rights in judicial, administrative, or arbitration proceedings; or
✔ Necessary for LUMIS’s legitimate interests.

When the legal basis for Processing is not consent, we always comply with applicable laws and any contracts entered into between you and LUMIS, while respecting your individual rights and freedoms.

What Types of Data Does Lumis Collect?

LUMIS will collect different data depending on the Service you use:

✔ Website Visitors – If you are a visitor to our Websites, we collect your browsing data. When you visit a Website, “Cookies” are placed in your browser to identify how many times you return to our address, as well as to save your interactions with the content and services available on our Websites and record your preferences.
Cookies are identifiers that we transfer to your browser or device that allow us to recognize you on your next visits, and inform us how and when the pages and resources in our Services are visited and how many people access them.
We also use Cookies and browsing data, such as URLs, to collect information about the date and time of your visit and the solutions and information that you searched for or viewed.
We automatically collect this Personal Data and store it whenever you visit our website or access your account on our network. We may use session Cookies and persistent Cookies to provide a more personalized and interactive experience on our Websites.
Session Cookies expire whenever you close your browser. Persistent Cookies remain on your computer until you delete them. To remove them, simply follow the instructions in your Internet browser’s help file. You may also limit, refuse, or disable Cookies through your browser settings. However, by doing so, some areas of our websites may not function properly, which will prevent the use of some of our features.
This Policy does not cover the use of Cookies by third parties, and we are not responsible for their privacy policies and practices. Keep in mind that Cookies placed by third parties may eventually continue to monitor your online activities even after you have left our Services.

✔ Lumis Leads – If you interact with our materials and content, we collect, in addition to the browsing data mentioned above, other information you choose to share with us through the completion of forms, Landing Pages, and emails, for example.
To provide content and materials of your interest, it is often necessary to cross-check your Personal Data, so that our marketing actions are directed only to what you expect to receive from us. Such cross-checking is not done in a discriminatory way and does not violate your rights or individual freedoms. In addition, you may, at any time, request to change or remove such permissions for Processing, by making a request to our Data Protection Officer.

✔ Users of Lumis Websites and Services – If you use any of the Services available on our Websites, or register for access to the Services and/or our products in the free trial mode, we collect the following categories of Personal Data: contact data (name, email, and phone), professional profile data (position, company, company’s industry, number of employees in the company), and location data (country, state, and city).

✔ Applicants for Internships or Employment at Lumis – If you are interested in working with us, we request the submission of contact data (name, email, and phone), location data (country, state, and city), professional profile data (position, name and industry of the company where you work, number of employees in that company, academic background, and years of experience).

✔ Users of Lumis Client Websites – LUMIS provides its clients, through LumisXP, LumisCX Manager, and Intranetnow software, tools for creating portals aimed at internal and external audiences, websites and landing pages, automation of personalization rules for content and services, usage data analysis, among others that involve the Processing of Data from users with whom their clients maintain a relationship.
LUMIS does not control the Personal Data collected by third parties through the LUMIS tools. This data belongs to LUMIS’s clients, who process it in accordance with their respective privacy policies and are responsible for obtaining your consent directly. If you have any questions about how your Personal Data is being managed by our clients, we recommend that you contact the company providing services to you directly.

✔ Participants in Lumis Events – If you participate in any event organized by LUMIS, or contact LUMIS at an event organized by a third party, LUMIS will collect your contact data (name, email, and phone) and professional profile (position, company, company’s industry, number of employees in the company), in order to send you content and news regarding topics related to the event. You can change these preferences at any time via the link contained in the emails.

Specific Purposes of Processing

LUMIS only processes Personal Data for legitimate purposes that are expressly informed to you below:

✔ Personalization of Content, improvement of Services, and presentation of Targeted Advertising according to your preferences;
✔ Statistical Study: Personal Data is grouped with the intention of providing a broad sample for analysis and, therefore, does not aim to identify or make data subjects identifiable, but only to understand the trends of data subjects in the use of our Services, in order to improve their delivery and customize products.
✔ Registration and Contact of Clients and Partners;
✔ Registration of Applicants for Internship or Job Positions;
✔ Development of Browsing and Consumption Profiles of Website Users; and
✔ Other purposes suitable to LUMIS’s legitimate interest, as permitted by applicable laws.

See below some examples of how we use your data:
✔ Your email is used to send materials or information requested by you when filling out our forms. Your email may also be used to send Newsletters, always related to topics such as Digital Marketing, human resources, technology in general, customer experience, development methodologies, and project management, and also communication of new free materials or product launches from LUMIS, provided they were requested by you. You may unsubscribe from such services at any time, directly via the link sent in such emails.
✔ LUMIS employees may occasionally contact you by email or phone to conduct surveys or present products and services;
✔ Your email may also be used by us to send you messages about our Services, such as alerts, notifications, and updates;
✔ If you allow, we will use your browsing data to present you with advertisements related to your preferences and interests, on our websites or on third-party websites operated by us.

We will not process Personal Data for any purposes incompatible with those described above.
LUMIS provides buttons on its pages for direct content sharing on social networks, such as Facebook. By clicking on such buttons, you will publish the respective content through your own profile on the selected social network. LUMIS does not have access to your login and password, nor will it publish content on your behalf without you clicking on such buttons.

Necessity, Adequacy, and Quality of Personal Data

LUMIS takes steps to ensure that the personal data processed is adequate and relevant to the purposes described above, as well as being limited to the minimum necessary for their fulfillment. We do not collect more Personal Data than we need.

LUMIS always updates your Personal Data when necessary, but the accuracy of the data you provide us when filling out our registrations is your responsibility. If any of this information has changed, please update your registration by sending an email to privacy@lumis.com.br
.

Storage of Personal Data

Your Personal Data remains stored on our physical servers or in the clouds of our Operators, in Brazil or in a foreign country, as permitted by applicable laws.

We will keep your Personal Data for up to 5 (five) years after the cancellation of your account, or for the period corresponding to the statute of limitations for legal claims, except as permitted by applicable laws.

LUMIS may retain your Personal Data even after your deletion request or the end of Processing in cases provided for by applicable laws, such as:

✔ When necessary for compliance with a legal or regulatory obligation, or order of a competent authority by LUMIS;
✔ In case of transfer to a third party, when requested by You;
✔ Records required by the Brazilian Civil Rights Framework for the Internet (Marco Civil da Internet);
✔ After data anonymization;

Integrity and Confidentiality

LUMIS keeps all processed Personal Data secure and protected against unauthorized or unlawful Processing and loss, destruction, or damage. Such security is achieved through the measures listed below.

Your account is protected with a password for your privacy and security. If you access your account through a third-party website or service, you may have additional or different login protections through that website or service. Your password and login are important information that should not be disclosed to third parties, under the risk of unauthorized access to your Personal Data. You may also use another secure connection mechanism, properly limiting account access to your own devices and browsers, as well as logging out after completing your session and periodically changing your password.

LUMIS adopts the best information security and secure development practices available in the market, meaning we design products and services that promote the protection of your data and allow you to directly manage such information. We adopt encryption practices for passwords and other critical information, TLS for data transfer between applications, hire cloud services with security certifications and seals such as ISO 27.001, SOC 1 and SOC 2/SSAE 16/SSAE 3402, and PCI DSS, 24/7 system monitoring, content control, and VPN.

We strive to protect the privacy of your Personal Data, but unfortunately, we cannot guarantee complete security. Unauthorized account access or use, hardware or software failure, and other factors may compromise the security of your data at any time. Therefore, help us maintain a safe environment for everyone. In addition to adopting good security practices regarding your account and data, if you identify or become aware of anything that compromises the security of your data, you can contact our Data Protection Officer for more information.

LUMIS has information security incident response plans in place to mitigate, remediate, and/or report any incidents as required by law.

Responsibility and Accountability
Privacy by Design and by Default

LUMIS takes into account the privacy of data subjects from the development phase of our products and services, as well as in their delivery and operation. By default, all our products and Services are provided with the strictest privacy options possible, that is, with minimal data collection necessary for the basic operation of its products and services. Such privacy options may be freely changed by the Data Subjects, although restricting data collection may reduce the number of features available.

Data Protection Impact Assessment (DPIA)

In some cases, LUMIS may be required to conduct a Data Protection Impact Assessment (DPIA). A DPIA is an audit conducted on a controller or processor to identify and minimize risks of non-compliance with the LGPD.

Record of Processing

LUMIS maintains a record of all Data Processing activities carried out, as required by applicable regulations.

What Are Your Rights?

LUMIS must immediately comply with requests to exercise legal rights submitted by Data Subjects, or, if not possible, within 15 days or another period defined by the ANPD.

You may always choose not to disclose your Personal Data to us. In this case, it is possible that some of this data is necessary for your registration on our platforms or to use some of our Services. Regardless, you will always have rights related to the protection of your Personal Data.

To make sure you are who you claim to be, your request to our Data Protection Officer must be accompanied by your full name, CPF (Individual Taxpayer Registry), phone number, and email address. This is a security measure to ensure that Personal Data is not disclosed to strangers. We may also contact you for more information regarding your request. If your request is particularly complex, we will notify you of the need for more time and set a new deadline for response, keeping you updated on the progress of your request.

In addition to being concerned about the security of your Personal Data, we are also concerned with informing Data Subjects about their rights. Therefore, we summarize the rights provided in Art. 18 of the LGPD below, with an explanation of each one:

✔ Confirmation of the existence of processing – If you are unsure whether we process your Personal Data, you may request confirmation of this fact. LUMIS, according to the choice you make, may respond to the Confirmation request in simplified form immediately, or by means of a clear and complete statement, indicating the origin of the data, the absence of a record, the criteria used, and the Purpose of Processing, within up to 15 (fifteen) days from receipt of your request.
✔ Access to data – You may request access to your Personal Data processed by us, upon which we will provide you with a list of the categories of your Personal Data that are under Processing by LUMIS. If Processing was carried out based on consent, you may also request a complete copy of all your Personal Data in our possession, except for our trade and industrial secrets. LUMIS, according to your choice, may respond to the Access request in simplified form immediately, or by means of a clear and complete statement, indicating the origin of the data, the absence of a record, the criteria used, and the Purpose of Processing, within up to 15 (fifteen) days from receipt of your request.
✔ Correction of incomplete, inaccurate, or outdated data – This right allows you, at any time, to request the rectification of your Personal Data in our records, if you identify that some of them are incorrect.
✔ Anonymization, blocking, or deletion – If you verify that some Personal Data in our possession is unnecessary, excessive, or processed in violation of the law, you may exercise this right. Anonymization means removing from the Personal Data the possibility of being linked to you, according to legal criteria, so that it continues to be processed outside the scope of the LGPD. Blocking means suspending the use of such data in the Processing carried out by LUMIS, without deleting it and with the possibility of resuming its processing, at your choice. Deletion means destroying the Personal Data, definitively interrupting the Processing. Applicable laws may allow the continuation of Processing even in case of a blocking or deletion request.
✔ Portability – You may request that your Personal Data be transferred to another provider. We reserve the right not to transfer data relating to our trade or industrial secrets.
✔ Deletion – You may request the deletion of your Personal Data, provided that it is processed based on your consent. We may retain your Personal Data in some cases provided for in applicable laws.
✔ Information about entities with which LUMIS has shared data – LUMIS acts as a Controller, as well as a Processor hired by other companies. When acting as a Controller, LUMIS may share your Personal Data with public agencies or private entities for specific purposes. We will always keep you informed about the entities with which we share your data.
✔ Information about the possibility of not providing consent and about the consequences of refusal – Some Services and products from LUMIS depend on your Personal Data to function fully. When your consent is necessary for Processing, we will always inform you of the possibility of not consenting and its consequences.
✔ Withdrawal of consent – Whenever Processing is based on your consent, you may withdraw this consent at any time, so that we can no longer collect your data from that moment on, except for those already processed by us.
✔ Information and review of fully automated decisions – LUMIS will keep you informed if you are subject to decisions made solely through automated Processing of your Personal Data, for example, decisions without human participation that affect your interests, such as defining your personal, professional, consumer, and/or credit profile. In this case, you may request the review of such decisions and the presentation of information about the criteria and procedures used for the automated decision-making. We reserve the right not to disclose trade or industrial secrets.

With Which Third Parties Does Lumis Share Your Personal Data and to Which Countries Are They Transferred?

We do not rent, sell, or transfer your Personal Data to anyone, except for the partner companies listed below:

✔ Data Processors (“Partners”) – LUMIS hires processors that handle your data on our behalf for cloud data storage and email automation. Our Partners are only authorized to handle your Personal Data for the specific purposes for which they were hired. We ensure that our Processors provide adequate security measures to protect your Personal Data.
✔ Advertisers – You may eventually receive advertising, content, and links displayed in a personalized way through LUMIS, according to your interests and behaviors on our platform or in other services with which you interact. For this purpose, Personal Data may be shared between LUMIS and the targeted advertising platform, mainly unique identifiers, IP addresses, Cookies, and other information collected from your browser, which may be used to measure the effectiveness of online advertising.
✔ Co-controllers – Eventually, LUMIS may transfer Personal Data to third parties to carry out Processing for their own purposes, different from those described in this Policy. We will always inform you in advance of this fact and request your consent to carry out the transfer. The public and private entities with which we currently share data are:

Facebook

Instagram

Twitter

Google

Hubspot

Some of our Partners may eventually provide us with services from other countries, for example, to provide Information Technology services such as cloud data storage. Whenever LUMIS sends your data to another country, the transfer will be made in accordance with applicable laws. Currently, your Personal Data is transferred solely to the United States of America, under specific contractual clauses for the protection of your Personal Data, rights, and freedoms.

Audit and Monitoring

LUMIS will audit compliance with this and its other policies; and implement appropriate corrective actions to fix any irregularities.
If you believe this policy is not being followed, please contact our Data Protection Officer.

We are always looking to improve our services, so this Policy may be updated. Therefore, we recommend visiting this page periodically so that you are aware of such modifications. If relevant changes are made that require your new consent, we will publish this update on our Websites and disclose it through our portals and your contact email, to request your new consent, if necessary.

How to Contact Our Data Protection Officer

If you have any questions about how LUMIS processes your data or would like to make any requests provided for in the LGPD, please contact our Data Protection Officer at the following contact addresses:

Privacy Page: https://www.lumis.com.br/a-lumis/sobre-a-lumis/guia-de-privacidade.htm

Email (Questions Only): privacy@lumis.com.br

Digital Experience Platform

Platform Overview

AI in Creating Experiences

Chatbot with Advanced Search

Content Management (CMS)

Integrations

Advanced Data Analysis

Real-time customization

Forms

LumisCX Manager

Intranet Now

Why Choose LumisXP

Finance

Health & Insurance

Oil & Energy

Government

All segments

Scalability in Managing Multiple Portals

Channel Unification and Journey Personalization

Omnichannel Digital Experience

Performance with large access volumes

Channel Centralization and Data Management

Content for Your Digital Journey

Documentation

Downloads

Support

Forum

Digital Innovation Made in Brazil

Who We Are

In the Media

Events

Compliance

Career

External Privacy Policy

External Privacy Policy