Platform Features
Join the world’s leading organizations that trust Lumi Global with their critical meetings.
Join the world’s leading organizations that trust Lumi Global with their critical meetings.
Lumi Global has acquired Assembly Voting, a technology company specializing in end-to-end verifiable, cloud-based voting and election solutions.
Last updated: 12th January 2023
Your privacy and the protection of your personal data is important to us (Lumi Global). When we refer to ‘personal data’ in this policy, we mean any information which can be used to personally identify you. This public privacy policy (or privacy statement) explains what personal data we process, how we collect it and why. We take the security of your personal data very seriously and this policy tells you what we do to ensure its protection. In this policy we also outline the rights we think you have with your personal data, and how you can exercise them. Please take the time to familiarize yourself with this policy as it contains important information.
Lumi Global is the leading global provider of fast, accurate and secure technologies to facilitate the smooth running of AGMs, shareholder or member meetings, legislative meetings and elections – whether that is a physical in-room meeting, a virtual meeting or a hybrid meeting. Our headquarters are in the United Kingdom, but we have offices in North America, Europe, the Middle East, Africa, Asia and Australia.
Lumi Global Ltd. is the parent company of our organization, and we have provided a full list of our subsidiary companies in the Scope section below, where we include our registered address.
Lumi Holdings Ltd. operates the website that this policy appears on.
We are not legally required to appoint a Data Protection Officer (DPO). However, we have nominated members of our Information Security Management System (ISMS) Team to take overall responsibility for matters of data protection and privacy. You can contact them with any questions or concerns about your personal data by emailing privacy@lumiglobal.com (for more contact details see below section).
We do not sell, rent, or trade your personal data to third parties for marketing or promotional purposes. We do not abuse or misuse your personal data, or let it fall into the wrong hands. We only process your personal data for the reasons we say we do.
As a business, we supply mobile technology products and services which process personal data to help our customers (Clients) better understand a group of people. That personal data is as important to us as it is to you.
We only process your personal data in accordance with our Clients’ instructions. If these instructions are ethical, moral and legal, then we comply with our Clients’ directions as to how they want us to process the personal data. We also try to ensure that any obligations our Clients have concerning your privacy are carried out, subject to applicable laws.
We share your personal data with our Clients, who are the data controllers in respect of the personal data and have provided it to us and/or asked us to collect personal data and process it by using our technology and services. They have their own privacy policies that apply to your personal data. We are not responsible for those policies and we suggest you read them carefully.
Technology, laws, or even our way of doing business can change from time to time, as can your rights and expectations. To ensure we comply with data protection regulations, we will update this privacy policy. When we make changes, we will always publish it here on our website - we encourage you to check it from time to time for updates.
The following companies are within scope for this policy;
The following websites are within scope for this policy;
This policy also covers any additional personal data collected in the following, which are our online web applications;
We collect your personal data from the following sources:
Because our business revolves around helping our Clients to reach and better understand groups of people, we may also receive your personal data from those Clients, who have analyzed the information they already have about you or you have provided directly to them. We may also use publicly accessible information to verify information we have been provided and to manage and expand our business.
If you do not provide personal data we ask for, it may delay or prevent us from providing products or services to you.
We process your personal data for one or more of the following purposes:
Under data protection law, we can only use your personal data if we have a proper reason, e.g:
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
You can object to processing on the basis of legitimate interests at any time and, if you do so, we will stop processing the personal data unless we can show compelling legitimate grounds which override your rights and interests, or we need the data to establish, exercise or defend legal claims – see “Your rights” below.
Where we process special category (i.e. sensitive) personal data, we will also ensure we are permitted to do so under data protection laws, e.g.:
Our products and services require the processing of your personal data. Depending on the particular application, website or technology you are using, this may include:
We do not disclose any personal data about you to any third party for marketing, advertising or promotional purposes, unless you have given us express consent to do so or unless otherwise described in this privacy policy.
The confidentiality, integrity and availability of your personal data remain of the utmost importance to us, especially if we need to transfer it to a third party (for international transfers please see Section 10 below). To demonstrate the measures we take to ensure the security of your personal data when being transferred to a third party, please see Section 9 below for more information, where we have considered any potential risks and taken necessary precautions.
We may share your personal data with:
We have implemented what we consider to be robust and appropriate technical and organizational security measures designed to protect the security of any personal data we process to guard against unauthorized or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our Information Security Management System (ISMS), which is certified to the ISO/IEC 27001:2013 standard. Importantly, we also assess our suppliers and sub-processors, who maintain the same and/or additional accreditations, certifications and compliance programmes. We have security measures in place to protect our user database and access to this database is restricted internally.
However, even with these measures in place we have no control over what happens between your mobile or communications device and the perimeter of our information infrastructure. You should always be aware of the many cyber security risks that exist in the modern environment and take appropriate steps to safeguard your own personal data (keeping devices and applications up to date, good password practice, adoption of techniques such as two-factor authentication, being aware of modern threats such as phishing and malware, etc.) Despite the measures taken by us and the third parties we engage, the internet is not secure. As a result others may nevertheless unlawfully intercept or access private transmissions or data. Our website(s) may contain links to third parties’ websites. We are not responsible for the privacy practices or the content of those websites. Therefore, please read carefully any privacy policies on those links or websites before either agreeing to their terms or using those websites. Note also that if you have asked us to share data with third party sites (such as social media sites), their servers may not be secure.
We take the privacy and protection of your personal data very seriously and use a number of methods to try to keep your personal data secure from loss or unauthorized use, alteration or access when it is in our possession or control and that of any third parties. These methods include reasonable physical, technical and organizational measures to restrict access to your personal data. Your personal data is encrypted at rest (i.e. whilst it is being stored) but also whilst in transit by using the latest cryptography technologies. Access to your personal data (e.g. amongst our employees and Clients) is strictly controlled by a combination of policies, secure passwords, permissions-based user roles, best practice processes and procedures, multi factor authentication and more. Additionally, we ensure that your personal data is further protected through enforceable contractual agreements with any third parties (e.g. Data Protection Agreements, standard contractual clauses, confidentiality clauses, etc.)
Where you have chosen a password which enables you to access certain parts of our website and/or applications, you are responsible for keeping this password confidential. You should never share a password with anyone nor should it be used to provide shared access for example over a network and you should ensure that passwords are strong, unique and that you do not reuse or recycle passwords. You should also ensure no-one else uses the website while your device is logged on to the website (including by logging on to your device through a mobile, Wi-Fi or shared access connection you are using).
Where required by applicable law, we will notify you or our Clients of any loss of or unauthorized access or alteration to your personal data, and we will cooperate with the appropriate authorities to investigate such incidents in a timely fashion.
We are a global company with service providers and Clients operating in many countries around the world, including outside of the European Economic Area (EEA). We use cloud-based storage solutions, meaning that your personal data may be transferred and processed in locations outside of your state, province or country, where the privacy laws may not be as protective as those in your jurisdiction. Our Clients may also operate in such locations and may require that we transfer your personal data to them in those locations. Under data protection law, we can only transfer your personal data to a country outside the UK and EEA under certain legally prescribed circumstances such as where a so-called Adequacy Decision has been granted to a country or applying legally-approved standard data protection contract clauses. We will ensure that protections required by applicable UK and EEA laws are met concerning such international transfers of your personal data.
We take steps to ensure that your personal data is kept secure regardless of its location and when being transferred internationally, in compliance with applicable laws. Please refer to Section 9 above for more information on where we have considered any potential risks and taken necessary precautions.
We keep your personal data for as long as is necessary to fulfill the purpose for which it was processed. In most cases, this will be the duration of a particular meeting, event, project or campaign for which our Client has asked us to process your personal data. However, we are subject to our Clients’ instructions and they may ask us to retain it for longer or to delete it sooner. We regularly audit the personal data we retain to ensure that it remains relevant to our current requirements and those of our Clients. In some circumstances we may also need to keep your personal data for as long as necessary in order to:
We do not knowingly process personal data of minors or children. We have no control over who contacts us, or means of verifying their age, but it is not our policy to conduct business with anyone under 18 years of age. For our Clients (the data controller), if they are using our products and services to process personal data of children, then they must comply with the data protection laws applicable to them. In these very rare circumstances, our Clients are obliged to obtain express consent from the children’s parents or legal guardians prior to the use of our service.
As a data subject whose personal data we process, you have certain rights, subject to some conditions and exceptions. If you wish to exercise any of these rights, then please email privacy@lumiglobal.com or use the contact details supplied below. In order to process your requests, we may need to ask you to provide up to two valid forms of identification for verification purposes. Depending on the reasons we are processing your personal data, we may have to refer you to our Client you have provided consent to (i.e. as the data processor or in some cases sub-processor, we are obliged to refer you to the data controller to make such requests).
If you have given permission, we may contact you by mail, telephone, SMS, text/picture/video message, email about products, services, promotions, special offers, events, webcasts, conferences and charitable causes that may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time. You have the right to object to the processing of your personal data for direct marketing purposes. If your objection is not to direct marketing in general, but to direct marketing by a particular channel e.g. email or telephone, please specify the channel you are objecting to.
Your rights are as follows:
Should you have any questions, comments or concerns about this policy or how we handle and process your personal data then please email privacy@lumiglobal.com.
As an alternative, you can get in touch with us at our headquarters using the following postal address or phone number;
Lumi Holdings Ltd.
Armoury House
Ordnance Business Park
Midhurst Road
Liphook
Hampshire
GU30 7ZA
United Kingdom
Tel: +44 (0)3300 583 952
Our UK hours of operation are 09:00 – 17:30, Monday to Friday (except public holidays).
If English is not your first language, then please visit the Contact Us page on our website to find telephone numbers and addresses for our regional offices. If you would like this notice in another format (for example audio, large print, braille) please contact us.
If you wish to complain or discuss any grievances with us, please don’t hesitate to contact us using the details provided above. All complaints are treated confidentially. Should you be unhappy with how we are handling or have handled your personal data, or about any former complaints you have made to us, then you are entitled to escalate your complaint to a supervisory authority within the region you are based. As detailed above, our company headquarters are based in the United Kingdom, where the Information Commissioner’s Office (ICO) is the data protection regulator (https://ico.org.uk/).
Information about our use of cookies can be found at https://www.lumiglobal.com/cookie-policy