INTRODUCTION TO OUR PRIVACY POLICIES
Additional features of portions of the Service are described in our Terms of Service (the “Terms of Service”), which may be found at www.luminello.com/tos.
Our treatment of Personal Data is governed by our agreements, including the Terms of Service and the business associate agreement (the “Business Associate Agreement”), as applicable. Further, protected health information (“Protected Health Information”), as defined under a federal law called the Health Insurance Portability and Accountability Act (“HIPAA”), will only be used and disclosed as authorized by you and/or your health care provider in accordance with applicable law.
Please take a moment to read the following to learn more about our information practices, including what type of Personal Information is gathered, how the Personal Information is used and for what purposes, to whom we disclose Personal Information, and how we safeguard your Personal Information.
Our privacy practices may vary among the countries in which we operate to reflect local practices and legal requirements (“Applicable Data Protection Laws”). According to Applicable Data Protection Laws, you may be entitled to know the identity of your “Data Controller” i.e. the legal entity which determines why and how your personal data is processed. In most cases, this will be Luminello, Inc. We will inform you if you are working with another Data Controller
WHAT INFORMATION WE COLLECT
We collect “Non-Personal Information” and “Personal Information.” Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks.
Personal Information. Any information that can be used to identify, contact, or locate you, such as: your name, address, email address, or phone number, but does not include any information that has been fully anonymized so that a specific individual can no longer be identified from it. This includes your email, demographic information, and record of your treatment, including notes, prescription history, appointment history, billing history, which you submit to us through the registration process utilizing the Service, or which your authorized provider submits. We will never disclose your Personal Information without your consent, unless required by law.
Profile Information and User Contributions. You may choose to create a public Luminello profile, and to share Personal Information or make user contributions as part of the same. Please be aware that any Personal Information or contribution you choose to share in this way, will be published, and made generally available to other users and third parties via the Service. This user generated content is publicly available and we are not responsible for the privacy practices of the other users or third parties who may view and use that information. If you do not want your Personal Information or user contributions to be accessible in this way, please do not post it.
Customer Support. We may collect Personal Information through your communications with our customer support team.
Clickstream Data. We and our third party service providers may automatically collect certain information from your web browser when you use parts of the Service to help us understand usage, what is of interest to you and how to provide you more relevant advertising and content. We refer to this information as Clickstream Data. This information only comes from pages that are intended for clinicians to visit, and includes, for example, browser, date and time of access, and each of our pages that you visit. If your browser has a “private browsing” mode you may be able to block this information from being sent to the Company.
Payment Information. If you elect to use paid features of the Service, you may need to provide Personal Information to our third-party payment processors, such as your credit card number.
Tracking Pixels (also referred to as a clear gif, pixel tag or single pixel tag). This is a graphic with dimensions of 1×1 pixels that is loaded when a user visits a website or opens an email. A pixel is used in conjunction with cookies to help us manage and monitor our online clinician advertising and wider business arrangements with third parties, to measure and analyze clinician site usage and activity and to improve the quality of the Service. Tracking pixels allow the collection of data, such as IP address, URL, and referrer to help our advertisers analyze the efficacy of our clinician campaigns. This also allows us to aggregate anonymous information relating to advertising and website usage. Pixels may be used to recognize third party cookies and inform us and/or third parties of which advertisement or link brought you to the Service, allowing us to monitor the business relationships with third parties. We do not place pixels on any pages that are intended or designed for patient use, or where content may be related to clinical topics of interest.
Cookies.In an effort to improve the quality of the Service, we track information provided to us by your browser or by our software application when you view or use the Service, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Service, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal information about that user and keep a record of the user’s preferences when utilizing our services, both on an individual and aggregate basis. The Company may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.
Our Partners. At times, we may work with the following 3rd parties for purposes of advertising to clinicians, which may collect certain anonymized data points, as described in “Clickstream Data” and “Tracking Pixels” and who have their own privacy policies regarding this data: Google Analytics 4; LinkedIn Website Retargeting; Microsoft Advertising; Google Tag Manager; Facebook Ads conversion tracking (Facebook pixel); Meta Events Manager; YouTube Data API. For purposes of login verification, we may use Google reCAPTCHA. For purposes of communication, Zoho Campaigns and Zoho Email. Within the app, we may use Mixpanel and Userpilot, with whom we have Business Associate Agreements.
Children’s Online Privacy Protection Act. Our Service is not directed to children under the age of 13 and we do not knowingly collect Personal Information directly from children. If we become aware that a child has disclosed Personal Information without proper parental consent, such Personal Information will be deleted.
HOW WE USE INFORMATION
In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers.
In instances when a patient/client or provider reports a bug or requests more info about his/her account, the Company employees may access the account to de-bug or further investigate. Protected health information gathered in these cases is not retained, and is treated in accordance with HIPAA regulations.
Internal and Service-Related Usage. We use data that you input into, or that is collected by, the Service to perform the services requested in connection with those portions of the Service. For example, we use your payment information (through-third-party payment processors) to collect payment for the applicable portions of the Service. We may store and combine the Personal Information you submit or we collect via any part of the Service with information from other Luminello services or third parties in order to deliver the Service, to provide you with a better experience and to improve the quality of our services.
We may use data that you input into, or that is collected by, the Service to derive anonymized or aggregate data about your current IT environment, or your company operations, and may use this data to display customized content to you, and/or compare your environment configuration to those of the broader user community or for other purposes. Such information does not identify you individually.
We may use Clickstream Data to analyze trends, to administer the Service, to track users’ movements around the Services, to gather demographic information about our user base as a whole, and to operate and improve the Company technologies and services. We may use and retain any data we collect to provide and improve our services.
Luminello-Related Communication. We use your Personal Information to contact you about administrative notices, application & network alerts, community activity, product updates, offers and promotions, and general news about the Company and our partners. This communication may be in the form of an alert, email or possibly a phone call, where permitted under applicable law. The frequency of this type of communication varies based on the type of notification. For example, alerts are delivered as they occur, while our product newsletter is generally delivered monthly. You can manage your email preferences with respect to content and delivery or you may unsubscribe from all emails from us. You can also email us at [email protected] regarding your communication preferences.
Advertising. While our current business model is not based on earning revenue through ads, we reserve the right to advertise to clinicians in the future. Like most other websites you probably use, in order to serve you those ads and to make them relevant to you, we need to use the data we know about you. We also may share information we have collected to show our partners how effective their campaigns performed or how to make their campaigns more effective. While our partners may place a cookie in your browser, no information that personally identifies you is shared with our IT vendor partners as part of this advertising process.
Customer Testimonials. From time-to-time we may ask individual users to participate in customer testimonials posted on our website. We never post these testimonials without their express permission. Any information provided as part of these testimonials is used solely for the purpose of these testimonials and is not used in any other way. If you wish to update or delete your testimonial, you can contact us at [email protected].
Search Engines. Certain Personal Information may also be accessible via search engines or similar services. For example, if you create a public profile, your profile information and the content of the posts you make may be accessible through a Google search.
- necessary for the performance of a contract to which you are a party (for example, where we provide a requested Service to you);
- necessary for us to take steps, at your request, to enter into such a contract (for example, where you make an enquiry about receiving a Service from us);
- necessary for the purposes of our legitimate interests or those of a third party and not overridden by the interests or fundamental rights and freedoms of any data subject (for example, where we desire to provide improved client customer service and support as well as enhancing and developing our products and services, and the IT-systems and processes used to support such products and services, and the marketing and sale thereof); or
- necessary for compliance with a legal obligation to which we are subject. For example, under applicable law, we may be obliged to:
- secure and maintain technical and organizational measures to protect the security of your data;
- investigate and report any (suspected) breaches of those technical and organizational measures.
- comply with legal and regulatory obligations, including, but not limited to, complying with minimum retention periods for certain types of data.
Where we do not consider that we can rely on a legal basis for processing that is set out above, then we will ask for your consent before processing your information.
HOW WE PROTECT INFORMATION
We implement security measures designed to protect your information from unauthorized access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password, accessing your account on a private internet connection that is password protected, and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. By using our Service, you acknowledge that you understand and agree to assume these risks.
YOUR RIGHTS REGARDING THE USE OF YOUR PERSONAL INFORMATION
YOUR RIGHTS AND YOUR CHOICES
Under Applicable Data Protection Laws, you may have the right, in certain cases, to request access to your Personal Information that we process, to request details about such Personal Information, including the purposes and potential recipients of this data, to have such Personal Information rectified or deleted, to have the processing thereof restricted, or to object to the processing of your Personal Information, as well as to request a copy of your Personal Data in a standardized format so that it can be provided to another vendor.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time using the contact details below.
You may also have the right to lodge a complaint with your national data protection authority or other public authority governing the protection of your personal information.
To exercise these rights, please follow the steps set out below, or contact us via email at [email protected].
If your Personal Information changes, you may update it using the “Update Profile” link at the bottom of the email newsletter. When you update information, we may keep a copy of the prior version for our records. If you have specific requests about your Personal Information, you may email us at [email protected]
You have control over your Luminello public profile and related privacy settings and can edit such to remove information that you do not want others to see publicly via the Service. The information you post in your profile page is publicly available and there are not any privacy settings on those pages so if you do not want certain information to be publicly available, do not post it to your project pages or profile pages.
We may access, preserve, and disclose your Personal Information, other account information, and content, including after you terminate usage of the Service, if we believe doing so is required or appropriate to: comply with our legal obligations, resolve disputes, respond to your requests, or protect yours’, ours’ or others’ rights, property, or safety.
LINKS TO OTHER WEBSITES
INFORMATION CONFIDENTIALITY AND SECURITY
By using our Service or providing Personal Information to us, you agree that we may communicate with you electronically regarding your use of the Service. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Service or sending an email to you. You may have a legal right to receive this notice in writing. To receive free written notice of a security breach (or to withdraw your consent from receiving electronic notice), please notify us at [email protected].
HOW WE SHARE INFORMATION
Clickstream Data. We may share Clickstream Data with our third party service providers to help us deliver and improve parts of the Service and when we do so we ensure they comply with appropriate confidentiality and data protection and security measures. We may also share Clickstream Data with our partners who want to better understand our user base and what interests them and what kind of marketing materials might be the most relevant to them, but we ensure that any Clickstream Data that we share with our business partners does not identify you as an individual. We share this kind of data so that your experience in our Service is customized and the most relevant to you and your needs.
App Data. We may share App Data with third parties so long as it does not identify any specific individual or disclose Personal Information about you or your end users (such as the name of someone in your organization who submitted a Helpdesk ticket). This information allows us to understand business technology needs and trends.
Marketing. We may share firmographic data and anonymous aggregated information with third parties outside of the Company, such as advertisers and market research firms approved by the Company, for their marketing and promotional purposes. For example, we may share with advertisers the breakdown of our user community by company size and industry. This allows the advertisers to try to reach audiences that may be interested in their products or services. When we share this information, it does not identify you individually or disclose any of your Personal Information.
When You Sign Up to a Luminello Event. When you sign up for a Luminello event, such as a webinar, we will ask for your consent to share your contact information if there is an outside sponsor of the event so that they may contact you with products and service which they feel may be of interest to you.
As Required by Law and Similar Disclosures. We reserve the right to disclose your Personal Information as required by applicable law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, enforceable government request, court order, or legal process served on the Company. We may also share Personal Information with third parties in limited circumstances, including when preventing fraud or imminent harm and ensuring the security of our network and services.
RETENTION AND DELETION OF DATA
Where you choose to create a public Luminello profile, we generally do not delete or disable any information contained in such page, profile or contribution until and unless you ask us to. To request this, please contact us via email at [email protected].
If you are a patient/client of one of our customers, due to HIPAA regulations, you must contact your clinician directly to request their approval for the deletion of your protected health information by the Company. The clinician should then contact us directly with their approval.
If you are a clinician, it is your duty to comply with all applicable laws, including HIPAA, regarding protected health information. To delete your account, please contact us via email at [email protected].
IMPORTANT INFORMATION FOR CALIFORNIA RESIDENTS – YOUR CALIFORNIA PRIVACY RIGHTS
For individuals that reside in California, the California Consumer Privacy Act (“CCPA”) provides additional rights and choices. California residents have the right to request access to your personal information, delete any personal information we collected from or maintain about you, and opt-out of the sale of personal information about you.
Company does not “sell” your personal information for purposes of CCPA or share your Personal Information with third parties for their direct marketing purposes, as defined by California Civil Code Section 1798.83, unless we give you choice (opt-in or opt-out) before sharing with those third parties.
If you are a California resident and you have questions about our practices with respect to sharing information with third parties for their direct marketing purposes and your ability to exercise choice, please contact us at Luminello, Inc., 2443 Fillmore St #380-8794, San Francisco, CA 94115. You must put the statement “Your California Privacy Rights” in the body of your request, as well as your name, street address, city, state, and zip code. In the body of your request, please provide enough information for us to determine if this applies to you. Please note that we will not accept inquiries via the telephone, email, or by facsimile, and we are not responsible for notices that are not labelled or sent properly, or that do not have complete information.
Please note that the CCPA does not apply to Protected Health Information regulated by HIPAA and does not fully apply in business to business transactions.