This policy applies across the Lumary Website. This policy only covers information collected through the Lumary website and not information that we collect offline, through other websites, or through our subscription services. Lumary will use data from subscription services in accordance with the contractual agreement(s) between Lumary and that customer.
This policy informs you of the practices Lumary uses regarding the collection, storage, use and disclosure of data when your organisation uses our website and the choices you have associated with that data.
We use your data to provide and improve the service provided to you. By using our website, you agree to the collection and use of data in accordance with this policy.
Lumary is committed to the protection of Personal Data in a manner consistent with the Privacy Act 1988 and the Australian Privacy Principles
3.2 Data Retention
The length of time we keep Personal Data depends on what it is and whether we have an ongoing business need to retain it.
We’ll retain Personal Data for as long as we have a relationship with you. After that period, we may delete or destroy all copies of Personal Data in our systems or otherwise in our possession or control, unless legally prohibited
4. Data Collection
We collect various types of data for various purposes to provide and improve our website and service to you.
The types of data collected are as follows:
4.1 Data You Provide to Us:
4.1.1 Personal Data
When using our website, you may provide us with personally identifiable data (“Personal Data”). Personal Data may include, but is not limited to:
First name and last name
Work Email address
You can opt out of providing personal data by not entering it when asked
4.1.2 Sensitive Data
Sensitive Information is defined in the Privacy Act to include information about such things as an individual’s racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information. Lumary does not expect to be collective sensitive information through the website.
4.2 Data We Collect Automatically
4.2.1 Usage Data
When you access our website, we may collect certain data from you automatically. Usage data collected may include, but is not limited to:
The type of device, browser and operating system you are using
Your IP address
4.2.2 Cookies Data
You can instruct your browser to refuse all cookies. However, if you do not accept cookies, you may not be able to use our service.
4.2.3 Third party sites
When using our website, we may utilise 3rd party applications not owned or controlled by us that collect anonymised data for their own purposes or to provide to Lumary.
Our website may also have links to other websites not owned or controlled by us. These links are for your convenience only, and do not constitute and endorsement by us. Please be aware that Lumary is not responsible for the privacy practices of other websites, and we encourage our uses to be aware of the privacy practices of such sites.
5. Use of Data
Lumary uses the collected data from our website for various purposes:
To provide you with information about our services and general updates
To improve our website, products and services
To directly communicate with and market to you and your organisation
To subscribe you to our email marketing list (You can opt out of receiving our newsletter or marketing emails by following the instructions at the bottom of each communication or at any time by emailing email@example.com)
To analyse, aggregate and report anonymised data
To analyse web traffic and help us provide a better user experience
To serve relevant ads to website visitors through third party services such as Google Adwords, Facebook, and any other online advertising platforms
6. Disclosure of Data
6.1 Legal Requirements
We will only disclose your personal data to regulators, law enforcement bodies, government agencies, courts or other third parties where we believe it is necessary to comply with applicable laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure.
6.2 Other 3rd Party Access of Data
We may engage other 3rd party organisations to facilitate in providing our service or to assist in analysing how our website and services are used. These parties will have access to anonymised data, but will not have access to Personal Data unless we have your consent.
7. Security of Data
7.1 Internal Access of Data
Only Lumary employees who need to have access to your data for the purposes of performing their duties will have access to your Personal Data.
Lumary employees and contractors are bound to keep any personal data confidential and are not permitted to access or use your personal data for any purpose other than the performance of their duties.
7.2 General Security
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security
8. Notifiable Data Breach Scheme
The Privacy Amendment (Notifiable Data Breaches) Act 2017 establishes the Notifiable Data Breaches (NDB) Scheme in Australia. The NDB Scheme means agencies are required to notify individuals whose persona data is involved in a data breach that is likely to result in serious harm to the individuals affected. Lumary will manage all data breaches in accordance with the NDB.
If a suspected or known data breach occurs, we will initially respond and work with the affected area to contain further access of the data. We will then determine whether serious harm is likely from the suspected or known data breach.
If serious harm is likely from the data breach, we will promptly notify your organisation to advise that a suspected or known data breach has occurred which includes your organisations personal data, and actions that are being undertaken to limit or mitigate any potential harm.
Lumary will then prepare a statement to the Office of the Australian Information Commissioner (OAIC) via the NDB Statement Form. Lumary will work with the OAIC on any recommendations or directions related to the breach.
Lumary will review the incident to determine possible causes of the breach, and revise our internal policies, procedures or technical implementations to prevent a recurrence.
9. Access to Personal Data
You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.
Lumary will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.
In order to protect your Personal Information we may require identification from you before releasing the requested information.
11.1 How to Make a Complaint
If you believe Lumary may have breached your privacy rights, you may contact us using the contact details set out in section 12 of this policy.
Alternatively, you also have the option of contacting the OAIC if you wish to make a privacy complaint against Lumary, or are not satisfied with how we have handled a complaint. The OAIC website contains information on how to make a privacy complaint.
11.2 Process for Handling Complaints
Lumary will respond to your complaint promptly. We are committed to the quick and fair resolution of any complaints, and will ensure your complaint is taken seriously.
12. Contact Us
To contact Lumary regarding any privacy enquiry or complaint, or to request access to your personal data, please contact us at firstname.lastname@example.org