LumenEntity
Legal

Data Processing Addendum

When you use LumenEntity to process personal data, this addendum applies in addition to our Terms of Service.

This Data Processing Addendum ("DPA") forms part of the agreement between you (Controller) and LumenEntity (Processor) and reflects our obligations under the EU GDPR, the UK GDPR and similar laws. A signed PDF version is available on request to legal@lumenentity.com.

1. Scope and roles

You are the Controller of personal data you submit to the Service. LumenEntity acts as Processor and processes such data solely on your documented instructions and for the purpose of providing the Service.

2. Subject matter, duration and nature

  • Subject matter: provision of the Service.
  • Duration: while your subscription is active, plus the export window.
  • Nature: hosting, storage, querying and analytics on the configured datasets.
  • Types of data: business contact data, product configuration data, and any personal data your users choose to include in URLs, keywords or prompts.
  • Categories of data subjects: your employees, your end users, and any individuals whose data you choose to monitor.

3. Sub-processors

A current list of sub-processors is available on request. We will give reasonable advance notice of any change so that you may object on legitimate grounds.

4. International transfers

For transfers outside the EEA, UK or Switzerland we rely on the European Commission's Standard Contractual Clauses (Module Two) and the UK International Data Transfer Addendum where applicable.

5. Security

We implement the technical and organizational measures described on our Security page, which form part of this DPA by reference.

6. Data subject requests

We will, taking into account the nature of the processing, assist you in responding to requests from data subjects to exercise their rights under applicable law.

7. Personal data breach

We will notify you without undue delay after becoming aware of a personal data breach affecting your data, and assist you in your notification obligations.

8. Audits

On reasonable prior request and subject to confidentiality, we will make available the information necessary to demonstrate compliance with this DPA.

9. Return or deletion

On termination, and unless legally prohibited, we will delete or return your personal data within thirty days.