Additional European Economic Area, United Kingdom, and Switzerland Privacy Disclosures

These disclosures supplement the information contained in our Privacy Notice

These disclosures supplement the information contained in our Privacy Notice by providing additional information about our personal data processing practices relating to individuals who access and use our website or services or otherwise interact with us from the European Economic Area ("EEA"), United Kingdom ("UK"), and Switzerland. For a detailed description of how we collect, use, disclose, and otherwise process personal data, please read our Privacy Notice.

Questions or Complaints

If you have a concern about our processing of personal data, you have the right to lodge a complaint with the Data Protection Authority where you reside, where you work, or where an alleged violation of the law has occurred. Contact details for applicable Data Protection Authorities can be found using the links below:

We would, however, appreciate the chance to handle your concerns directly prior to a complaint being filed, so please contact us directly at contact@luzidos.com if you have any concerns.

Purposes and Legal Bases of Processing

When we process your personal data, we will do so in reliance on the following lawful bases. You are not required to provide personal data to us, but we do rely on your personal data to provide certain of our products and services. If you choose not to provide us with your personal data, we may not be able to provide you with a service or product you request. We will inform you at the point that we collect personal data from you if the provision of certain personal data is mandatory or optional for receipt of our products and services.

We use personal data that you submit directly to us, that we collect automatically or that we collect from third parties, when you access our website, contact us or use the services, as follows:

How we use Personal DataCategories of Personal Data usedLawful basis
To communicate with you about our services (including sending you notifications and alerts)Contact and account informationOur legitimate interests, namely communicating with customers or (where relevant) potential customers. If you are the customer, the processing is necessary for the performance of a contract with you.
If you are the customer, to provide you customer support in connection with your use of the servicesContact and account information
Feedback and support information		Performance of a contract with you
To manage our contractual relationship with you (if you are the customer) or the company you work for (including collecting payments, where relevant)Contact and Account information
Payment information (where relevant)		Performance of a contract with you or, if our services are provided under a contract with someone else, our legitimate interests, namely managing our relationship under that contract
If you are the customer, to set up and authenticate your account on the servicesContact and Account information
Information to authenticate you to our services		Performance of a contract with you
If you are the customer, to provide you with the content analysis and content generation functionalities on our servicesCustomer contentPerformance of a contract with you
If you are the customer, to present the services to you on your deviceInformation about your device and network
[Information about your interaction with and use of our services]		Performance of a contract with you
To conduct research, analytics and developmentFeedback and support information
Event, contest, promotion and survey information		Our legitimate interests, namely informing our service development and improvement
To identify and address bugs or system errorsFeedback and support informationOur legitimate interests, namely informing our service development and improvement
To protect the security and integrity of our systems and facilities, including protecting our systems from and investigating malicious or unauthorized activityFeedback and support information
Information about your device and network		Our legitimate interests, namely ensuring the security and integrity of our systems
To protect the safety of our guests, employees and visitors to our facilitiesSecurity-related informationOur legitimate interests, namely protecting the safety of our facilities and visitors
To conduct internal auditingContact and Account information
Payment information (where relevant)		Our legitimate interests, namely to preserve relevant records for the function of our business
To protect our property and enforce our rightsContact and Account information
Payment information (where relevant)
Security-related information		Our legitimate interests, namely protecting and enforcing our rights

Automated Decision-Making and Profiling

We do not conduct automated processing of personal data, including profiling, for the purposes of making decisions about you.

Retention of Personal Data

We will usually retain the personal data we collect about you for no longer than reasonably necessary to fulfil the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal data for longer periods of time as required under applicable law or as needed to resolve disputes or protect our legal rights.

To determine the appropriate duration of the retention of personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting, and other applicable obligations.

The criteria used to determine the period of time for which personal data about you will be retained varies depending on the legal basis under which we process your personal data:

  • Contract: Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
  • Legitimate Interest: Where we are processing personal data based on legitimate interests, we generally will retain the information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
  • Consent: Where we are processing personal data based on your consent, we generally will retain the information for the period of time necessary to fulfill the purposes for which you have provided your consent.

In certain circumstances, we may need to apply a "legal hold" that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved. In all cases, in addition to the purposes and legal bases identified above, we consider the amount, nature and sensitivity of personal data, as well as the potential risk of harm from unauthorized use or disclosure of personal data, in determining the relevant retention period.

Once retention of the personal data is no longer reasonably necessary for the purposes outlined above, we will either delete or anonymize the personal data or, if that is not possible (for example, because personal data has been stored in backup archives), we will securely store the personal data and isolate it from further active processing until deletion or anonymization is possible.

International Transfers of Personal Data

We operate and engage third-party partners and providers in various jurisdictions. Therefore, we and our third-party providers may transfer personal data to, or store, access, or process personal data in, a country other than the one in which it was collected, including, but not limited to, the United States. The country to which personal data is transferred may not provide the same level of protection for personal data as the country from which it was transferred.

We may transfer personal data about you outside of the EEA, UK, and Switzerland, and when we do so we rely on appropriate or suitable safeguards recognized under applicable law, including adequacy decisions, standard contractual clauses, and the DPF (defined below). If you would like more information on the specific safeguards we use (and to obtain a copy of such safeguards, where applicable), please contact us at contact@luzidos.com.

Adequacy Decisions

We may transfer personal data about you to countries that the relevant regulatory authority have deemed to adequately safeguard personal data, either automatically or in connection with a specific safe harbor framework.

Standard Contractual Clauses

Certain regulatory authorities have adopted standard contractual clauses, which provide safeguards for personal data transferred outside of the originating jurisdiction. We may use these standard contractual clauses when transferring personal data to a third country that has not been deemed to adequately safeguard personal data.

Data Privacy Framework

The EU-U.S., Swiss-U.S. Data Privacy Framework and UK Extension ("DPF") was designed by the U.S. Department of Commerce and the European Commission (and respectively the Swiss Council and UK Secretary of State) to ensure adequate protection for personal data transferred to a company participating in the DPF. If we transfer any personal data about you from the EEA, UK or Switzerland to a third party outside the EEA, UK or Switzerland who is participating in the DPF, we may rely on their participation in the DPF to ensure adequate protection for personal data so transferred.

We may transfer your personal data to, or store your personal data in, the following countries:

CountryAppropriate Safeguard
United States of AmericaStandard Contractual Clauses adopted by the European Commission regulation of the UK Secretary of State or Swiss Council
Sharing with recipients certified to the DPF
EEAIf you are in the UK or Switzerland, Adequacy
UKIf you are in the EEA or Switzerland, Adequacy
SwitzerlandIf you are in the UK or EEA, Adequacy

Your Additional EEA, UK, and Swiss Privacy Choices

Subject to certain limitations at law, you may be able to exercise the following rights:

  • Right to Access: The right to obtain confirmation of whether we are processing personal data about you, access to and a copy of the personal data we are processing about you, and information relating to its processing, including:
    • The categories of personal data being processed;
    • The purposes of the processing;
    • The categories of the sources of the personal data;
    • The categories of recipients to whom the personal data have been or will be disclosed;
    • The envisaged period for which the personal data will be stored, or the criteria used to determine that period;
    • Any automated decision-making or profiling performed in connection with your personal data; and
    • The safeguards relied upon for the transfer of personal data to any third country.
  • Right of Portability: The right to obtain a copy of the personal data we have collected about you in a structured, commonly used, and machine-readable format, and the right to transmit that personal data to another controller without hindrance.
  • Right to Rectification: The right to correct or update any personal data about you that is inaccurate or incomplete.
  • Right to Restriction of Processing: The right to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
  • Right to Object to Processing: The right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
  • Right to Withdraw Consent: The right to withdraw your previously provided consent to our processing of your personal data. Please note withdrawing your consent will not affect the lawfulness of our use of your personal data before your consent was withdrawn, nor our processing of personal data pursuant to a different lawful basis for processing.
  • Right to Erasure: The right to have us erase your personal data if the continued processing of that personal data is not otherwise justified.

Please note that if the exercise of these rights limits our ability to process personal data, we may not be able to provide our services to you, or otherwise engage with you in the same manner.

Submitting Privacy Rights Requests

Please submit a request specifying the right you wish to exercise by sending an email to contact@luzidos.com.

Before processing your request to exercise certain rights (taking into account the confidential nature of any personal data we maintain), we will need to verify your identity and confirm you are accessing our services or otherwise interacting with us from the EEA, UK, or Switzerland. In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us to the information we maintain about you in our systems. As a result, we require requests submitted through our online form to include first and last name, email address, phone number, state of residency and/or the date of your last transaction with us.

In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity as needed to protect your personal data or locate your information in our systems, or where you are not accessing our services or otherwise interacting with us from the EEA, UK, or Switzerland.