Privacy Notice for Lumos.Tech
This privacy notice tells you what personal data and non-personal data we may collect from you as you use this website and its services. It includes how the data is collected, protected and in some limited cases, shared with other parties. You can also make requests to access, change and delete personal data that has been collected.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our services, you’re agreeing to be bound by this Policy.
Legal basis for collecting and processing your personal and non-personal data
When you load a page on Lumos.Tech, data is collected for the technical operation of the website, such as security protocols looking for malicious activity that could lead to defacement or a data breach. We thereby have a legitimate interest in monitoring the site’s performance in order to provide a positive experience for visitors. The legal basis for other data collection, such as names and email addresses you submit when signing up for a newsletter, is based on the consent you provide when you elect to join the mailing list, use a contact form, or other direct interaction.
We Collect Your Personal Data in the Following Ways
We automatically receive information from your web browser or mobile device. This information may include the name of the website from which you entered our website, if any, as well as the name of the website you’ll visit when you leave our website, your Internet service provider’s name, your web browser type, the type of mobile device, your computer operating system, and data about your browsing activity when using our website. We use all this information to analyze trends among our users to help improve our website. From time to time, Lumos.Tech may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
Shopping on Lumos.Tech is facilitated by the WooCommerce family of plugins. To help make your shopping experience easy and secure, some data is collected about your visit to the Shop, Product and Checkout pages. Your IP address and browser are read to calculate your location for the purpose of shipping and sales tax estimates. Cookies are placed on your browser to keep track of whatever items you add to your shopping cart before checking out.
If you complete a purchase, we will gather enough information to process your payment and ship your orders. This then requires the gathering and retention of your name, address, and email address. While you enter your credit card number as part of the check-out process, that is processed by Stripe, and your credit card information is never stored on our server. We won’t sell, rent or trade your information with other parties, but we will hang on to your information to make sure your order is processed successfully and that we meet other record-keeping obligations, such as reporting sales tax.
If you share your email with us, but don’t complete your order, we may follow-up with you via email managed by Mailchimp. This is separate from the newsletters we manage through Mailchimp, and in this case your email is only retained for 30 days.
We use a service called Viral Loops to help promote our products and offer discounts on users’ purchases. If you make use of their promotions, they may, as a third party processor, collect potentially personally identifiable information about you, such as your email address. If you share the referral links they provide, they may track the performance and integrity of those promotions with cookies, web beacons, etc. To find out more about Viral Loops and how to opt-out of their tracking in general, please see their Cookie Statement.
If you choose to add a comment to any published post, the name and email address you enter with your comment will be saved to this website’s database, along with your Internet Protocol (IP) address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third party data processors
Your comment and its associated personal data will remain on this site until we see fit to either 1.) remove the comment or 2.) remove the blog post. Should you wish to have the comment and its associated personal data deleted, please email us here using the email address that you commented with.
If you are under 16 years of age you must obtain parental consent before posting a comment on the site.
NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website.
The contact form asks for your consent to transmit PD such as your email address and name in order to facilitate communication. That data is not stored in our database, and is instead collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way. Therefore, we would suggest that you always consider email as an insecure medium and not include confidential or sensitive information within an email.
Concluded conversations will be deleted from those inboxes after 30 days. None of this personal information will be used for marketing purposes.
If you choose to join our email newsletter, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor. The email address that you submit will not be stored in Lumos.Tech’s database or other computer systems.
Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you must obtain parental consent before joining our email newsletter.
This data is not shared or resold to other parties.
Our website uses Google Analytics to collect information about the use of our website, but not to collect any personal data. When you load the site, your IP address is anonymized so that it cannot be used to trace you as an individual while still letting us gather information about how users interact with our site. Google Analytics will still place cookies on your computer to track items like visit duration, but it does so without including personal information.
All activity falls within the bounds of the Google Analytics Terms of Service. For more information on how Google collects and processes your data, visit https://www.google.com/policies/privacy/partners/. Or to opt-out of Google Analtyics across all websites, consider using the tool at https://tools.google.com/dlpage/gaoptout
We use security plugins like Wordfence to prevent hacks, break-ins, etc. Those plugins necessarily look at your IP address to ensure that you’re not engaged in malicious activity, as well as block IP addresses as that violate security rules. Wordfence does analyze the activity of IP addresses to look for larger security trends and risks across the internet, and as such we consider Wordfence and their parent company, Defiant, Inc., to be a third party data processor. Contact us if you need the data they process to be removed.
This site is hosted by SiteGround, based in the United States. Any data originating or stored on the site, including any personal information submitted by users, will be stored and/or processed in the United States. Data is hosted from a secured environment, and backups are only accessible by the site owner and administrator.
We use Secure Sockets Layer (SSL) software to encrypt the information you enter on our Site in order to protect its security during transmission to and from our Site.
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen. Since we don’t keep your personal data on our server, this is unlikely to happen, but of course it’s good to have a plan in place.
Internal Data Retention
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Third Party Processors
We use a number of third parties to process personal data on our behalf. These third parties are based in the USA and are EU-U.S Privacy Shield compliant.
- Wordfence/Defiant Inc. (Data processing agreement)
We will not sell or rent your information to third parties.
When using our website and submitting personal data to us, you may have certain rights under the General Data Protection Regulation (GDPR) and other laws. Depending on the legal basis for processing your personal data, you may have some or all of the following rights:
- You have the right to be informed about the personal data we collect from you, and how we process it.
- You have the right to get confirmation that your personal data is being processed and have the ability to access your personal data.
- You have the right to have your personal data corrected if it is inaccurate or incomplete.
- You have the right to request the removal or deletion of your personal data if there is no compelling reason for us to continue processing it.
- You have a right to ‘block’ or restrict the processing of your personal data. When your personal data is restricted, we are permitted to store your data, but not to process it further.
- You have the right to request and get your personal data that you provided to us and use it for your own purposes. You may also request that we remove that data from our records here.
All that said, there are some unusual instances when we may be legally required to disclose your Personal Data. These may include the following:
- We are required by subpoena, law, or other legal process;
- Disclosure is necessary to assist law enforcement officials or government enforcement agencies
- Disclosure is necessary to investigate violations of or otherwise enforce our Legal Terms
- Disclosure is necessary to protect us from legal action or claims from third parties, including you and/or other users or members;
- Disclosure is necessary to protect the legal rights, personal/real property, or personal safety of our company, users, employees, and affiliates.
If you have privacy-specific questions, please contact us here.
If you feel that you need to file an unaddressed complaint about how your personal data is handled, you have the right to contact regulatory or judicial authorities about the matter.