LumiThera, Inc. Privacy Statement

Our Privacy Statement was updated on March 29, 2021.

 

This LumiThera Privacy Statement (this “Privacy Statement”) describes information that LumiThera, Inc. and its affiliates (collectively, “LumiThera”) collect, use, process, share, and store, including information that may personally identify you, such as your name, email address, shipping address, and other data described below.

This document focuses on information related to (1) your inquiry, purchase, and use of LumiThera products, including the Valeda® Light Delivery System, and treatment credits necessary to operate the Valeda Light Delivery System, (2) operation of the public websites available at lumithera.com and all subdomains, including access to and use of LumiThera’s e-commerce website for the purchase of LumiThera Products (the “LumiThera Websites”), and (3) your participation in any LumiThera studies or the receipt of any additional services from LumiThera (collectively, “LumiThera Products”).

BY PURCHASING, USING, PARTICIPATING IN, OR INQUIRING ABOUT ANY LUMITHERA PRODUCTS, YOU AGREE TO THE TERMS OF THIS PRIVACY STATEMENT, AND YOU EXPRESSLY CONSENT TO THE COLLECTION, USE, PROCESSING, AND DISCLOSURE OF YOUR PERSONAL DATA IN ACCORDANCE WITH THIS PRIVACY STATEMENT.

What information does LumiThera collect?

As you interact with LumiThera or any of its distributors or representatives, LumiThera may collect the following information about you:

• Identity data – this means data that allows someone to identify or contact you and may include your name, gender, profession, title, place of work, and similar information identifying you;
• Contact information – this may include your email address, telephone number, physical address, shipping address, and other information used to contact you;
• Profile data – this may include your username and password, in addition to any other information you provide in connection with establishing and maintaining a LumiThera profile or account;
• Transaction data – this may include details about your LumiThera Product purchases and participation;
• Payment information – this may include bank routing and account numbers, credit card numbers, your billing address, and other information used to process payment for any LumiThera Products you purchase;
• Technical data – this may include data associated with the connection of any LumiThera Product or your personal computer to the internet, such as internet protocol (IP) addresses, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technical information about the devices you use to access LumiThera Websites;
• Usage data – this may include information about how you use LumiThera Websites and LumiThera Products;
• Regulatory data – this may include information you report to us and additional information we request from you in connection with your user experience;
• Marketing and communications data – this may include your preferences in receiving marketing and other communications from LumiThera; and
• General correspondence – this may include the subject matter and content of any electronic, written, or other correspondence you communicate to LumiThera, whether inquiry, comment, adverse event, warranty claim, or otherwise.

LumiThera may also collect, use, process, share, and store anonymous data, for example, statistical or demographic information, for any purpose.  Anonymous data may be derived from your interactions with LumiThera, but is not considered personal data, as it does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific LumiThera Website feature.  However, if we combine or connect this anonymous data with your personal data so that it can directly or indirectly identify you, LumiThera treats the combined data as personal data, which will only be used in accordance with this Privacy Statement.

How is your personal data collected? 

LumiThera collects personal data through direct interaction, automated technologies, and from third parties.

When you contact LumiThera requesting information, providing feedback, or in connection with participating in or purchasing a LumiThera Product, you may explicitly provide us with your identity data, contact information, profile information, payment information, marketing and communications information, and general correspondence.  This information is typically communicated to LumiThera by you submitting online electronic forms, by written contract, by email, in-person, or over the phone.

Personal data is collected by automated technologies and interactions. As you interact with LumiThera Websites, your technical data and usage data may be automatically recorded.  We collect this personal data by using cookies, server logs, web beacons, and other similar technologies, as more fully described in the section below titled “Cookies”.

Personal data may also be submitted to us by third parties.  Generally, these third parties will be LumiThera Product distributors and representatives, through whom you have purchased or are purchasing LumiThera Products.  Please carefully review the privacy policies of any third parties with whom you may provide personal data, including their policies on sharing your personal data.

How does LumiThera use the information it collects?

We use this information to respond to your requests, enable you to purchase, receive, use, and participate in LumiThera Products, transmit payment, administer and protect our business and your personal data, improve the LumiThera Products, satisfy legal obligations, and provide you with relevant information on LumiThera and the LumiThera Products.

We may also use this information in a non-identified form for research purposes and to help us make sales, marketing, and business decisions. For example, we may use aggregated information as part of a study on the use and effectiveness of photobiomodulation treatments.

We may use service providers to perform some of these functions. Those service providers are restricted from sharing your information for any other purpose.

We use industry-standard methods to help keep this information safe and secure while it is transmitted over your network and through the Internet to our servers. Depending on your location and type of data, LumiThera may process your personal information on servers that are not in your home country.

In general, for purposes of applicable law, LumiThera is a controller of the information collected in connection with LumiThera Products.

Our legal basis for processing information

We process your information for the purposes described in this Privacy Statement based on the following legal grounds: (1) providing you with LumiThera Products under contract, (2) pursuing legitimate interests, or (3) complying with legal obligations.

When we provide a LumiThera Product, we process your data to deliver and support a product or service you have requested under contract, including our Terms and Conditions of Sale and Terms of Use.

When we pursue legitimate interests, we process your information for our legitimate interests and those of third parties while applying appropriate safeguards that protect your privacy. These interests may include:

• offering and improving LumiThera Products;
• developing new products and features;
• understanding how people use LumiThera Products;
• discussing participation in clinical trials;
• performing research that improves LumiThera Products;
• sending you information about LumiThera Products consistent with your preferences;
• protecting against harm to the rights, property, and safety of LumiThera, our users, and the public;
• detecting, preventing, or otherwise addressing fraud, abuse, security or technical issues with our services;
• maintaining and improving the integrity of our computing systems, and protecting our users’ data security; and
• enforcing legal claims, including investigation of potential violations of applicable Terms of Service.

When we comply with legal obligations, we process your data when we have a legal obligation to do so, for example, if LumiThera must respond to a legal process or an enforceable governmental request.

In what circumstances does LumiThera share my information?

We will not share personal information for any commercial or marketing purposes unrelated to your purchase, use, or participation in LumiThera Products without first obtaining your consent.  We do not rent or sell our customer lists. The following are the limited situations where we may share personal information:

• We have vendors, service providers, and technicians who help with some of our product shipping, and data processing and storage, including helping to answer your questions. They may also assist with monitoring our servers for technical problems. These technicians (as well as LumiThera employees) can access certain information about you or your account in line with this work, but these technicians are not allowed to use this data for non-LumiThera purposes.
• Upon the sale or transfer of the company and/or all or part of its assets, your personal information may be among the items sold or transferred. We will request a purchaser to treat our data under the privacy statement in place at the time of its collection.
• We will share personal information with third parties if we have a good faith belief that access, use, preservation or disclosure of the information is reasonably necessary to (i) meet any applicable law, regulation, legal process or enforceable government request; (ii) enforce LumiThera policies or contracts, including investigation of potential violations; (iii) detect, prevent or otherwise address fraud, security or technical issues; (iv) protect against harm to the rights, property or safety of LumiThera, our users or the public as required or permitted by law.
• In the event that we intend to enter into a major corporate transaction, such as the merger or sale of all or a part of our business, we may disclose certain of your personal data to potential buyers, underwriters, or advisors. If we do this, we will take reasonable precautions to ensure that the recipients of your personal data are obligated to keep it confidential.

We may share non-personal information (for example, aggregated or anonymized customer data) publicly and with our partners. For example, we may publish trends about photobiomodulation treatment adoption.  We may also share non-personal information with our distributors and sales representatives, investors, and treatment professionals.  We take steps to keep this non-personal information from being associated with you, and we require other parties to do the same.

If you purchase a LumiThera Product from a party other than LumiThera, for example, a distributor of LumiThera Products or an independent sales representative, or hire an outside party to setup or provide service to your LumiThera Products, and you share your personal information with those parties, we cannot control the collection, storage or sharing of information collected by that party. For example, a party that services your LumiThera Product may retain information that you provided to them in connection with the service. Always check the privacy policies of any company that collects your personal information.

How do I have my personal information deleted, changed, or updated?

LumiThera generally stores your personal information on third-party servers of well-recognized data management and networking companies for as long as you remain a LumiThera customer, or a reasonable period of time to respond to your requests or provide you with information about LumiThera Products, or until you request deletion of your personal information.  In addition, LumiThera may store your personal information to resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

LumiThera respects your privacy and realizes that not everyone wants their personal information stored or processed.  With that in mind, please notify us if you would like to do any of the following:

• Seek confirmation regarding whether LumiThera is processing your personal data;
• Review and receive a copy of the personal data we hold about you;
• Correct or amend any incomplete or inaccurate data we may hold about you;
• Have your personal data deleted from our servers, subject to potential competing legal interests; Object to the processing of your personal data or request a suspension of such processing; or
• Withdraw your consent to the processing of your personal data.

You may request such action by emailing privacy@lumithera.com, or by submitting your requests to LumiThera in writing at:

Please note that withdrawing your consent, deleting your personal data, or otherwise limiting how LumiThera processes your personal data may impact your use of the LumiThera Products, or prevent LumiThera from being able to provide certain products or services to you.

To further protect your privacy, LumiThera will endeavor to take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.

We endeavor to respond to all requests within 30 days.  In some instances, if your request is particularly complex or you have made a number of requests, it may take longer to complete your requests.  In those circumstances, we will notify you of the status of your requests and provide updates on progress.

How does LumiThera protect my personal information when it is transferred internationally?

Your personal information may be collected, processed, and stored by LumiThera or its service providers in the United States and other countries where our servers reside. Please be aware that the privacy protections and legal requirements, including the rights of authorities to access your personal information, in the United States and other countries may not be equivalent to those in your country.

We may share, as described in this Privacy Statement, information with our affiliates and subsidiaries, and third parties. We may disclose information in response to legal process and lawful requests by public authorities in the United States and other countries for the purposes of law enforcement and national security. With certain service providers we may use specific contractual clauses approved by the European Commission, designed to provide personal data the same protection it has in Europe, as required or permitted by Articles 46 and 49 of the General Data Protection Regulation.

If you are using LumiThera Products outside the United States, by accepting this Privacy Statement you consent to the transfer of your personal data to the United States and other countries where LumiThera operates, in accordance with this Privacy Statement.

Cookies

We use and engage certain providers to use cookies, web beacons, and similar tracking technologies (collectively, “Cookies”) on LumiThera Websites.

Cookies are small amounts of data that are stored on your browser, device, or the page you are viewing. Some Cookies are deleted once you close your browser, while other Cookies are retained even after you close your browser so that you can be recognized when you return to a website.

We use Cookies to help provide you with applicable information on the LumiThera Websites, to gather information about your usage patterns to enhance your personalized experience on LumiThera Websites, and to understand usage patterns to improve the LumiThera Website experience and LumiThera Products.

Cookies on the LumiThera Websites may consist of the following types:

• Operational Cookies: These are required for the operation of our LumiThera Websites. They include, for example, cookies that enable you to log into secure areas.
• Analytical/Performance Cookies: These allow us to recognize and count the number of users of our LumiThera Websites and understand how such users navigate through the LumiThera Websites. This helps to improve how the LumiThera Websites work, for example, by ensuring that users can find what they are looking for easily. These Cookies are session cookies which are erased when you close your browser. We use Google Analytics, and you can see below ways to control the use of Cookies by Google Analytics.
• Functional Cookies: These improve the functional performance of our LumiThera Websites and make the sites easier for you to use. For example, Cookies are used to remember that you have previously visited the LumiThera Websites and have been asked to remain logged in. These Cookies qualify as persistent cookies, because they remain on your device for us to use during a next visit to our the LumiThera Websites. You can delete these Cookies via your browser settings.
• Cookie Pop Up: We use a Cookie to determine if you have consented to our use of Cookies and our Privacy Statement, and to ensure we do not show it to you again when you accept it.

Your acceptance of Cookies may be modified by changing your Internet browser settings. These settings are typically located under the sections “Help” or “Internet Options” in your Internet browser. If you disable or delete certain Cookies in your Internet browser settings, you might not be able to access or use important functions or features of the LumiThera Websites, and you may be required to re-enter your log-in details.

Minors

LumiThera Products do not knowingly collect or store any personal information from anyone under the age of 18.  Only individuals aged 18 and older are permitted to purchase and use LumiThera Products, and only if they agree to be bound by the terms of this Privacy Statement, our Terms of Service, and our Terms and Conditions of Sale.

Can the Privacy Statement be changed?

Please note that this Privacy Statement may change from time to time. We will provide notice of any changes on the LumiThera Website or by contacting you. Any changes to this Privacy Statement will be effective upon the earlier of thirty (30) calendar days following our posting of notice of the changes on the LumiThera Website, or thirty (30) calendar days following our dispatch of an e-mail notice to you.

Changes to this Privacy Statement may affect our use of personal data that you provided us prior to our notification to you of the changes. If you do not wish to permit changes in our use of your personal data, you must notify us prior to the effective date of the changes that you wish to deactivate your account with us. Continued use of the LumiThera Website or Products following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

How can I contact LumiThera?

If you have any questions regarding this Privacy Statement, you may submit an inquiry to LumiThera via email at privacy@lumithera.com or by mailing your requests to LumiThera at:

 

COR 0012 REV A LumiThera Privacy Statement