Privacy Policy

Privacy Policy and Data Protection Information

In the following,

LUCID Vision Labs GmbH
Renntalstr. 14
D-74360 Ilsfeld
sales(a)thinklucid.com
1-833-465-8243

registered with the company register at the local court (Amtsgericht) Stuttgart, registry number: HRB 764125
legally represented by its managing directors Rod Barman and Victor Mok.

(hereafter “LUCID Vision Germany or we”)

provides information on its processing of personal data pursuant to Art. 13 and 14 of the European General Data Protection Regulation (“GDPR”).

The terms used in the following such as e.g. “controller” have the meaning as defined in GDPR, art. 4.

A.  Contact details of our Data Protection Officer

Please direct all questions to:

LUCID Vision Labs
Data Protection Officer
Address: 130-13200 Delf Place, Richmond B.C.
Phone: 1-833-465-8243
Email: privacy(a)lucidvisionlabs.com

B.   Categories and Sources of Personal Data

We process the following (categories of) personal data :

Categories of personal data processedTypes of personal data within categorySource of personal data
Online Customer Data
a) Online Sales Inquiry forms
b) Online Marketing Email sign-up form
c) Online Technical Support form
d) Online Registration form
e) Online Checkout form
a) First and Last Name, Email, Phone, Company Name, Country
b) First and Last name, Email, Company Name, Country
c) First and Last name, Email, Country, Subject Line, Message
d) First and Last name, Email, Company, Country, IP address
e) Billing and Shipping address
a) https://thinklucid.com/contact-us/
b) https://thinklucid.com/sign-up/
c) https://thinklucid.com/support/
d) https://thinklucid.com/my-account/
e) https://thinklucid.com/checkout/
On Location Events
a) Badge Scanning
b) Business Card Collection
a) First and Last Name, Email, Phone, Company Name, Job Title, Company Address, Company Industry
b) First and Last name, Email, Phone, Company Name, Job Title
a, b) Trade shows, events, conferences
Website Usage Data
Google AnalyticsOur site uses Google Universal Analytics web analysis, product of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043. Google analytics is set to anonymize IP addresses. The IP anonymization is enabled and your IP address is then abbreviated by Google before being transferred within the member states of the European Union or other parties to the Agreement on the European Economic Area.

We DO NOT enable Google Remarketing, Demographics, Interests Tracking,  User-ID or Enhanced Link Attribution.

Accessing and using https://thinklucid.com website.

C. Intended Purposes of Processing and Legal Basis for Processing

We process the (categories of) personal data (indicated above in section B.) for the following purposes and on the following legal basis. Where applicable, the legitimate interests pursued by us or by a third party are indicated as well.

Categories of personal data Intended purpose of processingLegal basis for processingRecipients
Online Customer Data
All our online forms (a), (b), (c), (d), (e) are intended for managing business relationships with business partners and to further facilitate legitimate business interests.

For our (d) Online Registration form (https://thinklucid.com/my-account), we collect the IP address for security reasons and may choose to block website login entry based on the number of attempts or other security threats. IP addresses are kept for 15 days unless an address is added to our security blacklist.

For our (e) Online Checkout form (https://thinklucid.com/checkout/), we collect shipping and billing address and store them in our servers. However, credit card number, credit card expiry date, credit card CVS number and credit card name are not stored on our servers. Credit card information is processed by Global Payments for USD ($) currency orders and Saferpay by SIX Payment Services AG for EURO (€) orders.

Art. 6 para. 1 lit. (f) GDPR; LUCID’s reasonable business interest is the facilitation of the management of its business relationships with business partners.
Recipients for this information are the Sales and Marketing departments of LUCID Vision Labs. This information is stored in ZOHO CRM Cloud services with servers located in the USA and EU. Company address of ZOHO Corporation is 4141 Hacienda Drive, Pleasanton, California 94588, USA. For more information of ZOHO GDPR compliance please visit https://www.zoho.com/lp/gdpr.html
For customers who follow through with a purchase either by phone, email or our online checkout (e), personal data is transferred to LUCID internal ERP system with servers located in the Canadian office. No credit card information is stored in our system. Online credit card information is processed either through Global Payments or Saferpay by SIX Payment Services through our site by a secure hosted payment portal (HPP) by an iFrame. Global Payments Realex Payments is a PCI DSS v3.2.1-compliant HPP solution and fully PCI level 1-compliant. Saferpay by SIX Payment Services is PCI DSS v3.2.1-compliant HPP. Both payment gateways employ 3-D Secure 2.0.
On Location Events
Badge scanning and business card collection (a), (b) are intended for managing business relationships with business partners and to further facilitate legitimate business interests.
Art. 6 para. 1 lit. (f) GDPR; LUCID’s reasonable business interest is the facilitation of the management of its business relationships with business partners.
Recipients for this information are the Sales and Marketing departments of LUCID Vision Labs. This information is stored in ZOHO CRM Cloud services.
For customers who follow through with a purchase, personal data is transferred to LUCID internal ERP system with servers located in the Canadian office.

Website Usage Data

 

To evaluate your use of the LUCID website, to compile reports about website activity, and to provide further information about the website use and the services connected to Internet use with respect to LUCID Vision Labs.Art. 6 para. 1 lit. (f) GDPR; LUCID’s reasonable business interest is the improvement of LUCID’s website and user experience therein.The Marketing department of LUCID, located in the Canadian office, will be the recipient of this information.

D. Transfer of personal data to third countries and / or international organizations

We intend to transfer personal data to the following third countries (countries outside the European Economic Area) and / or international organisations:

Categories of personal dataThird country / international organizationRecipient(s)Existence or absence of adequacy decision / appropriate or suitable safeguard
Online Customer Data, On Location EventsCanada

Sales, Marketing, and Accounting Departments of LUCID Vision Labs, inc.

There is an adequacy decision by the Commission on the basis of Directive 95/46, art. 25, para 6 for Canada (2002/2/EC: Commission Decision of 20 December 2001; http://data.europa.eu/eli/dec/2002/2(1)/oj)
Customer Order NumberGlobal Payments or SIX Payment Services

Global Payments – Realex Payment Gateway
SIX Payment Services – Saferpay

LUCID Vision Labs stores no credit card details on our web servers. All credit card information is processed through either Global Payment Realex Payments or Saferpay by SIX Payment Services. Global Payments Realex Payments is a PCI DSS v3.2.1-compliant redirect solution and fully PCI level 1-compliant. Saferpay by SIX Payment Services is a PCI DSS v3.2.1-compliant redirect solution using 3-D Secure 2.0
Online Customer Data, On Location EventsJapan

Sales and Marketing Departments of LUCID Vision Labs, G.K.

EU Standard Contractual Clauses ‘controller-to-controller’. Adequacy talks are ongoing with Japan
Website Usage DataCanada

Marketing Department of LUCID Vision Labs, inc

There is an adequacy decision by the Commission on the basis of Directive 95/46, art. 25, para 6 for Canada (2002/2/EC: Commission Decision of 20 December 2001; http://data.europa.eu/eli/dec/2002/2(1)/oj)

E.  Automated decision-making, including profiling

We do not use any automated decision-making or automated profiling. We use general profiling: e.g. segmentation, and non-automated decision-making based on general profiling.

F. Period for which personal data will be stored

The period for which personal data will be stored is listed in the following or is determined by the following criteria:

Categories of personal data
(refer to section B above for category details)
Period for which personal data will be stored / criteria determining time period
Online Customer Data6 years unless requested by user. IP address collected from (d) Online registration form is kept for 15 days.
On Location Events6 years unless requested by user.

Website Usage (Google Analytics)

Website usage data will be kept for 50 months.

G.   Requirement or obligation to provide personal data and consequences of failure to provide such data

The provision of the following personal data is a statutory or contractual requirement/obligation, or a requirement necessary to enter into a contract:

Categories of personal data processedRequirement / obligationPossible consequences of failure to provide such data
Online Customer Data, On Location EventsWe require this customer data to respond to your product or company inquiry from the closest corresponding LUCID Sales region and LUCID Sales Specialist.Without this data, LUCID will be unable to communicate with you or will be unable to communicate with relevant information or wrong regional language.
Website Usage DataThis data is needed to continuously improve and update the website experience for users.LUCID will be unable to improve the website user experience.

H.   Cookies and web analytics

A “cookie” is a small piece of information stored on your computer by a web page. It is used to identify you to the web server. It tells the server who you are when you return to a page on the same website. Your browser will only send a cookie back to the domain that originally sent it to you.

Most web browsers automatically accept cookies, but if you do not wish to have cookies on your system, you should adjust your browser settings to decline them or to alert you when cookies are being sent. You may prevent the installation of cookies by adjusting the settings of your browser; however, if you do so, you may be unable to use all features of this website. Further, you may prevent the collection of data generated by cookies and related to the use of these websites, as well as the processing of such data by Google, by downloading and installing the plug-in under the following link: https://tools.google.com/dlpage/gaoptout?hl=en

The following cookies and web tracking tools are used on our website:

ProviderCookie File NameUsage
Google Analytics

Settings:
Anonymize IP is TRUE,
Data Collection Remarketing & Advertising Reporting Features DISABLED,
User-ID is DISABLED,
Data Sharing Settings:
Google products & services is DISABLED,
Benchmarking is DISABLED,
Technical support is DISABLED,
Adsense Link is DISABLED
Accepted data processing agreement with Google on 29 January 2021

_ga

_gid

_gat

_ga – Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

_gid – Registers a unique ID that is used to generate statistical data on how the visitor uses the website.

_gat – Used to throttle request rate

ZOHO formsJSESSIONID

1d5486508f*

iamcsr

zfccn

JSESSIONID – Preserves users states across page requests. Cookie is created/sent when session is created.

1d5486508f – Created by using of online forms. This alphanumeric cookie is to route the request to the ZOHO server of the request. *This is just an example, it might be a different alphanumeric name for your session.

iamcsr – This is ZOHO‘s CSRF prevention cookie. It is an anti-forgery token cookie used to prevent Cross-site request forgery (CSRF).

zfccn –  authentication cookie used for Zoho Forms.

thinklucid.comPHPSESSID

wordpress_test_cookie

wp-wpml_current_language

aelia_cs_selected_currency

aelia_customer_country

PHPSESSID – A session cookie. As you browse around the pages on this site, the session cookie tells the website that you are the same person requesting the webpages, and not a new visitor to each page. This cookie does not identify you personally and is not linked to any other information we store about you.

wordpress_test_cookie – WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.

wp-wpml_current_language – Saves the user’s preferred language on the website.

aelia_cs_selected_currency – Saves the user’s currency based on billing country

aelia_customer_country – A session cookie to store customer country, used to set currency

I.   Rights of the data subject

I.    Access, rectification, erasure, restriction, data portability

With regard to the processing of personal data, you have the following rights:

Right to access means the right to obtain from us whether your data are being pro-cessed and, where applicable, have access to further information on the processing (GDPR, art. 15).

Right to rectification and right to erasure means the right to obtain the rectification of inaccurate and/or incomplete personal data concerning you, as well as the erasure of data when the request is legitimate (GDPR, art. 16 and 17).

Right to restriction of processing means the right to request suspension of the processing when the request is legitimate (GDPR, art. 18).

Right to data portability means the right to obtain personal data concerning you in a structured format, ordinary used and readable, as well as the right to transfer such data to other controllers (GDPR, art. 20).

II.     Right to object

You have the right to object on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1) (e) or (f) GDPR (see section C above), including profiling based on those provisions pursuant to Art. 21 (1) GDPR.

Where personal data are processed for direct marketing purposes (see section C above), you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing pursuant to Art. 21 (2) GDPR.

III.     Right to withdraw consent

Where the processing is based on your consent (GDPR, art. 6, para. 1, subpapara (a) or GDPR, art. 9, para. 2, subpara (a); see section C above), you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

IV.     Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR).

As of: May 28th, 2018