Privacy Policy and Data Protection Information
In the following,
LUCID Vision Labs GmbH
Renntalstr. 14
D-74360 Ilsfeld
sales(a)thinklucid.com
1-833-465-8243
registered with the company register at the local court (Amtsgericht) Stuttgart, registry number: HRB 764125
legally represented by its managing directors Rod Barman and Victor Mok.
(hereafter “LUCID Vision Germany“ or “we”)
provides information on its processing of personal data pursuant to Art. 13 and 14 of the European General Data Protection Regulation (“GDPR”).
The terms used in the following such as e.g. “controller” have the meaning as defined in GDPR, art. 4.
A. Contact details of our Data Protection Officer
Please direct all questions to:
LUCID Vision Labs
Data Protection Officer
Address: 130-13200 Delf Place, Richmond B.C.
Phone: 1-833-465-8243
Email: privacy(a)lucidvisionlabs.com
Table of Contents
A. Contact details of our Data Protection Officer
B. Categories and sources of personal data
C. Intended purposes of processing and legal basis for processing
D. Transfer of personal data to third countries and / or international organizations
E. Automated decision-making, including profiling
B. Categories and Sources of Personal Data
We process the following (categories of) personal data :
Categories of personal data processed | Types of personal data within category | Source of personal data |
---|---|---|
Online Customer Data | ||
a) Online Sales Inquiry forms b) Online Marketing Email sign-up form c) Online Technical Support form d) Online Registration form e) Online Checkout form | a) First and Last Name, Email, Phone, Company Name, Country b) First and Last name, Email, Company Name, Country c) First and Last name, Email, Country, Subject Line, Message d) First and Last name, Email, Company, Country, IP address e) Billing and Shipping address | a) https://thinklucid.com/contact-us/ b) https://thinklucid.com/sign-up/ c) https://thinklucid.com/support/ d) https://thinklucid.com/my-account/ e) https://thinklucid.com/checkout/ |
On Location Events | ||
a) Badge Scanning b) Business Card Collection | a) First and Last Name, Email, Phone, Company Name, Job Title, Company Address, Company Industry b) First and Last name, Email, Phone, Company Name, Job Title | a, b) Trade shows, events, conferences |
Website Usage Data | ||
Google Analytics | Our site uses Google Universal Analytics web analysis, product of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043. Google analytics is set to anonymize IP addresses. The IP anonymization is enabled and your IP address is then abbreviated by Google before being transferred within the member states of the European Union or other parties to the Agreement on the European Economic Area. We DO NOT enable Google Remarketing, Demographics, Interests Tracking, User-ID or Enhanced Link Attribution. | Accessing and using https://thinklucid.com website. |
C. Intended Purposes of Processing and Legal Basis for Processing
We process the (categories of) personal data (indicated above in section B.) for the following purposes and on the following legal basis. Where applicable, the legitimate interests pursued by us or by a third party are indicated as well.
Categories of personal data | Intended purpose of processing | Legal basis for processing | Recipients |
---|---|---|---|
Online Customer Data | All our online forms (a), (b), (c), (d), (e) are intended for managing business relationships with business partners and to further facilitate legitimate business interests. For our (d) Online Registration form (https://thinklucid.com/my-account), we collect the IP address for security reasons and may choose to block website login entry based on the number of attempts or other security threats. IP addresses are kept for 15 days unless an address is added to our security blacklist. For our (e) Online Checkout form (https://thinklucid.com/checkout/), we collect shipping and billing address and store them in our servers. However, credit card number, credit card expiry date, credit card CVS number and credit card name are not stored on our servers. Credit card information is processed by Global Payments for USD ($) currency orders and Saferpay by SIX Payment Services AG for EURO (€) orders. | Art. 6 para. 1 lit. (f) GDPR; LUCID’s reasonable business interest is the facilitation of the management of its business relationships with business partners. | Recipients for this information are the Sales and Marketing departments of LUCID Vision Labs. This information is stored in ZOHO CRM Cloud services with servers located in the USA and EU. Company address of ZOHO Corporation is 4141 Hacienda Drive, Pleasanton, California 94588, USA. For more information of ZOHO GDPR compliance please visit https://www.zoho.com/lp/gdpr.html For customers who follow through with a purchase either by phone, email or our online checkout (e), personal data is transferred to LUCID internal ERP system with servers located in the Canadian office. No credit card information is stored in our system. Online credit card information is processed either through Global Payments or Saferpay by SIX Payment Services through our site by a secure hosted payment portal (HPP) by an iFrame. Global Payments Realex Payments is a PCI DSS v3.2.1-compliant HPP solution and fully PCI level 1-compliant. Saferpay by SIX Payment Services is PCI DSS v3.2.1-compliant HPP. Both payment gateways employ 3-D Secure 2.0. |
On Location Events | Badge scanning and business card collection (a), (b) are intended for managing business relationships with business partners and to further facilitate legitimate business interests. | Art. 6 para. 1 lit. (f) GDPR; LUCID’s reasonable business interest is the facilitation of the management of its business relationships with business partners. | Recipients for this information are the Sales and Marketing departments of LUCID Vision Labs. This information is stored in ZOHO CRM Cloud services. For customers who follow through with a purchase, personal data is transferred to LUCID internal ERP system with servers located in the Canadian office. |
Website Usage Data
| To evaluate your use of the LUCID website, to compile reports about website activity, and to provide further information about the website use and the services connected to Internet use with respect to LUCID Vision Labs. | Art. 6 para. 1 lit. (f) GDPR; LUCID’s reasonable business interest is the improvement of LUCID’s website and user experience therein. | The Marketing department of LUCID, located in the Canadian office, will be the recipient of this information. |
D. Transfer of personal data to third countries and / or international organizations
We intend to transfer personal data to the following third countries (countries outside the European Economic Area) and / or international organisations:
Categories of personal data | Third country / international organization | Recipient(s) | Existence or absence of adequacy decision / appropriate or suitable safeguard |
---|---|---|---|
Online Customer Data, On Location Events | Canada | Sales, Marketing, and Accounting Departments of LUCID Vision Labs, inc. | There is an adequacy decision by the Commission on the basis of Directive 95/46, art. 25, para 6 for Canada (2002/2/EC: Commission Decision of 20 December 2001; http://data.europa.eu/eli/dec/2002/2(1)/oj) |
Customer Order Number | Global Payments or SIX Payment Services | Global Payments – Realex Payment Gateway | LUCID Vision Labs stores no credit card details on our web servers. All credit card information is processed through either Global Payment Realex Payments or Saferpay by SIX Payment Services. Global Payments Realex Payments is a PCI DSS v3.2.1-compliant redirect solution and fully PCI level 1-compliant. Saferpay by SIX Payment Services is a PCI DSS v3.2.1-compliant redirect solution using 3-D Secure 2.0 |
Online Customer Data, On Location Events | Japan | Sales and Marketing Departments of LUCID Vision Labs, G.K. | EU Standard Contractual Clauses ‘controller-to-controller’. Adequacy talks are ongoing with Japan |
Website Usage Data | Canada | Marketing Department of LUCID Vision Labs, inc | There is an adequacy decision by the Commission on the basis of Directive 95/46, art. 25, para 6 for Canada (2002/2/EC: Commission Decision of 20 December 2001; http://data.europa.eu/eli/dec/2002/2(1)/oj) |
E. Automated decision-making, including profiling
We do not use any automated decision-making or automated profiling. We use general profiling: e.g. segmentation, and non-automated decision-making based on general profiling.
F. Period for which personal data will be stored
The period for which personal data will be stored is listed in the following or is determined by the following criteria:
Categories of personal data (refer to section B above for category details) | Period for which personal data will be stored / criteria determining time period |
---|---|
Online Customer Data | 6 years unless requested by user. IP address collected from (d) Online registration form is kept for 15 days. |
On Location Events | 6 years unless requested by user. |
Website Usage (Google Analytics) | Website usage data will be kept for 50 months. |
G. Requirement or obligation to provide personal data and consequences of failure to provide such data
The provision of the following personal data is a statutory or contractual requirement/obligation, or a requirement necessary to enter into a contract:
Categories of personal data processed | Requirement / obligation | Possible consequences of failure to provide such data |
---|---|---|
Online Customer Data, On Location Events | We require this customer data to respond to your product or company inquiry from the closest corresponding LUCID Sales region and LUCID Sales Specialist. | Without this data, LUCID will be unable to communicate with you or will be unable to communicate with relevant information or wrong regional language. |
Website Usage Data | This data is needed to continuously improve and update the website experience for users. | LUCID will be unable to improve the website user experience. |
H. Cookies and web analytics
A “cookie” is a small piece of information stored on your computer by a web page. It is used to identify you to the web server. It tells the server who you are when you return to a page on the same website. Your browser will only send a cookie back to the domain that originally sent it to you.
Most web browsers automatically accept cookies, but if you do not wish to have cookies on your system, you should adjust your browser settings to decline them or to alert you when cookies are being sent. You may prevent the installation of cookies by adjusting the settings of your browser; however, if you do so, you may be unable to use all features of this website. Further, you may prevent the collection of data generated by cookies and related to the use of these websites, as well as the processing of such data by Google, by downloading and installing the plug-in under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
The following cookies and web tracking tools are used on our website:
Provider | Cookie File Name | Usage |
---|---|---|
Google Analytics Settings: | _ga _gid _gat | _ga – Registers a unique ID that is used to generate statistical data on how the visitor uses the website. _gid – Registers a unique ID that is used to generate statistical data on how the visitor uses the website. _gat – Used to throttle request rate |
ZOHO forms | JSESSIONID 1d5486508f* iamcsr zfccn | JSESSIONID – Preserves users states across page requests. Cookie is created/sent when session is created. 1d5486508f – Created by using of online forms. This alphanumeric cookie is to route the request to the ZOHO server of the request. *This is just an example, it might be a different alphanumeric name for your session. iamcsr – This is ZOHO‘s CSRF prevention cookie. It is an anti-forgery token cookie used to prevent Cross-site request forgery (CSRF). zfccn – authentication cookie used for Zoho Forms. |
thinklucid.com | PHPSESSID wordpress_test_cookie wp-wpml_current_language aelia_cs_selected_currency aelia_customer_country | PHPSESSID – A session cookie. As you browse around the pages on this site, the session cookie tells the website that you are the same person requesting the webpages, and not a new visitor to each page. This cookie does not identify you personally and is not linked to any other information we store about you. wordpress_test_cookie – WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies. wp-wpml_current_language – Saves the user’s preferred language on the website. aelia_cs_selected_currency – Saves the user’s currency based on billing country aelia_customer_country – A session cookie to store customer country, used to set currency |
I. Rights of the data subject
I. Access, rectification, erasure, restriction, data portability
With regard to the processing of personal data, you have the following rights:
Right to access means the right to obtain from us whether your data are being pro-cessed and, where applicable, have access to further information on the processing (GDPR, art. 15).
Right to rectification and right to erasure means the right to obtain the rectification of inaccurate and/or incomplete personal data concerning you, as well as the erasure of data when the request is legitimate (GDPR, art. 16 and 17).
Right to restriction of processing means the right to request suspension of the processing when the request is legitimate (GDPR, art. 18).
Right to data portability means the right to obtain personal data concerning you in a structured format, ordinary used and readable, as well as the right to transfer such data to other controllers (GDPR, art. 20).
II. Right to object
You have the right to object on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1) (e) or (f) GDPR (see section C above), including profiling based on those provisions pursuant to Art. 21 (1) GDPR.
Where personal data are processed for direct marketing purposes (see section C above), you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing pursuant to Art. 21 (2) GDPR.
III. Right to withdraw consent
Where the processing is based on your consent (GDPR, art. 6, para. 1, subpapara (a) or GDPR, art. 9, para. 2, subpara (a); see section C above), you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
IV. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR (Art. 77 GDPR).
As of: May 28th, 2018