Legal

Terms & Conditions

Big data technology Data science analysing artificial intelligence generative AI deep learning machine learning algorithm Neural flow network analytics innovation abstract futuristic. 3d rendering.

These terms (“Terms“) govern your use of any Services or Outputs (each as defined below) that you access via Luminance’s Tool. The Terms shall govern the agreement between you and us (“Agreement”).

Please review these Terms carefully. By accessing and using the Services, you agree to be bound by these Terms and to comply with them. If you do not agree with these Terms, then you must not use the Services.

If you are a Business User (as defined below), you agree that you are entering these Terms on behalf of your Business and that you are fully authorised to do so on its behalf. These Terms will not apply to a Business (or its Business Users) which has entered separate terms and conditions for the provision of services by us (such as a master hosted agreement or otherwise). 

If you have any problems accessing these Terms or the Services, please contact legal@www.luminance.com (and, where applicable, your account executive). Please see section 11 for the definitions which are found within the Terms.

Please read the following important information regarding the Services:

  1. Access to and use of Tool
  1.   The Services are intended to help you determine what may and may not be deemed as ‘common’ within a range of documents and materials (from a statistical basis as compared with similar documents and materials), as analysed through our Tool.  It follows that any analysis, reports, Outputs and/or documentation or other visual representations relating to your document and materials, as may be generated by the Services are used entirely at your own risk and, save as set out in these Terms, we have no liability for any reliance which you may place on them.
  2.   DISCLAIMER TO CONSUMER USERS: The Services (including any Outputs) are not intended to be, do not constitute and must not be used as, legal advice or a substitute for obtaining independent legal advice which is relevant and appropriate to your specific requirements. No lawyer-client relationship will be created between us and you as a result of the use of the Services or any Outputs and you acknowledge and agree that in no circumstances will Luminance (or its directors, officers, employees or agents) be providing legal or other qualified professional advice. You must always consult your own lawyers or other professionals for legal or other advice where appropriate. You accept that any use of the Services or any Outputs made available via the Services is entirely at your own risk. Save as set out in these Terms, in no circumstances shall we have any liability to you for any reliance on information or content obtained through the use of the Services or contained in any Outputs.  See also section 9.2 on the limits of our liability to you.
  3.   DISCLAIMER TO BUSINESS USERS: If you are a lawyer, accountant or other professional or service provider using the Services and Outputs, you acknowledge that: (i) the rules or codes of professional conduct (“Rules”) of the jurisdiction in which you are authorised to practice may apply to your use of the Services and Outputs and that you will abide by such Rules; and (ii) the Services (including any Outputs) do not constitute, are not intended to be and must not be used by you to provide legal advice to your clients.  You acknowledge and agree that neither Luminance nor its directors, officers, employees or agents is responsible or liable for your compliance with any Rules applicable to you or any other user or for any reliance on or use of information or content obtained through the use of the Services or any Outputs. See also section 9.3 on the limits of our liability to you.
  4.    In all cases, you expressly acknowledge and agree that the Services and Outputs are intended for use primarily in the United Kingdom, North America or European Union (as applicable) and any use outside these jurisdictions is at your own risk. You must not access or use the Services in any jurisdiction where its use, or the distribution of any Outputs, would be contrary to any applicable law. We may restrict access to the Services as we believe may be reasonably necessary to comply with applicable law (including sanctions and applicable export control law, restriction, or regulation).
  5.   If we grant you access to the Services, we will allocate you an account with a registered username and password. You must act as set out below (and are solely responsible for these actions):
    1.        keep your username and password secure and ensure that no other person obtains access to them;
    2.        update your password when prompted to do so (or your account may be locked);
    3.        not allow anyone else to use the Services under your account details;
    4.        notify us immediately of any unauthorised use of your account or if you become aware of a security breach or that another person may know your password; and
    5.        promptly update your profile and notify us to reflect any changes to any of the information you provided upon registration or subsequently.
  1.   You must comply with such security requirements that we may reasonably specify in connection with your access to or use of the Services and/or your account with us.
  2.   We provide you with a limited, non-exclusive, non-transferable, non-sublicensable right during the term of this Agreement to access and use the Services for the Permitted Purpose, subject always to your compliance with these Terms.
  3.   All software we may provide to access and use the Services is proprietary to Luminance or, as applicable, its licensors. We grant you a limited, non-exclusive, non-transferable, revocable right to use such software strictly in accordance with and subject to these Terms. Such right does not grant or transfer any ownership rights in the software to you or any other person or imply any rights other than those expressly set forth in these Terms.
  4.   IMPORTANT: You acknowledge and agree that the Services are not intended for distribution to, or use by, any other person or entity outside the Permitted Purpose.  This means that: (a) if you are a Consumer, you must use the Services and/or Outputs purely for your own private purposes and not share the Outputs with any other person or entity; or (b) subject to section 1.3, if you are a Business User, you must use the Outputs purely for the internal purposes of your Business and for assisting you in the provision of your Business services to your clients. 
  5.            You shall:
    1.             be responsible for making all arrangements necessary to facilitate your access to and use of the Services and for ensuring that you have all necessary consents and authorisation to enter into these Terms;
    2.             provide us with all other necessary information as we may reasonably require to provide you with access to the Services;
    3.             comply will all applicable laws with respect to your use of the Services and any Outputs;
    4.             comply with such policies, usage restrictions or limitations relating to the Services as we may reasonably determine should apply to your use of the Services, as we may notify to you in writing from time to time;
    5.             not use all or part of the Services or any materials provided in connection with them for any unlawful purpose or in a manner not authorised by us;
    6.               not attempt to obtain, or assist any other person or entity in obtaining, unauthorised access to the Services;
    7.             not use the Services in a way that could harm the Services or impair or interrupt anyone else’s use of them, including by taking or facilitating any action that puts us, our systems, other users or their data at risk, in any manner;
    8.             not use the Services in any manner, for any activities, which would cause you, or us to contravene applicable local, national or international law or regulation or in a way which violates the rights of any third party;
    9.               not attempt to reverse compile, disassemble, reverse engineer or otherwise reduce to human-perceivable form all or any part of the software applications forming part of or used in relation to the Services; and
    10.               use your reasonable endeavours not to transmit any viruses or any other malicious software to the Services or the systems provided to access them.
  1.        User Data and anonymisation
    1.   Subject to section 2.2, you acknowledge and agree that we may access and use any User Data to the extent necessary for us to operate, maintain and improve the Services (including by analysing, retaining, storing and utilising the results of any usage, Outputs, learnings or trends to develop the Services for use by you and our other users) and to generate Outputs for all users.  You grant us a non-exclusive, non-transferable, perpetual, royalty-free licence of your User Data for these purposes.
    2.   We use reasonable endeavours to keep your User Data confidential (see also section 5 below), save that you expressly acknowledge and agree that we may carry out analytics and other review and storage processes on your User Data using anonymisation, pseudonymisation and other similar techniques in order to:
      1.        generate Outputs for you and other users of the Tool; and
      2.        identify potential improvements to the Tool and Outputs (in both cases including after termination of this Agreement).  This means that we will not share directly identifiable information about you (including personal data) from your User Data with our other users, except as expressly permitted by Section 5 but are not restricted in improving the quality of user experience for you or other users with your User Data.
    3.   You acknowledge and agree that any User Data you make available via the Services is entirely at your own risk and that, irrespective of any breach by you of the representations and warranties at section 2.4 below, you shall retain primary responsibility for the User Data (including with respect to the backup of any such User Data).
    4.   You undertake, represent and warrant that:
      1.        you own all rights to the User Data that you upload or you otherwise have the full right to upload or share such User Data (including where such data is owned by a third party) and grant the rights set out in these Terms;
      2.        you are solely responsible for the accuracy, integrity, legality, reliability and appropriateness of all User Data;
      3.        you will comply with all applicable laws with respect to your use and uploading or sharing of the User Data and
      4.        the use and uploading or sharing of the User Data to the Tool by you does not breach these Terms and will not infringe the intellectual or proprietary rights of any other person.
    5.   Business Indemnity. If you are a Business, you represent and warrant that you are solely responsible for your use of the Services and the activities of your Business Users, and for the accuracy, integrity, legality, reliability and appropriateness of all User Data. As we have no control of User Data uploaded to the Services, you represent and warrant that you are responsible for ensuring that you have the full right to upload or share such User Data and that the uploading of such User Data complies with applicable law (including international data protection laws and regulations governing the international or cross-border data transfer of information).  Accordingly, you agree to indemnify Luminance and its employees, agents, affiliates, officers and directors against any claims actions, proceedings, losses, damages, expenses and costs (including without limitation court costs and reasonable legal fees) arising out of or in connection with your (or a Business User’s) breach of section 1.10 or this section 2.
  2.        How we may improve and modify our Services over time
    1.   You agree that we determine the way the Services (including all content) are provided to you and that this may change from time to time.  This includes updating, modifying, withdrawing, or temporarily suspending any or all aspects of the Services at any time, including (a) to reflect changes in relevant laws and regulatory requirements; (b) subject only to your right to terminate in section 3.2, to make technical adjustments and improvements, for example to address a security threat; or (c) to update our Services, provided they continue to match to a substantial degree the description of the applicable Service(s) at the time you purchased them.
    2.   We shall endeavour to make you aware of any material changes which are likely to negatively impact your use of the Services, but you acknowledge and agree that we need not do so where it is necessary to take immediate action for security or confidentiality reasons or because of technical difficulties which would otherwise adversely affect the Services. Except for the changes described in sections 3.1 (a) and (c), if any changes to the Services materially reduce the functionality of the Services or are not acceptable to you, you can terminate this Agreement in accordance with section 8.
    3.   We are constantly evolving, fixing bugs and correcting errors we find in the Services and we shall be entitled (at our discretion) to introduce modifications, upgrades and new releases of any part of the Services. Therefore, you agree to always use the latest version of the Tool.
  3.        Our commitment to you
    1.   Subject to the rest of this section 4, we warrant that the Services will: (a) operate in all material respects in accordance with the functionality currently described for the Services from time to time; and (b) be performed with reasonable skill and care.
    2.   Notwithstanding section 4.1, we do not guarantee, warrant or represent that the operation of the Services will be continuous, uninterrupted, timely, secure or error-free or that it will be free from viruses, worms, trojans or other harmful elements.  We recommend that you protect your equipment by having appropriate anti-virus software in place. Save where expressly stated otherwise in these Terms, the Services, the Outputs and all other information and content accessible through or via the Services, is provided “as-is” and we disclaim and exclude any and all representations, warranties, conditions or other terms, whether express or implied, including without limitation implied representations, warranties, conditions or other terms as to merchantability, satisfactory quality, fitness for a particular purpose or non-infringement to the maximum extent permitted by applicable law.
    3.   While we will take reasonable measures to ensure that the Outputs provided through the Services are as accurate as possible, neither the Services nor any Outputs can be relied upon by you and/ or any third party as a guarantee of any particular result, nor do the Services or any Outputs constitute any form of advice, recommendation or endorsement by us. PLEASE INFORM US IF ANY PART OF THE SERVICES OR OUTPUTS APPEAR TO BE INCORRECT OR INACCURATE.
    4.   Luminance is not responsible for, and you shall have no recourse against Luminance for, any delays, delivery failures or any other loss or damage resulting from the transfer of data over communications networks and facilities including the internet. You acknowledge that the Services may be subject to limitations, delays and other problems inherent in the use of such communication facilities.
  4.        Confidentiality
    1.   Both you and we undertake that we shall not: (a) at any time disclose to any person any confidential information concerning these Terms or the business, assets, affairs, Business Users, clients or suppliers of the other party except as permitted by section 2 or section 5.2; or (b) use such confidential information other than to exercise our rights and perform our obligations under or in connection with these Terms.
    2.   Each party may disclose the other party’s confidential information: (a) to its employees, officers, representatives, contractors, subcontractors or advisers (“Representatives“) who need to know such information for the purposes of exercising the party’s rights or carrying out its obligations under or in connection with these Terms provided such Representatives are made aware of and comply with this section 5; and (ii) as may be required by law, a court of competent jurisdiction or any governmental or regulatory authority.
  5.        Intellectual property rights
    1.   Except as expressly set out in these Terms, nothing in these Terms grants either party any rights, implied or otherwise, to the other’s intellectual property.
    2.   Luminance and/or its licensors retain all right, title and interest in and to the Services (including as may subsist in related software and systems), any Outputs and related documentation, including all enhancements, error correction, new releases, updates, derivations and modifications from time to time. These are protected by copyright laws and treaties around the world.  All rights are reserved.   You agree to inform Luminance promptly of any infringement of its intellectual property that comes to your attention.
    3.   To the extent applicable, you retain and/or shall own all right, title and interest in and to User Data. See also section 2.1.
    4.   We provide you with a non-exclusive, royalty-free, fully paid-up, non-exclusive, non-transferable, perpetual, irrevocable licence during the term and following termination of this Agreement, to use any Outputs solely for the Permitted Purpose, subject always to your compliance with these Terms.
  6.        Data protection
    1.     You acknowledge that in order to provide access to the Services, we will collect and process your personal data.
    2.     You must ensure that you have permission to share the personal data of any individuals (including yourself) with us, including as may be contained in any User Data and that you have a valid and lawful basis for doing so.
    3.     If you are a Consumer, you agree that we will collect and process personal data as described in our Privacy Policy, which may be seen at https://www.luminance.com/legal.html. This explains how we may collect and use any personal information you submit via the Services.
    4.     Save as set out in section 7.5, if you are a Business, you and we agree to comply with the data processing requirements as set out in Appendix 1.
    5.     If you are a Business User, you agree that we will collect and process personal data as described in our Privacy Policy for the purposes of section 2.1. If you are a Business, you must ensure that any employees, contractors or other individuals engaged by you who access the Services are aware of this Privacy Policy.
  7.        Terminating this Agreement
    1.     We may, at our sole discretion and without incurring any liability to you, terminate or suspend your right to access the Services, with and/or without notice, in the following instances (without limitation):
      1.        at any time following a period of 1 (one) year’s inactivity (as determined by us in our reasonable discretion, including by reference to a failure to log-in during that period);
      2.        immediately on written notice to you, if you are in material breach of any of these Terms and, if capable of remedy (as determined by us in our reasonable discretion), you fail to remedy such breach within thirty (30) days of our written notice to do so;
      3.        if you are a Business and you take or have taken against you (other than in relation to a solvent restructuring) any step or action towards you entering bankruptcy, administration, provisional liquidation or any composition or arrangement with your creditors, applying to court for or obtaining a moratorium under Part A1 of the Insolvency Act 1986, being wound up (whether voluntarily or by order of the court), being struck off the register of companies, having a receiver appointed to any of your assets, or if the step or action is taken in another jurisdiction, in connection with any analogous procedure in the relevant jurisdiction; and/or
      4.        if a court, or other government authority having jurisdiction, issues an order prohibits us from providing the Services to you.
  1.     We may (but are not obliged to) before taking any action under section 8.1 provide you with a period of time to remedy or address any cause which may lead us to terminate or suspend your right to access the Services. Where such an opportunity is provided by us this does not prevent us from taking action under section 8.1 if we choose to do so.
  2.     You may terminate this Agreement with us at any time by ending your access to the Services.
  1.     Subject to section 8.5, when this Agreement ends:
    1.        you must cease to use the Services and not otherwise attempt to gain access to the Services after such time; and
    2.        subject to our rights in sections 2 and 3, each party will delete, destroy or (at the other party’s request) return to the other party all documents and materials (and any copies) containing, reflecting, incorporating or based on the other party’s confidential information.
  1.     For a period of thirty (30) days from any notice of termination by either party or termination by you via your registered account with us, we will maintain User Data and may you access to the Services to allow you to download and delete any User Data or Outputs. Thereafter, subject to our rights in sections 2 and 3, we will delete or destroy all copies of User Data (including Outputs) without liability or additional notice, unless legally prohibited from doing so. User Data (including Outputs) cannot be recovered once deleted or destroyed.
  1.        Our Liability to you
    1.     Nothing in these Terms is intended to exclude or limit any liability that cannot be excluded or limited by law. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors and for fraud or fraudulent misrepresentation.
    2.     Limitation of liability for Consumers.  If you enter these Terms as a Consumer, then subject to section 9.1:
      1.        you agree not to use our Services for any commercial or business purposes, and we have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity. We are responsible for losses you suffer caused by us breaching these Terms, unless the loss is not a reasonably foreseeable consequence of our negligence or breach of these Terms. A loss is reasonably foreseeable if either it is obvious that it will happen or if, at the time you entered into these Terms, both we and you knew it might happen (e.g. if you and we discussed it); and
      2.        our total liability to you under these Terms shall be limited to the greater of £100.00, in each case for any one event or series of connected events.
    3.     Limitation of liability for Businesses.If you are a Business, then subject to section 9.1:
      1.        we shall not be liable to you, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, for any loss of profit, business, or revenue; business interruption; loss of anticipated savings; loss of business opportunity, goodwill or reputation; or any indirect or consequential loss arising under or in connection with these Terms; and
      2.        our total liability to you for all other losses arising under or in connection with these Terms between us, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, shall be limited to £100.00.

 

  1.     General
    1.  Links. Where the Services contain links to other sites and resources provided by third parties, these links are provided for your information only. Such links should not be interpreted as approval by us of those linked websites or information you may obtain from them. We have no control over the contents of those sites or resources. We reserve the right in our absolute discretion to prohibit any link from another site to materials or information through the Services without our prior agreement. You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists.
    2.  Notices. Any notices to be given under or in relation to these Terms shall be in writing and sent, when sent by you to Luminance to legal@www.luminance.com and finance@www.luminance.com (or such email addresses updated in writing by the parties) or, when sent by us to you, by sending it to the relevant email address you provided as part of signing up to these Terms. Any notices required to be given in writing to Luminance or any questions concerning these Terms should be addressed to legal@www.luminance.com, the General Counsel, Luminance Technologies Ltd, Nine Hills Road, Cambridge, CB2 1GE, United Kingdom.
    3.  Force Majeure. No party shall be liable for any failure or delay in the performance of any obligation under these Terms (except any payment obligation) by reason of any event beyond the reasonable control of that party including but not limited to strike, lock-out, labour dispute, act of God, war, riot, civil commotion, act of terrorism, pandemic, epidemic, restrictions due to the spread or possible spread of disease fire, flood, storm, any cyber-attack or similar assault on the technology of either party. We will contact you as soon as reasonably possible to let you know and do what we reasonably can to reduce the delay. Provided we do this, we will not compensate you for the delay, save that if the delay is likely to be substantial you can contact us to terminate this Agreement.
    4.  Changes to these Terms. We may update or change these Terms from time to time by providing you with updated Terms. This may include sending you the updated Terms by email or advising of the updated Terms when you next log on to the Services. Such changes shall take effect on the date specified (which will usually be not less than 30 days following the updated terms being provided to you where material updates or changes are made). If you are a Consumer and any material changes to these Terms are not acceptable to you, you must cease using the Services by contacting us to terminate this Agreement. Where you continue to use the Services after the changes to these Terms take effect, you are agreeing to the updated Terms. No other changes to these Terms shall be valid unless it is expressly approved in writing and signed by Luminance.
    5.  Assignment. Your ability to access the Services is specific to you and you may not assign or transfer your rights or obligations under these Terms to anyone else or authorise anyone else to access the Services even if this is on your behalf. We may assign, transfer or novate any of our rights and obligations under these Terms. We will contact you to let you know if we plan to do this. If you are a Consumer and you are unhappy with the assignment, transfer or novation you can contact us to terminate this Agreement.
    6.  Third Party Rights. Nothing in these Terms is intended to confer any benefit on any person who is not a party to these Terms, and no third party shall have any rights under the Contracts (Rights of Third Parties) Act 1999 to enforce any of its terms.
    7.  Waiver. No single or partial exercise, or failure or delay in exercising any right, power or remedy by either you or us shall constitute a waiver by you or us of, or preclude any further exercise of, that or any right, power or remedy arising under these Terms or otherwise.
    8.  Severability. If these Terms or any part of them should be determined to be illegal, invalid or otherwise unenforceable under the laws of any state or country in which these Terms are intended to be effective, then to the extent that they are so illegal, invalid or unenforceable, they shall in that state or country be treated as severed and deleted from these Terms and the remaining Terms shall survive and remain in full force and effect and continue to be binding and enforceable in that state or country.
    9.  Entire Agreement. These Terms govern your use of the Services and supersede any prior terms that were previously provided to you in relation to the Services. No other terms apply.
    10.   Governing Law. If you are a Consumer, you and we both agree that any competent court in the country of your main residence will have exclusive jurisdiction over any claim or dispute that arises out of or in relation to these Terms, their subject matter and their formation and the laws of that country will apply without regard to conflict of law provisions . If you are a Business, these Terms, their subject matter and their formation (and any non-contractual disputes or claims) are governed by English law and we both agree to the exclusive jurisdiction of the courts of England and Wales.
  2.     For the purposes of these Terms:

Business“: means a company, corporation, limited liability partnership or other legal entity.

Business User“: means such person(s) as are authorised to enter this Agreement on behalf of a Business and/or access the Services on its behalf.

Consumer”: means a person who enters these Terms in an individual capacity for their own purposes, acting as a consumer and not as a Business User.

include”, “includes”, “including”: shall be construed as if they were followed by the words “without limitation”.

Luminance”, “we“, “us” or “our“: means Luminance Technologies Ltd (company number 09857705) whose registered address is at Nine Hills Road, Cambridge, England, CB2 1GE and its affiliates.

Outputs” means any analysis, reports, Outputs and/or documentation or other visual representations relating to your document and materials, as may be generated by the Services.

“Permitted Purpose”: means your right to view and use the Outputs (including by way of download, print and/or storage): (a) if you are a Consumer, for your own private purposes; or (b) if you are a Business, for the internal purposes of your Business and for providing a service to your clients, in all cases subject to and in accordance with these Terms. 

Services“: means any content you access via Luminance’s Tool whether online, through an app, email and/or via any other platform.

“Tool”: means any proprietary software developed and maintained by us, including but not limited to Lumi Go, which is made available to you (either directly by Luminance and/or a Luminance customer) for the purpose of providing the Services and generating Outputs. This includes any updates, modifications, and new releases of the software.

you” or “your“: means, as applicable depending on the context, (a) the person entering into these Terms, either as a Consumer or a Business User; and/or (b) the Business on whose behalf any Business User enters into this Agreement.

User Data“: means such agreements, documents, data or other information (including all related metadata) which you upload or otherwise provide to us via the Tool for the purpose of receiving the Services.

Appendix 1 (business user)

Data Processing Addendum

Definitions.

  1. For the purposes of this Data Processing Addendum (“DPA”), the terms used herein shall have the meanings set forth in the Agreement. Any terms not specifically defined by this DPA or the Agreement shall have the meanings given by EU GDPR or UK GDPR, as applicable.

Nature, Purpose and Scope of Processing

  1. This DPA applies to the processing of Business User Personal Data under the Agreement.
  2. The Parties agree that the Business User is the Data Controller and Luminance is the Data Processor. The Parties each agree that they shall comply with the Data Protection Laws (as such laws apply to a Data Controller and Data Processor, respectively) in exercising their rights and performing their obligations under this Agreement.
  3. The Data Controller instructs the Data Processor to take such steps in the processing of Personal Data as are reasonably necessary for the performance of the Data Processor’s obligations under the Agreement and agrees that such instructions as provided herein constitute its full and complete instructions as to the means by which Personal Data shall be processed.
  4. The duration of the processing under this DPA shall equal the Term of the Agreement.

Types and Categories of Personal Data

  1. The categories of Controller Personal Data may include but are not limited to the Data Controller’s clients, employees, contractors, suppliers and professional advisors and any other categories of Personal Data that may be contained in the Controller Personal Data uploaded to the Product.
  2. The types of Personal Data may include, but are not limited to names, phone numbers, addresses, and any other types of Personal Data that may be contained in the Controller Personal Data uploaded to the Product.

Data Processor Obligations

  1. The Data Processor shall not use Personal Data save for the purposes of providing the Product and Support as instructed herein unless required to do so by applicable law, in which case the Data Processor shall, to the extent legally permissible, inform the Data Controller of that legal requirement before processing.
  2. The Data Processor shall immediately inform the Data Controller if, in the Data Processor’s opinion, an instruction from the Data Controller infringes the Data Protection Laws.

Confidentiality and Security

  1. The Data Processor shall take reasonable steps to ensure the reliability of any persons authorised to process any Personal Data, and it shall ensure that all such persons have committed themselves to confidentiality.
  2. Taking into account the nature, scope, context and purposes of processing, the Data Processor has implemented and will maintain for the Term the appropriate administrative, physical, technical and organisational measures to protect any Personal Data accessed or processed by it against unauthorised or unlawful processing or accidental loss, destruction, damage or disclosure.

Subprocessing

  1. Save as expressed herein, the Data Processor shall not without the prior written consent of Controller, engage any subprocessors for the processing of Personal Data under this Agreement.
  2. The Data Controller hereby gives its prior and general authorisation to the Data Processor to authorise the Data Processor’s subprocessors (as set out in Appendix 2) to act for the Data Processor in the provision of the Product, provided that:
  1. The subprocessors are subject to comply with the obligations imposed on the Data Processor and applicable Data Protection Laws;
  2. The Data Processor shall inform the Data Controller of any intended changes concerning the addition or replacement of the subprocessors; and
  3. The Data Processor shall be fully liable for any breach by the subprocessors of any of the data protection obligations hereunder.

Cross-Border Transfers

  1. Save as expressed herein, if Personal Data originates in the United Kingdom or the European Economic Area (“EEA”), the Data Processor will not transfer such Personal Data outside the EEA or the United Kingdom without the prior written consent of Controller and without implementing the appropriate data transfer instrument and adequate safeguards of (as defined by the Information Commissioner’s Office, from time to time) in accordance with the Data Protection Laws.
  2. Business User Data will be hosted in the AWS Region specified in the Product Order Form. Notwithstanding the foregoing, Controller acknowledges and consents to the processing of Personal Data outside of the EEA or the the United Kingdom, solely and to the extent necessary for the Data Processors to provide Support and for which purposes the applicable data transfer instrument shall apply.
  3. Luminance will rely on the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”) and the UK Extension to the EU-U.S. Data Privacy Framework as a legal framework for transfers of personal information from the EU to the United States, and from the UK to the United States, respectively.
  4. Luminance will rely on the Swiss-U.S. DPF (“Swiss-U.S. DPF”) as a legal framework to transfer personal information from Switzerland to the United States, once the applicable local authorities approve the adequacy decisions. Until such date, Luminance continues to rely on the SCCs for the purposes of Swiss Data Protection Laws.
  5. Save as set out in clause 16 of the DPA, any transfer of Personal Data from the UK or the EEA to third countries which do not ensure an adequate level of data protection where processors are established shall be in accordance with the SCCs. The SCCs shall come into effect and be incorporated from the date of the first relevant transfer. Any processing of such Personal Data shall be (i) under the SCCs; (ii) reflect the subject matter, purpose and scope of Personal Data processed under this DPA; and (iii) subject to the technical and organisational measures provided for by the Data Processor. Either Party may, at any time with not less than 30 days’ notice, revise this Clause 7.3 by replacing it with any applicable form of SCC with the agreement of both Parties by way of amendment to the Product Order Form.

Data Subject Requests and Assistance

  1. The Data Processor shall notify Controller within three (3) days if it receives: (a) A request from a Data Subject to have access to that person’s Personal Data; or (b) A complaint or request relating to the Business User’s obligations under the Data Protection Laws; or (c) Any other communication relating directly or indirectly to the Processing of any Personal Data in connection with this Agreement.
  2. Taking into account the nature of processing and the information available to the Data Processor, the Data Processor will provide reasonable support to the Data Controller in (i) in complying with any legally mandated request for access to or correction of any Personal Data by a data subject under Chapter III GDPR; (ii) in responding to requests or demands made to the Data Controller by any court or governmental authority responsible for enforcing privacy or data protection laws; and (iii) in its preparation of a Data Protection Impact Assessment.

Personal Data Breach

  1. In the event that the Data Processor suffers or becomes aware of a Personal Data Breach it will inform the Data Controller within twenty-four (24) hours of becoming aware of the same and take reasonable steps to mitigate the effects and to minimise any damages resulting from such breach.
  2. To the extent reasonably possible, the notification to the Data Controller shall include: (i) a description of the nature of the incident, including where possible the categories and approximate number of data subjects concerned and the categories and approximate number of Personal Data records concerned; (ii) the name and contact details of the Data Processor’s data protection officer or another contact point where more information can be obtained; (iii) a description of the likely consequences of the incident; and (iv) a description of the measures taken or proposed to be taken by the Data Processor to address the incident including, where appropriate, measures to mitigate its possible adverse effects.

Audit

  1. On the Data Controller’s written request, and subject to appropriate confidentiality obligations, the Data Processor will make available to the Data Controller: (i) a copy of its current ISO 27001 certification; and (ii) Information reasonably requested by the Data Controller with regards to the Data Processor’s processing of Personal Data under this DPA. The Data Controller agrees to exercise any right it may have to conduct an audit or inspection under GDPR (or the EU Model Clauses if they apply) in the first instance by requesting the foregoing information.
  2. In the event that the foregoing does not confirm the Data Processor’s compliance with the obligations laid down herein or an onsite inspection is required by a supervisory authority, then the Data Processor will, subject to appropriate security and confidentiality arrangements, allow for and contribute to such inspection, and the Data Controller shall bear any costs associated with such audit.

Data Return and Destruction.

  1. On termination of the Agreement and in accordance with the Agreement, the Data Processor shall delete or return to Controller’s (in accordance with Controller’s written instructions) all Personal Data in its and/or its subprocessors’ possession or control.

Data Privacy Framework

  1. On 10 July 2023, the European Commission’s adequacy decision for the EU-U.S. DPF entered into force, followed by the Swiss-U.S. Data Privacy Framework on 17 July 2023 and the UK extension to the EU-U.S. DPF on 12 October 2023.
  2. Luminance complies with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF as set forth by the U.S. Department of Commerce.  Luminance has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from the EU and the UK in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
  3. Luminace certified to the United States Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.
  4. Further details on the Data Privacy Framework Program may be seen here https://www.dataprivacyframework.gov/. Luminance’s certification may be located here.

Order of Precedence. 

  1. In a conflict between this Appendix (Data Protection) and the Agreement, the provisions that offers greater protection for Personal Data will apply.