LUXSCI

Version 2018.05.22

Lux Scientiae, Incorporated (collectively, "We", "Our", "Us", "LuxSci", or "Lux Scientiae") has created this privacy statement in order to demonstrate our commitment to privacy. The following discloses our information gathering and dissemination practices for this website, luxsci.com, and our services in general. We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here in this policy, by email, or by means of a notice on our LuxSci FYI Blog prior to the change becoming effective.

This privacy notice tells you about the information we collect from you when you use our web site and/or purchase one or more of our services. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

LuxSci is a US company. Contact information can be found on our Contact LuxSci page. Any questions about our use of your personal data should be sent to the addresses listed there or emailed to gdpr _at_ luxsci.com.

TRUSTe Privacy Certification

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.

General usage

What personal data do we collect?

While visiting the LuxSci web site, information is collected log files for the purpose of analyzing what pages are accessed, which files are downloaded, where people arrive from, and what errors occur. This information includes Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and click-stream data.

LuxSci's public web site forms may request: names, addresses, phone numbers, company demographics, as well as record current IP addresses and web browser user agents.

LuxSci customers may also submit additional information about the users in their account (names, phone numbers, addresses, email addresses, security questions) their company and other information related to their particular use of LuxSci's services (e.g., email messages, calendar appointments, files, etc.).

Email messages set to and from email addresses in the LuxSci.com and LuxSci.us domains may be permanently archived and/or saved in customer relationship management (CRM) systems, support ticketing systems, and/or LuxSci employee email folders.

Why do we collect this information?

For visitors of LuxSci's public web site, we collect this information to (a) optimize the user experience on our website, (b) to provide information and sales assistance to visitors, (c) to connect with visitors and answer their questions, (d) to enable visitors to order and pay for LuxSci services, and (e) to prevent fraud.

For LuxSci customers, we collect or process additional information to (a) bill for services, (d) provide technical support, (c) provide sales assistance, (d) provide the services ordered by the customers.

Email messages to/from corporate email domains are collected for compliance and oversight reasons and to enable our employees to perform their jobs and support our past, present, and potential future customers.

What do we do with your information?

Web site traffic data (e.g., referral and click stream information along with information about browser type, operating system, and IP address) is stored in secured logs files and communicated with certain third-party companies (e.g., Google Analytics, CrazyEgg).

Individuals who have submitted their email addresses in requests for information from LuxSci are asked to explicitly agree to this privacy policy. As part of that agreement, they accept that they may be sent email messages, including marketing email messages, from LuxSci. If at any time you do not wish to receive such messages, you have the right to opt out.

Personal information about non-customers is stored on secured servers located in the USA.

For LuxSci customers:

  • Your credit card details are passed to a third-party payment processor (Authorize.net) which is based in the USA and is certified to the EU-US Privacy Shield (which requires effective safeguards for your information). Unless you create an account with us, we do not retain your credit card information.

  • Personal information (which can include names, addresses, phone numbers, account IDs, passwords, email addresses, and organizational information) may be shared with specific trusted third-party vendors for the specific purposes of providing the services ordered. These vendors can include: Proofpoint, Sonian, Mediprocity, SecureVideo, Nuevasync.
  • Personal information and data may be stored on servers managed by trusted third-party vendors. Thee vendors may include: RackSpace, Amazon Web Services.

  • All personal information and data is stored on secured servers located in the USA unless special contractual arrangements are made between the customer and LuxSci.

Corporate email is stored in secured databases, in LuxSci's Email Archival system, and in email folders in LuxSci's secure email servers.

How long do we keep your information for?

Web site traffic data is kept in detail (i.e., data including IP addresses) for no more than 14 months.

For LuxSci.com web site visitors who submit requests through LuxSci's public web site forms, via chat, or via a phone call, LuxSci may store that information indefinitely, depending on the nature of the conversation. You have the right to contact LuxSci and request that their data be removed, to the extent applicable,* from our systems.

For owners of free LuxSci SecureSend accounts, LuxSci keeps your personal account information for a long as your SecureSend account remains open. Your SecureSend account is closed and deleted upon request, or after 1 year of no use.

For owners of free LuxSci Affiliate accounts, LuxSci keeps your personal account information for a long as your Affiliate account remains open. Affiliate accounts are only closed on request. When your affiliate account is closed, you can request that all of your personal information be deleted.

For owners of a LuxSci Free Trial Account, your free trial account closes 30 days after you open it, unless special extensions are requested. Once the account is closed, data (e.g. customer email messages, files, backups, etc.) is deleted after up to 6 weeks. Personal information about the account (e.g., billing history, support history, order history, and contact information) may be kept indefinitely. Customers have the right to contact LuxSci and request that their data be removed, to the extent applicable,* from our systems.

For LuxSci customers, LuxSci keeps copies of your personal data and other data for the entire time that your account is active with LuxSci. Once the account is closed, data (e.g. customer email messages, files, backups, etc.) is deleted after up to 6 weeks. Personal information about the account (e.g., billing history, support history, order history, and contact information) may be kept indefinitely. Customers have the right to contact LuxSci and request that their data be removed, to the extent applicable,* from our systems.

*We will retain and use your information as necessary to comply with our own legal obligations, to record your requests, to resolve disputes, to protect the security and privacy of our systems and customers, for statistical purposes, and to enforce our agreements.

Corporate email is archived indefinitely.

For customers known to be from countries under the purview of GDPR, see GDPR for GDPR-specific data retention information.

Tracking Technologies

We, Lux Scientiae and our marketing partners, affiliates, or analytics or online chat service providers, use technologies such as cookies, beacons, tags, and scripts, to analyze trends, administer the website, tracking users' movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.

Cookies

We use cookies to collect information that allows us to optimize our web site for an optimal user experience. We also use cookies for social media sharing and content remarketing. Finally, cookies are used to remember user preferences and to enable our live web site chat functionality.

Cookies are essential to the functionality of those parts of our web site that require a login. Disabling cookies may render these web portals non-functional.

Visitors to the LuxSci web site have the option to control their cookie preferences. Non-essential cookies are not set until you explicitly opt into cookie use. LuxSci permits you view and change your cookie preferences on demand. These preferences are unique to your browser and last up to 1 year, or until you explicitly clear your cookies. In your cookie preferences you can enable or disable use of cookies related to site "preferences" (i.e., functionality such as web chat and site usage history), "analytics" (i.e., functionality that allows us to optimize our site performance), and "marketing" (i.e., functionality that enables social media sharing and other cross-site information transfer).

Social Media (Features) and Widgets

Our Web site includes Social Media Features, such as Twitter, Facebook, LinkedIn, a RSS Blog Feed, Widgets, a "Share This" button and interactive mini-programs that run on our site. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

You can opt in or out of the use of social media features by enabling or disabling use of "marketing" cookies.

Behavioral Targeting

We partner with a third party ad network to manage our advertising on other sites. Our ad network partner uses cookies and Web beacons to collect non-personally identifiable information about your activities on this and other Web sites to provide you targeted advertising based upon your interests. If you wish to not have this information used for the purpose of serving you targeted ads, you may opt-out by clicking Here and Here. Please note this does not opt you out of being served advertising. You will continue to receive generic ads.

You can opt in or out of behavioral targeting by enabling or disabling use of "marketing" cookies.

Newsletters

If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, we provide you ways to unsubscribe.

Choice/Opt-out

We provide you the opportunity to "opt-out" of having your personally identifiable information used for certain purposes, when we ask for this information. For example, if you purchase a product/service but do not wish to receive any additional marketing material from us, you can indicate your preference on our order form.

If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter or communication or by emailing us at "support@LuxSci.com". We offer an opportunity to opt-out of certain communications on our personal profile update pages, or you may contact us at 1-800-441-6612, "support@LuxSci.com", or Lux Scientiae, 15 Brook Street, Medfield, MA 02052 USA.

HTML5 Local Storage

We use Local Storage (LS) such as HTML5 to store content information and preferences in those parts of our site that require a login. Various browsers may offer their own management tools for removing HTML5 LSs.

Payments

All payments to Lux Scientiae are made securely online via credit card or PayPal or offline via check, wire transfer, or direct deposit. After you have made a credit card payment, we keep your billing address in our secure database to facilitate future payments and to protect against fraud. We do not keep any record of your credit card number unless you authorize us to bill you automatically each month. In this case, your credit card information is stored in a PCI-compliant way on the US-based servers of our trusted partner, Authorize.net

Security

The security of your personal information is important to us. When you enter sensitive information (such as credit card number) on our registration or order forms, we encrypt that information using transport-layer security (TLS). [To learn more about TLS, follow this link How Does Secure Socket Layer (SSL or TLS) Work?]

We follow generally accepted industry standards to protect the personally identifiable information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Tell-A-Friend

If you choose to use our referral service to email a friend about our site, we will ask you for your friend's name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. LuxSci stores this information for the sole purpose of sending this one-time email and tracking the success of our referral program.

Your friend may contact us at support@LuxSci.com to request that we remove this information from our database.

Links to Other Sites

If you click on a link to a third party site, you will leave the Lux Scientiae site you are visiting and go to the site you selected. Because we cannot control the activities of third parties, we cannot accept responsibility for any use of your personally identifiable information by such third parties, and we cannot guarantee that they will adhere to the same privacy practices as Lux Scientiae. We encourage you to review the privacy statements of any other service provider from whom you request services. If you visit a third party website that is linked to an Lux Scientiae site, you should read that site's privacy statement before providing any personally identifiable information.

Updating / Accessing / Amending / Correcting Personally Identifiable Information

Upon request Lux Scientiae will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please login to your account and make this request via a Support Ticket. If you no longer have an account, please use our Contact Form.

If your personally identifiable information changes, or if you no longer desire our service and would like to have your personally identifiable information deleted, you may update it by making the change on our member profile page or by making a support ticket, or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request to access within 1 day. You can change your personal information online by logging into your "member portal", under "Account > Contact Information".

Agents/Service Providers

We use other third parties such as a credit card processing company to bill you for goods and services, a customer service provider that hosts our live chat, and data center providers to provide the servers on which our live services reside. When you sign up for services such as Premium Email Filtering, Email Archival, SSL Certificates, DNS Service, Domain and Registration, SecureVideo, SecureChat, and MobileSync we may share your name, physical address, and email address as necessary for the third party to provide that service.

These third parties are prohibited from using your personally identifiable information for promotional purposes.

Import Contacts

We provide an import contacts feature to help you keep in touch with your contacts by importing your existing contact list into your address books while you are logged into your portal account.

When logged into the portal, third party personal information may be entered such as name, email, address, and other personal information. This information is only used for the purpose it is collected for.

Non-disclosure

Lux Scientiae will not release any information about its clients to third parties without the clients' explicit consent, except as required for compliance with local, state, and federal law or as further set forth below.

In certain situations, Lux Scientiae may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We reserve the right to disclose your personal information as required by law and when we believe that disclosure is necessary to protect our rights and/or comply with a judicial or bankruptcy proceeding, court order, or legal process served on our Web site. If Lux Scientiae is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Web site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

If you use a bulletin board, blog, or chat room on this Web site, you should be aware that any personally identifiable information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit in these forums. Testimonials are also posted on our site and users have given permission to have their personal information submitted in these testimonials. With your consent we may post your testimonial along with your name. To request removal of your personal information from these public areas of our site, contact us at privacy-officer@LuxSci.com. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. Alternatively, if you used a third party application to post such information, you may be able to remove it by either logging into the said application and removing the information or by contacting the appropriate third party application.

Some of our blogs (e.g. LuxSci Status) are managed by a third party application that may require you to register. We do not have access or control of the information posted to the blog. You will need to contact or login into the third party application if you want your personal information that was posted to the comments section removed. To learn how the third party application uses your information, please review their privacy statement.

You agree that Lux Scientiae may disclose any and all of your information including assigned IP numbers, account history, account use, etc., to any law enforcement agent who makes a verified written request, without further consent or notification to you. LuxSci will verify the legitimacy and authenticity of any such request and determine if compliance with the request is required by local, state, or federal law. Only if the request is verified and compliance is required will the request be filled. In addition, Lux Scientiae shall have the right to suspend or terminate all services, at its sole discretion, during or as a result of such a legal investigation.

Lux Scientiae does not give out its client's email addresses or send SPAM. Lux Scientiae may occasionally send important announcements regarding Lux Scientiae services to its customers if they have not opted out of this notification service.

For Customers that have a valid HIPAA Business Associate Agreement (BAA) with Lux Scientiae, in the event of a conflict or inconsistency between the terms of this nondisclosure policy and those of the BAA, the terms of the BAA shall prevail.

Confidentiality

Lux Scientiae staff will not examine the following classes of data without Customer's explicit consent:

  1. Email: The content of sent and received email messages, with the exception of the message metadata including: sender address, recipient addresses, message subject, message size, message id, IP address of the sending or connecting computers, and any message header information removed from messages for the purposes of outbound message anonymization.
  2. WebAides: The content of all WebAides, including comments and attachments
  3. Widgets: The content of all Widgets, except the content of custom or third party widgets that is defined directly as part of the widget definition.
  4. Databases: The content of all databases hosted by Customer in its web hosting account.
  5. Files: The content of all files saved to the Customers web/FTP space, except as they may otherwise be publicly accessible on the Internet via Customer's web site. Note that this covers only the content of the files, not the list of what files are present and what directories they are located in.

Information that does not fall within the above classes of data (i.e. email message metadata) will still be kept in the strictest confidence in accordance with Lux Scientiae's non-disclosure policy.

Exception 1: in a case where Lux Scientiae becomes aware of evidence of a possible violation by a client of its Acceptable Use Policy and it concludes that analysis of data is necessary in order to determine the facts, in order to prevent the sending of SPAM, Unsolicited Email, excessive utilization of system resources, or other violations of LuxSci's AUPs, Lux Scientiae will examine such client's data solely for such purpose. The contents of client's data will be kept in the strictest confidence in accordance with Lux Scientiae's non-disclosure policy.

Exception 2: from time to time Lux Scientiae may audit High Volume Outbound Email customers' bulk email practices. As stated in the High Volume AUP (HVAUP), Lux Scientiae can and will store and/or review the content of any or all outbound email messages sent via the High Volume service to ensure compliance with the High Volume Email Restrictions (see the HVAUP).

Exception 3: for Customers that have a valid HIPAA Business Associate Agreement (BAA) with Lux Scientiae, in the event of a conflict or inconsistency between the terms of this confidentiality policy and those of the BAA, the terms of the BAA shall prevail.

Medical privacy (HIPAA)

Clients that are legally required to abide by the regulations of HIPAA (i.e. HIPAA Covered Entities and HIPAA Business Associates), Lux Scientiae has the following Addendum to its Master Services Agreement (MSA). This is the "Business Associate Agreement" required for HIPAA compliance between Lux Scientiae, as the "Business Associate", and the Client, as the "Covered Entity".

Due to the Security and Privacy restrictions imposed by the BAA and by HIPAA that are not required for other types of accounts, this Addendum is not automatically incorporated into new or existing Lux Scientiae accounts. If you require a BAA with Lux Scientiae, please print out and sign the BAA and Account Restrictions Agreement using the links below and return them to Lux Scientiae for review and acceptance. LUX SCIENTIAE WILL NOT BE DEEMED A BUSINESS ASSOCIATE OF ANY CUSTOMER FOR PURPOSES OF HIPAA UNLESS AND UNTIL A SIGNED ADDENDUM IS RECEIVED, REVIEWED, AND ACCEPTED BY THE LUX SCIENTIAE HIPAA PRIVACY OFFICER.

You may return signed versions of these documents to Lux Scientiae by:

  • Using the Online Signature Form
  • Faxing to 413-332-0598
  • Emailing to: support AT LuxSci.com
  • Mailing to Lux Scientiae at 15 Brook Street, Medfield, MA 02052 USA
  • Scanning and attaching digital copies to a support ticket in your Lux Scientiae account.

EU—U.S. Privacy Shield

Lux Scientiae participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. Lux Scientiae is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework's applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield List.

Lux Scientiae is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Lux Scientiae complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Lux Scientiae is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Lux Scientiae may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

GDPR

This section applies to the EU General Data Protection Regulation (GDPR).

Being a smaller US-based organization with some exposure to citizens of the European Union, at LuxSci we are committed to ensuring the security and protection of the personal information that we collect or process. We have implemented technologies and procedures to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing US laws and abides by the data protection principles. However, we recognize our obligations in updating and expanding this program to meet the demands of the GDPR relating to citizens of the European Union.

In addition to the privacy policies and procedures mentioned above, we provide easy to access information via our website of an individuals right to access any personal information that LuxSci processes about them and to request information about:

  • What personal data we hold about them
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  • If we did not collect the data directly from them, information about the source
  • The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
  • The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
  • The right to lodge a complaint or seek judicial remedy and who to contact in such instances

Additionally:

  • Data Protection: Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
  • Data Retention & Erasure: We have implemented policies to ensure that we meet the "data minimization" and "storage limitation" principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new "Right to Erasure" obligation and are aware of when this and other data subject's rights apply; along with any exemptions, response time frames and notification responsibilities.
  • Data Breaches: Our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.
  • Subject Access Request (SAR): We have implemented a subject request form to accommodate the 30-day time frame for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.

How long do we keep your information for?

In addition to the data retention terms given above, the following additional terms apply to those identified as being in an EU member state.

  • LuxSci Affiliate accounts will be automatically closed and de-identified, to the extent applicable,* after 1 year of inactivity. Inactivity is defined as (a) not logging into the LuxSci Affiliate portal and (b) not receiving any commissions from LuxSci on affiliate referrals.
  • Data stored in our sales database will be de-identified, to the extent applicable,* 1 year after it is determined that the person is no longer interested in LuxSci services, or 1 year after that person/organization closes all LuxSci customer accounts.
  • LuxSci customer accounts will be de-identified, to the extent applicable,* automatically 1 year after the customer account is closed.

As mentioned previously, you may explicitly request that your data be deleted or de-identified, to the extent applicable,* at any time.

*We will retain and use your information as necessary to comply with our own legal obligations, to record your requests, to resolve disputes, to protect the security and privacy of our systems and customers, for statistical purposes, and to enforce our agreements.

Your right to complain

If you have a complaint about our use of your information, you can contact the LuxSci GDPR Data Protection Officer using the contact form or write to him at:

GDPR Data Protection Officer
LuxSci
PO Box 326
Westwood, MA
USA 02090

Data Privacy Contract Addendum

All customers whose data fall under the protection of GDPR have a GDPR Data Privacy Addendum automatically included in their Master Services Agreement with LuxSci. The most recent version of this addendum can be found here: