The Legal Area
Usability rules about LutinX’ websites
Ethic, Respect and transparency
LutinX and the GDPR
Our Legal office is at your service. Here you can find legal documents regarding the usability of our website and our products.
LutinX.com accessibility statement
Last Update:
July 26, 2024
At lutinx.com, nothing is more important than our customersโ success and the protection of their data. With customers in nearly every country in the world, we adhere to the General Data Protection Regulation (GDPR). The GDPR expands the privacy rights granted to European individuals and requires certain companies that process the personal data of European individuals to comply with a new set of regulations. In particular, the GDPR may apply to companies that process the personal data of European individuals and have a presence in the EU (e.g. offices or establishments) and to companies that do not have any presence in the EU but target the European market (e.g. by offering goods or services to the European market) or monitor the behavior of European individuals. Weโre here to help our customers in their efforts to comply with the GDPR.
What is the GDPR?
The European Unionโs General Data Protection Regulation (GDPR) became applicable in May 2018 and established a structured and comprehensive framework on how to collect, process, use, and share personal data in order to protect the privacy rights of EU data subjects. The GDPR generally applies to any organization operating within the EU and any organizations outside of the EU that offer goods or services to customers or businesses in the EU โ and process the personal data of EU-based individuals.
The GDPR expands the privacy rights granted to European individuals and is designed to protect their data protection rights by strengthening the security and protection of their data and strengthening their control over how their personal data is handled.
In the UK, parts of the GDPR were incorporated into local law by the enactment of the Data Protection Act 2018. On 31 December 2020, the remaining provisions of the GDPR were incorporated into the local UK creating what is known as the โUK GDPRโ. Currently, the UK GDPR contains very similar requirements to the EU GDPR. When we refer to โthe GDPRโ we are referring both to the EU GDPR and to the UK GDPR.
Roles and Responsibilities
The GDPR distinguishes between two main types of roles regarding the processing of personal data: โData Controllerโ and โData Processorโ. A data controller determines the purposes and ways that personal data is processed, while a data processor is a party that processes data on behalf of the controller.
Customers who are using lutinx.comโs services to process personal data for their purposes and means will typically be considered as the โData Controllerโ, and are primarily responsible for meeting all applicable GDPR requirements; while lutinx.com serves as its customerโs โData Processorโ, processing such personal data on behalf of its customers.
Compliance with the GDPR?
Our legal and privacy teams regularly monitor and review our practices to ensure ongoing and full compliance with the GDPR, including:
- Reviewing and strengthening our security infrastructure andย practices, data encryption in transit and at rest, backup, logs, and security alerts.
- Conducting periodical risk assessments and data mapping processes to ensure proper management of personal data under GDPRโs requirements.
- Engaging in regular monitoring of the guidance around GDPR compliance and ensuring ongoing compliance with the GDPR through our internal procedures, processes, and controls and recurring training sessions for the team.
- Enabling our customers to respond to data subject requests to exercise their privacy rights, and deleting or anonymizing analytics data of users after userโs deletion.
- Received an internationally recognized security certification forย ISO 27001ย ISMS (information security management system) andย ISO 27018ย (for protecting personal data in the cloud).
- Ensuring appropriate contractual terms are in place, to perform our role as a data processor for our customers while complying with the GDPR.
- Revised ourย Data Processing Addendumย to ensure the protection of personal data, according to customary industry standards, and such appropriate lawful mechanisms and contractual terms in compliance with the GDPR following the invalidation of the Privacy Shield Framework.
- Allowing our customers to enter into standard contractual clauses (SCCs) adopted by the European Commission on 4 June 2021 (bothย controller-to-processorย andย processor-to-processor) for the international transfers of personal data, including an Annex intending to cover transfers of personal data from the UK to third countries (see Annex III). We have supplemented the SCCs with Additional Safeguards (see Annex IV) to further strengthen the rights and freedoms of data subjects.
- Regularly performing security and privacy assessments of our sub-processors to ensure their adherence to GDPR principles.
- Designating aย representativeย in the EU and the UK and appointing a Data Protection Officer (DPO) for monitoring and advising on lutinx.comโs ongoing privacy and data protection compliance and serving as a point of contact about data protection and privacy matters for individuals and supervisory authorities.
- Having procedures for handling suspected breaches concerning personal data, limiting the use, disclosure, and retention of personal data, and regularly conducting privacy training for all relevant members of our staff.
If you have any questions concerning lutinx.comโs privacy program and our compliance with the GDPR, please feel free to contact our Data Protection Officer & Privacy Team atย dpo@lutinx.com.