Privacy policy

EFFECTIVE DATE: September 1, 2017
The structure has been updated to clarify the data collected from survey respondents, and refined the policy according to the latest additions to GDPR : February 3rd, 2021

This policy

This privacy policy applies to products and services owned and operated by Lumoame Oy (“Lumoa”). Lumoa is committed to protecting your privacy and complying with applicable data protection and privacy laws. This Privacy Policy (“Policy”) is designed to help you to understand what kind of information we collect and how we process and use such information.

This privacy policy covers how Lumoa handles personal information, meaning information relating to an identified or identifiable individual (i.e. a natural person). This Policy applies to personal data collected in connection with the products and services offered by Lumoa, website and interactions related to our service or website such as customer support, customer events, or promotions and campaigns.

For the purposes of this policy, Lumoa defines the terms:

  • “Respondent” as an individual who responds Lumoa surveys
  • “Client” as a business with which Lumoa has an established relationship
  • “Customer” as a customer of a Lumoa client
  • “Website user” as a person who accesses Lumoa website

Data Lumoa collects from different groups of users

Lumoa does not receive, use or collect personally identifiable information, such as names, addresses, phone numbers and e-mail addresses, except under the following circumstances:


For the most part, you may visit our websites without having to identify yourself. However, certain technical information is normally collected as a standard part of your use of our services. Such information includes, for example, your IP-address, access times, the website you linked from, pages you visit, the links you use, the ad banners and other content you viewed, information about your devices and other such technical information your browser provides us with or as may be otherwise collected in connection with certain products and services. Please also see the section “Use of Cookies and Web Beacons” below.

Our Site includes links to other Websites whose privacy practices may differ from those of Lumoa. If you submit personally identifiable information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any Website you visit.

Newsletter and other marketing materials requiring subscription

When you sign up for our regular newsletter, we shall send you newsletter(s) or communications regarding products which may be of interest to you. If you no longer wish to receive these communications you can follow the unsubscribe instructions contained in each of the email communications you receive.

Social media features

Our Website and some surveys include Social Media Features, such as the Facebook Like button. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features are hosted by a third party. Your interactions with these Features are governed by the privacy policy of the company providing it.


Our Website offers publicly accessible blogs with comment section. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.

Product demo

When a website user goes to to request a demonstration of a Lumoa service, he or she must provide personal contact details and potentially some other information. Lumoa also collects some marketing contact information such as name and email address through third parties.  This information is used for marketing purposes only.


We may display anonymously personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent we may post your testimonial along with your name.

Communicating with you and marketing

We may process and use your personal data to communicate with you, for example, to provide information relating to our products and/or services you are using or to contact you for customer satisfaction queries. We may process and use your personal data for marketing. Marketing purposes may include using your personal data for personalized marketing or research purposes in accordance with applicable laws, for example, to conduct market research and to communicate our products, services or promotions to you via our own or third parties’ electronic or other services.


We may process and use your personal data for profiling for such purposes as targeted direct marketing and improvement of our products or services. We may also create aggregate and statistical information based on your personal data. Profiling includes automated processing of your personal data for evaluating, analyzing or predicting your personal preferences or interests in order to, for example, send you marketing messages concerning products or services best suitable for you.

Use of Cookies and beacons

Lumoa may use cookies (small text files placed on your device) primarily to identify returning users from the same computer and ensure the integrity of its research.  As part of its basic uses of Internet technology to provide surveys, Lumoa also collects technical information such as: respondent IP address; the date and time and respondent HTTP request headers. Lumoa also uses third-party analytical cookies for tracking web traffic and usage.

Lumoa may use so called web beacons (or “pixel tags”) in connection with some websites. However, we do not use them to identify individual users personally. Web beacons are typically graphic images that are placed on a website and they are used to count visitors to a website and/or to access certain cookies. This information is used to improve our services.

Web beacons do not typically collect any other information than what your browser provides us with as a standard part of any internet communication. If you turn off cookies, the web beacon will no longer be able to track your specific activity. The web beacon may, however, continue to collect information of visits from your IP-address, but such information will no longer be personally identifiable.

If you wish to disable cookies, or want to be notified before they are placed, you may do this in your browser settings. However, we may not be able to provide certain services or you may not be able to view certain parts of this site if you have disabled cookies. Some of our business partners whose content is linked to or from our website may also use cookies or web beacons. However, we have no access to or control over these cookies.

Your rights

You may at any time object to your personal data being processed for direct marketing purposes, sending promotional materials, profiling, or for the performance of market research. Further, where your personal data is processed based on your consent, you have the right to withdraw your consent for such processing at any time.

In case you wish to make use of your rights mentioned above, you may, as appropriate and in accordance with applicable laws, exercise such rights by contacting us through the contact points referred in the marketing materials or below in this Policy.


Processor may have access to or otherwise process Customer Personal Data under the Agreement for the purpose of providing the Services to Customer. Processing in this document refers to Processor’s access to and analysis of Customer Personal Data provided by Customer in connection with the provision of the Services.

Data subjects are Customer’s customers, employees and other individuals, whose personal data Customer has provided to Processor in connection with the provision of the Services.

Categories of Customer Personal Data contain customer feedback, employee feedback as well as technical data on employees who use the Services. Processor may also process other categories of Customer Personal Data when such is included in the Customer Personal Data provided to Processor as part of the Services.

The Parties shall process Customer Personal Data in accordance with EU Data Protection Laws.

Processor shall ensure that personnel with access to Customer Personal Data are subject to confidentiality obligation.

Processor shall take reasonable steps to ensure the reliability of its employees and Subprocessors who may have access to Customer Personal Data, ensuring that access to Customer Personal Data is limited to those individuals who need to know or access the relevant Customer Personal Data, as necessary for the purposes of the Agreement.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Processor shall in relation to the Customer Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

The agreement between Lumoa and client determines the data retention policies.

For all clients, we provide an opportunity to sign Data Processing Agreement with us. To receive the Agreement template, please contact [email protected]


Provision of products and services

We may process and use your personal data to provide you the product or service you have requested, fulfill your other requests, process your order or as otherwise may be necessary to perform or enforce the contract between you, your employer organization and Lumoa. We may also process and use your personal data to ensure the functionality and security of our products and services, to identify you, and to prevent and detect fraud and other misuses.

Development of products and services

We mostly use aggregate and statistical information in the development of our products and services, and not data directly identifiable to you. If you are providing feedback on our product and services either using digital channels such as chat or email or through a direct communication with Lumoa employee or representative, that feedback may be assigned with your name to our product development system.

Communicating with you and marketing

We may process and use your personal data to personalize our product related communications and to provide you with tips and recommendations on, for example, how to use the service, new features of our service or third party services closely related to our service. We may also use personal data to contact you for customer satisfaction queries.


Lumoa surveys respondents on behalf of its clients. Typically respondents are customer’s of Lumoa’s client or employees of Lumoa’s client on behalf of its clients. In the surveying process, Lumoa may receive customers’ personally identifiable information either as part of the survey response or directly from its clients. This personally identifiable information is only used for the purposes specified in the written agreement between Lumoa and client and the data is always owned by the client. Lumoa never sells personally identifiable information to an third party.

Lumoa may, with the written consent of its clients, use the responses without personally identifiable information in an aggregated format for purposes defined in the agreement, most typically for product development purposes and other business purposes.

When collecting data from survey respondents, Lumoa does not seek to collect any sensitive information such as social security numbers or health information. Lumoa does not seek to collect any information from or engage in any transactions with persons under the legal age in their respective country.

Where a consent from you to the processing of personal data is required under the applicable law, such consent will be obtained by appropriate mechanism such as ticking a box stating your consent, choosing technical settings for a service or website, or other statement or conduct clearly indicating your acceptance to the processing, depending on the product, website, service or application you are using.

Lumoa is not in the business of selling or renting personally identifiable information gathered on its website or in the course of client work to third parties. Lumoa shares information with third parties, such as its clients, only as described in this policy or as described at the time information is collected. For example, Lumoa may, at the request of a client, ask you for your email address so a client can follow up with you about your responses to a survey. The provision of such information is typically voluntary, and at all times participation in a survey is voluntary.

We will retain your information for as long as needed to provide services to our clients. After the contract with the client ends, the data will be deleted as agreed in the Agreement between client and Lumoa. We will retain the information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Lumoa collects information under the direction of its Clients, and has no direct relationship with their respondents whose personal data it processes.

We collect information for our clients, if you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the client that you interact with directly.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct his query to the Lumoa’s Client (the data controller). If the Client requests Lumoa to remove the data, we will respond to their request within a reasonable timeframe.

General about the Privacy Policy data security

Lumoa implements appropriate technical and organizational security measures to prevent and minimize risks associated with providing and processing personal data.

Such security measures include, where appropriate, the use of firewalls, secure server facilities, encryption, implementing proper access rights management systems and processes, careful selection of processors, sufficient training of personnel involved in the processing, and other necessary measures to provide appropriate protection for your personal data against unauthorized use or disclosure. Where appropriate, we may also take back-up copies and use other such means to prevent accidental damage or destruction of your personal data. All traffic is encrypted using Secure Socket Layer technology (SSL) or other encrypted tunnels.

We restrict access to personal information only to authorized personnel, contractors and agents who need to know that information in order to operate, develop or improve our service. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

Lumoa follows the EU GDPR data protection principles. We take appropriate steps to ensure that the personal data we collect under this Privacy Policy is processed according to the provisions of this Privacy Policy and the requirements of applicable law no matter where the data is stored. These steps include a variety of legal mechanisms, such as the use of personal data processing agreements incorporating the EU Commission Model Clauses.

Transfers of personal data

We may disclose your personal data to third parties solely as stated below in this Policy, or as obligated by mandatory law.

International transfers

Our products and services are provided using resources and servers located inside European Union. If we need to transfer your data outside of EU, we take steps to ensure that adequate protection for your personal data is provided as required by applicable laws. For international transfers of your personal data, we generally rely on agreements that are based on the Standard Contractual Clauses (“SCCs”) of the European Commission.

Service providers

From time to time, Lumoa may contract with third parties to perform functions necessary for its research operations and, under the terms of those contracts, may transfer data to those third parties. Lumoa requires any such third party to maintain confidentiality of such data. We use other third parties such as an email service provider to send out emails on our behalf. When you sign up for our services, we will share your personal information only as necessary for the third party to provide that service. We also use third parties to assist us in selling our services.

Other disclosures

We may disclose and otherwise process your personal data in accordance with applicable laws to defend Lumoa’s legitimate interests, for example, in civil or criminal legal proceedings.

Mergers and acquisitions

If we decide to sell, buy, merge or otherwise reorganize our business, this may involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers, for the purposes of such transactions.


In the event you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws or that Lumoa has not sufficiently ensured the realization of your rights, you may lodge a complaint with the local supervisory authority responsible for data protection matters.


If we decide to change our privacy policy, we will post these changes to the Lumoa website. All changes will be posted to this privacy policy, the homepage, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. The date of last revision will be shown on the website.

We reserve the right to modify this privacy policy at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by e-mail, or by means of a notice on our home page prior to the change becoming effective.


If we decide to change our privacy policy, we will post these changes to the Lumoa website. All changes will be posted to this privacy policy, the homepage, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. The date of last revision will be shown on the website.

Data Subject Rights

You can access, rectify, erase, restrict or export your personal information at any time by emailing us at  [email protected]. You can object to our processing of your personal information at any time. You can contact our Data Protection Officer with requests or concerns at [email protected].


If you have any questions or comments about this privacy policy or the practices of this site, or unresolved privacy and data use concerns, please contact Lumoa by e-mailing [email protected].

The data controller responsible for the purposes of the applicable data protection laws is:

Lumoame Oy
Business ID: FI27917978
Hermannin Rantatie 8
00580 Helsinki Finland