Privacy Policy

Lumiio Inc. (“Lumiio” or “we”) is committed to protecting the privacy of individuals who use our products and services. We take our responsibility seriously and are dedicated to safeguarding your personal information using industry standard practices.

Scope of this Privacy Policy

This Privacy Policy applies to all Lumiio platforms and services, including:

  • Our public-facing marketing website,
  • Custom and client-specific platforms built to support health data initiatives,
  • Portals used by clinicians, patients, researchers, and administrators, and
  • Platforms for the collection, management, and analysis of health data, including clinical trial and registry-related.

As Lumiio continues to develop new tools and expand its capabilities, this Privacy Policy will apply to all products and services that collect or process personal information on Lumiio’s behalf, unless stated otherwise in a specific platform notice.

Each platform may involve different types of users and data flows, and may also be governed by additional privacy notices or ethics-approved protocols depending on the context in which it is used.

Topics

What data do we collect?

Lumiio Inc. may collect the following personal information:

  • Restricted data – Personal identification information (name, email address, phone number, full date of birth, mailing address, postal/zip code)
  • Shared data – Your health information and any information you provide to our surveys.
  • Usage data - Data about how you use our platform (see section on cookies)

How do we collect your data?

You directly provide Lumiio Inc. with most of the data we collect. We collect data and process data when you:

  • Register online or place an order for any of our products or services.
  • Voluntarily complete a survey or provide feedback into our platform, our message boards or via email.
  • Use or view our website via your browser’s cookies.

Lumiio Inc. may also receive your data indirectly from the following sources:

Lumiio Inc. obtains data from various universities, institutions, and data sharing conglomerate when you consent to participate in research at these organizations.

How will we use your data?

Lumiio Inc. collects your data so that we can:

  • Perform statistical analysis and modelling on data entered
  • Provide datasets to the research and medical communities
  • Provide data to legal or ethics boards as mandated

Our legal basis for processing your data include:

  • Fulfillment of contract (operating the site for you)
  • Consent (asking you to participate in certain research projects)
  • Legitimate Interests (regulatory and law enforcement purposes)

The personal information you share with us will be de-identified and combined with information from other individuals. Unless otherwise specified in the Privacy Policy or in written notices to you during onboarding or registration, only this de-identified data will be used in research analyses and the aggregate results will be presented at scientific conferences and in publications.

How do we disclose your data?

Lumiio Inc. may provide de-identified data to a registry governing body and third parties who use it for purposes in accordance with the specific registry mandate while conforming to the limiting principle that only the minimum personal health information necessary for the purpose will be provided.

We may share data with our registry community, staff, sponsors, owners, partners, clients, researchers and vendors in connection with the purposes identified in this policy. This includes, but is not limited to, universities, pharmaceutical companies, healthcare institutions, hospital systems, research partners, patient organizations, governments, and regulatory bodies.

We may share identifiable personal information with the operators, sponsors or owners of a registry or program, where such operator, sponsor or owner: (i) is the program operator or data controller; and/or (ii) has appropriate ethics approval; and/or (iii) has been identified to you during onboarding or registration. Such sponsors, operators or owners may have access to the full set of data collected in that program, including identifying personal information, health information, and survey responses, subject to their own legal and ethical obligations.

Lumiio may share identifiable personal information with a client in connection with a client-specific platform. In such cases, Lumiio: (i) complies with applicable laws and ethics-approved protocols; (ii) has entered into written legal agreements between Lumiio and the client; and/or (iii) has identified such client to you at the time of registration or enrolment in the relevant program.

If required by law or applicable ethics board requirements, Lumiio Inc. may disclose information provided by you to applicable parties.

How do we store your data?

Lumiio Inc. securely stores your data in our cloud datacenter. The personal and health information is protected by administrative, physical, and technological controls that adhere to industry best practices for security and safeguards of medical data against unauthorized access, collection, use, disclosure or disposal. The data is always encrypted at rest and encrypted in transit. The system has been architected by the Lumiio Inc. Cyber Security team and includes periodic vulnerability and penetration testing assessments at minimum once per month.

Lumiio Inc. may keep your data for 10 years following the end of the project. Once this time period has expired, we will delete your data by deleting all your entered data from our system.

Who owns the data?

You retain ownership of the personal information you provide. By consenting, you grant Lumiio Inc. the right to maintain, use, and disclose your data as set forth in this privacy policy and the consent terms and conditions. You will have no rights to any inventions, commercial products or other such discoveries, and you will receive no economic benefit.

Marketing

Lumiio Inc. may send you information about products and services of ours that we think you might like, as well as those of our partner companies.

If you have agreed to receive marketing, you may always opt out at a later date.

You have the right at any time to stop Lumiio Inc. from contacting you for marketing purposes or giving your data to other members of the Lumiio Inc. group.

If you no longer wish to be contacted for marketing purposes, please contact [email protected] with your request.

What are your data protection rights?

Lumiio Inc. would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to see your data – You have the right to request Lumiio Inc. for copies of your personal information. We may charge you a small fee for this service.
  • The right to correct your data – You have the right to request that Lumiio Inc. correct any information you believe is inaccurate. You also have the right to request Lumiio Inc. to complete information you believe is incomplete.
  • The right to have your data deleted — You have the right to request that Lumiio Inc. erase your personal information, under certain conditions.
  • The right to restrict processing – You have the right to request that Lumiio Inc. restrict the processing of your personal information, under certain conditions.
  • The right to object to processing – You have the right to object to Lumiio Inc.’s processing of your personal information, under certain conditions.
  • The right to data portability – You have the right to request that Lumiio Inc. transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  • The right to be notified if your data is stolen- You have the right to be notified of any breach involving your personal information. We will notify the appropriate data protection authority within 72 hours of detecting a breach involving your data. We will notify you as soon as possible after that.

Note that these rights may be restricted where they conflict with other people’s rights or various legal processes. And we can’t undo any processing that has already happened. Further, these rights to edit, delete, be notified of a breach and object to processing all apply to personal information and do not apply to de-identified data that, for example, has been shared by us with our partners or vendors.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us:

Email us: [email protected]

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

For further information, visit allaboutcookies.org.

How do we use cookies?

Lumiio Inc. uses cookies in a range of ways to improve your experience on our website, including:

  • Keeping you signed in
  • Understanding how you use our website

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

  • Functionality — Lumiio Inc. uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
  • Advertising — Lumiio Inc. uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address.

How to manage your cookies

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Children and Youth Privacy

Our website and products are not intended for children under 13 years of age, and we do not knowingly collect personal information from children under 13. If you are under 13, you may not use our website or products, or provide any information about yourself to us.

If you are a child over the age of 13, you may only use our website and products, and provide personal information to us, if you have consent from your parent or legal guardian. By using our website or products, or providing any information about yourself to us, you represent that you:

  • are the over the age of majority, and understand and accept this Privacy Policy, or
  • are over the age of 13 and have obtained your parent or legal guardian’s consent (and your parent or legal guardian represents and warrants that they have read, understood and accepted this privacy policy).

If you believe we might have any information from or about a child without parent or guardian consent, please contact us at [email protected].

Privacy policies of other websites

Our services may contain links to other websites. This policy only applies to Lumiio platforms. Please read the privacy policies of any third-party sites you visit.

Changes to our privacy policy

Lumiio Inc. keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 11 June 2025.

How to contact us

If you have any questions about Lumiio Inc.’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: [email protected]

How to contact the appropriate authorities

In Canada:

Information Commissioner’s Office.
Web Address: https://www.oic-ci.gc.ca/en/submitting-complaint
Address Office of the Information Commissioner
30 Victoria Street, 7th Floor
Gatineau QC K1A 1H3
819-994-1768

In the US:

You can register a HIPAA complaint with the Department of Health and Human Services here.

In the European Economic Area:

You can contact the appropriate data protection authority here.