At LUMIQ | Crisp Analytics Pvt. Ltd. (“LUMIQ”, “we”, “our”, or “us”), protecting your privacy and personal data is one of our highest priorities. This Privacy Policy explains how we collect, use, process, store, disclose, transfer, and safeguard your personal data when you access our website, products, services, applications, platforms, or otherwise interact with us through digital or offline channels.
By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data in accordance with applicable laws.
This Privacy Policy has been designed in compliance with applicable laws including the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000, applicable international privacy regulations, and where applicable, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
01Definitions
For the purposes of this Policy:
- Personal Data means any information relating to an identified or identifiable natural person.
- Data Principal means the individual to whom personal data relates under applicable law.
- Processing means collection, storage, organization, use, transfer, disclosure, deletion, modification, or destruction of personal data.
- Consent means freely given, specific, informed, unconditional, and unambiguous agreement for processing of personal data.
02Information We Collect
We may collect the following categories of information:
Personal Identification Information
- Full Name
- Email Address
- Phone Number
- Organization Name
- Designation
- Country or Geographic Location
Information You Provide
- Contact forms and inquiries
- Product demo requests
- Feedback and surveys
- Customer support communication
- Business communications and correspondence
Technical Information
- IP Address
- Browser Information
- Device Information
- Operating System
- Website usage behavior
- Session duration
- Clickstream and analytics information
Professional Information
- Business contact details
- Company information
- Industry information
- Professional preferences and service requirements
03How We Collect Information
We collect information through:
Direct Interactions
When users:
- Submit forms
- Subscribe to communications
- Contact us directly
- Request product information
- Participate in events or webinars
Automated Technologies
Using technologies including:
- Cookies
- Web beacons
- Security monitoring tools
- Website analytics platforms
- Performance monitoring systems
Third-Party Sources
Information may also be collected through:
- Business partners
- Social media platforms
- Integrated applications
- Marketing service providers
- Publicly available professional sources
04Legal Basis for Processing
We process personal data under one or more lawful bases including:
- Consent provided by the user
- Performance of contractual obligations
- Compliance with legal and regulatory obligations
- Legitimate business interests
- Fraud prevention and security monitoring
- Operational continuity and service delivery
- Internal governance, audit, and compliance obligations
Where legally required, we obtain explicit consent before processing personal data.
05Purpose of Processing
We process personal data for purposes including:
- Providing and improving products and services
- Customer onboarding and account management
- Responding to inquiries and customer support
- Marketing communication where legally permitted
- Product development and service improvement
- Website analytics and performance optimization
- Security monitoring and fraud prevention
- Legal and regulatory compliance obligations
- Internal audits and governance activities
- Business analytics and operational reporting
We follow principles of necessity, proportionality, and data minimization while processing personal data.
06Cookies and Tracking Technologies
We use cookies and similar technologies to improve website performance and user experience.
Types of cookies may include:
- Essential cookies
- Functional cookies
- Analytics cookies
- Performance cookies
- Security cookies
Users may manage or disable cookies through browser settings.
Where legally required, consent will be obtained prior to deploying non-essential cookies.
We do not sell personal information for cross-context behavioral advertising.
07Sharing and Disclosure of Personal Data
We may disclose information to:
Service Providers
Including providers supporting:
- Cloud infrastructure hosting
- Security monitoring
- IT support services
- Email communication services
- Analytics services
- Customer support systems
Business Partners
Where required for service delivery or contractual obligations.
Legal Authorities
Where disclosure is required by law, regulatory obligations, legal process, or lawful government requests.
Corporate Transactions
Including:
- Merger
- Acquisition
- Corporate restructuring
- Business transfer
We do not sell personal information.
08Subprocessors and Third-Party Service Providers
We may engage authorized subprocessors and third-party service providers for infrastructure hosting, analytics, customer support, communication services, security monitoring, operational services, and business support activities.
All third parties are contractually obligated to:
- Maintain confidentiality
- Implement appropriate security safeguards
- Process personal data only for authorized purposes
- Comply with applicable privacy and security requirements
09Data Retention
We retain personal data only for as long as necessary to fulfill business, contractual, operational, legal, regulatory, and legitimate business purposes.
Retention periods may vary depending upon:
- Nature of the data
- Applicable laws
- Contractual obligations
- Business requirements
- Security and compliance requirements
Upon expiration of applicable retention periods, personal data shall be securely deleted, anonymized, or archived in accordance with internal data management standards.
10Data Security Measures
We implement appropriate technical and organizational safeguards including:
- Secure cloud hosting infrastructure including AWS environments where applicable
- Encryption of sensitive data in transit and at rest
- Access controls and role-based permissions
- Multi-factor authentication
- Security monitoring systems
- Vulnerability assessments and penetration testing
- Audit logging and monitoring
- Backup and disaster recovery procedures
- Incident response management processes
No method of internet transmission can be guaranteed as completely secure.
11International Data Transfers
Your personal data may be processed or stored outside your country of residence.
Where international data transfers occur, we implement appropriate safeguards including:
- Contractual protections
- Security controls
- Restricted access mechanisms
- Compliance obligations under applicable law
12Privacy Rights
Depending on applicable law, individuals may have the right to:
- Access personal data
- Correct inaccurate information
- Request deletion of personal data
- Withdraw consent at any time with the same ease as provided
- Restrict certain processing activities
- Seek grievance redressal
- Nominate another individual to exercise rights in case of incapacity or death
- Request information regarding third-party disclosures
13Procedure to Exercise Privacy Rights
Requests may be submitted through email: info@lumiq.ai
Request handling process
- Submission of request
- Acknowledgment within 48 hours
- Identity verification if necessary
- Internal privacy review
- Processing of request
- Decision communication
- Closure confirmation
- Appeal where applicable
Standard response time
15 to 30 business days depending upon complexity and legal requirements.
14Privacy Grievance Redressal Mechanism and Escalation Matrix
LUMIQ is committed to addressing privacy concerns, complaints, and grievances in a fair, transparent, and timely manner.
If you believe that your personal data has been collected, processed, stored, disclosed, or handled in a manner inconsistent with this Privacy Policy or applicable law, you may raise a privacy-related grievance with us.
To help us investigate and address your concern effectively, please provide:
- Full Name
- Registered Email Address
- Contact Information
- Nature of Complaint
- Detailed Description of Issue
- Supporting Documents if applicable
Stage 1 – Initial Complaint Submission
The complainant may submit a grievance to the designated Privacy or Grievance Officer.
Stage 2 – Acknowledgment
Acknowledgment shall be provided within 48 hours. The acknowledgment may include:
- Complaint reference number
- Date of receipt
- Assigned point of contact
- Expected response timeline
Stage 3 – Investigation
The privacy team shall assess:
- Nature of grievance
- Personal data involved
- Systems affected
- Potential impact
- Legal and regulatory implications
Investigation shall ordinarily be completed within 7 business days.
Stage 4 – Resolution
LUMIQ shall communicate findings and proposed resolution. Resolution may include:
- Data correction
- Deletion where applicable
- Restriction of processing
- Clarification
- Corrective actions
- Complaint closure
Final response shall normally be provided within 30 calendar days.
Stage 5 – Internal Escalation Matrix
If dissatisfied with initial resolution, the complaint may be escalated internally.
| Escalation Level | Designation | Responsibility | Indicative Timeline |
|---|---|---|---|
| Level 1 | Grievance Officer | Initial complaint handling | 48 Hours |
| Level 2 | Privacy Team / Compliance Team | Detailed privacy review | 7 Business Days |
| Level 3 | Data Protection Lead / Compliance Head | Escalated privacy review | 10 Business Days |
| Level 4 | Legal Team / Chief Information Security Officer | Legal and risk review | 15 Business Days |
| Level 5 | Senior Management / Executive Leadership | Final internal escalation | As Applicable |
Stage 6 – External Remedies
If a grievance remains unresolved after internal escalation, the complainant may seek remedies available under applicable law, including approaching competent regulatory or legal authorities.
Non-Retaliation Commitment
LUMIQ shall not discriminate against or disadvantage any individual solely because they exercised privacy rights or submitted a grievance.
Continuous Improvement
All grievances shall be periodically reviewed to improve privacy controls, strengthen safeguards, and enhance governance practices.
15California Privacy Rights (CCPA/CPRA)
Where applicable, California residents may:
- Know what personal information is collected
- Request correction of inaccurate information
- Request deletion of personal information
- Request disclosure regarding third-party sharing
- Opt out of sale or sharing of personal information
LUMIQ does not sell personal information. We do not discriminate against individuals exercising privacy rights.
16Consent Management and Withdrawal
Where processing is based on consent, users may withdraw consent at any time with the same ease as consent was originally provided.
Consent withdrawal may impact service delivery.
Consent may be withdrawn through:
- Website consent management tools
- Email requests
- Privacy request mechanisms provided on our website
We maintain records of consent collection, modification, and withdrawal wherever required under applicable law.
Withdraw Your Consent
Under the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000, you have the right to withdraw your consent at any time with the same ease as it was given. Use the consent-withdrawal tool to revoke your consent for data processing by LUMIQ.
No active consent record found.
You have not given explicit consent through this website, or your consent has already been withdrawn. To exercise other data rights (access, correction, deletion), contact us at info@lumiq.ai.
17Automated Processing and Artificial Intelligence Systems
Certain services provided by LUMIQ may involve:
- Artificial intelligence systems
- Machine learning models
- Automated decision support systems
- Advanced analytics platforms
- Algorithmic processing technologies
Where such systems process personal data, we implement safeguards to ensure lawful, fair, secure, transparent, and responsible data processing.
18Data Breach Management
In the event of a personal data breach or security incident, we will:
- Investigate promptly
- Assess impact and associated risks
- Contain and mitigate threats
- Perform remediation activities
- Notify affected stakeholders and relevant authorities where required under applicable law and contractual obligations
- Implement corrective actions to prevent recurrence
19Children’s Privacy
Our services are not intended for individuals under the age of 18 years. We do not knowingly collect personal data from children.
20Third-Party Links
Our website may contain links to third-party websites. We do not control or assume responsibility for privacy practices adopted by such websites. Users are encouraged to review third-party privacy policies independently.
21Privacy by Design Commitment
We implement privacy by design principles including:
- Data minimization
- Least privilege access
- Secure system architecture
- Encryption by default where appropriate
- Secure development lifecycle
- Vendor security management
- Continuous monitoring and governance oversight
22Policy Updates and Re-Consent
We may update this Privacy Policy periodically. Where material changes occur, users may be notified through website notices, communication channels, or consent mechanisms where legally required.
Continued use of services after acceptance constitutes agreement to revised terms.
23Contact Information and Grievance Officer
For privacy concerns, rights requests, or grievances:
Grievance Officer: Sneha Pandey
Company: LUMIQ | Crisp Analytics Pvt. Ltd.
Address: 9th Floor, Tower-A, Noida One, Sector 62, Noida, Uttar Pradesh – 201301
Email: sneha.pandey@lumiq.ai
For Privacy Requests: info@lumiq.ai
For General Inquiries: hello@lumiq.ai
24Compliance Commitment
LUMIQ is committed to maintaining appropriate privacy, cybersecurity, and data protection standards.
We regularly review internal controls, vendor management practices, technical safeguards, organizational measures, and compliance obligations to ensure protection of personal data entrusted to us.
We remain committed to maintaining confidentiality, integrity, availability, accountability, and lawful processing of personal information in accordance with applicable privacy and security regulations.