← Back to Home

GDPR Compliance

General Data Protection Regulation Compliance Statement

VoxWel is a product of Lumora Ventures

GDPR Compliant Platform

Lumora Ventures is committed to protecting your data rights

1. Our Commitment to GDPR Compliance

Lumora Ventures and our product VoxWel are fully committed to compliance with the European Union's General Data Protection Regulation (GDPR). We respect your data privacy rights and have implemented comprehensive measures to ensure your personal data is processed lawfully, fairly, and transparently.

This page outlines how we comply with GDPR requirements and what rights you have regarding your personal data.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

Contract Performance

Processing necessary to provide the VoxWel service to you and your organization

Legitimate Interest

Improving our services, security, fraud prevention, and business operations

Legal Obligation

Complying with legal requirements, court orders, and regulatory obligations

Consent

Where you have given explicit consent for specific processing activities

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access (Article 15)

You can request a copy of all personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data. We will update your information within 30 days and notify any third parties where appropriate.

Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

  • The data is no longer necessary for its purpose
  • You withdraw consent (where applicable)
  • You object and there are no overriding grounds
  • The data was unlawfully processed
  • Legal obligations require deletion

Right to Restriction of Processing (Article 18)

You can request restriction of processing when you contest accuracy, processing is unlawful, or you need the data for legal claims.

Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Article 7)

Where processing is based on consent, you can withdraw it at any time without affecting prior processing.

Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with GDPR.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Submit a GDPR Request

Email our Data Protection Officer at:

dpo@lumoraventures.com

Include "GDPR Request" in the subject line and specify which right you wish to exercise.

Response Time: We will respond to your request within 30 days (extendable to 60 days for complex requests).

Verification: We may need to verify your identity before processing your request to protect your data.

Cost: Requests are generally free, unless they are manifestly unfounded or excessive.

5. Data Protection Measures

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Anonymous posts use additional encryption layers.

Access Controls

Role-based access controls limit who can view personal data. Multi-factor authentication required for administrators.

Audit Trails

Comprehensive logging of all data access and processing activities for accountability and compliance.

Regular Audits

Annual third-party security audits and continuous internal compliance reviews.

6. Data Processing Agreements (DPA)

For organizations using VoxWel:

  • We act as a data processor on behalf of your organization (the data controller)
  • We provide a comprehensive Data Processing Agreement (DPA) compliant with GDPR Article 28
  • Standard Contractual Clauses (SCCs) are included for international data transfers
  • Your organization retains full control over employee data and processing instructions

7. International Data Transfers

When transferring data outside the EEA, we ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfer Impact Assessments (TIAs) to evaluate data protection laws in recipient countries
  • Additional safeguards including encryption, access controls, and data minimization
  • Preference for data storage within the EU/EEA where possible

8. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours
  • We will notify affected individuals without undue delay if the breach poses a high risk
  • We will document all breaches, including facts, effects, and remedial actions
  • We maintain an incident response plan tested annually

9. Data Protection Impact Assessments (DPIA)

We conduct DPIAs for processing activities that pose high risks to data subjects, including our anonymous posting feature. These assessments help us identify and minimize privacy risks before implementing new features or processing activities.

10. Contact Our Data Protection Officer

For any GDPR-related questions or concerns:

Lumora Ventures - Data Protection Officer

Email: dpo@lumoraventures.com

Address: 123 Innovation Street, San Francisco, CA 94102

You can also contact your local supervisory authority if you have concerns about how we handle your data.

11. Supervisory Authorities

If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection authority. Find your supervisory authority at: European Data Protection Board