Privacy Policy

Company name:

LumiDesk Ltd

Company type:

Private limited company

Registered office:

2 Mile Lane, BL8 2DS, United Kingdom

Email:

support@lumidesk.co.uk

Company number:

[Add company number]

In this Privacy Policy, “LumiDesk”, “we”, “us” or “our” means LumiDesk Ltd.

For privacy-related questions, contact us at: support@lumidesk.co.uk

This Privacy Policy applies when you:

• visit our website;
• submit a contact form;
• request or book a demo;
• communicate with us by email or other channels;
• use or enquire about LumiDesk services;
• interact with our website analytics or tracking technologies;
• become a LumiDesk customer, user, prospect, supplier, or partner.

This policy does not cover third-party websites or services that we do not control.

We may collect the following types of personal data.

Information you provide directly

When you contact us, request a demo, or submit a form, we may collect:

• full name;
• work email address;
• phone number;
• clinic or business name;
• clinic address or postcode;
• website URL;
• clinic type;
• team size;
• message content;
• demo preferences;
• booking details;
• any other information you choose to provide.

Information collected through demo booking

If you book a demo through Calendly or attend a Zoom meeting, we may collect:

• name;
• email address;
• phone number, where provided;
• clinic or business details;
• selected date and time;
• meeting type;
• booking status;
• cancellation or rescheduling information;
• meeting link or event details.

Calendly and Zoom may also process your personal data under their own privacy policies.

Website and technical information

When you visit our website, we may collect:

• IP address;
• browser type and version;
• device type;
• operating system;
• pages visited;
• referring website;
• approximate location derived from technical data;
• date and time of visit;
• website performance and usage information.

We may collect this through hosting, analytics, performance monitoring, cookies, or similar technologies.

Information processed through LumiDesk services

If you become a customer and use LumiDesk services, we may process data relating to:

• clinic staff users;
• clinic customer or patient enquiries;
• conversations and messages;
• lead details;
• booking preferences;
• service interests;
• notes, tags, statuses, and workflow information;
• AI-generated summaries or suggested actions;
• integration data from connected platforms.

Where LumiDesk processes your customers’ or patients’ personal data on behalf of your clinic, we may act as a processor, and your clinic may act as the controller. In that case, separate data processing terms may apply.

We collect personal data when:

• you fill in a form on our website;
• you book a demo;
• you email us;
• you interact with our website;
• you use our services;
• your clinic connects third-party tools or channels to LumiDesk;
• third-party service providers send us booking, analytics, or technical information.

We may use personal data to:

• respond to enquiries;
• arrange, manage, or follow up on demos;
• provide information about LumiDesk;
• create and manage customer accounts;
• provide and improve LumiDesk services;
• manage clinic enquiries, conversations, leads, and bookings;
• provide customer support;
• send service-related messages;
• monitor website performance;
• understand how people use our website;
• improve our website, services, and user experience;
• protect our systems and prevent misuse;
• comply with legal, regulatory, accounting, or tax obligations;
• enforce our terms and protect our rights.

We rely on different lawful bases depending on how and why we use personal data.

Contract

We may use personal data where it is necessary to provide services, manage accounts, deliver customer support, or take steps before entering into a contract.

Legitimate interests

We may use personal data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights and freedoms.

Our legitimate interests may include:

• responding to business enquiries;
• following up with prospective customers;
• improving our website and services;
• securing our systems;
• understanding how users interact with our website;
• managing customer relationships;
• developing LumiDesk as a business.

Consent

We may rely on consent where required, for example for certain cookies, marketing preferences, or optional communications.

Where we rely on consent, you can withdraw consent at any time.

Legal obligation

We may process personal data where necessary to comply with legal, regulatory, accounting, tax, or reporting obligations.

We may contact business prospects or customers about LumiDesk where legally permitted.

You can opt out of marketing communications at any time by contacting: support@lumidesk.co.uk

We will still send service-related or transactional messages where necessary, such as demo confirmations, account notifications, or important service updates.

Our website may use cookies or similar technologies to operate properly, improve user experience, measure performance, and understand website usage.

We may use tools such as:

• Vercel Analytics;
• Vercel Speed Insights;
• hosting and performance logs;
• other analytics or tracking tools added in the future.

Analytics and performance tools may collect technical information such as page views, device information, browser information, and performance data.

If we introduce non-essential cookies or tracking technologies that require consent, we will provide a suitable cookie notice or consent mechanism.

LumiDesk may use AI-assisted features to help manage enquiries, summarise conversations, classify leads, generate suggested responses, and support booking workflows.

AI-assisted processing may involve:

• analysing message content;
• identifying enquiry intent;
• generating summaries;
• suggesting next actions;
• helping organise conversations.

AI output may not always be complete or accurate. Clinics remain responsible for reviewing important conversations and making clinical, medical, legal, or business decisions.

We do not intend LumiDesk to be used as a substitute for professional medical advice, emergency triage, or urgent clinical decision-making.

We may share personal data with trusted service providers who help us operate our website and services.

These may include:

• website hosting providers;
• database and backend providers, such as Supabase;
• scheduling providers, such as Calendly;
• video meeting providers, such as Zoom;
• email and domain providers;
• analytics and performance providers, such as Vercel;
• payment providers, if payments are introduced;
• communication platforms and integrations;
• professional advisers, such as accountants or legal advisers;
• regulators, authorities, or law enforcement where required by law.

We only share personal data where necessary and appropriate.

Some service providers we use may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we will take steps designed to ensure appropriate safeguards are in place, where required by law. This may include using countries with adequacy regulations, standard contractual clauses, international data transfer agreements, or other legally recognised safeguards.

We keep personal data only for as long as reasonably necessary for the purposes described in this policy.

Typical retention periods may include:

• contact form enquiries: up to 24 months;
• demo booking information: up to 24 months;
• customer account data: for the duration of the customer relationship and a reasonable period afterwards;
• billing, tax, and accounting records: as required by law;
• website analytics data: according to the retention settings of the relevant analytics provider;
• support and communication records: for as long as needed to manage the relationship, resolve issues, and protect our rights.

If we do not have a fixed retention period, we use criteria such as the nature of the data, reason for collection, legal requirements, relationship status, and potential need to resolve disputes.

We take reasonable technical and organisational measures to protect personal data.

These may include:

• access controls;
• secure cloud services;
• encryption where appropriate;
• role-based access;
• monitoring and logging;
• limiting access to authorised people;
• reviewing security settings;
• using reputable third-party providers.

No system is completely secure, so we cannot guarantee absolute security.

Depending on the circumstances, you may have rights under UK data protection law, including:

• the right to access your personal data;
• the right to correct inaccurate personal data;
• the right to request deletion;
• the right to restrict processing;
• the right to object to processing;
• the right to data portability;
• the right to withdraw consent where processing is based on consent;
• the right to complain to a supervisory authority.

To exercise your rights, contact: support@lumidesk.co.uk

We may need to verify your identity before responding.

You have the right to object to certain types of processing, including processing based on legitimate interests and direct marketing.

If you object to direct marketing, we will stop sending direct marketing communications.

If you are unhappy with how we handle your personal data, please contact us first so we can try to resolve the issue.

You also have the right to complain to the UK Information Commissioner’s Office.

ICO website:

ico.org.uk

ICO helpline:

0303 123 1113

LumiDesk is designed for business use and is not intended for children.

We do not knowingly collect personal data from children through our website for marketing or demo booking purposes.

Our website may contain links to third-party websites or services.

We are not responsible for the privacy practices, content, or security of third-party websites. You should read their privacy policies before providing personal data to them.

We may update this Privacy Policy from time to time.

When we make changes, we will update the “Last updated” date at the top of this page. Significant changes may be communicated more clearly where appropriate.