Privacy Policy

Last Updated: June 06, 2023

This Statement explains how your personal information is collected, used, and disclosed by Luum and its subsidiaries and affiliated companies (” Luum” or “We”). This privacy statement (“Statement”) applies only to your use of the public marketing website, Luum.com (the “Site”) when you are not logged in This Statement does not apply to websites, applications, or services that display or link to different privacy statements, including individual instances of the Luum Commute Hub.

We collect and process personal information about you with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfill other legitimate interests.

INFORMATION COLLECTED

We collect information about you in various ways when you use our Site. We collect personal information you provide to us. For example, we collect your contact information you provide us on our Site. When you visit our Site, some information is automatically collected. For example, when you visit our Site your computer’s operating system, Internet Protocol (IP) address, access times, browser type and language, and the website you visited before our site are logged automatically. We also collect information about your usage and activity on our Site.
Cookies.  We may automatically collect information using “cookies.” Cookies are small data files stored on your hard drive by a website. Among other things, cookies help us improve our Site, related services, and your experience. We use cookies to see which areas and features are popular and to count visits to our Site. You can delete your cookies at any time.

Web Beacons.  We may collect information using Web beacons. Web beacons are electronic images that may be used on our Site or in our emails. We use Web beacons to deliver cookies, count visits, understand usage and campaign effectiveness and to tell if an email has been opened and acted upon.

Analytics. Third parties who provide us with analytics services for the Site may also automatically collect some of the information described above, including, for example, IP address, access times, browser type and language, device type, device identifiers and Wi-Fi information. Please consult the respective privacy policies and statements of these third parties for more information, including how Google Analytics use this data.

USE OF INFORMATION WE COLLECT

We use personal information collected through our Site for purposes described in this Statement or disclosed to you on our Site. For example, we may use your information to:

  • operate and improve our internal operations, systems, products, and the Site;
  • understand you and your preferences to enhance your experience and enjoyment using our Site;
  • respond to your comments and questions and provide customer service;
  • provide and deliver products and services you request;
  • communicate with you about products and services offered by Luum and our selected partners;
  • link or combine information about you with other personal information we get from third parties, to help understand your needs and provide you with better and more personalized service; and
  • protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.

SHARING OF PERSONAL INFORMATION

We do not share your personal information with third parties other than as follows:

  • with your consent;
  • with third party vendors, consultants, and other service providers who work for us and need access to your information to do that work;
  • to (i) comply with laws or to respond to lawful requests and legal process, (ii) to protect the rights and property of Luum our agents, customers, and others including to enforce our agreements, policies, and terms of use or (iii) in an emergency to protect the personal safety of Luum, its customers, or any person;
  • in connection with or during negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving sale, transfer, divestiture or disclosure of all or a portion of our business or assets to another company.
  • We may also share aggregated or de-identified information.

SECURITY OF YOUR PERSONAL INFORMATION

Luum takes reasonable steps to help protect your personal information in an effort to prevent loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

TRANSFERS OF YOUR PERSONAL INFORMATION

Personal information we collect may be stored and processed in your region, in the United States or in any other country where we or our affiliates, subsidiaries or service providers maintain facilities. We maintain primary data centers in the United States. We take steps designed to ensure that the data we collect under this Statement is processed according to the provisions of this Statement and applicable law wherever the data is located. When we transfer personal information from the European Economic Area and Switzerland to other countries, some of which have not been determined by the European Commission to have an adequate level of data protection, we use a variety of legal mechanisms, including contracts, in an effort to help ensure your rights and protections.

STORAGE AND RETENTION OF YOUR PERSONAL INFORMATION

We retain your personal information for as long as necessary to provide services requested by you, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.  Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly. The criteria used to determine retention include:

  1. How long is the personal information needed to provide applicable services? This includes such things as maintaining and improving the performance of the Site, enabling system security measures, and maintaining appropriate business and financial records.
  2. Do users provide, create, or maintain the data with the expectation we will retain it until they affirmatively remove it? In such cases, we may maintain the data until actively deleted by the user.
  3. Is the personal information of a sensitive type? If so, a shortened retention time may be appropriate.
  4. Are we subject to a legal, contractual, or similar obligation to retain the data? Examples can include mandatory data retention laws in the applicable jurisdiction, government orders to preserve data, or data that must be retained for the purposes of litigation.

YOUR INFORMATION CHOICES AND CHANGES

You may have rights such as the right to know, access, and/or delete your information. These rights may differ depending on your State of residency or the source of the information, or the type of Services or Account you have. You can submit a request regarding your personal information through our Privacy portal, located here – Data Subject Access Requests.

You may also submit your requests to datasubjectrequest@healthequity.com. Please note, there may be situations where we cannot grant your request, for example, if you ask us to delete your data that is governed by a Federal privacy regulation that is exempted from your state privacy law, or where HealthEquity is legally obligated to keep a record of our interactions with you to comply with law. We may also decline your request in order to maintain our legitimate use of data for anti-fraud and security purposes, such as when you request deletion of an account that is being investigated for security concerns. Other reasons your privacy request may be denied are if it jeopardizes the privacy of others, is frivolous or vexatious, or would require disproportionate effort.

YOUR EUROPEAN PRIVACY RIGHTS

We adhere to applicable data protection laws in the European Economic Area, which, if applicable to you, includes the following rights:

  • If we are processing personal information based on your consent, you have a right to withdraw consent at any time for future processing;
  • You have a right to request access to, rectification, or erasure of your personal information, or to transfer or receive a copy of your personal information in a usable format;
  • You have a right to object to the processing of your personal information under certain circumstances; and
  • You have a right to lodge a complaint with a data protection authority.

CHANGES TO THIS STATEMENT

Luum may change this Statement from time to time. If we make any changes to this Statement, we will change the “Last Updated” date above or by providing such notice about or obtaining consent to changes as may be required by applicable law.

Contact Information

If you have any questions or comments about this Notice or our other privacy notices, the ways in which we collect and use information, or choices and rights regarding personal information, please contact us at:
Toll-Free Phone: 1-866-629-6347
Phone: 1-801-727-1000
Email: Privacy@healthequity.com
Mail: HealthEquity, Inc.
Attn: Privacy Officer
15 West Scenic Pointe Drive
Draper, UT 84020