Our commitment to data privacy
Luna and the GDPR
GDPR: what does it mean?
Luna is committed to compliance with the General Data Protection Regulation (GDPR), which went into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years, replacing European Privacy Directive 95/46/EC. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.
The GDPR applies not only to EU-based businesses, but also to any business that controls or processes data of EU citizens. Per the GDPR, personal data is any information relating to an identified or identifiable individual; meaning, information that could be used, on its own or in conjunction with other data, to identify an individual. Our customers can trust that Luna has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR.
The contents of these documents are not intended to be legal advice, nor should they be considered a substitute for legal assistance. The final responsibility for understanding and complying with GDPR resides with you, though Luna will assist you in meeting GDPR requirements where possible.
Which actions has Luna completed regarding the GDPR?
Luna appreciates that customers have requirements under GDPR that are directly impacted by their use of Luna products and services, and Luna is committed to help them to fulfill their requirements under GDPR and local law.
Below are a few examples of actions Luna has committed to in order to satisfy GDPR requirements that apply to both Luna and customers:
- Ensuring our products are designed in accordance with ISO 27001 standard (information security management system). This standard mirrors many of the security and privacy requirements of GDPR and is helping give our customers a transparent framework to measure our software development and data management practices; In progress;
- Committing to follow any additional security and privacy measures required under GDPR; Completed;
- Assisting with data processing security and privacy requirements, notifying regulators of personal data breaches in the unlikely event that they occur, and promptly communicating any such breaches to our customers and end-users; Completed;
- Ensuring Luna staff that access and process Luna customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data; Completed;
- Holding any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves. Completed;
- Committing to carrying out data impact assessments and consulting with EU regulators where appropriate; Completed;
- We’re strengthening our security controls across the board. All customers personal data has been encrypted. Where data is transferred over the Internet as part of our Products, the data is also encrypted using industry standard SSL (HTTPS). We had improved our systems for authentication and authorisation as well; Completed;
- Providing customers with additional assurances regarding their ability to fully control their data in a safe, secure, and compliant environment when they use services from Luna; Completed;
- Improving logs; In progress;
- Enabling customers to easily export their data into a machine-readable format; Completed.
Luna engages third-party subprocessors to help us provide services to our customers. A subprocessor is a third-party processor engaged by Luna who receives data from Luna and processes personal data on behalf of our customers.
As a condition of permitting a subprocessor to process personal data, Luna will enter into a written agreement with each subprocessor containing data protection obligations at least as protective as the technical and organizational measures Luna has put into place to protect customer personal data from accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.
Want to be notified whenever we update the subprocessors list?
Current as of September 30, 2021
|Software Vendors (Web) – Outsourced and logs||Purpose||Entity Country||Website|
|Amazon Web Services (Deloitte)||Data and Service Hosting||Ireland||AWS|
|Xero||Accounting Data||US, New Zealand and Australia||Xero|
|Google G Suit||Electronic, documents, presentations, spreadsheets, etc||Europe||Google G suite|
|HelloSign||Contract Signature||US and other locations –||HelloSign|
|QuoteRoller||Sales Documents||US||Quote Roller|
What do Luna customers need to do?