As a global leader in talent management we know how important data privacy is for your company and for your employees and candidates. Lumesse processes millions of HR transactions through its systems - systems which are protected, structured and organised according to the latest legislation.

The Lumesse Data Protection Forum

Data protection law is not necessarily the most uncomplicated legal matter on earth.  In many countries all over the world, data protection is a heavily regulated area – whilst at the same time regulations often differ significantly from country to country. Additionally, there is a global trend to tighten regulation further, and the landscape of data protection laws is changing fast.

Lumesse is dedicated and committed to providing its customers software solutions and services that enable Lumesse’s customers to meet the regulatory challenges they are facing in the area of data protection. For example, we develop and release our solutions using strict, formalised processes. And our solutions and infrastructure are tested for potential vulnerabilities by internal and external teams on a regular basis.

Lumesse constantly monitors the development of data protection laws on a global level. And we also   follow a strict, formalised process. For not only being always up to date, but for being always ahead of the game, Lumesse has established a Data Protection Forum which is composed of experts in data protection.

The members of the Lumesse Data Protection Forum are the head of the Lumesse Legal Department, Lumesse’s Information Security Officer, Lumesse’s Data Protection Officer for Germany and Lumesse’s Data Protection Officer for France. They meet on a monthly basis to:

  • Monitor the international developments on the field of data protection laws
  • Evaluate new projects and processes under data protection laws
  • Frequently review existing set-ups and processes with a view to their compliance with data protection laws.

In summary, the Data Protection Forum’s mission is to support Lumesse in designing and maintaining compliant solutions and services for Lumesse’s customers. The Data Protection Forum works closely with stakeholders from all over the Lumesse organisation for making sure its mission is a success.

Safe Harbor Framework

US-EU Safe Harbor is a streamlined process for US companies to comply with the EU Directive 95/46/EC on the protection of personal data.

Lumesse, Inc. complies with the U.S.-EU Safe Harbour Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries. Lumesse, Inc. has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Lumesse, Inc.'s certification, please visit

The European Union's Directive 2009/136/EC (the so-called 'E-Privacy Directive', sometimes also called the 'Cookie Directive') has triggered substantial confusion about the legal framework applicable to the usage of so-called Cookies on the Internet. This because it is uncertain what requirements needs to be met under this Directive before a Cookie may be placed on the computer of a person browsing the Internet and visiting websites.

EU Directives regularly do not apply directly to companies and citizens; they rather require from EU member states that these implement the Directives' provisions and regulations into their national laws. Although EU member states were requested to implement the E-Privacy Directive into their national laws until May 2011 at the latest, many EU member states have not yet done so due to the confusion about what the Directive actually requires. And the countries having implemented the Directive so far have not found a common approach; the respective national laws partially differ significantly from each other. The legal discussion about what is 'right' and what is 'wrong' in this context is still going on.

Both according to internal as well as external legal examination, Lumesse' solutions are compliant with applicable legal frameworks in this situation. Lumesse is monitoring this situation closely; in case any new developments should become apparent, it will respond respectively.

US Patriot Act

The US Patriot Act was created post 9/11 to allow the US government significantly increased covert access to data, without a court order. According to common interpretation the act applies to all US headquartered technology companies regardless of where in the world their customer's data is stored, as well as to data being stored in the United States of America. This means that data processed by US headquartered data-processors and/or data being stored in the USA could be accessed by US authorities without the data controller's (the data processor's customer) explicit permission or even knowledge, also when the data-processor's customer is non-US based and if the data is stored outside of the US. Lumesse is European headquartered and has local legal entities around the world, and these entities do not store customer data in the USA.