General privacy statement

This privacy policy explains how Lumora Pte. Ltd. (Business ID S7917233A) collects, uses, stores and discloses personal data in connection with digital literacy and IT security awareness courses. The policy describes categories of data processed, purposes of processing, retention practices and the rights available to individuals. Lumora seeks to handle personal data in accordance with applicable Singapore data protection laws and good practice. Contact details for privacy inquiries are provided below.

28-02-2026 Lumora Pte. Ltd. (Business ID: S7917233A) 248 Geylang Road, Singapore, 389306 [email protected]

Definitions

This section provides concise definitions of terms used in the policy to reduce ambiguity when describing processing activities and rights.

Personal data means any information relating to an identified or identifiable individual, such as name, contact details, job title, identifiers and other information that can reasonably be linked to a person.
Processing refers to any operation performed on personal data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, erasure or destruction.
User refers to an individual who accesses or uses Lumora's courses and services, including course participants, administrative contacts at client organisations and prospective customers who interact with our site.
Service means the digital literacy and IT security awareness courses, associated learning platforms, assessments and administrative services provided by Lumora to individuals and organisations.
Cookies and similar technologies are small text files or scripts stored on devices to support session management, functionality, analytics and preference storage when interacting with our online services.

Data collection

Lumora collects personal data through direct interactions, automatically during use of services, and from third-party sources where necessary to deliver the contracted services and improve platform operation.

Information you provide

When you register, subscribe, book a course or contact support, you may provide the following types of information:

  • Full name and preferred contact details (email, phone number)
  • Organisation name, department and job title
  • Billing and invoicing information required for payments
  • Registration and attendance records for courses and events
  • Responses to assessments, quiz results and training feedback
  • Communications content supplied in support requests or correspondence

Automatically collected data

When you use Lumora's digital platforms, we collect technical and usage data automatically to operate the service and improve performance.

  • IP address and device identifiers used to support sessions and security monitoring
  • Browser and operating system information to ensure compatibility
  • Usage metrics such as page views, module completion, and time spent on content
  • Access timestamps and session logs for troubleshooting and auditing
  • Cookies and local storage values for preferences and functional features
  • Aggregated interaction data used for analytics and product improvement

Third-party sources

Lumora may receive personal data from trusted third parties to support service delivery, payment processing and integration with authorised systems.

  • Payment processors and invoicing platforms for billing purposes
  • Learning management and hosting providers that support content delivery
  • Customer relationship management and analytics providers used under contract

Purposes of processing

Personal data is processed for clearly identified purposes necessary to provide and improve training services, to manage accounts, and to meet legal and contractual obligations.

  • Provision, administration and delivery of training courses and course materials
  • Account setup, identity verification and access management for learners
  • Billing, invoicing and payment reconciliation
  • Communication about courses, updates and support requests
  • Analysing platform usage and assessment results to improve content and usability
  • Detecting and preventing security incidents, fraud or misuse
  • Compliance with legal or regulatory obligations and responding to lawful requests
  • Conducting anonymized research and quality assurance activities

Legal basis for processing

Processing is carried out on a lawful basis appropriate to the applicable jurisdiction. For Singapore, PDPA and related obligations inform our approach; where EU data is involved, lawful bases under GDPR may apply.

  • Consent where individuals have provided clear permission for specific processing activities
  • Performance of a contract where processing is necessary to provide agreed services
  • Legal compliance where retention or disclosure is required by law
  • Legitimate interests where processing is necessary for platform security, fraud prevention and operational improvement, balanced against individual rights

Applicable rights under GDPR (where relevant)

If European data protection rules apply to you, this section summarises the rights you may exercise and how to raise related requests with Lumora.

  • Right of access: obtain a copy of personal data processed about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of data in certain circumstances
  • Right to restriction of processing: request limits on how data is used
  • Right to data portability: request transfer of data in a structured, commonly used format
  • Right to object: object to certain processing activities, including direct marketing

Cookies and similar technologies

Lumora uses cookies and similar technologies to enable essential functionality, remember preferences and gather anonymized analytics to improve our services.

Types of cookies used include essential session cookies, functional cookies for user preferences, analytics cookies for usage measurement, and third-party cookies where third-party services are embedded.

Essential: required for service operation. Functional: enable user preferences. Analytics: measure usage. Marketing: used only with consent for targeted content.

Users can manage cookie preferences through the consent banner, browser settings or device-level controls. Disabling certain cookies may affect platform functionality.

View cookie policy on yokora.digital

Data sharing

We share personal data only with authorised partners and service providers necessary to provide the services, and when required by law or to protect legal rights.

  • Service providers supporting hosting, learning management and content delivery
  • Payment processors and billing service providers
  • Analytics and performance measurement providers under confidentiality obligations
  • Regulatory bodies, law enforcement or other authorities when legally required
  • Professional advisors, auditors and legal representatives where necessary
  • Affiliated entities involved in providing contracted services to a client

International data transfers

Personal data may be transferred to countries outside Singapore to support hosting, analytics and service delivery. Transfers are performed only when appropriate protections are in place.

Safeguards may include contractual data protection clauses, reliance on adequacy decisions where available, encryption and access restrictions to protect data during transfer and while stored abroad.

Data retention

Lumora retains personal data only as long as necessary for the purposes described, for legitimate business needs and to satisfy legal or regulatory obligations.

Account and billing records are typically retained for the period necessary to provide services and to meet statutory accounting and tax requirements; in practice this may be several years for certain records.

Communications and support correspondence are retained for business continuity and dispute resolution, generally for a limited period consistent with operational needs.

System logs and security event records are retained for monitoring and incident response; retention periods are calibrated to balance contribute needs with data minimisation principles.

When retention periods expire or upon valid deletion requests (subject to legal constraints), data is securely deleted or anonymized in a manner appropriate to the data type.

Security measures

Lumora implements technical and organisational measures to protect personal data against unauthorized access, accidental loss, alteration and disclosure. Controls are selected based on risk assessments and industry practice.

  • Encryption of data in transit using TLS and encryption at rest where appropriate
  • Role-based access controls, multi-factor authentication for administrative access and regular access reviews
  • Periodic security assessments, patch management, logging and an incident response process

Your data protection rights

You may exercise your rights to access, correct, restrict or delete personal data, request portability, or object to processing where applicable. To make a request, contact Lumora using the details provided below; we will respond in accordance with applicable law and internal procedures.

  • Access: You have the right to request a copy of personal data we hold about you and to receive information about how it is processed.
  • Rectification: You may request correction of inaccurate or incomplete personal information in our records.
  • Erasure: Subject to applicable law, you can request deletion of personal data when retention is no longer necessary for the original purposes.
  • Restriction: You can request limitation of processing in specific circumstances, for example while a dispute about accuracy is resolved.
  • Portability: Where applicable, you may request a machine-readable copy of personal data you provided for transmission to another controller.
  • Objection: You can object to processing based on legitimate interests or for direct marketing; we will assess and respond in accordance with law.
  • Withdraw consent: If processing is based on consent, you may withdraw that consent at any time without affecting processing that occurred prior to withdrawal.
  • Complaint: If you believe your rights are not respected, you may file a complaint with the relevant data protection authority in Singapore after contacting us.

How to make a rights request

To exercise any of the rights above, submit a request in writing to Lumora at our contact address or by email. Include enough information to identify yourself and to describe the specific request. We may ask for proof of identity to protect your information.

[email protected]

We aim to acknowledge requests within 7 business days and to provide a substantive response within 30 calendar days. Complex requests may require additional time; if so, we will notify you and explain the reason for the delay.

Marketing communications

Lumora may send informational updates about courses, events, and resources if you have opted in. Communications will be relevant to digital literacy and IT security awareness and will include clear information on how to manage your preferences.

You can opt out of marketing emails at any time using the unsubscribe link in any message or by contacting our team. Opting out will not affect transactional messages related to active course enrolments or account management.

Children's privacy

Our services are designed for adults and organizations. We do not knowingly collect personal data from children under 16 without parental or guardian consent. If we become aware that data from a child under the applicable age has been collected without consent, we will take steps to delete it.

Third-party links

Our website and course platforms may contain links to third-party sites, vendors, or partner resources. Lumora is not responsible for the privacy practices or content of those external sites. Review third-party privacy notices before sharing personal data.

Changes to this privacy policy

We may update this privacy policy to reflect changes in our practices, legal requirements, or services. Material changes will be published on our website with the revised effective date. Continued use of services after publication indicates acceptance of the updated terms.

Contact information

For privacy inquiries, data rights requests, or policy questions, contact Lumora at [email protected] or by mail at 248 Geylang Road, Singapore, 389306. You may also call our office for general inquiries at +6589549074. Business ID: S7917233A.