Legal

Privacy statement

This Privacy statement was most recently revised on April 17th, 2025.

Your privacy and the protection of your personal data is of great importance to Act-3D B.V. (hereafter: “Lumion”, or “we”). Act-3D sells its products and services under the name Lumion. When processing your personal data, we work in accordance with the requirements for the processing of personal data laid down in the General Data Protection Regulation (GDPR). This means we:

Clearly specify our purposes and legal basis for using personal data.
Limit our collection of personal data to only the personal data needed for lawful purposes.
Take appropriate security measures to protect your personal data and we demand the same from parties who process personal data on our behalf.
Respect your rights

We offer 3D rendering software to help our customers (AEC professionals) visualize their designs. By visiting our website (https://lumion.com) or using our services, we obtain various personal data from you. For each purpose we indicate what information we obtain from you, for what purpose we process this information and how long it will be stored. If you have any questions or want to know exactly what information we process about you, please contact us. Our contact details are mentioned below.

Purchasing a subscription

Via our website you can purchase a subscription to Lumion products. As part of this process, you will also create an account (see below). An account is needed for all types of subscriptions (commercial, trial and student). To purchase a subscription, we process your first and last name, company name (if applicable), (business) email address, (business) telephone number, country, and payment information.

We need this information because of our agreement with you (article 6(1)(b) GDPR).

Extra information for students

We provide a free license to students. To verify if you are a student and are eligible for the free license, we use a third party service called SheerID. This means we also process (on top of the other personal data listed) the name of your university and information about (the start and finish) of your studies. We use this information to make sure that people are not abusing our student-program.

Creating a Lumion account

A Lumion account is needed to redeem your license key, to use the services and to contribute to the Lumion Community (see ‘Lumion Community’ below).

If you are an end user and your organization has purchased a Lumion product using the Named User license model, you also need a Lumion account. This is so that your organization can assign one of their license seats to your Lumion account email address, so that you can use the Lumion products.

If your organization assigns a license seat to your email address, we will send you an email notifying you of this. If you did not yet have a Lumion account at this point, we will have obtained your email address indirectly from your organization's license administrator, who entered it to assign you a license seat.

When creating a Lumion account, we collect your first name, last name and email address. We also collect your Lumion account password and store this securely (unless you sign in with Google, in which case we do not see or store your Google account password). We also collect data about your subscription activation to better understand your usage duration and frequency.

We process this account data on the basis of our legitimate interest (article 6(1)(f) GDPR). Our interest is in allowing you to create a Lumion account with basic information about yourself, so that you can engage with the Lumion services, redeem your license key, contribute to the Lumion community, use your Lumion products, and assign end user license seats. We also have an interest in understanding account usage durations and frequencies to help us improve our services and for security purposes.

Storage periods

Accounts that have purchased a subscription: We will store your information for a maximum of 1 year after you end the 14-day trial or after you end your subscription. Certain types of personal data will be retained for a longer period when we have a proper legal basis to do so. For example, when the law requires us to store information such as the legal retention period of 7 years for tax purposes (invoice data).

End user account: after all your license seats have been revoked, your Lumion account is deleted 1 year after your last login. Lumion sends inactive user accounts a warning email prior to deletion.

Lumion Community: if you have used your Lumion account to post on or interact with the Lumion Community, the storage period is extended. Please see the ‘Lumion Community’ section below for information about the storage period.

Providing our services

To be able to provide you with our services we need to process your personal data. The personal data is used to verify you and your account and to link the proper product or subscription to your account. We will also inform you, for instance, via email with information about your subscription (for example if your subscription is up for renewal). We do this to perform the contract we have with you.

We want you to have the best possible experience with our products and services. We will therefore actively reach out to you to improve your use of our products and services. We do this based on our legitimate interest. It is in our interest to optimize and improve your experience. Please let us know if you do not desire this extra service.

For this purpose, we process your first and last name, company name (if applicable), (business) email address, (business) telephone number, country and financial information. We need this information because of our agreement with you and to maintain the relationships resulting from this agreement. We store this information for the duration of the agreement. Certain information will be retained for a longer period if we are obliged to do so (for example because of the legal tax retention period of seven years).

Contact

You can contact us by using our contact form, sending us an email or calling us. If you contact us, we process your personal data to respond to your inquiry.

For this purpose, we process (depending on the form of contact) your first and last name, company name (if applicable), (business) email address, (business) telephone number and any information you provide us with as content of your message.

We use this information to be able to handle your request and we have a legitimate interest in responding to you (article 6(1)(f) GDPR). If you contact us, your personal data will be retained until we are sure that we fully answered and correctly handled your request. We might attach your request to your account in our systems. We only do so if your request is relevant to your use of our products and services. We also retain your information if we have another legal basis to do so. If we do so, you will be informed of this.

Lumion Community

You can use your account to logon to the Lumion Community. The Community offers customers a place to discuss the products and services Lumion offers, showcase their creations, and reach out for help, either from moderators or other Community members. When you post or interact with other posts in the Lumion Community personal data is processed. Your username and the content you share will be available to other people. You are free to use a username that is not related to your real name. Nevertheless, your username and the content you post is still regarded as personal data and therefore treated as such, as this data is relatable to you as a person.

For this purpose, we process your (user)name, company name (if applicable), email address and any information you provide us with as content of your contributions. We use this information to be able to provide the service to you and to perform the contract with you to this end.

Storage period

If you post on or interact with the Lumion Community, then we store your information for 5 years after your last interaction (unless you request to delete it). This information is stored because your content is linked with your account for editorial reasons (if you want to remove certain information for example). Certain types of personal data will be retained for a longer period when we have a proper legal basis to do so.

Handling job applications

When you apply for a job, we process your personal data. We do so to process your application and in preparation for the possible conclusion of an employment contract. For this purpose, we process your name, address details, contact details (email address and telephone number), curriculum vitae, motivation letter, salary indication, references and any other information you enclose with your application.

We will retain your application details for a maximum of 6 weeks after the position has been filled. We keep this information so that we can contact you in the event that the position becomes vacant again within the probationary period. If we are unable to offer you a job at this time, we may – with your consent – keep your application details for a further year. You can withdraw your consent at any time by sending us an email. If you come to work for us, we will save your application data in the personnel file.

A social media and internet check can be part of the application procedure. This is necessary to ensure that our business image is maintained when hiring new staff. We do this on the basis of our legitimate interest. For this purpose, we search your name on Google and, if necessary, your profile(s) on social media. This of course, for as far as these profiles are public; we will not ask you to grant us access to a private social media page or to make a connection with us. The results of this social media and internet check will be discussed with you. If you object to this, you can object by e-mail at the time of your application.

Advertising

We use advertising companies to help us sell our products and services. Some advertising companies offer the possibility to share your email address with them. This way, they will be able to enhance your user experience by showing you interest-based advertisements. For instance, by creating profiles for Custom Audiences. We only share your email address with them based on your consent or our legitimate business interest. When you order one of our products or services you will be able to opt-out during the ordering process. You can revoke your consent or opt-out at any time by sending a request via the contact details below.

We may share your email address with the following parties:

Facebook – Meta Platforms, Inc. (US) – Privacy statement
Linkedin Ads – Linkedin CORP (US) – Privacy statement
Google Ads – Google LLC (US) – Privacy statement
Microsoft Ads – Microsoft CORP (US) – Privacy statement

For more information how these organizations use your personal data, see their privacy statements by clicking on the hyperlinks.

Cookies and comparable techniques

For a complete list of cookies and other techniques we use, see our Cookie and comparable techniques statement below.

We only share your data with third parties when this is allowed by current legislation. It may happen that we provide your personal information to the following categories of third parties:

Resellers and partners – We also sell our software and services via partners. To facilitate the agreement between you and our partner we share your personal data.
Business service providers – We use various services to help us with running our business. Examples are tax consultants and legal advisors with whom we may share personal data.
IT suppliers and service providers – We work with third parties that provide technical services like hosting, maintenance and support.
Payment service providers – When you buy our products or services, we use payment service providers to handle the payment.
Government – We can share your information with law enforcement or other government agencies when we are obliged to do so by law.
Marketing and social media companies – We share your personal data for marketing purposes, but only if we are legally allowed to do so.
Lumion Community – When you use the Lumion Community your username and the content you post is available to other people.

In order to provide this service, Lumion may provide your personal data to parties established outside the European Economic Area (EEA). We will only do this if there is an adequate level of protection for the processing of personal data. This means, for example, that we use a model agreement from the European Commission or make agreements about the handling of personal data.

We take appropriate technical and organizational security measures with regard to the processing of personal data to be carried out, against loss or against any form of unlawful processing (such as unauthorized access, corruption, alteration or disclosure of personal data).

Examples of these measures are:

Regular Malware Scanning.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
All transactions are processed through a gateway provider and are not stored or processed on our servers.

You can always contact us if you have any questions regarding our privacy statement. Besides that, you have to the following rights regarding your personal data:

Right of access: you have the right to see what kind of personal data we process about you;
Right of rectification: you have the right to rectify any personal data we have processed about you, if this information is (partially) wrong;
Right to object: you have the right to object against the processing of your personal data by us, or against direct marketing;
Right to be forgotten: you can file a request with us to remove any personal data we have processed of you;
Right to data portability: if technically possible, you have the right to ask us to transfer your processed personal data to a third party;
Right to restriction of processing: you can file a request with us to (temporarily) restrict the processing of your personal data.
Right to revoke your consent, when we process your data based on your consent.

You may send a request by sending an email to [email protected]. To prevent abuse, we may ask you to provide proper proof of your identity.

We will respond to your request within one month. This term can be extended by two months if the request is proven to be complex or tied to a specific right. You will be notified about a possible extension of this term within one month.

We are based in the Netherlands. That means that the GDPR applies to us. In the European Union privacy is regarded as a human right which should apply for all people, not just EU-residents. This means that non-EU residents enjoy the same level as protection, therefore this privacy statement and the rights granted to you by the GDPR are also applicable to you. This protection is very elaborate and covers most, if not all, other national privacy law requirements. In this paragraph some extra information is provided about some of these similarities.

California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) requires companies to post a privacy statement and it grants specific rights to consumers. These rights and more are also provided to you by the GDPR. The CCPA also requires us to provide Californian residents with an opt-out possibility on the sale of their data. The use of cookies and other trackers can be regarded as a ‘sale’ of personal data. (Please note that ‘Personal data’ and ‘Personal Identifiable Information’ (PII) are not the same. PII is more limited than personal data.) Because of the European data protection laws, we are obligated to ask for your consent to use cookies and other tracking techniques. Therefore, we offer an opt-in instead of an opt-out. You can always change this by revisiting your settings.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States. According to these practices we have certain obligations to notify you of a data breach and agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This is also handled in the GDPR. In case a data breach occurs, and we are obligated to inform you, we must take reasonable actions to inform you directly instead of a general notice on the website.

CAN-SPAM Act

The rules set by the CAN-SPAM Act are also present in EU legislation. For more information, see the paragraph about newsletters.

Software Usage Data

We collect limited technical usage data from our Lumion desktop software products/applications. We use this data to analyze how the Lumion desktop applications are used. We analyze this to help us maintain, improve, and secure our software and to ensure the reliability, security, and quality of our services, as well as for product improvement, benchmarking, diagnostics, and security monitoring.

The usage data is collected for both Lumion Pro and Lumion View. This takes place on the basis of our legitimate interest as explained above (article 6(1)(f) GDPR). Both Lumion desktop applications have functionality to opt out of this data collection (see below).

The collected usage data includes:

Which Lumion features are used;
Which Lumion user interface interactions take place;
Lumion software version;
Basic system hardware configuration (this does not contain any unique hardware IDs).

All data is anonymized and decoupled from anything that can be traced back to a user’s computer, IP address or them as a person. This means that, after we receive the data from the Lumion desktop application, we immediately delete the IP address and other identifiable metadata associated with the HTTP request. We only store the actual anonymized usage data itself, for example the fact that a particular asset has been selected in a menu.

Usage data is not used to track individual users. The data does not include user-generated content or personal files. We do not disclose or sell any of the software usage data we collect.

Opting out

If you prefer, you can opt out of anonymized usage data collection. Within your Lumion desktop application, go to the User Account tab and disable the ‘Usage Data’ toggle. You can always enable the toggle again if you change your mind.

Cookies and comparable techniques

We and third parties use cookies and comparable techniques on our website. These techniques can store information on and read information from your device. This is done through the web browser of your device. Lumion uses these techniques to enable the functionality of our website (functional), to generate overall statistics and gain insights in the use of our website by users to improve and optimize our website and services (analytical) and to show personalized advertisements (marketing).

These techniques might collect your IP-address, personal ID, website and click behavior and referrer-URL. When you visit our website for the first time, we will display a message with an explanation about the techniques we use. We will ask for your consent to use these techniques when we are required to do so.

Various functional cookies

First party cookies and other techniques with strictly functional purposes.

These cookies and other techniques enable necessary functionalities of the website, such as remembering the chosen language and whether consent for cookies and other tracking techniques has been given, displaying the cookie banner, etc.

Retention period: up to 2 years

Google Analytics

Google LLC, United States, Privacy statement

These cookies are placed to gain insight into visitor behavior and to improve the user experience. They record click behavior and website visits. A unique ID is recorded to recognize recurring devices. The aim is to improve our website and the user experience.

Retention period: up to 2 year

Hotjar

Hotjar Ltd., Malta, Privacy statement

These cookies and other techniques are placed to measure how users navigate across our website. They record click behavior and website visits. A unique ID is recorded to recognize recurring devices. The aim is to help us improve user experience.

Retention period: Up to 1 year

Google Advertising

Google LLC, United States, Privacy statement

These cookies and other techniques are placed to improve our online advertisements and to measure the effectiveness of advertisements. They record click behavior and website visits. A unique ID is recorded to recognize recurring devices. The aim is to advertise in a targeted and personalized way.

Retention period: up to 26 months

Meta Advertising

Meta Platforms, Inc., United States, Privacy Statement

These cookies and other techniques are used to enable Facebook advertisement options. They record click behavior and website visits. A unique ID is recorded to recognize recurring devices. The aim is to advertise in a targeted and personalized way.

Retention period: Maximum of 37 months

LinkedIn Advertising

LinkedIn Corporation, United States, Privacy Statement

These cookies and other techniques are placed to improve our online advertisements and to measure the effectiveness of advertisements. They record click behavior and website visits. A unique ID is recorded to recognize recurring devices. The aim is to advertise in a targeted and personalized way.

Retention period: as long as your account is open. 30 days after the account is deleted.

Twitter Advertising

Twitter, Inc., United States, Privacy Statement

These cookies and other techniques are placed to improve our online advertisements and to measure the effectiveness of advertisements. They record click behavior and website visits. A unique ID is recorded to recognize recurring devices. The aim is to advertise in a targeted and personalized way.

Retention period: up to 2 years

Microsoft Advertising

Microsoft Corporation, United States, Privacy statement

These cookies and other techniques are placed to improve our online advertisements and to measure the effectiveness of advertisements. They record click behavior and website visits. A unique ID is recorded to recognize recurring devices. The aim is to advertise in a targeted and personalized way.

Retention period: up to 3 years

Hubspot

Hubspot, Inc., United States, Privacy statement

We use Hubspot tracking and marketing automation in order to provide users with content tailored to their interests based on their use of our website.

Retention period: up to 13 months

If you would like to know how each of the service providers handle your personal data, please read the privacy statement of the companies in question listed above.

Most cookies and comparable techniques have an expiration date. This means that they will automatically expire after a certain period and no longer register any data concerning your visit to the website. Another option is to remove them manually before the expiration date. In order to do this, consult your browser’s manual.

We use embedded content from third parties. This means part of our website is provided to you by another company. For example, if we add a YouTube video to our webpage, we only add a frame, and the content is provided by YouTube. This means that these embedded content providers can install cookies or track you via other means. Therefore, we will only use this embedded content if we are legally allowed to. For instance, if you give us your consent.

Changes to this statement

We may change this privacy statement from time to time. Changes will be published on our website. It is therefore advised to consult this privacy statement on a regular basis, so you are aware of these changes.

Complaints

If you have any questions or would like to make a complaint about the use of your personal data, please contact us. You can submit the contact form or send us an email to [email protected].

You also have the right to file a complaint with the national supervisory authority responsible for the protection of personal data against our processing of your personal data. For the Netherlands, this is the Autoriteit Persoonsgegevens: https://www.autoriteitpersoonsgegevens.nl/

Contact details

Address: Act-3D B.V., Hoofdstraat 10, 2171 AT Sassenheim, The Netherlands
Telephone: +31 (0)20 314 44 10
Email address: [email protected]
Chamber of Commerce: 27343208

Learn more

General Terms and Conditions

Read our Terms

End User License Agreement

Check EULA