- Data collected via the Unlimited light website (the “Website”)
- Data collected via direct contact with Unlimited Light via telephone, in person, post, fax or email
Light Kits Ltd. trading as Unlimited Light (the “Company”) takes your privacy seriously and we are committed to protecting your personal data. This policy covers the collection, processing and other use of personal data under the General Data Protection Regulations (“GDPR”).
For the purpose of the GDPR the Company is the data controller and any enquiry regarding the collection or processing of your data should be emailed to email@example.com, or via post to: GDPR controls, Unlimited Light, Home Place, Coldstream, TD12 4DT, United Kingdom.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
2. The Information We Collect About You
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data – includes first name, last name, username or similar identifier, title
- Contact Data – includes billing address, delivery address, email address and telephone numbers
- Financial Data – payment card details – only if you place an order or pay via telephone
- Transactional Data – includes details about payments to and from you
- Profile Data – includes details of products purchased by you and orders made by you
- Marketing and Communications Data – includes your preferences in receiving marketing from us and our third parties and your communication preferences
- Analytic Data – we use analytical and statistical tools (Google Analytics) that monitor details of your visits to the Website and the resources that you access, including, but not limited to, traffic data, location data, weblogs and other communication data (this data will not identify you personally)
- Technical Data – includes browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website (this data will not identify you personally)
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We use a third party payment processor – PayPal – to process payment transactions on the Website. The Company does not collect, store or have access to any customer financial information such as credit card details for orders placed online.
3. How We Collect Your Information
We use different methods to collect data from and about you including through:
Via direct interactions – you may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- Ask us to provide a quote for products or services we provide
- Place an order to purchase products or services we provide
- Take part in discussions, negotiations or meetings with a Company employee
- Request us to supply information or advice about our products or services
- Apply for a credit account with us
- Opt-in to our marketing or information emails
- We will collect personal information on the Website only if it is directly provided to us by you (the user), and therefore has been provided by you with your consent. Normally you will only provide such details if you are placing and order, filling in a contact form or are signing up to receive marketing or promotional information.
- We use Google Analytics to collect data about how you use out Website and what technology you use to access it. This data cannot be used to identify you personally.
- We will collect your personal information which you have provided to us directly by telephone, post, fax, email or in person.
4. Use of Your Information
Any personal data that you provide to us will be processed in strict accordance with one of the six lawful bases for processing as laid out in the GDPR.
The information that we collect and store relating to you is primarily used to enable us to provide our services to you and to meet our contractual commitments to you. In addition, we may use the information for the following purposes:
- To notify you about any changes to the Website, such as improvements or service/product changes, that may affect our service
- If you are an existing customer, we may contact you with information about goods and services similar to those that were the subject of a previous sale to you
- Where you have consented to receive such information, to provide information on other parties products or services that we feel may be of interest to you
- Where you have consented to receive marketing or promotional information, to provide that to you
5. Lawful Basis for Processing Your Information
We have set out below a description of all the ways we plan to use your personal data, and which of the legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis we are relying on to process your personal data where more than one ground has been set out in the table below.
||Type of Data
||Lawful Basis for Processing
|To register you as a new customer
|Performance of a contract with you
|To process and deliver any orders placed with us, including:
(i) Manage payments, fees and charges
(ii) Collect and recover money owed to us
(v) Marketing and Communications
|(i) Performance of a contract with you
(ii) Necessary for our legitimate interests
(iii) Marketing and Communications
|(i) Performance of a contract with you
(ii) Necessary to comply with a legal obligation
(ii) Necessary for our legitimate interests
|To administer and protect our business
|(i) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(ii) Necessary to comply with a legal obligation
|To inform you of new products or other information about the company
(iii) Marketing and Communications
|To use data analytics to improve the Website, products/services, marketing, customer relationships and experiences
|Necessary for our legitimate interests
|To make suggestions and recommendations to you about goods or services that may be of interest to you
|Necessary for our legitimate interests (to develop our products/services and grow our business)
We may use your Identity, Contact and Transaction Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have opted-in to receive that marketing.
You can ask us to stop sending you marketing messages at any time by contacting us directly using the details in Clause 1.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. Disclosure of Your Information
- We may disclose your information to regulatory bodies to enable us to comply with the law and to assist fraud protection and minimise credit risk
- Where you have consented for us to do so, we may provide your data to selected third parties who may contact you about their goods or services that you may be interested in
- If you do not want us to use your data, you will have the opportunity to withhold your consent to this when you provide your details to us on any form on which we collect your data, or you can do so by writing to us at the address detailed in Clause 1, or sending us an email to firstname.lastname@example.org at any time
- Otherwise, we will process, disclose or share your personal data only if required to do so by law or in the good faith belief that such action is necessary to comply with legal requirements or legal process served on us or the Website
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions
7. International Transfers
- As part of the services offered to you, for example through the Website, the information you provide to us may be transferred to and stored in countries outside of the European Economic Area (EEA) as we use remote Website server hosts to provide the Website and some aspects of our service, which may be based outside of the EEA, or use servers based outside of the EEA – this is generally the nature of data stored in the Cloud
- If you use our services while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with these services
8. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available in our retention policy which you can request from us by contacting us.
In some circumstances you can ask us to delete your data: see right to erasure below for further information.
10. Third Party Links
You might find links to third party Websites on the Website. These Websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
12. Your Rights
The GDPR sets out your specific rights over the data we hold on you. These rights are:
- Inform – you have the right to be informed about the way we collect information, the reasons we hold it, what we do with it, how long we hold it for and who it will be shared with. Whenever you asked for personal information we must provide you with privacy information which addresses these points.
- Access – you have the right to obtain any information we hold on you. Note that although we must provide this information free of charge and within one month, we are able to charge a reasonable administration fee where requests for information are obviously unfounded or excessive – particularly when they are repeated requests. Under the same circumstances we have the right to refuse to respond, but in those cases we must explain why and inform you of your right to complain.
- Rectify – you have the right to ask that any information we hold on you, which is wrong, be updated or corrected. If you request this either verbally or in writing, we have a period of 30 days to action your request, however under certain circumstances we can refuse the request. We are also able to charge a reasonable administration fee where requests for information are obviously unfounded or excessive – particularly when they are repeated requests. If a request is refused or we deem it necessary to make a charge we will explain the reasons for our decision to you.
- Erase – you can make a request to us to have information about yourself erased from our records. If you request this either verbally or in writing, we have a period of one month to action your request. This right is not absolute and only applies in certain circumstances. The right to data erasure applies in the following circumstances:
- When the personal data is no longer necessary for the purpose it was originally collected for
- When you withdraw your consent and the Lawful Basis for Processing is ‘Consent’
- Where there is no overriding legitimate interest to continue processing data where we have shown the Lawful Basis for Processing is ‘Legitimate Interest’
- Where we have processed you information unlawfully
- Where we have to comply with a legal obligation
- Object – you have the right to object to your information being processed based on ‘Legitimate interests’. You can also object to information being used for direct marketing or for the purposes of scientific or historical research and statistics. Objections must be made on grounds relating to your specific circumstances. Once an objection has been raised we must stop processing your data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights or freedoms or the processing is for the establishment, exercise or defence of legal claims.
If you wish to exercise any of these rights please contact us stating your full details and the nature of your request, either by emailing email@example.com or writing to us at the address in clause 1 in this document.
If you have provided consent to us to allow us to send you marketing or promotional emails, you can ask us to stop at any time either by clicking the unsubscribe link in any of these types of emails you have received from us, or by contacting us either via emailing firstname.lastname@example.org or by post, using the details in clause 1 of this document.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance
13. Updates to This Policy and Your Duty to Keep Us Informed
- This Policy was last updated on 22/05/2018.
- This Policy will be updated to reflect any relevant changes to the Website content or our procedures and updates will be posted on our site. Any emails that you have consented to receive from us will also contain a link to the most recent version of the policy.
- It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.