We are committed to safeguarding and preserving the privacy of individuals. We will treat all your Personal Information as confidential. We will keep it on a secure server and we will fully comply with all applicable UK Data Protection and consumer legislation from time to time in place. We will not sell, distribute or lease your personal information to third parties unless we are required by law to do so.
How we use your data
We use your personal data:
- to provide goods and services to you;
- to make a tailored website available to you;
- to manage any registered account that you hold with us;
- with your agreement, to contact you electronically about promotional offers and products and services which we think may interest you;
- for market research purposes - to better understand your needs;
- to enable management of customer service interactions with you; and
- where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
What personal data do we collect
In running and maintaining our business we may collect and process the following data about you:
- When you shop with us or open an account, we will collect Personal Information from you such as your name, e-mail address, billing address, delivery address, telephone number, product selections, credit card or other payment information and a password.
- Information provided voluntarily by you. For example, your email address and name when you register to receive information.
- Information that you provide when you communicate with us by any means.
Legal basis for processing customer personal data
We collect and use customers’ personal data because is it necessary for the pursuit of our legitimate interests which can include:
- the management of our website;
- to manage and develop our business and increase sales;
- to recover debts;
We also collect customers’ data for the purposes of complying with our duties and exercising our rights under a contract for the sale of goods to a customer and to manage customer accounts; or to comply with our legal obligations.
We only rely on consent as a legal basis for processing in relation to sending direct marketing communications (i.e. via email or text messages) to individuals who are not yet customers, but have registered with us to receive information. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
You will also receive marketing communications from us if you have purchased goods or services from us in the past and, in each case, you have not opted out of receiving that marketing.
Disclosures of your personal data
In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include IT, delivery and marketing service providers.
We only allow service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls.
We do not transfer your data outside of the European Economic Area
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years, for tax purposes.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an authorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
In certain circumstances, you have the following rights:
- the right to receive a copy of the personal data that we hold about you at any time and the right to check that we are lawfully processing your personal data;
- the right to withdraw your consent at any time;
- the right to request that we restrict the processing of your personal data
- the right to ask us to erase, update or correct any personal data that we hold about you free of charge; and
- the right to opt out of any marketing communications that we may send you.
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You have the right to make a complaint at any time to the Information Commissioners Office, the UK supervisory authority for data protection issues.(www.ico.org.uk) We would however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Data Protection Manager
där Lighting Group