This Privacy Notice explains how we collect and use information about you, and tells you about your privacy rights and how the law protects you.
Purpose of this Notice
Lumina Technologies Ltd is an IT and telecommunications services business providing technical solutions and consultancy to business users.
This Notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. We take our privacy obligations seriously and aim to always act in a fair and transparent manner.
We will likely need to change this Notice from time to time and will do so by updating the published copy on our website. If there are significant changes we will also notify you directly.
Lumina Technologies Ltd will act as the data controller when collecting data about you and when you use our website and services and will be responsible for your personal data. If you have any questions about this Notice or how we use your personal data please contact our Data Compliance Officer (DCO) at email@example.com.
Our lawful basis for using your personal data
The law on data protection requires us to have a lawful basis for processing your personal data. We use the following lawful basis when processing your data:
- Consent – in specific circumstances we will request your consent to collect and use your data, for example when signing up for a newsletter or wanting to be kept informed of our business briefings and other events.
- Contractual obligations – when you engage us to provide services we will need certain information in order to fulfil our services to you.
- Legal compliance – we may be required by law to collect certain data about you.
- Legitimate interest – in specific circumstances we will use your personal data to pursue our legitimate interests and will do so in a manner which might reasonably be expected as part of running our business and in a way which does not materially impact your rights and freedoms.
How do we collect your personal data?
We may collect your data from a variety of sources as listed below.
- Direct interactions – when we meet with you face-to-face; correspond with you by telephone, email or post; or interact with you at social or business networking events.
- Our Website – when you sign up for a newsletter; sign up to one of our briefings or events; or submit an enquiry to us.
- Social media – when you interact with us through social media channels.
- Referrals – where you have been introduced to us by a third party to whom you have given consent for your data to be provided.
- Public sources – where you have consented to your data to be shared publicly.
- Technical data – where you use our website and technical services.
What data we collect about you?
We collect a variety of personal data about you depending on the type of interaction you have with us. These include:
- Identity information – such as your first name, last name, title, date of birth and gender.
- Contact information – including your address, telephone number, mobile number and email address. This will usually be your business contact information and, where you have consented, may include your non-business contact information, e.g. your home address.
- Business information – such as your job title, department and manager.
- User information – such as the username and password assigned to you to access your organisation’s systems, our portals and our technical solutions.
- Social media information – such as your social media usernames and handles.
- Communication preferences – including your preferences for marketing and other communications from us.
- Personal information – such as any personalisation information you provide us, for example your nickname; hobbies and interests; or partners and children’s first names.
- Asset information – including the serial numbers and device IDs of any equipment you have been issued by your organisation or you have engaged us to support.
- Product information – including any other information we need to gather in order to deliver products and services you buy from us.
- CCTV data – where you visit one of our sites and your image is captured as part of our security controls.
- Technical data – when you connect to our services including your IP address, browser type and version, operating system and platform.
- Website usage data – including analytics data from providers such as Google about how you use our website, including the full Uniform Resource Locators (URL) click stream to, through and from our site (including date and time); properties you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call us.
We aim to keep your data accurate and current so please keep us informed if any of your data changes.
We do not collect or process special category data, for example your race, ethnicity, religion, trade union membership, philosophical and political beliefs, any genetic or biometric data, your health or information about your sex life or sexual orientation.
How and why we use personal data?
We will only use your personal data when the law allows us to do so. Most commonly will use your personal data for the following reasons:
- To provide you with the goods and services you purchase from us. We use our contractual obligation as the lawful basis.
- To send you surveys and feedback requests to help improve our services. We do this as part of our legitimate interest.
- To respond to your enquiries, communications, survey results and complaints. We may do so as part of a contractual obligation, a legal obligation or our legitimate interest.
- To notify you of any changes to the products and services we provide you. We do this as part of our legitimate interest.
- To notify you of any service outages or other events that may impact your usage of our services. We do this as part of our contractual obligations
- To notify you of any changes to our terms of business or policies and notices, such as this Privacy Notice, as required by law. We do this as part of our legal obligations.
- To notify you of any events, new services, promotions or competitions by email, phone and through our website. Where we are communicating with business employees we will do this as part of our legitimate interest otherwise we will do so with your consent. In all cases you are free to opt out from hearing from us at any time.
- To notify you of any events, new services, promotions or competitions by post. We do this as part of our legitimate interest and you are free to opt out from hearing from us at any time.
- To personalise our communications with you. We maintain close relationships with those we do business with and we want our relationship with you to be personal and friendly. We may tailor our communications with you, for example by addressing you by your nickname or by making reference to your hobbies and interests. We only do this with your consent.
- To identify potential new business opportunities and markets. This includes identifying organisations that may benefit from our goods and services and collecting the identity and contact information of decision-makers. We do this as part of our legitimate interest.
- To improve our website. We collect data about your usage of our website so that we can identify where improvements can be made. We do this as part of our legitimate interest.
- To protect our systems from fraud and other illegal activities. This includes using your data to verify your identity. We do this as part of our legitimate interest.
- To protect our premises and assets from crime. We operate CCTV to record images to keep our premises secure. We do this as part of our legitimate interest.
- To comply with the law. We may disclose your information to regulatory bodies and law enforcement agencies. We do this as part of our legal obligations.
We do not utilise any automated decision making or profiling.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
How we protect your data?
As an IT solution provider we have expertise in securing data and ensure that all data that we collect about you is stored using appropriate technical and organisational measures. Only authorised individuals have access to your data and where they do they must use passwords and another form of physical identification, i.e. token based access.
We monitor our systems for possible vulnerabilities and attacks and we carry out regular scans and penetration tests to validate our measures.
How long do we keep your data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where data is outside of our defined retention periods we will remove the data either through secure destruction means or by anonymising the data such that it cannot be used to identify you.
Who do we share your personal data with?
We sometimes need to share your personal data with trusted third parties. Examples of third parties with whom we might share your data include:
- Delivery organisations in order to ship goods to you.
- Direct marketing companies who help us communicate with you.
- Technology providers who help us deliver our website and our technical solutions.
- Google and other search/social media platforms. We do this on the basis of your acceptance of cookies on our website.
- Our accountants and other professional advisers.
When we share your personal data we work with our third parties to ensure your personal data is kept safe and your privacy is respected and protected at all times.
We will only provide the information they require to fulfil their specific services. Where required we will enter into contractual arrangements with them and stipulate:
- They will only process your personal data for the exact purposes we specify with them.
- They have appropriate technical and organisational measures to protect your personal data against accidental, unauthorised or unlawful processing, destruction, loss, damage, alteration or disclosure.
- They do not process your data outside of the European Economic Area without our agreement.
- That unauthorised individuals will not have access to your personal data.
- That they will co-operate with us in relation to any complaint made by you or in responding to any of your rights that you may exercise.
- That they will securely destroy any data we supply upon termination of our agreement with them.
We do not sell your personal data or share it with third parties for their own purposes.
Where do we store your data?
We only store your personal data within the European Economic Area (EEA) and where possible within the United Kingdom (UK).
If, in the future, we are required to store your data or use a third-party processor outside the EEA we will ensure your data receives the same protection as if it were stored or processed within the EEA. We will notify you by updating this Privacy Notice and by writing to you, either by post or by email, if we will transfer personal data outside of the EEA.
What are your rights?
You have the right to:
- Access the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- The deletion of the data we hold about you, in specific circumstances; for example, when you withdraw consent or object, and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
- A computer file in a common format (CSV or similar) containing the personal data that you have previously provided to us, and the right to have your information transferred to another entity where this is technically possible.
- Restriction of the use of your personal data, in specific circumstances, generally while we are deciding on an objection you have made.
- That we stop processing your personal data, in specific circumstances; for example, when you have withdrawn consent, or object for reasons related to your individual circumstances.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent-based processing of your personal data after you withdraw that consent.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Third Party Links
You may find links to third party websites on our website. These websites should have their own privacy policies, which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.
How to contact us
We hope we have provided you with enough information to help you understand how we use your personal data. If you have any further questions please contact our Data Compliance Officer:
By email: firstname.lastname@example.org
By phone: +44 (0)1442 500890
By post: Data Compliance Officer, Lumina Technologies, Lumina House, 37 Mark Road, Hemel Hempstead, HP2 0BS, United Kingdom.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns.
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
This Privacy Notice is effective from 25th May 2018 and was last reviewed on 25th May 2018.