When/how do we collect information and how is this stored?
We collection information in a variety of ways:
- We receive a list of e-mail addresses, names, delivery & billing addresses and telephone numbers of those who purchase products from our website or by the telephone - stored securely on EKM’s server (the webhost). This information remains on EKM’s encrypted server and is accessible by selected office staff who have access via a secure system. The above details (non-financial) are also stored offline in a securely locked office & kept to cover warranty periods. Once expired these are then destroyed.
- Payment information provided by online sales is handled either through Paypal or by payment card, processed by Global Iris. In each case, access to this information is by selected office staff and all information is stored on encrypted secure servers by those 3rd parties. Access is via secure username & password login and in both cases a customers payment details are not visible in full to any staff members. Address & customer name details are both securely stored by these 2 3rd parties. The reason for this is the processing of refunds if required.
- Payment details provided via telephone are recorded offline and destroyed by means of shredder once used (usually the same day).
2) Via the Newsletter sign-up on pages of Lightahome.net. First name, surname and e-mail addresses are collected on submission of voluntary sign-up - stored securely on EKM’s servers.
3) Via opt-in of a social media competitions. Personal details not stored. Participants become ‘friends’ of Lightahome Ltd.
We do not collect information from visitors to our website.
When signing up for our newsletter we collect your first name, surname and email address in order to:
- Send periodic e-mails regarding offers (order confirmation)
- To send a regular newsletter (only to those subscribed)
- To advertise and promote promotions
We agree to the following:
• Not use false or misleading subjects or email addresses
• Identify the message as an advertisement in some reasonable way
• Monitor third-party email marketing services for compliance, if one is used
• Honour opt-out/unsubscribe requests quickly
• Allow users to unsubscribe by using the link at the bottom of each email
How do we protect your information?
We use well-established secure sites such as EKM.com
We do not use vulnerability scanning and/or scanning to PCI standards
We use an SSL certificate on lightahome.net throughout the site & not only on our checkout pages.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it's release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
We currently use Trusted Shops as a means to review our performance. This occurs by us passing your email address to Trusted Shops, with your consent at the time of purchase, so they can email you regarding your experience with us. In this instance, Trusted Shops GmbH acts as a data processor. We ask for your consent to be able to continue placing your order and you are under no obligation to actually respond to the review e-mail. We have a data protection contract with Trusted Shops to ensure your information is protected by themselves to GDPR standards. Below is a definition of how Trusted Shops gathers & users data from Lightahome Ltd.
‘4. What data is collected when Trusted Shops products are used?
A. An online shop which uses Trusted Shops products via the API offered:
If an online shop uses Trusted Shops products using the Trusted Shops API, the buyer’s personal data that is transferred to Trusted Shops and the time it will be transferred depend on the individual settings of the API.
Therefore, it is not possible to make any conclusive statement on what data is transferred between the online shop and Trusted Shops when a Trusted Shops API is used. Details on the APIs offered by Trusted Shops are available at api.trustedshops.com.
Please note that transferring personal data of buyers to Trusted Shops via the API needs prior consent from the person concerned as this is a case of transferring personal data for marketing purposes. The online shop is therefore obliged to obtain the appropriate consent in advance.
B. An online shop which has integrated the Trustbadge:
a) Data transfer when visiting an online shop with an integrated Trustbadge
Same as to opening a website retrieving a Trustbadge that is integrated into an online shop via a browser client (that means simultaneously with opening the website) produces automatically a webserver log entry. As it is a standard format, this includes information on the browser client (date, time, referrer, IP address of the client, user agent...). This data is usage data which accumulates in any data transfer on the internet. In particular, the inclusion of any third-party content involves transfer of this data.
Trusted Shops does not use this usage data to create a usage profile and no conclusion on the website visitor is made. This data is used only to guarantee operation without disruption.
In addition, visiting a shop page which has the Trustbadge incorporated does not result in any personal data (e.g. name, e-mail address etc.) being transferred to us automatically or being stored.
b) Data transfer when placing an order in an online shop
If the buyer does not themself use Trusted Shops products, only the order number is transmitted to Trusted Shops when the Trustbadge is integrated. This is for verifying later guarantees or reviews.
Other data - in particular personal data - is only transmitted if Trusted Shops products for the buyer are actively used by the shop customer and they agree to the data transfer and/or have done so in the past for future purchases.’
Do we use 'cookies'?
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We do not include or offer third-party products or services on our website
We have not enabled Google AdSense on our site but we may do so in the future
Does our site allow third-party behavioural tracking?
We may allow some 3rd party tracking of our websites users however the data used is not ‘personally identifiable data’
COPPA (Children Online Privacy Protection Act)
We do not specifically market to children under the age of 13 years old
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
· Notify you via email within 7 working days
· Notify the relevant authorities within 3 working days
· Activate our data breach response plan
If you have any concerns regarding your personal data then you can contact our appointed GDPR responsible member of staff, which is Dave Riley. Dave is the Ecommerce manager and has a responsibility for your personal data usage and security.
You are entitled to ask at any point what data Lightahome may have on record for you at no cost to yourself. You also have the right to make a complaint to both Lightahome and the relevant authorities should you have any concerns. You have the right to object to any consent you have previously given and ask for it to be removed.