It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
This privacy notice supplements other notices and is not intended to override them.
By visiting or placing an order to purchase goods or entering a website promotion or competition or registering with us to receive newsletter updates, brochures or similar or using any service on this website, you consent to the collection, use and transfer of your information under the terms of this policy.
Full name: Lumeffects
Data Responsibility: Data Privacy Officer (DPO)
Email address: firstname.lastname@example.org
Postal address: Gedney, Watlington, Oxfordshire, OX49 5AD (UK)
Telephone number: 0044 (0)0871 3150022
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
1.0. Information that we collect from you:
When you visit, create an account, contact us, subscribe to any publication, place an order for goods or use any other service through our websites you may be asked to provide certain information about yourself.
We may also collect information from you about your usage of our website via recognised IP
tracking solutions as well as from any correspondence you have with us.
The types of data we may collect includes:
Identity Data – including your name, any username or similar identifier and title.
Contact Details – including billing address, delivery address, email, address & phone numbers.
Financial Data – including bank account and payment card information.
Transaction Data – including details about payments to and from you and other details of the products and services you have purchased from us.
Technical Data – including internet protocol (“IP”) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system & platform and other technology on the devices you use to access our websites.
Profile Data – including your username and password, purchases or orders made by you, your commercial interests, preferences, feedback and survey responses.
Usage Data – including information about how you use our website, products and services.
Marketing and communications Data – including your preference in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share “aggregated data” such as statistical or demographic data for any purpose. This data may be derived from your personal data but is not considered to be personal data because it does not directly or indirectly identify you. However, if we combine or connect aggregated data with your personal data so that it can identify you, we treat the combined data as
personal data which will be used in accordance with this privacy notice.
Failure to provide personal data:
Where we need to collect personal data by law, or under the terms of a contract with you and you fail to provide data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
2.0. Use of your information:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data for the following purposes:
Use of Personal Data Lawful basis for processing
Where we need to perform the contract we are about to Contract
enter into or have entered into with you, to complete and
fulfil purchases of products and services, and to execute
transactions in relation to processing payments, orders,
invoicing, statements and overall to manage your accounts.
To administer and personalise DSS Limited websites and Legitimate Interest
business for you by presenting products, marketing
messages, commercial offers and content tailored to
To provide you with non-marketing commercial Legitimate Interest
To provide you with information about our products or Legitimate Interest
We may email you in response to your enquiries and to Contract and/or
fulfil your requests, such as to provide you with data Legitimate Interest
sheets or other information.
Where it is necessary for our legitimate interests (or Legitimate Interest
those of a third party) and your interests and fundamental
rights do not override those interests.
To send you marketing communications such as Consent
newsletters, in accordance with your communication
preferences. If you have provided consent for this
we may also send you marketing communications related to
third party businesses that we believe may be of interest
To deal with any enquiries or complaints made by or Contract
about you relating to Lumeffects, or any of its websites
To ensure security is set to prevent criminal activity such Legitimate Interest
as fraud and to improve the user experience on
To perform data analysis for marketing and analytics Legitimate Interest
purposes to identify usage trends and to determine the
effectiveness of promotional campaigns used to expand
Lumeffects business activities.
Where we need to comply with a legal or regulatory Legal Obligation
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email, post or text message. You have the right to withdraw your consent to marketing at any time by contacting us.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data.
Your information will enable us to provide you with access to all parts of our website and to supply the goods or services you have requested.
It will also enable us to invoice you and to contact you where necessary concerning your orders.
We will also use and analyse the information we collect so that we can administer, support, improve and develop our business.
In particular, we may use your information to contact you for your views on our goods or services and to notify you occasionally about important changes or developments to the website or our goods or services.
We might also use your information to let you know about other goods, services and promotions which we offer which may be of interest to you and we may contact you by post, telephone or fax, as well as by email.
If you change your mind about being contacted in the future, please let us know by contacting our Data Protection Officer (DPO) by email:email@example.com
3.0. Disclosure of your information
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. We may share your personal data as set out below for the purposes set out in paragraph 2.0. above.
3.1. We may employ other companies to provide services for us, including for example, processing of credit card payments. These companies have access to the personal information needed to perform their functions and not for any other purpose.
3.2. If our business enters into a joint venture with or is sold/transferred to or merged with or a substantial part of it is sold/transferred or merged with another business entity, your information
will be disclosed to our new business partners or owners who may use your personal data in the same way as set out in this privacy notice.
3.3. Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
4.0. International Transfers – We do not transfer your personal data outside the European Economic Area (“EEA”)
6.0. Cookies – When you visit our website we may store some information (commonly known
as a “cookie”) on your computer and if we are using cookies you will be notified of this at the time you access the website.
Cookies are small files of information which use a unique identification tag and are stored on your device as a result of using our website or other services we provide to you. A number of cookies we may use last only for the duration of your session and expire when you close your browser. Other cookies may be used to remember you when you return to our website and will last for longer.
A cookie helps you get the best out of our website and helps us to provide you with a more customised service.
Many browsers will automatically accept cookies but you can amend your browser settings to prevent that or to notify you each time a cookie is set. More information about cookies
and how to block cookies across different types of browser is also available at www.allaboutcookies.org
to operate correctly and may not work correctly if you set your browser not to accept cookies.
7.0. Security and data retention – We employ security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Any concerns regarding data protection should be reported in the first instance to our DPO by email: firstname.lastname@example.org
We will retain your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
8.0. Your rights – You have the right to:
Access your personal data – make a “subject access request”.
Request – that we correct or complete any incomplete or inaccurate data that we hold about you. (Although we may need to verify the accuracy of the new data you provide).
Request – that we delete your personal data. However, we may not be able to comply with your request for specific legal reasons which we will provide at the time of your request;
Object or request – a restriction of processing your data
Request – the transfer to you or a third party of your personal data which is automated information; and withdraw your consent where we are relying on your consent to process
your personal data.
If you wish to exercise any of these rights, please contact our DPO by email: email@example.com