The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation that replaces the Data Protection Directive (Directive 95/46/EC). The General Data Protection Regulation builds on previous legislation but enhances privacy rights for individuals. The GDPR will apply in the UK from 25th May 2018.
Despite the UK’s intention to leave the European Union in March 2019, the GDPR will still apply in accordance with the Information Commissioner’s Office (ICO) guidance to continue a similar level of regulation post-March 2019 together with a new Data Protection Act.
At COCO Lighting Ltd, we are committed to safeguarding the privacy of visitors to our website www.cocolighting.co.uk and users, in line with the regulations laid down by GDPR. (In this privacy notice, "we", "us" and "our" refer to Coco Lighting Ltd.) This privacy notice provides you with details of how we collect and process your personal data through your use of our website and of our services.
Coco Lighting Ltd is the data controller with respect to the personal data of our website visitors and service users - in other words, where we determine the purposes and means of the processing of that personal data.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. Our contact details can be found at the end of this notice. It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at firstname.lastname@example.org
What Data Do We Collect About You?
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process certain types of personal data about you as follows:
• Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender. This may also include photography and video featuring your image.
• Contact Data may include your billing address, personal and/or office address, email address and telephone numbers.
• Transaction Data may include details about payments between us and other details of purchases made by you.
• Profile Data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses. We will also record any other professional or personal information which is relevant to your situation and how we might help you.
• Service Data may include records of our telephone conversations and any reflection on notes that you submit as part of the quotation and ordering process.
• Usage Data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
• Marketing and Communications Data may include your preferences in receiving marketing communications from us and your communication preferences.
• Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver our services to you). If you don’t provide us with the requested data, we may have to cancel a service you have ordered but if we do, we will notify you at the time.
How We Collect Your Personal Data
We collect data about you through a variety of different methods including:
•Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you:
• Contract our services;
• Subscribe to our service or publications;
• Request resources or marketing be sent to you;
• Enter a competition, prize draw, promotion or survey; or give us feedback.
Cookies: Like most websites, our website www.cocolighting.com uses ‘cookies’, small packets of data that are stored in your web browser. Cookies help us to identify information such as how many people are using our site and what devices they’re using.
We also use Google Analytics and Lucky Orange to analyse data and aggregate patterns of use. This allows us to tailor our service to best meet the needs of the people using it. You can manage how your browser handles cookies, or refuse them altogether, by changing your settings. www.aboutcookies.org has useful information on how to manage cookies in your browser.
How We Use Your Personal Data
We will only use your personal data when legally permitted. The most common uses of your personal data are:
• In order that we can provide our services and communicate with you.
• Where we need to perform a contract between us or take steps at your request to enter into such a contract.
• Where it is necessary for our legitimate interests (or those of a third party) namely the proper administration of our website and our business, and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation or take steps to proper protection of our business from risk.
• Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. Exceptions are noted below.
You have the right to withdraw consent to marketing at any time by emailing us at email@example.com
Images and films
During group events, training or workshops we may photograph or film individuals; however, this will always be with the express permission of those involved and is for the purpose of capturing and celebrating the work we do. We will never use images or footage of an individual in any of our marketing material or on our website without first having received written agreement to the usage of their image in this way.
Providing your personal data to others
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may disclose service data, enquiry data and correspondence data to our subcontractors or associates insofar as reasonably necessary for the performance of a contract between you and us.
Financial transactions relating to our website and services may be handled from time to time by our payment services provider, HSBC Global Payments. We will share transaction data with payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services provider’s privacy policies and practices here.
In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person
International transfers of your personal data
There are certain circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
Our supplier of email distribution services is situated in the USA. The European Commission has made an "adequacy decision" with respect to the data protection laws of the USA.
You acknowledge that personal data that you submit for publication through our website, such as contribution to our blog, may be available via the internet, around the world. We cannot prevent the use or misuse of such personal data by others.
Retaining and deleting personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Account data and Transaction data will be retained for a minimum period of five years from the end of the last company financial year they relate to, or longer if they show a transaction that covers more than one of the company's accounting periods or if required to do so by the relevant tax authorities. In some cases, it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the need, use and application of the data, in accordance with Article 5(1)(e) of the 2018 General Data Protection Regulation (GDPR).
Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of changes to this policy by email.
You may instruct us to provide you with any personal information we hold about you by emailing us firstname.lastname@example.org. Please note there may be a delay of up to two weeks to cover the time needed to access our archives. We may withhold personal information that you request to the extent permitted by law.
You may instruct us at any time not to process your personal information for marketing purposes. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal information for marketing purposes.
• Remembering settings, so you don't have to keep re-entering them whenever you visit a new page.
• Remembering information you have given so you don't need to keep entering it.
• Measuring how you use the website so we can make sure it meets your needs.
To learn more about cookies and how to manage them, please visit the ICO website.
Legitimate Interest Assessment
Below is information about the legitimate interest assessment, as laid out by the ICO, with regards to how Coco Lighting process your data.
1. Purpose test:
We are processing the data in order to invite senior professionals to specific technology events in their fields of expertise, who may have an ongoing or planned project in the near future.
By processing the data, we benefit from identifying potential clients and creating a pipeline of prospects.
• No third-party benefits from the processing of your data.
• There are no wider public benefits from processing.
• The benefits of processing your data to our organisation are important to create growth and stimulate business development.
• If we do not process prospects data, there would be a significant impact on our business growth and lead generation activities.
• This includes staff training, data security, destruction of records and a managed unsubscribe / opt-out system.
• We follow the suggested general digital marketing guidelines suggested by the Direct Marketing Association.
• Since we only process business telephones and emails, there aren’t any ethical issues relating to our processing of data.
2. Necessity test:
The processing is necessary for that purpose as we want to place ourselves as a choice for their selection process. As this is a lead generation campaign to find net new leads for our business, we can only use Legitimate Interest as the legal basis for processing.
This processing will help our lead generation activities and contribute towards both ourselves and the companies we speak to. We cannot achieve the same purpose without processing.
We process the data using the lowest possible amount of personal data which includes only business phone lines, business emails and business information.
We do not keep or hold any personal information on potential prospects aside from the aforementioned data. By following a marketing code, we try to make our processing as obvious and un-intrusive as possible. We offer potential prospects the chance to unsubscribe and take steps to ensure that processing will be fair and justified.
3. Balancing test:
Nature of the personal data
We only have business telephone numbers and emails and no personal information including; personal email, personal telephone, the address is kept about prospects.
• We do not process any special category data or criminal offence data.
• We do not process any data that people are likely to consider particularly private.
• We will never process children’s data or data relating to other vulnerable groups.
• The data we process about people is entirely in a professional capacity.
We may not have an existing relationship with the individual, but we will only process the data if there is a high chance that our event will definitely be of interest to the individual, and they have a job title relevant to our offering.
We do not collect data directly from the individual, we subscribe to a database and we are happy to provide any information, on request, about our data provider. As previously stated, we are supplied data from a third-party data provider who has taken every step to ensure data was collected in a fair way and we feel, to a high degree, that we can be covered by their collection activities. We are happy to provide any information, on request, about our data provider.
Our intended purpose and method are widely understood. This is a tried and tested method and our purpose is clearly outlined in our offerings. We reasonably expect our prospects to expect processing and will only offer relevant content, suitable to the individual, unless they unsubscribe or opt-out of our marketing material.
We do not anticipate any other factors, in particular circumstances, that would mean they do not expect the processing. If we are made aware of any circumstances we will cease to process immediately, and ensure steps are taken to ensure they are not processed.
• The possible impact of the processing is limited due to the nature of the data we use.
• Individuals retain complete control of their data and can unsubscribe / opt-out, request the deletion and speak to the data provider.
• Due to the nature of the data we process, there is little likelihood of any potential impact on the individual.
• The severity of any impact on the individual would be minor, due to the nature of the data we process.
• We are happy to explain the process and methodology of this processing to individuals.
• We adopt all relevant security procedures and safeguards to minimise the risk to the individual.
• We offer all individuals an opt-out in the form of an unsubscribe link found at the bottom of our marketing activities.
After assessing the points made in this document, we feel we can rely on legitimate interests as a valid, legal basis for processing data.
• We keep the minimum possible data on individuals and this data only relates to the individual in a professional context.
• We only process data if we feel there is a high chance the individual will have a legitimate interest.
• We take all steps to ensure the safety, privacy and rights of the individual.
• We will ensure that all requests of opt-outs are honoured and will keep an anonymised list of individuals who have opted out to ensure the individual has complete control over their data.
Queries and complaints
Any comments or queries on this policy should be directed to the Company via email@example.com