This Policy covers Lightful Ltd (company number 09135963) who operate out of Second Home, 68-80 Hanbury Street, London, E1 5JL. Within this document ‘we’ and ‘us’ will refer to Lightful Ltd as denoted previously. As Lightful processes Personally Identifiable Information (PII) as a ‘Data Processor’ for clients in addition to Processing PII on our own behalf as ‘Data Controller’; we have registered with the ICO under reference: ZA236704.
Your privacy is very important to us; first and foremost Lightful adheres to the relevant legal requirements. This policy applies to the websites (‘the sites’) under the Lightful.com parent domain and explains how Lightful uses the information provided and the procedures and processes that are in effect to help safeguard your privacy.
2. Your Privacy.
We operate under an ‘opt-in only’ communication policy. This means that we will only send marketing communications to those that have explicitly stated that they are happy for us to do so via their preferred channel(s) (email, SMS, phone or post).
Our marketing communications include information about our platform, services and developments. If you would like to receive such communications but have not opted in please contact us on firstname.lastname@example.org or ringing us on 0203 7723 813.
It is worth noting that before or at the time of collecting personal data we will identify the purposes for which information is being collected ensuring it is both fair and lawful ensuring we only ask you for the information that is required, we will then use this information in relation to:
- Fulfilling those purposes specified by us and for other compatible purposes that we have obtained your consent for or as required by law.
- Retaining the personal information as long as necessary for the fulfilment of those purposes.
- We will protect personal information by reasonable security safeguards against loss or theft, as well as unauthorised access, disclosure, copying, use or modification.
- We will make readily available to you information about our policies and practices relating to the management of personal information.
We are committed to conducting our business in accordance with these principles to ensure that the confidentiality of personal information is protected and maintained.
3.Changes to this Policy.
Lightful reserve the right to update this policy when it sees fit or changes how it uses the information being gathered. The latest version of this policy will be linked across all sites under the parent domain; with the date of last revision present at the top of the document; this will succeed any previous version of the document and be enforced from this date. We will do our best to ensure this is communicated across multiple channels and reobtain consent for any new processing where required.
4. Disclosure of Information to Third Parties.
Except as denoted below; Lightful will not disclose, distribute or sell Personal Data (Sensitive or Non) to any other organisation without prior consent/contractual obligation unless we have a legal obligation or right to do so.
Lightful works closely with many Third Parties (Business Partners, Sub-Contractors, Technical or Payment delivery services) in provisions of its product (“Platform”) and other services that are on offer; we will ensure that contracts and Data Processing Agreements are in place to ensure that if we are required to send your data, securely to these third parties that this is done in order to fulfil your request for Information, Product or Service interactions/purchase.
We may on occasion work with selected third parties, data could be transferred to organisations such as Facebook, Twitter or LinkedIn or other organisations that “enhance” data that may include wealth tagging, obtaining new contact details, social matching or geo-demographics.
If Lightful receives information from any Third Parties, this may be combined with information that clients or yourselves have provided in order to obtain a better set of Information that could be used with one of the purposes outlined above.
We might also share information you have provided with selected third parties to provide you with information on products and/or services that may be of interest or relevant to yourselves; only if you have given us permission to do so via an opt-in mechanism.
If Lightful is bought out or its assets are acquired by a third party personal data held about its clients and users could possibly be one of the transferred assets.
5. Overseas Transfers.
From submitting or uploading information on our sites or platform you are agreeing to the storage, processing and possible transfer of this data. Lightful will ensure that Data Processing Agreements and contracts are set up with data processors. Rest assured in the first instance and our wishes to be fully compliant with the Global Data Protection Regulation (GDPR); we will try to keep data within the EEA through partnered organisations.
6. Our Sites.
Our sites are currently hosted in Ireland; the provider that holds the website build has its backups restricted to the UK. We hold a current and valid Data Processing Agreement with the supplier who provides the hosting. We do however use content delivery networks which copy our website code around the globe for quicker downloading. This is just the front end – no actual data resides in these edge locations.
The sites services currently cover the following areas:
Services – Our clients may sometimes engage with us for a variety of purposes around processing a Natural Persons Data that they have obtained permission to process or to analyse/create profiles on. Please get in contact with that organisation direct if you do not wish for Lightful to process your data.
Platform– This is where you would be registering direct with Lightful for the use of Lightful’s Platform (“The Platform”) to aid with Social Media and supporter engagement. Please see the additional Terms & Conditions for using this product.
Communities – This is where you can register direct with Lightful to share ideas, participate in discussions or access content through our secure portal.Our sites, products and services are restricted and aimed for access to those that are over 18 only and we don’t knowingly target anyone below this age. If we find you are below that age and you are using our products or services we may remove you from the system.
7. Personal Data We Collect – Direct Data Provision.
The sites use various forms that may collect personal data to enable you to subscribe, register and request products and services. If you have registered for any of Lightful’s Products or Services and/or have created an online account (Profile); then you would have provided us with personal data that may include your:
- Contact details (including telephone and email)
- Date of birth
- Social handles (Facebook, Twitter, LinkedIn or other)
- Payment details (credit or debit card number and expiry date); this is tokenised upon initial submisIion of the details
- Other information as needed to personalise the products/services
The sites might also collect personal data in the form of:
- Log Files – This would include things like IP addresses, browser type and version, time zone settings, browser plugins, operating system and platform.
- Website usage, how long users spend on the sites and what they click on, how many times and what they interact with.
8. Third Party Organisations/Our Clients.
You may have provided permission for our client or another company/organisation to share your data with third parties, including ourselves.
This could be when you consent by providing your data to these other organisations and would be in line with their privacy policies.
9. Social Media.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp or Twitter, you might have given us permission to access information from those accounts or services. This information will be used to identify traits, trends in our data or on prospects based on interests or groups in addition to opportunities for Marketing to audiences that share similar profiles or are key influencers within these interests or groups.
10. Publicly Available Information.
11. Use of Information.
Lightful may use your information to notify you about important functionality changes/alterations and updates on Policies in place and anything else that can be classed as “Administration”. The purposes for collation and processing of this PII could be one or more of the following:
Provision of the Services, Information or Products requested
Administration of your “Profile” and any payments made considering the above: Managing this relationship with Marketing and communication preferences
Updating you on new products and services on offer
Equal opportunities Monitoring
Non-Automated Profiling (Which has human intervention)– consisting of the following:
Propensity Modelling which essentially is using Variables within held data to score you based on an outcome which will be to include you in particular mailings or offers.
Wealth Screening (Analysing Individuals personal information to ascertain material wealth; this can either be done Internally or using selected Third parties); we may also append this information to your record on our CRM.
Social; accessing publicly available information from Social Network sites such as Facebook, Twitter, LinkedIn and Others to ascertain engagement with specific causes/interests/groups etc.
Appending/Cleansing to the data Lightful currently holds on you – consisting of the following:
New Address Details from available sources such as National Change of Address Database; where you have agreed, we may use this Address.
Consented telephone numbers from selected Third parties; where you have agreed we may use this number.
Gone Away or Deceased flags from selected Third parties.
Ultimately most of this information is used to help enhance our features and services. It is worth noting that the IP Address data collected cannot be used to identify you personally on its own, would need to be combined with other information generated to construct a profile of you, for all intents and purposes this information is kept separate.
We may also use the information submitted for performance monitoring and data analysis that will help us improve our sites and offerings. Lightful may contact you for marketing purposes which would include news, activities and developments or as specified from the initial request or subsequent data gathering forms or from the preferences as outlined in your profile. You can opt in or out of these by either editing/updating your profile online or contacting Lightful support by emailing Support@Lightful.com or ringing us on 0203 7723 813.
12. Payment Details.
Lightful do not have any access to individual’s card details; the payment provider that we use to collect payment is Payment Card Industry Data Security Standard (PCI-DSS) Compliant who process payments on behalf of thousands of UK businesses. They provide a secure payment gateway for us to process your payment for the product/services you are procuring. They also cover areas of fraud screening, IP address blocking and employ the internationally recognised 256-bit encryption. They have gateways in the US and EU and we are using the latter to process any payments.
Our payment provider is regularly audited by the banks and banking authorities to ensure security within their systems. They also possess membership to the PCI security Standard Council (PCI SSC) that define card industry global regulation. You can see that your data is secure through our payment provider when you see either a http:// in the URL and/or when the padlock is visible alongside the URL.
13. Your Rights and Raising Complaints.
Minor requests for information might be dealt “Informally” not requiring the completion of a subject access request; this will be down to the Data Protection Officers (DPO) judgement.
You have certain rights in relation to your personal data.
– The Right to be informed – How data will be used through a Fair Processing Notice/Policies.
This basically means, we will be clear and transparent on what and how we will process data that you provide by ensuring we include this at every point of data collection.
The Right to Rectification
You have the right to correct personal information If we possess inaccurate/out-dated data; this might encompass things such as a new postal or email address etc. Where possible we use publicly available sources to keep your records up to date; for example, the Post Office’s National Change of Address database and information provided to us by other organisations as described above.
The Right to Erasure
You can request you are removed from all our systems and databases, which we will do our best to comply with and instruct you for reasons we have been unable to comply.
The Right to Object/Restrict Data ProcessingYou can request that we cease or do not begin to process your data.
The Right to Object/Restrict Data Processing for Marketing Purposes
You can request that we cease or do not begin to process your data for marketing purposes which would cover any ideal, aim or objective of Lightful in addition to us promoting our goods and services. We will only contact you for marketing purposes if you have opted in.
The Right to Data Portability
If you wish to access your data in an intelligible format we will provide it.
The Right to Refuse Automated Profiling and Decision Making
If we are profiling your data that has all system driven logic and outcomes you can request that we cease or do not begin to do this.
The Right to Access your Information – (Formally Subject Access Request).
If you would like to know how your data has been processed, then you can request a Subject Access Request by following the following form. Lightful has one month to comply with the request for data, though depending on the request this might take longer in accordance with the GDPR. All information provided by us will be done in an intelligible format, if you have a preferred format we will try to conform to that.
Through the forms and policies on these sites we hope that you understand when we request information, how we use the data and what actions you can take. Remember by enacting some of these rights you may inadvertently cause cancellation or restrictions on the services, products that you are subscribed to.
If you feel you need further details on the above, then please contact us at: DataProtection@Lightful.com
The ICO governs all aspects of Data Protection within the UK and should you have any concerns or wish to raise a complaint that Lightful is unable to resolve in the first instance; then please visit the following URL for more information. http://ico.org.uk/
14. Links to Third Party Sites.
15. Data Retention.
Lightful retains data for only as long as necessary and in line with the relevant Data Protection legislations or any Legal requirement. We will aim to keep data for no longer than 2 years and in line with our Data Retention Policy.
16. Internet security.
Lightful strives to protect any information submitted to any of our sites; However, it would be impossible for us to guarantee that any information is completely safe due to the nature of the Internet. Therefore, you acknowledge and accept this risk upon providing any personal data to Lightful.
17. Governing Law.
Lightful and its sites shall be governed by the law of the Member State in which we are established, namely the United Kingdom, specifically England and Wales. For further information our Data Protection Officer (DPO) is: Andrew Cross.
If you have any queries on this policy, wish to contact the DPO or know further details on how Lightful uses personal data please contact us at:
If you wish to opt-out of something specific; then please use the communication preference centre.
Any general correspondence should go to:
68-80 Hanbury Street,
Company Number: 09135963