LIGHTMAP LTD - PRIVACY POLICY 

Published 23 May 2018 

INTRODUCTION

1.1 - We are committed to safeguarding the privacy of our website visitors, service and product users. 

1.2 - This policy applies where we are acting as a data controller with respect to the personal data of our website visitors, service and product users; in other words, where we determine the purposes and means of the processing of that personal data. 

1.3 - By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy and our cookies policy. 

1.4 - In this policy, "we", "us" and "our" refer to Lightmap Ltd. For more information about us, see Section 18. 

 

HOW WE USE YOUR PERSONAL DATA

2.1 - In this Section 2 we have set out: 

(a) the general categories of personal data that we may process; 

(b) in the case of personal data that we did not obtain directly from you, the source and specific categories of that data; 

(c) the purposes for which we may process personal data; and 

(d) the legal bases of the processing. 

2.2 - We may process data about your use of our website and services ("web usage data"). The web usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. One source of web usage data is Google Analytics, our analytics tracking system. This web usage data may be processed for the purposes of analyzing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services. 

2.3 - We may process your account data ("account data"). The account data may include your name, email address, job title, company name, address and telephone number. You are the source of the account data. The account data may be processed for the performance of a contract between us and you and/or taking steps, at your request, to enter into such a contract. Account data may be used to inform you that we may be available for training and consultancy in your area. The account data may be processed for the purposes of operating our website, providing our services and products, ensuring the security of our website and services and products, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is consent. 

2.4 - We may process information that you post for publication on our website, social media, or through our services ("publication data"). The publication data may be processed for the purposes of enabling such publication and administering our website. The legal basis for this processing is consent. 

2.5 - We may process information contained in any enquiry you submit to us regarding goods and/or services ("enquiry data"). The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is consent. 

2.6 - We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website ("transaction data"). The transaction data may include your contact details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is consent and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business. 

2.7 - We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("notification data"). The notification data may include your name and email address. The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent. 

2.8 - We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users and for supporting the goods and/or services that you have purchased from us.  

2.9 - We may process information relating to your license when you download, install and use our software (“license data”). This license data may include activation code, product, license type, technical information about your computer, system and application software and MAC address. This license data may be processed to identify and prevent fraud, to enhance the security of our network and information systems, and to enable us to enhance, modify, personalize or otherwise improve our services / communications for the benefit of our customers. The legal basis for this processing is consent. 

2.10 - We may process information relating to your device, and other devices that you wish to use our software on when you download, install and use our software (“diagnostic data”). This diagnostic data may include technical information about your computer, system and application software. As a result of collecting this diagnostic data, the IP address from where data originates is recorded as part of the communication protocol. Diagnostic data content is anonymous, unless the software is used with a License Key, whereby license key data is transmitted, which does not contain personally identifiable information. Diagnostic data can be cross referenced to identify a user for license compliance checks. This diagnostic data may be processed to identify and prevent fraud, to enhance the security of our network and information systems, and to enable us to enhance, modify, personalize or otherwise improve our services / communications for the benefit of our customers. The legal basis for this processing is consent. 

2.11 - We may process your information that you provide when you complete surveys, enter competitions or prize draws (“survey data”). This survey data may include name, job title, company name, address, email address, telephone number, survey data, communication content. The legal basis for this processing is consent. 

2.12 - We may process your information that you provide when you give us your contact details e.g. on a business card, contact us in any way including email, telephone, post, SMS or social media, provide feedback (“business contact data”). This business contact data may include name, job title, company name, address, email address and telephone number. The business contact data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you, or supporting the goods and/or services that you have purchased from us, or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. The legal basis for this processing is our legitimate interests, namely business and communications with users or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.  

2.13 - We may process your information that you provide when you communicate with us, or that we have obtained from public sources (“business contact information”).  This business contact information may include address, alternative address, mobile number, fax number, home email, other email.  The business contact information may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you, or supporting the goods and/or services that you have purchased from us. The business contact information may also be used to inform you that we may be available for training and consultancy in your area. The legal basis for this processing is our legitimate interests, namely business and communications with users or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.  

2.14 - We may process information that you provide us with if you apply for educational licenses for your campus (“campus data”). This campus data may include your details (name, job title, email address), course details (course name, duration, university name, university website) and technical support contact (name, email address, job title) and communication content. The campus data may be processed for the purposes of checking that you qualify for educational licenses. The data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you, or supporting the goods and/or services that you have purchased from us. The legal basis for this processing is consent. 

2.15 - We may process information that you provide us with if you are a Student or Teacher and apply for an educational license (“student/teacher data”). This student/teacher data may include your details (name, email address, job title), course details (course name, month/year you first enrolled, duration, university name, university website) and documentary proof (e.g. Student ID /course enrollment or Staff ID / Proof of Employment). The student/teacher data may be processed for the purposes of checking that you qualify for an educational license. The data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you, or supporting the goods and/or services that you have purchased from us.  The legal basis for this processing is consent. 

2.16 - We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others. 

2.17 - We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks. 

2.18 - Please do not supply any other person's personal data to us unless we prompt you to do so. 

 

PROVIDING YOUR PERSONAL DATA TO OTHERS

3.1 - We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. 

3.2 - Financial transactions relating to our website, services and products are handled by our payment services providers, SagePay. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about our payment services providers' privacy policies and practices at https://www.sagepay.co.uk/policies/privacy-policy. 

3.3 - We will not share your personal data with third parties, other than our trusted partner network. 

3.4 - Use of our social media content is external to our website and the social media provider e.g. Facebook, twitter, Instagram, is responsible for meeting any legal requirements. 

 

INTERNATIONAL TRANSFERS OF YOUR PERSONAL DATA 

4.1 - In this Section 4, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA). 

4.2 - We have agreements in place with third parties in order to collect, store and process your personal data as outlined in this Privacy Notice, and some of these agreements require the transfer of data outside the EEA.  

4.3 - Personal data will only be transferred outside of the European Union in compliance with the conditions for transfer set out in the GDPR. We specify below if a company is on the Privacy Shield list; The Privacy Shield List enables EU companies to verify whether data can be transferred to a U.S.-based company under the Framework.  (see https://www.privacyshield.gov/list) 

4.4 - Our email list is provided by Mail Chimp who are on the Privacy Shield Register. 

4.5 - Social Media is provided by Facebook who are on the Privacy Shield Register.  

4.6 - Web site analysis and Document Storage is provided by Google who are on the Privacy Shield Register.  

4.7 - Our Payment Portal is provided by SagePay who are on the ICO Register.  

4.8 - Our CMS is provided by Salesforce who are on the Privacy Shield Register. 

4.9 - Our surveys are provided by SurveyMonkey who are on the Privacy Shield Register. 

 

RETAINING AND DELETING PERSONAL DATA

5.1 - This Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. 

5.2 - Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We may keep personal data for historical, statistical or research purposes and in order to defend possible legal claims. 

5.3 - We will retain your personal data as follows: 

(a) Customer (permanent license) will be retained following purchase for the duration of the license. 

(b) Customer (subscription license) will be retained for 10 years after the end of last subscription purchased. 

(c) Software Trial will be retained for 10 years after the trial was initiated. 

(d) Abandoned Purchase will be retained for 10 years after the purchase was attempted. 

(e) Enquiry and Support Cases will be retained for 10 years after the closure of the case. 

(f) Student/Teacher Educational License Applications (unsuccessful) will be retained for 6 months after the request for an Educational License. 

(g) Student/Teacher Educational License Applications (successful) will be retained for 10 years after the end of the last purchased Educational License. 

(h) Campus Software Applications (unsuccessful) will be retained for 6 months after the request for an Educational License. 

(i) Campus Software Applications (successful) will be retained for 10 years after the end of the last purchased Educational License. 

(j) Survey Data will be retained for 6 years after the end of the campaign. 

(k) Business Contact (e.g. from Business Card) will be retained for 6 years after last contact. 

(l) Diagnostic Data will be retained for 6 years after collection. 

(m) Any other enquiry, notification or correspondence not covered by the above data categories will be retained for the time period specified for the relationship that we have with you, or for 6 years if that does not apply. 

5.4 - In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria: 

(a) the period of retention of publication data, such as marketing examples that you provide will be determined based on their relevance to our currently available products. 

5.5 - Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. 

 

SECURITY OF PERSONAL DATA

6.1 - We will take appropriate technical and organizational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data. 

6.2 - We have implemented security policies, rules and technical measures to protect the personal data that we have under our control from: 

(a) Unauthorised access 

(b) Improper use or disclosure 

(c) Unauthorised modification 

(d) Unlawful destruction or accidental loss 

6.3 - All our employees and data processors that have access to, and are associated with, the processing of personal data are obliged to respect the confidentiality of your personal data. 

 

AMENDMENTS

7.1 - We may update this policy from time to time by publishing a new version on our website. The date of the last update can be found at the top of this policy. 

7.2 - You should check this page occasionally to ensure you are happy with any changes to this policy. 

7.3 - We may notify you of changes to this policy by email or on our website. 

 

YOUR RIGHTS

8.1 - Your principal rights under data protection law are: 

(a) the right to access; 

(b) the right to rectification; 

(c) the right to erasure; 

(d) the right to restrict processing; 

(e) the right to object to processing; 

(f) the right to data portability; 

(g) the right to complain to a supervisory authority; and 

(h) the right to withdraw consent. 

8.2 - You can access your account information and history when logged into our website. 

8.3 - You may exercise your rights, as listed above, by emailing us at support@lightmap.co.uk, or by contacting us as detailed in section 18. For example, you may seek to access, correct, amend, or delete your data, or restrict processing. We will require appropriate evidence of your identity. 

8.4 - If you want to make a complaint about the way we have processed your personal information, you can contact The Information Commissioners Office, the statutory body which oversees data protection law in the UK – www.ico.org.uk/concerns.  You may lodge a complaint with a supervisory authority responsible for data protection in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. 

8.5 - You may instruct us at any time not to process your personal information for marketing purposes. 

8.6 - In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or you can manage your receipt of marketing and non-transactional communication by clicking on the “unsubscribe” link located at the bottom of our marketing emails. Some communications, for example important account notifications and billing information, are considered transactional and are necessary to support our products and services and we will continue to send these to you. 

 

THIRD PARTY WEBSITES

9.1 - Our website includes hyperlinks to, and details of, third party websites. 

9.2 - We have no control over, and are not responsible for, the privacy policies and practices of third parties. 

 

UPDATING INFORMATION

10.1 - Please let us know if the personal information that we hold about you needs to be corrected or updated. 

 

WHEN YOU BUY FROM A RESELLER

11.1 - We have a network of authorized resellers from whom you can buy our products and services. They will provide advice and support in your time zone and language. They are a data controller and will have their own legal obligations and policies. 

11.2 - You may take a trial using our website.   

11.3 - The following is applicable to customers who have contacted resellers in order to buy our products and services, in addition to the remainder of this policy: 

(a) Your Personal Data. We may collect information under the direction of resellers and may process this data in order to help us provide you with the applications, services and information that you have requested or which we believe is of interest to you. Resellers provide us with data in order to provide the products and services that you have requested. 

(b) Your Rights. Customers who seek to access, correct, amend, or delete their data should contact the Reseller.  

(c) Marketing. If you are a customer of one of our resellers and you no longer want to receive marketing communication from them, then please contact the Reseller from whom you purchased products or services. If we send marketing communication on behalf of the Reseller you can manage your receipt of marketing and non-transactional communication by clicking on the “unsubscribe” link located at the bottom of our marketing emails. 

(d) Data Retention. We retain personal data we process on behalf of our Resellers for as long as needed to provide services under the relationship. See section 5 for retention periods. We will retain and use this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. 

 

JOB APPLICANTS, CURRENT AND FORMER EMPLOYEES 

12.1 - As an employer we collect and process personal data as part of our recruitment and employment process. The following is applicable to job applicants, current and former employees, in addition to the remainder of this policy. 

12.2 - We may process your personal data relating to your job application or internship application (“Recruitment Data”). The recruitment data may include name, age, gender, contact details, qualifications, employment history, ethnicity and disability details. You are the source of this data or the contacts that you provide us with in order to obtain references. This data may be processed as part of the job application process. As part of the recruitment process, if you are successful, you may be asked to provide proof of your identity, proof of qualifications, complete a criminal records declaration, provide references, and confirm your fitness to work. The legal basis for this processing is consent or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. 

12.3 - We may process your personal data relating to your employment, in addition to job application data (“Employment Data”).  The employment data may include name, contact details, bank details, date of birth, National Insurance Number, salary, pension details, tax details, annual leave details, sick leave details, emergency contact details, confirmation of your fitness to work, or for health and safety reasons. The source of this data is you, or the contacts that you provide us with in order to obtain this information. This data may be processed for the administration of your employment including payroll, pension, sick leave and HR. The legal basis for this processing is consent or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. 

12.4 - We may process data relating to your work at Lightmap Ltd (“Historical Business Data”). This data may include a history of communication, support, or sales with customers or other staff. You are the source of this data, together with the other party in the communication. This data may be processed to support our business activities. The legal basis for this processing is our legitimate interests, namely to enhance, modify, personalize or otherwise improve our services / communications for the benefit of our customers. 

12.5 - If you are an intern then we will communicate about your employment performance with the educational establishment that you attend in order to support your internship. 

12.6 - We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out of court procedure. 

12.7 - See section 5 for our general retention policy. In addition, for Job Applicants, current and former Employees, we will retain your personal data as follows: 

(a) Candidate (unsuccessful) will be retained for 6 months after the end of recruitment campaign. 

(b) Employee will be retained for 6 years after the end of employment. 

(c) Historical Business Data will be retained for 10 years after the expiry of last license purchased. 

 

RESELLERS 

13.1 - We work with a number of trusted partners, including a network of authorized resellers from whom a customer can choose to buy our products.   

13.2 - If you are a reseller we collect and process personal data as part of our relationship with you. The following is applicable to our resellers, in addition to the remainder of this policy. 

13.3 - We may process data relating to our relationship with you if you are a Reseller (“Reseller Data”). This reseller data may include name, company name, address, email address, telephone number, other contact details, bank details, payment details, purchase history, communication history. You are the source of this data but we may also collect data, such as your website, or address, from public sources such as your LinkedIn profile. This data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you, or supporting the goods and/or services that you have purchased from us, or the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. The legal basis for this processing is our legitimate interests, namely the performance of a contract between you, and us and/or taking steps, at your request, to enter into such a contract; and the performance of the contract with the customer where you are acting as our reseller.  

13.4 - If you are a reseller and provide us with personal data about a customer in order to enter into a contract, or and/or taking steps, at your request, to enter into a contract, to supply our services and products then you must agree that you have obtained their consent to provide us with this information and that we may process and retain this information as detailed in this Privacy Policy for a customer who has not used a reseller. 

13.5 - See section 5 for our general retention policy. In addition, for Resellers, we will retain your personal data as follows: 

(a) Resellers will be retained for 10 years after the end of our agreement. 

(b) Resellers (sales history) will be retained for 10 years after the end of last license purchased. 

 

CONSULTANTS 

14.1 - As part of our regular business activities we use consultants in order to develop and support our products and services. 

14.2 - If you are a consultant we collect and process personal data as part of our relationship with you. The following is applicable to our consultants, in addition to the remainder of this policy. 

14.3 - We may process data relating to our relationship with you if you are a Consultant (“Consultant Data”). This consultant data may include name, company name, address, email address, telephone number, other contact details, bank details, payment details. You are the source of this data but we may also collect data, such as your website, or address, from public sources such as your LinkedIn profile. We may need to undergo a selection process for a consultant and so the consultant data may include qualifications and employment history. You are the source of this data or the contacts that you provide us with in order to obtain references. This data may be processed as part of the consultant application process. The consultant data may be processed for the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. The legal basis for this processing is our legitimate interests, namely the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. 

14.4 - See section 5 for our general retention policy. In addition, for consultants, we will retain your personal data as follows: 

(a) Consultants will be retained for 10 years after the end of our agreement. 

 

DEVELOPERS 

15.1 - As part of our regular business activities we use developers in order to develop and support our products and services. 

15.2 - If you are a developer we collect and process personal data as part of our relationship with you. The following is applicable to our developers, in addition to the remainder of this policy. 

15.3 - We may process data relating to our relationship with you when you assist us in product development (“Developer Data”). This developer data may include name, company name, address, email address, telephone number, other contact details. We may process data as for a normal customer, as identified in the rest of this policy. This includes categories of data, such as “license data”, when you assist us in the development of our products and services. 

15.4 - See section 5 for our general retention policy. In addition, for developers, we will retain your personal data as follows: 

(a) Developers will be retained for 10 years after the end of our agreement. 

 

SUPPLIERS 

16.1 - As part of our regular business activities we use suppliers in order to develop and support our products and services. 

16.2 - If you are a supplier we collect and process personal data as part of our relationship with you. The following is applicable to our suppliers, in addition to the remainder of this policy. 

16.3 - We may process data relating to our relationship with you if you are a Supplier (“Supplier Data”). This supplier data may include name, company name, address, email address, telephone number, other contact details, bank details, payment details. You are the source of this data but we may also collect data, such as your website, or address, from public sources such as your LinkedIn profile. We may need to undergo a selection process for a supplier and so the supplier data may include qualifications and employment history. You are the source of this data or the contacts that you provide us with in order to obtain references. This data may be processed as part of the supplier application process. The supplier data may be processed for the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. The legal basis for this processing is our legitimate interests, namely the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract. 

16.4 - See section 5 for our general retention policy. In addition, for Suppliers, we will retain your personal data as follows: 

(a) Suppliers will be retained for 10 years after the end of our agreement. 

 

ABOUT COOKIES 

17.1 - A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. 

17.2 - Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed. 

17.3 - Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. 

17.4 Our cookies policy at https://www.lightmap.co.uk/cookies/ explains in more detail what cookies are, how we (Lightmap Ltd) use them on our website and how you can opt out and find further information. 

 

OUR DETAILS

18.1 - This privacy policy covers Lightmap Ltd and applies to any website, services and products which references this Privacy Policy. 

18.2 - We are registered in England and Wales under registration number 6879016 , and our registered office is at: Lightmap Limited, International House, Brunel Drive, Newark, Nottinghamshire, NG24 2EG, United Kingdom. 

18.3 - You can contact us: 

(a) using our website contact form  

(b) by email, using support@lightmap.co.uk ; 

(c) by post, to the postal address: Lightmap Limited, The Coach House, Hexgreave Hall, Upper Hexgreave, Newark, Nottinghamshire, NG22 8LS, United Kingdom 

  

DATA PROTECTION REGISTRATION

19.1 - We are registered as a data controller with the UK Information Commissioner's Office. 

19.2 - Our data protection registration number is ZA093106. 

 

DATA PROTECTION CONTACT

20.1 - If you have any other queries relating to your privacy and the use of your personal data, please contact: support@lightmap.co.uk or by post: Lightmap Limited, The Coach House, Hexgreave Hall, Upper Hexgreave, Newark, Nottinghamshire, NG22 8LS, United Kingdom