Privacy Policy

Lighthouse January 2024

At Lighthouse, we care about your privacy. That’s why we only collect personal data if we have a good reason to do so. That’s also why we want to communicate transparently what we do with your personal data.

This Privacy Policy explains the types of information we may collect from you or that you may provide when using our Services. This Privacy Policy also describes Lighthouse’s practices for collecting, using, maintaining and processing information.

For the purposes of the European Economic Area data protection law (the “Data Protection Law“), the data controller of the data processed through the Services is the customer, which makes available and grants access and use of the Services to anyone on its behalf. For data retained through the website or data processed not through the Services (i.e. contact details of potential customers or resumes sent to us from potential employees for engagement with Lighthouse), we are the controller (the “Controller”).

If you are an employee of a Customer that uses the Services, this privacy policy does not apply to you or your use of the Services. Please refer to your employer’s privacy policy, which applies to the collection, use, processing and retention of your personal information. Individual employees of our Customers who seek access to their data, or who seek to correct, amend, or delete inaccurate data should direct their requests to their employers who are using the Services. Our customers can remove and update personal information and data without our involvement.

Who are we?

Lighthouse provides secure, sustainable transport and destruction of counterfeit items and redundant stock from global brands.

The company behind Lighthouse is Lighthouse Security Ltd. Our registered company number is 1109653, and our registered office is Brook House, Moss Grove, Kingswinford, West Midlands DY6 9HS.

Our VAT number is 295352968.

For ease of reference, we will further refer to ourselves using “we”, “us”, “our” or “Lighthouse ”. “You”, “your” or “yours” means the [organisation/individual] using the Services

You can reach us at [email protected].
Which personal data do we collect and why?
If you just visit our website, we will collect personal data. We will only collect personal data in the following instances:

If you ask us a question using a contact form or email;

If you request access to our Services;

If you sign up to use our Services;

If you subscribe to our newsletter;

If you apply for a job with us.

Below you can find what type of personal data we collect, what we use it for and how long we will keep it:

Your first and last name, Your address & Your company details
We cannot be sure to address you correctly if we don’t know who you are; and if you enter into a contract with us we will need to make sure we know who we are dealing with. We will keep this information in our customer database for as long as you do not object to us keeping it. You can always let us know if you no longer want us to keep this information.

Please do note that for as long as we have an ongoing contract we cannot remove this information from our databases as we will need it to execute the contract. And even after our contract has ended, we may be under a legal obligation to hold on to some of this information for a bit longer. For example: under accounting legislation, we must keep copies of our invoices which may mention your name or address.

Phone number and email address
This is so we can easily contact you. In principle, we will never contact you unless it is to answer a question, if we are working on an assignment for you or if you have applied for a job with us.

We may also use your email address to send you our newsletter. We do not want to spam you and we understand if you would rather not receive newsletters. If that is the case, you can always let us know, or you can unsubscribe from our mailing list using the link you can find at the bottom of each newsletter.

As is the case for your name and address, we will keep your email address and phone number in our customer or candidate database for as long as you do not object to us keeping it. If you no longer want us to keep this information, you can also always let us know.

Please do note that for as long as we have an ongoing contract, we are not able to remove this information from our databases as we will need it to execute the contract. And even after our contract has ended, we may be under a legal obligation to hold on to some of this information for a bit longer.

Information provided during job applications
If you apply for a position with us, you will provide us with personal data in your cover letter and your CV (such as your grades, which schools you went to, previous jobs, etc.).

We will save your contact details, cover letter and CV of every job applicant in our candidate database and may contact you in the future regarding job openings that may be of interest to you. Of course, we will delete all this information from our candidate database if you don’t like us holding on to it. Just let us know at [email protected].

Payment Information
Information related to your credit card, debit card, and/or other payment information to process payments in connection with your contract.

Location information – All addresses are provided by customers and stored in a secure location until the customers request for the data to be deleted.

Inferences – We may create inferences drawn from the categories of personal information described above to create a profile about you to reflect your preferences, characteristics, behaviour and attitudes. We use this information to personalise and improve our services to better understand the interests, to preferences of our key customer audiences, and to provide advertisements about goods and services likely to be of interest to you.
How do we collect your data?
From You:

We collect personal information from you directly. We may also collect personal information from you indirectly, including through your use of our Site and/or where we draw inferences about you (both as described above).

Communication & Interactions with Lighthouse

Communication with us

You may also provide us with information when you respond to surveys, and communicate with our Happiness Champions about a support question. When you communicate with us via form, email, phone, or otherwise, we store a copy of our communications (including any call recordings as permitted by applicable law).

Transactional information

When you purchase our Services, we collect information about the transaction, such as service details, purchase price, and the date and location of the service required.

Payment and contact information

There are various ways in which you may provide us with payment information and associated contact information. For example, if you buy something from us, we’ll collect information to process those payments and contact you. You may also provide us with financial details to set up a payment, like your bank account information. We will store the contact information and payment information you provide to deliver our service.

Cookies:

Yes. We use cookies to:

ensure that our Services function properly,

understand how visitors use and engage with our website, and analyse and improve Services.

What are cookies?

Cookies are small files which are placed on your computer when you visit a website. Cookies are saved in your browser’s history and you can always delete them. You can also adjust your browser settings to prevent cookies from being saved on your computer.

Two main types of cookies can be set:

First-party cookies: cookies are placed and read by Lighthouse directly when you use our Services,

Third-party cookies: these cookies are not set by Lighthouse, but by other companies, like Google, for site analytics purposes.

Cookies play an important role in helping us provide effective and safe Services. Below is a list of commonly used cookies and the purposes that apply to them. This list is not exhaustive and describes the main reasons why we typically use cookies:

Necessary cookies
These cookies are essential to the operation of the Services and make it usable by enabling authentication and load balancing.

Analytics cookies
We use [Google Analytics] to generate anonymous statistics on how visitors use the website. We use these cookies to enhance the user experience on our website and to know which parts of the website or platform are most frequently visited or clicked on. This service may also collect information regarding the use of other sites, apps and online resources. You can learn about Google’s practices on their website. We have adjusted the Google Analytics settings to ensure no personal data is collected when you visit the platform.

Advertising cookies

We use Google for advertisements. We and our service providers will use cookies and similar technologies to direct Google ads to you through targeted advertisements for Lighthouse services on other sites you visit and to measure your engagement with those ads. These advertising service providers may collect non-identifiable information about your visits to our site. Such non-identifiable information does not include your name, address, email address or other personal information. The information is collected through the use of cookies and pixel tags.

In addition, you can click here to find further information about cookies and how to manage all cookies by changing your web browser settings.
How do we protect your personal data?

We take measures to ensure that your personal data is kept private!

We work hard to protect your personal data against unauthorised access or disclosure. To do so, we take organisational measures to ensure that access to your data is restricted to those employees or agents who need to have access to it to help us process it. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

– We also take a whole range of technical measures to protect your data. Technical measures include, for example, encrypting all personal information (in transit and at rest), user access management, vulnerability testing & employment of continuous monitoring technologies.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If you want more information about the measures we take email us at contact us at [email protected].
Do we share your data with others?
We will never sell your personal data to another party!

We do use the services of the following external data processors:

Web Hosting (Not Just Code Ltd) https://notjustcode.co.uk/policies/privacy-policy.pdf

Analytics (Google) https://policies.google.com/privacy

Book Keeping (Sage) https://www.sage.com/en-gb/legal/privacy/

Sustainability Software (Futureproof) https://poweredbyfutureproof.com/privacy

We have entered into a data processing agreement with each of these external data processors which obliges them to only process your personal data based on our instructions and in compliance with this Privacy Policy.

These data processors will also have to take sufficient precautions to prevent the loss of your data. Some of these external data processors may be based in the United States and have certified their compliance with the EU-US Privacy Shield Framework, which means they will respect comparable data protection standards as those that apply in Europe.

You should know that in the following exceptional circumstances, your data could also be shared with others:

If we are under a legal obligation to share data with the authorities or if we have to share data to comply with an enforceable government request, we don’t have much of a choice and we will share the data the authorities ask for, which may include yours.

If another company decides to buy the shares of our company or decides to buy Lighthouse from us, we will of course have to transfer your data to that company. That company will then take over all obligations under this Privacy Policy.

We will take all steps necessary to ensure that your data is treated securely and in accordance with this privacy policy and the General Data Protection Regulation (GDPR), and we have the necessary legal contract in place to fulfil these services.
Where do we store your data?
When your Data is transferred outside of the EEA (in the United States) we take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this privacy policy. Please know, that we will only ever store your Data on AWS in the United States after you have agreed to this policy, never before.

In other cases, where strictly necessary to interface with third-party data processors (for example analytics, payments and email delivery), we may transfer only the necessary personal data outside of the EEA, in order to:

Store some information;

Enable us to provide you with the Services and fulfil our contract with you;

Fulfil any legal obligations which require us to make that transfer;

Facilitate the operation of our group businesses, where it is in our legitimate interests and we have concluded these are not overridden by your rights.
Can we change this Privacy Policy?
Your rights
You may request us to send you a summary of the personal data processed about you. If you feel that your personal data has been processed incorrectly or incompletely, or if you feel that such processing was unnecessary, then you also can ask us to edit, supplement or erase your personal data from our databases. Under the applicable privacy legislation, you also have the right to the following:

Right to be forgotten – in certain circumstances, you can ask for the data we hold about you to be erased from our records. Bear in mind, if you ask us to erase your information from our records, we may purchase data in the future that contains your information. We can however mark it as “do not contact” therefore stopping any contact we may make to you.

Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.

Right of portability – you have the right to have the data we hold about you transferred to another organisation.

Right to object – you have the right to object to certain types of processing such as direct marketing.

Right to object to automated processing, including profiling – you have the right to be subject to the legal effects of automated processing or profiling.

Right to judicial review – in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain.

If you feel we have failed to respond correctly to a request for information, you have the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or with the relevant authority in your country of work or residence.

If you have any further privacy concerns or if you want to exercise your rights, you can contact us via email at [email protected].
Policy review