We collect the following personal information when you provide it to us:

Purpose/Activity: To respond to your enquiry which you have raised by filling in the form on our website or emailing: gdpr@lumi-plugin.com

Type of data:

• Identify information
• Contact details

Lawful basis for processing including basis of legitimate interest: Responding to your enquiry

Purpose/Activity: To note you as a point of contact for a customer

Type of data:

• Identify information
• Contact details

Lawful basis for processing including basis of legitimate interest: Performance of a contract with the corporate customer

Purpose/Activity: To process and deliver an order (in case of corporate

customer if you are a contact for such order) including:

(a) manage payments, fees and charges

(b) collect and recover money owed to us

Type of data:

• Identify information
• Contact details
• Financial information
• Transaction

Lawful basis for processing including basis of legitimate interest:

• Performance of a contract with the corporate customer
• Necessary for our legitimate interests (to recover debts due to us)

Purpose/Activity: To manage our relationship with our customer (in case of corporate customer if you are a contact for such order) which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(c) Generating refunds for returned orders

Type of data:

• Identify information
• Contact details
• Financial information
• Marketing and Communications

Lawful basis for processing including basis of legitimate interest:

• Performance of a contract with the corporate customer for whom you are the point of contact
• Necessary to comply with a legal obligation
• Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

Purpose/Activity: To enable you to partake in a prize draw, competition or complete a survey

Type of data:

• Identify information
• Contact details
• Details of your usage of our website, goods and services
• Marketing and Communications

Lawful basis for processing including basis of legitimate interest:

• Performance of a contract with you and/or the corporate customer for whom you are the contact
• Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)

Purpose/Activity: To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

Type of data:

• Identify information
• Contact details
• Technical IT data

Lawful basis for processing including basis of legitimate interest:

• Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
• Necessary to comply with a legal obligation

Purpose/Activity: To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve you

Type of data:

• Identify information
• Contact details
• Profile information concerning your account and purchasing history
• Details of your usage of our website, goods and services
• Marketing and Communications
• Technical IT data

Lawful basis for processing including basis of legitimate interest: Necessary for our legitimate interests (to study how customers use our products/services,

to develop them, to grow our business and to inform our marketing strategy)

Purpose/Activity: To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

Type of data:

• Technical IT data
• Identity data and contact details
• Profile information
• Details of your usage of our website, goods and services

Lawful basis for processing including basis of legitimate interest: Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

If we have your consent, we may use your personal data to make suggestions and recommendations to you about goods or services that may be of interest to you.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

We also obtain personal information from other sources as follows:

• Automated technologies or interactions. As you interact with our website, we may automatically collect certain technical data (for example, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and version, operating system and platform and other technology on the devices you use to access this website) about your equipment, browsing actions and patterns.
• Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

(a) technical IT data from analytics providers such as Google, AddThis.

(b) identity and contact data from data brokers or aggregators or lead generators;

(c) identity and contact data from publicly available sources such as Companies House.

We may share your name and delivery address details with our logistics providers. This data sharing enables them to despatch the goods you ordered directly to you.

We may share your contact data with our distributors. This data sharing enables them to contact you directly to deal with your request.

If you receive marketing information from us, including our newsletter, we will share your name and contact details with mail chimp in order to dispatch our newsletters.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We will share personal information with law enforcement or other authorities if required by applicable law.

We will not share your personal information with any other third party.

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Unless we have your consent to use your data for any other purpose, after conclusion of the contract under which we have received your contact details, we will hold your name and contact details for the period we are required to retain this information by applicable UK tax law (currently 7 years).

We will hold your financial payment information collected for the purposes of processing a refund for a period of no more than 30 days following processing your refund.

If we hold your contact details for the purposes of sending newsletter or marketing information to you, we will hold name, address and contact details for as long as you receive such information from us.

To deliver services to you, it is sometimes necessary for us to share your personal information outside the European Economic Area (EEA), e.g.:

• with our service providers located outside the EEA; and
• if you are based outside the EEA.

These transfers are subject to special rules under European and UK data protection law and whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. We will, however, ensure the transfer complies with data protection law and all personal information will be secure.

Under the Data Legislation you have a number of important rights free of charge. In summary, those include rights to:

• Fair processing of information and transparency over how we use your use personal information
• Access to your personal information and to certain other supplementary information that this privacy policy is already designed to address
• Require us to correct any mistakes in your information which we hold
• Require the erasure of personal information concerning you in certain situations
• Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• Object at any time to processing of personal information concerning you for direct marketing
• Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• Object in certain other situations to our continued processing of your personal information
• Otherwise restrict our processing of your personal information in certain circumstances

For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO) on the ICO’s website concerning individuals’ rights under the Data Legislation.

If you would like to exercise any of those rights, please:

• email, call or write to us (our contact details are at the bottom of this policy);
• let us have enough information to identify you (e.g. corporate customer name, account number, your full name);
• let us have proof of your identity and address (a copy of your driving licence or passport); and
• let us know the information to which your request relates, including any account or reference numbers, if you have them.

If you would like to unsubscribe from any marketing emails you receive from us, you can also click on the ‘unsubscribe’ button at the bottom of the email.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

We hope that we can resolve any query or concern you raise about our use of your information.

The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

This privacy notice was published on 20^th January 2020 and updated on 12^th November 2020.

We may change this privacy notice from time to time, when we do we will inform you via email.

Please contact us if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us, please send an email to GDPR@lumi-plugin.com, write to The Green Barn, The Long Yard, Shefford Woodlands, Nr Newbury, RG17 7EH or call +44 (0) 03303 801 329.