Last updated 18/05/2018
We want anyone who interacts with Light Mind to have a clear understanding of how we handle and manage your personal data. Your business, data and privacy are hugely important to us, so we’ve done our best to help you understand our views and practices on collecting, processing and storing your information.
Still got questions?
Although we’ve tried to keep it simple, if you’ve read the policy and have any more questions – please contact firstname.lastname@example.org.
1. About Light Mind
Light Mind is a limited company operating in England and Wales under company number 10424392. Our trading name is Light Mind Ltd, our registered address is Suite 19, Maple Court, Grove Park, Maidenhead, SL6 3LW and www.lightmind.me is a website operated by Light Mind Ltd.
For the purposes of this policy, Light Mind refers to both data and information obtained in the running of both the Tuneless Choir Franchise and Light Mind Ltd.
Protecting and respecting your privacy is very important to us. We are responsible for understanding relevant data privacy law and protecting your personal information as a “data controller”. The contact person for data protection is Tabitha Beaven, Light Mind Director (ICO registration reference: ZA181790). Tabitha can be contacted on email@example.com.
2. What information we collect and where it comes from
The personal information we request and collect is considered valid by data protection law. It might include your name, email address, postal address and telephone number.
There are a number of ways we come into contact with your personal data. For example, when you use our website, complete a registration form or newsletter subscription, attend an event, sign a disclaimer, or take part in our competitions or promotions.
Here’s a bit more detail on the ways in which we collect personal data:
- If you provide services to Light Mind, we collect information in line with your contract for services
- If you register for, or attend an event, we keep track of this information
- If you purchase goods or services from us, we collect information about your purchase history
- If you request information from us, we keep a record
- If you complete a survey or provide feedback, we keep data to analyse results
- If you complete a contact form or contact us by email, phone, letter or social media, we keep a record
- We may collect information available in the public domain, for example, newspaper or online media items, publicly available posts on LinkedIn or social media or Companies House listings
- We may collect technical information relating to website usage, including your browser type or the Internet Protocol (IP) address used to connect your computer to the Internet
- We may gather general information about the use of our website, such as which pages users visit most often and which services generate most interest. We may also track which pages users visit when they click on links in emails to make improvements to our website. Where possible we use aggregated or anonymous data which does not identify individual visitors to our website.
3. Why we collect personal data from you
Data protection law says we are allowed to use personal information only if we have a proper reason to do so. The law says we must have one or more of these reasons:
- To fulfil a contract we have with you, or
- When it is our legal duty, or
- When it is in our legitimate interest, or
- When you consent to it.
By law, in the commercial running of Light Mind Ltd we have a legitimate interest to process data (except where your rights as a data subject override our legitimate interest). We are committed to delivering great service to our clients and customers and the information we keep enables us to:
- To keep in contact, keep records up to date and share relevant updates on products, services and events
- Review feedback so we can continuously improve our products and services
- Define new types of customers / clients and develop new products and services
- Efficiently fulfil our legal and contractual obligations
- Comply with rules and regulations from regulators
- Analyse and review business success metrics to make decisions about marketing, advertising and communication content and future business direction
In addition, if we allowed to do so by law, or we have your consent, we may contact you with products and services we think might be of interest to you for e-marketing purposes.
If your personal data is used to make decisions about marking content, its called marketing profiling. You can contact us at any time to ask us to stop using your personal information this way.
It will be clear and easy to update your choices at any time via links in e-marketing communications and we may ask you to confirm or update your choices in future if there are any changes in the law, regulation, or the structure of our business.
4. How we use your information
We use your personal information:
- To provide you with services, products or information you have requested
- To provide you with information about future events, products and services we think may be of interest to you, including third-party events, products and services
- For administration purposes including to action registration and create an account
- To notify you about changes to our services
- As part of our efforts to keep our site safe and secure; and to ensure that content from our site is presented in the most effective manner for you and for your computer
5. How your information is shared
In order to run our business effectively and deliver excellent customer service, we may share your personal information with:
- Third-party system operators for the purpose of sending communications and marketing messages
- Our contractors, suppliers and franchisor who provide services on our behalf – to the extent necessary to enable you to receive those services
- Companies we use to help grow and improve our business including, this might be a Legal firm, IT supplier or Consultancy
- Banking and financial services companies who we work with to run our business.
We may also need to disclose your information if required to do so by law or as expressly permitted under applicable data protection legislation
Some of the systems we use host data outside the EEA and will be protected by transfer only to countries that have been identified as providing adequate protection for EEA data or via a Privacy Shield.
Light Mind provides training and support for staff and independent contractors who handle personal data, so they can act confidently and consistently.
6. How long we keep your information
We keep your information for no longer than necessary. We retain data for any period required by law, for example to comply with HMRC requirements. Where we are not under a legal obligation to retain your information, we will determine what is necessary by reference to the lawful basis for processing set out above and our legitimate interests.
If you have any questions about how long we keep your information, please write to us at firstname.lastname@example.org.
7. How we protect your information
We take appropriate technical and organisational measures to make sure any information disclosed to us is secure, accurate, up to date and kept only for so long as is necessary for the purposes for which it is used.
Please be aware that the use of the Internet is not entirely secure and although we do our best to protect your personal data we cannot guarantee the security or integrity of any personal information, which is transferred from you or to you via the Internet. Transmission is at your own risk.
Once we have your information, we use internal processes and security features such as encryption to avoid unauthorised access. We are committed to keeping your personal data secure by using encrypted files and devices.
7.1 Removable storage devices
Using removable storage e.g. memory cards, USB, DVDs/CDs, removable or external disc drives, mobile devices and laptops is part of every day business activities. To ensure security – data containing personal information will always be encrypted or password protected when loaded onto the removable storage device.
Removable storage devices will be physically protected against loss, damage, abuse or misuse when in use, storage or transit. When the business purpose has been satisfied, the contents of the removable storage device will be removed in a way that makes data recovery impossible.
7.2 Paper copies
Paper copies containing personal data will be stored securely and only for as long as deemed necessary. On disposal they will be shredded.
8. Your rights
We are committed to making sure that anyone who does business with Light Mind is aware:
- For what purpose their data is being processed
- What types of disclosure are likely
- How to exercise their rights in relation to the data.
Under the General Data Protection Regulation (EU) 2016/279 you have a number of rights relating to your data which can be exercised at any point:
- Right of access – you can ask us to provide details of the data we hold on you
- Right to rectification – you can ask us to correct information or remove information if it’s no longer accurate. In the case of amending data, we will inform relevant third parties whom we have shared your data with so they can update their records
- Right to object – you can ask us not to use your data in a particular way. On exercising this right, we would still need to process your information to the extent permitted by law including, but not limited to, exercising or defending legal claims, protecting the rights of another person or for public interest reasons.
- Right to be forgotten – you can ask us to erase your data. If you make this request, we will follow strict internal process to make sure your data is deleted or anonymised and that you are not contacted by Light Mind in future. This right is not absolute, as we may need to continue processing this information, for example, to comply with our legal obligations or for reasons of public interest.
- Right to portability – you can ask us to transfer the data we have on you to another organisation
If our lawful basis for processing data is your consent, you have the right to withdraw this at any time. You have the right to object to data processing in accordance with our legitimate interests, in which case we may only continue to use your personal data where we can demonstrate compelling legitimate grounds, which override your interests, rights and freedoms.
To act on your rights, please contact email@example.com. We’ll action your request as soon as reasonably possible, with no charge. At any point, if you’re not happy with how we collect and process your data, you have the right to raise this with the Information Commissioners Office (ICO), the UK supervisory authority for data protection issues.
9. Updates to this policy
Phew! We got there. Any changes to this policy will be posted at www.lightmind.me/privacy and where appropriate notified to you by email.