We are Aurora Limited, a limited company registered in England under company number 03789712, whose registered address is 6 Little Burrow, Welwyn Garden City, England, AL7 4SW, acting on behalf of itself, its subsidiaries, its holding companies, its fellow subsidiaries and associated companies and where those subsidiaries are holding companies their subsidiaries and so on, and for the benefit of all their respective present and future subsidiaries, each individually and collectively hereinafter referred to as (“Aurora”).
We are regulated by the Information Commissioner’s Office (ICO) of the United Kingdom.
This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part 5, below.
Under the GDPR, you have multiple rights that relate to your Personal Data and its usage. You have the right to request:
Further information about your rights can be obtained from the Information Commissioner’s Office in the UK, or the EU GDPR Information Portal.
If you wish to exercise any of your rights, please check our ‘How do I contact you?’ section. To protect the confidentiality of your information, we may request that you provide proof of your identity before proceeding with any request you make under this Privacy Notice. If a third party submits a request on your behalf, we will need proof from them that they have your permission to do so.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can do this by contacting them on 0303 123 111. Or go to their website http://www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites.).
We may collect some or all of the following personal data (this may vary according to your relationship with us):
We collect this information when you make an enquiry about our products and services, sign up to our newsletter, fill out forms, register to use our Services, download our Apps, give a third-party permission to share information they hold about us, contact us in any way, create an account with us or engage with us on social media.
Additionally, we may collect additional non-personal information by automatic means when you visit our site. Examples are these are IP address, browser type and operating system, referring URLs, your use of our website and referral information. We collect this information automatically through the use of various technologies, such as cookies.
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or so we can give you the best possible customer experience.
Your personal data may be used for one of the following purposes:
If you at any time wish to change how we use your data; you’ll find details in the “How can I access my personal data?” section below. If you choose not to share your personal data with us, or refuse certain contact permissions, we may not be able to provide some of the services you’ve asked for.
We implement various security measures and take all appropriate steps in order to protect the Personal Data you share with us. These measures include but are not limited to:
We repeatedly review our security measures and add additional measures wherever possible to continue to increase our security.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. At the end of that retention period, your data will either be completely deleted or anonymised, such as by aggregating data together so it can be utilised in a non-identifiable way for statistical analysis and business planning.
For example, we may retain your personal information for the length of your warranty period, so we can comply with our legal and contractual obligations to you.
Sometimes we need to share your personal data with third parties and suppliers outside the European Economic Area (EEA) (the ‘EEA’ consists of all EU members states, plus Norway, Iceland and Liechtenstein), such as the USA.
Where information is transferred, we have procedures in place to ensure that your Personal data is treated as safely and securely as it would be within the EU and under GDPR. For example, our contracts with those third parties stipulate the standards they must follow at all times.
We may sometimes share your personal data with other companies in our group in order to provide you with the Products and Services that our Group of Companies offer. This includes subsidiaries, our holding company and its subsidiaries.
In other cases, we may sometimes have to share your personal data with third parties who facilitate us in providing our products and services to you. We restrict the information shared to only the Personal Information required for them to fulfil their services to us. These companies can include:
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law. For example, at the end of the service period, we will demand that all information is deleted and we are provided proof of its deletion.
As explained before in Part 9, where any personal information is transferred outside the EEA, we will take additional steps to ensure that your personal data is treated just as safely and securely as it would be within the EU.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email address shown in Part 12. To make this as easy as possible for you, a Subject Access Request Form is available for you to use, which you can find on our website www.auroralighting.com
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request.
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please contact us at firstname.lastname@example.org
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. This doesn’t stop you from exercising your rights. Where possible we will try to retain your personal data within your country of residence, however, in the ordinary course of business, we may transfer your personal data to ourselves and third parties located in the UK.
This may occur because our IT storage facilities and servers are located outside of your country of residence, and could include storage of personal data on servers in the UK.
Any of our customers can still contact us at email@example.com
If you live outside the UK, but live within the EEA, and you have a complaint about us, you have the right to lodge a complaint with the relevant authority within your country of residence.
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available on our website.
This notice was last updated on 01/05/2018.