Thank you for visiting our website and your interest in David Rose Lighting. In the following, we would like to inform you about the handling of your data in accordance with the UK`s Data Protection Act (DPA) and the General Data Protection Regulation (GDPR).

 

Responsible party

The following body is responsible for the data processing described below:

 

David Rose Lighting Ltd

59 High street

Hampton Hill

Middlesex

TW12 1NH

 

Principles of data processing

We process users' personal data only in compliance with the relevant data protection regulations. User data is only processed if the following legal permissions exist:

 

• in order to provide our contractual services and online services

• processing is required by law

• with your consent

• on the basis of our legitimate interests (i.e., interest in the analysis, optimisation and economic operation and security of our online offer within the meaning of Art. 6 para. 1 lit. f) GDPR, in particular in measuring reach, creating profiles for advertising and marketing purposes, and collecting access data and using third-party services).

 

The above legal bases are set out as follows:

 

• Consent Art. 6 para. 1 lit. a. and Art. 7 GDPR

• Processing for the fulfilment of our services and implementation of contractual measures Art. 6 para. 1 lit. b) GDPR

• Processing for the fulfilment of our legal obligations Art. 6 para. 1 lit. c) GDPR

• Processing to protect our legitimate interests Art. 6 para. 1 lit. f) GDPR

 

Storage of your IP address

We store your IP address transmitted by your web browser strictly for the purpose of recognising, limiting and eliminating attacks on our website for a maximum of seven days. After this period, we delete or anonymise your IP address. The legal basis is Art. 6 para. 1 lit. f GDPR.

 

Usage data

When you visit our websites, so-called usage data is temporarily evaluated on our web server for statistical purposes as a log in order to improve the quality of our websites. This data record consists of

• the name and address of the requested content,

• the date and time of the request,

• the amount of data transferred,

• the access status (content transferred, content not found),

• the description of the web browser and operating system used,

• the referral link, which indicates the page from which you came to ours,

• your IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.

 

Data security

In order to protect your data from unwanted access as comprehensively as possible, we take technical and organisational measures. We use an encryption procedure on our websites. Your data is transferred from your computer to our server and vice versa via the Internet using TLS encryption. You can usually recognise this by the fact that the lock symbol is closed in the status bar of your browser and the address line begins with https://.

 

Cookies

We use cookies on our websites. Cookies are small text files that are stored on your end device and can be read. A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. Cookies can contain data that make it possible to recognise the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to a specific person. You can set your browser to inform you about the placement of cookies. This makes the use of cookies transparent for you. You can also delete cookies at any time via the corresponding browser setting and prevent the setting of new cookies. Please note that our websites may then not be displayed optimally, and some functions may no longer be technically available.

 

We use essential cookies that are technically required for the operation of the website. The processing is based on Art. 6 para. 1 lit. f GDPR and in the interest of optimising the user experience or making it safer and more effective, adapting the presentation of our website and maintaining the SSL-protected connection. In addition, we also use non-essential cookies in order to be able to bind Google Analytics, for example (see further information below). The processing is based on your declaration of consent according to Art. 6 para. 1 lit. a GDPR or in case of transfer to third countries without an adequate level of data protection according to Art. 49 para. 1 lit. a GDPR.

 

For Further information on the cookies we use, please refer to our Cookie Policy.

 

Wix

We use the services of the homepage provider Wix.com Ltd, Namal 40, 6350671 Tel Aviv, Israel. Hereinafter referred to as "wix.com". The registered office in Europe: Wix.com Luxembourg S.a.r.l., 5 Rue Guillaume Kroll, L - 1882 Luxembourg. Wix.com collects two types of data: personal information (which can be used to uniquely identify an individual) and non-personal information (which is not used for identification purposes). Wix.com collects such information about our users and visitors, as well as users of users and others who provide it to us. Wix.com may also collect, solely for and in the interest of our users, similar data related to visitors and users of our users' web sites or services. Wix.com collects and uses data to provide our services and make them better and safer, as well as to contact our visitors, users and job applicants, and to comply with legal requirements applicable to Wix.com.

 

Wix.com may store and process personal information in the United States, Europe, Israel or other jurisdictions - either itself or through our affiliated companies and service providers. The data storage providers with whom Wix.com works are contractually obligated to protect your data. Wix.com may also collect, process and store such data in other locations, including the United States.

 

Wix may collect and process data about our users. We do so solely on behalf of and at the direction of our users. Our users are solely responsible for their users of user’s data, including for its legality, security and integrity. Wix has no direct relationship with users of users.

 

We may share the data of our visitors, users and their users of users with various third parties, including certain service providers, law enforcement agencies and application developers. In doing so, the data may only be shared in accordance with this policy. 

 

 

Google Analytics

We use the web analysis tool "Google Analytics" to design our website according to your needs. Google Analytics creates usage profiles on the basis of pseudonyms. For this purpose, permanent cookies are stored on your end device and read by us. In this way, we are able to recognise returning visitors and count them as such.

 

Within the scope of Google Analytics, we are supported by Google Ireland Limited and Google LLC. (USA) as processors according to Art. 28 GDPR. Data processing may therefore also take place outside the UK or EEA. With regard to Google LLC, an adequate level of data protection cannot be assumed due to processing in the USA. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to appeal. Please bear this in mind if you decide to give your consent to our use of Google Analytics.

 

Data processing will be based on your consent if you have given your consent via our banner. The transfer to a third country takes place on the basis of Art. 49 (1) lit. a GDPR.

 

Contacting us

You have the option of contacting us via our contact form. For this we need your name and e-mail address. You can provide further details, but you do not have to. We use this data on the basis of Art. 6 para. 1 p. 1 lit. f GDPR to answer your enquiry. If the data processing is aimed at concluding a contract, we process the data on the basis of Art. 6 (1) lit. b GDPR. Your data will only be processed to answer your enquiry. We delete your data if they are no longer required and there are no legal retention obligations to the contrary. This regularly takes place after 1 year.

 

With regard to processing in accordance with Art. 6 (1) p. 1 lit. f GDPR, you have the right to object at any time. 

 

Online shop

Creation of a customer account, processing of orders, use of customer data

If you wish to use our access-protected area, prior registration is necessary. We only collect the data required for registration. This is regularly your master data (e-mail address). In the context of order processing, we process the order data required for this purpose.

 

Convenience log in and sign up

Third-party Connect features such as Google or Facebook are offered as an option to register with us. When registering via connect functions of third-party providers, you agree to the respective terms and conditions of these third-party providers and also consent to certain data from your respective profile of being transferred to us.

 

Guest orders

If you do not wish to create a permanent customer account, you can also order as a guest. We process the data you provide in a customer account created by us in our merchandise management system. Data processing in the case of an order for goods is carried out in the same way.

 

The processing of your personal data, which you transmit to us in the course of an order process (in particular the e-mail address, invoice and delivery address, information about the goods ordered by you and information about the payment method requested by you) is carried out on the basis of Art. 6 Para. 1 lit. b GDPR for the processing of your orders and on the basis of Art. 6 Para. 1lit. f GDPR for checking, in order to prevent cases of fraud as well as possible later warranty processing.

 

If we collect additional data, this is marked as voluntary and is based on your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

 

Direct marketing

If we receive your e-mail address in connection with the sale of a product or service, we will use the address for direct marketing of our own similar goods or services, unless you have objected to the processing. When collecting the address and for each use, we clearly indicate that you can object to the use at any time without incurring any costs other than the transmission costs according to the basic rates.

 

The data is used on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR and in the interest of promoting the sale of our goods or services. You have an uncomplicated option to object, e.g., via the unsubscribe link in every e-mail.

 

Storage period

Deletion of your customer account is possible at any time and can be done by sending a message to the above address of the person responsible. After complete processing of the contract or deletion of your customer account, your data will be blocked with regard to tax and commercial law retention periods and deleted after expiry of these periods, unless you have expressly consented to a further use of your data or a legally permitted further use of data has been reserved on our part.

 

Newsletter registration and dispatch

You can order a newsletter on our website. Please note that we require certain data (at least your e-mail address) for the newsletter registration. The newsletter will only be sent if you have given us your express consent, Art. 6 para. 1lit. a GDPR. After you have placed an order on our websites, you will receive a confirmation e-mail to the e-mail address you provided (so-called double opt-in). You can revoke your consent at any time. You can easily revoke your consent, for example, by clicking on the unsubscribe link in every newsletter.

 

Within the scope of the newsletter registration, we store further data in addition to the data already mentioned, insofar as this is necessary for us to be able to prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of ordering or confirming the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is based on Art. 6 para. 1 p. 1 lit. f GDPR and is carried out in the interest of being able to account for the legality of the newsletter dispatch.

 

If you order our newsletter, we ask you to agree to further newsletter tracking as part of the ordering process.

 

If you give us the corresponding consent, we will integrate individual tracking pixels into our newsletters, with which we can recognise when the newsletter sent to you was called up or opened and individualise the links present in the newsletter in order to be able to evaluate when you clicked on which link.

 

If you wish to revoke your consent, please use the link provided in each newsletter to unsubscribe or adjust your consent.

 

​

Payment Service Provider

​

PayPal

If you choose the payment method Paypal, you will be redirected to Paypal at the end of the order process. Payment processing takes place at PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. The data processing thus serves the fulfilment of the contract according to Art. 6 Para. 1 lit. b GDPR. For further information on data protection law, please refer to PayPal's Privacy Policy.

 

Wix Payments

If you choose to use the Wix Payments payment method, payment will be processed through the payment system of Wix HQ, 6350671, Nemal Tel Aviv St 40, Tel Aviv-Yafo, Israel ("Wix"). Wix Payments allows payment via all major credit card formats and, depending on the region, additional payment methods. The individual payment methods offered through Wix Payments will be disclosed to you on our website.

 

When payments are made via Wix Payments, your payment data (e.g., payment amount, information on the payment method used, details of the payee) as well as your confirmation that the payment data is correct will be collected and processed by Wix for the purpose of making the payment in accordance with Art. 6 (1) lit. b of the GDPR and transmitted to the credit institution commissioned with the payment. This processing only takes place insofar as it is actually necessary for the execution of the payment. Wix then authenticates the payment via the authentication procedure stored for you at your credit institution.

 

In the context of the aforementioned services, data may also be transmitted to Wix Inc., 500 Terry A. Francois Boulevard, San Francisco, California 94158, USA, by way of further processing on your behalf.

 

Storage period

Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes and no statutory retention obligations prevent deletion.

 

Social Media

The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication. 

 

If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the option of sending us confidential enquiries to our address stated in the imprint.

 

As already stated, where the social media platform provider gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that the provider of the social media platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.

 

Your rights as a data subject

When processing your personal data, the GDPR grants you certain rights as a data subject:

 

Right to information (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data relating to you is being processed; if this is the case, you have a right of access to this personal data and to the information listed in detail in Art. 15 GDPR.

 

Right to rectification (Art. 16 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you are being processed; if this is the case, you have the right to obtain access to these personal data and to the information specified in Article 15 of the GDPR.

 

Right to erasure (Art. 17 GDPR)

You have the right to request that personal data concerning you be erased without undue delay, provided that one of the grounds listed in detail in Art. 17 GDPR applies.

 

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR applies, e.g., if you have objected to the processing, for the duration of the review by the controller.

 

Right to data portability (Art. 20 GDPR)

 

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

 

Right of withdrawal (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

 

Right of objection (Art. 21 GDPR)

If data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (data processing to safeguard legitimate interests) or on the basis of Art. 6 para. 1 sentence 1 lit. e GDPR (data processing to safeguard public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

 

Right of complaint to a supervisory authority (Art. 77 GDPR)

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection provisions. In particular, the right of complaint may be asserted before a supervisory authority of the alleged infringement. The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion or object to its processing, please contact us.

 

For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

 

Keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another user. If you wish to receive information relating to another user, such as a copy of any messages you received from him or her through our service, the other user will have to contact us to provide their written consent before the information is released.

 

Also, we may not be able to accommodate certain requests to object to the processing of personal information, notably where such requests would not allow us to provide our service to you anymore.

 

Automated decision-making and profiling

In the event that we use personal data for the purposes of automated decision-making and those decisions have a legal (or similarly significant effect) on you, you have the right to challenge to such decisions under the GDPR, requesting human intervention, expressing their own point of view, and obtaining an explanation of the decision from us.

 

External links

Our website contains links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.

 

Changes and updates to the privacy policy

We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.

 

Concerns and contact

If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us.

 

Exercising your rights

If you would like to exercise any of our rights as set out above in the “Your rights as a data subject” section above or have a complaint, please contact us. Any such request will be responded to within one month and we might require proof of identity to verify and process your request. For more information about these rights, please contact us.