Privacy Policy

BACKGROUND:

Aurora Limited understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law. Please read this Privacy Policy carefully and ensure that you understand it. The following policy details what information Aurora Limited and its related entities (‘Aurora’) collect about you when you visit our website, www.auroralighting.com, when you use our products and services (our ‘Products’ and ‘Services), or when you otherwise do business or make contact with us. It will explain what we do with the information, how we share with it and how we handle it. It also explains the choices that are available to you regarding our use of your personal information and how you can access and update that information.

1 - Information About Us

We are Aurora Limited, a limited company registered in England under company number 03789712, whose registered address is 6 Little Burrow, Welwyn Garden City, England, AL7 4SW, acting on behalf of itself, its subsidiaries, its holding companies, its fellow subsidiaries and associated companies and where those subsidiaries are holding companies their subsidiaries and so on, and for the benefit of all their respective present and future subsidiaries, each individually and collectively hereinafter referred to as (“Aurora”).

We are regulated by the Information Commissioner’s Office (ICO) of the United Kingdom.

2 - What Does This Notice Cover?

This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

3 - What is Personal Data?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that we use is set out in Part 5, below.

4 - What Are My Rights?

Under the GDPR, you have multiple rights that relate to your Personal Data and its usage. You have the right to request:

  • Access to the data we hold about you, without charge in most cases;
  • Amendments to your Personal Data where information is inaccurate or incomplete;
  • That your Personal Data be deleted or disposed of;
  • That we stop any consent-based processing of your personal data after you withdraw consent, such as stopping using your personal data for marketing reasons;
  • That we do not use your personal data for a particular purpose, or object to use of your information when we have no legitimate interest, or once the purpose for which it has been collected has come to an end;
  • A review of any decision that has been made solely on automated decision-making and profiling of your data

Further information about your rights can be obtained from the Information Commissioner’s Office in the UK, or the EU GDPR Information Portal.

If you wish to exercise any of your rights, please download the form here, fill it in and send it to privacy@auroralighting.com. To protect the confidentiality of your information, we may request that you provide proof of your identity before proceeding with any request you make under this Privacy Notice. If a third party submits a request on your behalf, we will need proof from them that they have your permission to do so.

If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can do this by contacting them on 0303 123 111. Or go to their website http://www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites.).

5 - What Personal Data Do You Collect?

We may collect some or all of the following personal data (this may vary according to your relationship with us):

  • name;
  • address and postcode;
  • business/company name;
  • details of your interactions with us, such as with customer support, or previous purchases
  • job title;
  • profession;
  • contact information such as email addresses and telephone numbers;
  • country;
  • details of your visits to our websites, or apps and which site you came from to ours;
  • system properties;
  • Payment information.

We collect this information when you make an enquiry about our products and services, sign up to our newsletter, fill out forms, register to use our Services, download our Apps, give a third-party permission to share information they hold about us, contact us in any way, create an account with us or engage with us on social media.

Additionally, we may collect additional non-personal information by automatic means when you visit our site. Examples are these are IP address, browser type and operating system, referring URLs, your use of our website and referral information. We collect this information automatically through the use of various technologies, such as cookies.

In the case of Cookies, please review to our Cookie Policy that explains why we use them and what they collect. You may refuse to accept cookies by changing your browser settings or declining our request to use Cookies when you first arrive on our website.

If you use one of our Applications, such as our AOne™ system, we collect information relating to your mobile operating system, system characteristics, and your use of our Applications. For these we have additional Terms of Use and Privacy Policies that further detail the use of your Personal Data within these systems which must be reviewed before you begin using the Services.

6- How and Why Do You Use My Personal Data?

Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or so we can give you the best possible customer experience.

Your personal data may be used for one of the following purposes:

  • Supplying Our products and services to you. Without your personal data, we won’t be able to enter a contract with you and supply our goods;
  • Personalising and tailoring Our products and services for you so we can ensure that we are providing products that reflect our Customers’ needs and improve our services;
  • To provide ongoing customer support to you, such as managing rollout programs, managing product installation and recording warranties on the products we sell. It also enables us to respond to your questions and complaints;
  • To provide you with communication and marketing materials that you have expressed an interest in receiving about Us, such as about new services, new products & our activities. We will keep you informed by email and you can withdraw your consent at any time by contacting us.
  • Analysing your use of Our Site and gathering feedback to enable Us to continually improve Our Site and your user experience with the products and services we provide;
  • To maintaining the integrity of our sites as well as resolve any problems that may occur during and after your use of our sites;
  • For recruitment purposes, when you apply to a job that we have available;
  • To create and administer records about any account you create with us to use our Services;
  • To process payments and prevent fraudulent transactions to help protect our customers from fraud;
  • To send you communications required by law or which are necessary to update you to changes to the Products and Services we provide. For example, updates to our Terms of Service, Terms of Use or Privacy Policy;
  • To comply with our contractual or legal obligations to share data with law enforcement.

If you at any time wish to change how we use your data; you’ll find details in the “How can I access my personal data?” section below. If you choose not to share your personal data with us, or refuse certain contact permissions, we may not be able to provide some of the services you’ve asked for.

7 - How do you Protect My Personal Data?

We implement various security measures and take all appropriate steps in order to protect the Personal Data you share with us. These measures include but are not limited to:

  • File encryption on all database servers with restricted file access
  • Two factor authentication (TFA) on all critical services
  • Data encryption between services within our Systems and provided by third parties

We repeatedly review our security measures and add additional measures wherever possible to continue to increase our security.

8 - How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. At the end of that retention period, your data will either be completely deleted or anonymised, such as by aggregating data together so it can be utilised in a non-identifiable way for statistical analysis and business planning.

For example, we may retain your personal information for the length of your warranty period, so we can comply with our legal and contractual obligations to you.

9 - How and Where Do You Store or Transfer My Personal Data?

Sometimes we need to share your personal data with third parties and suppliers outside the European Economic Area (EEA) (the ‘EEA’ consists of all EU members states, plus Norway, Iceland and Liechtenstein), such as the USA.

Where information is transferred, we have procedures in place to ensure that your Personal data is treated as safely and securely as it would be within the EU and under GDPR. For example, our contracts with those third parties stipulate the standards they must follow at all times.

10 - Do You Share My Personal Data?

We may sometimes share your personal data with other companies in our group in order to provide you with the Products and Services that our Group of Companies offer. This includes subsidiaries, our holding company and its subsidiaries.

In other cases, we may sometimes have to share your personal data with third parties who facilitate us in providing our products and services to you. We restrict the information shared to only the Personal Information required for them to fulfil their services to us. These companies can include:

  • IT companies who support our website, our applications and other business systems
  • Operational companies, such as building contractors and delivery couriers
  • Web analytics companies such as Google and Mixpanel who help us to improve our website and applications
  • Direct marketing companies, for example Campaign Monitor, that enable us to manage our electronic communications with you.

If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law. For example, at the end of the service period, we will demand that all information is deleted and we are provided proof of its deletion.

As explained before in Part 9, where any personal information is transferred outside the EEA, we will take additional steps to ensure that your personal data is treated just as safely and securely as it would be within the EU.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

11 - How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email address shown in Part 12. To make this as easy as possible for you, a Subject Access Request Form is available for you to use, which you can find on our website www.auroralighting.com

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request.

12 - How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please contact us at privacy@auroralighting.com

13 - If you live outside the UK

By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. This doesn’t stop you from exercising your rights. Where possible we will try to retain your personal data within your country of residence, however, in the ordinary course of business, we may transfer your personal data to ourselves and third parties located in the UK.

This may occur because our IT storage facilities and servers are located outside of your country of residence, and could include storage of personal data on servers in the UK.

Any of our customers can still contact us at privacy@auroralighting.com

If you live outside the UK, but live within the EEA, and you have a complaint about us, you have the right to lodge a complaint with the relevant authority within your country of residence.

14 - Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

Any changes will be made available on our website.

This notice was last updated on 01/05/2018.