Our GDPR Statement
This privacy notice explains in clear language, how Buy LEDs Online uses the personal information we collect from Data Subjects, either through using our website, our subsidiary companies, or in any other way, electronically, verbally or in writing.
Buy LEDs Online , is a data controller and James Wright is Buy LEDs Online ’s nominated Data Controller. James can be contacted by email at firstname.lastname@example.org or telephone number +44 (0)1293 652472.
Basis for collecting your data (Lawful processing)
On what basis do we collect and process your data? (known as lawful processing)
Data Privacy law defines the basis by which we can lawfully collect and process personal data. For our data processing purposes, we have determined the following:
To enter into or in pursuance of a Contract:
We will collect personal data when engaging with individuals to enter into a contract, such as an employment contract or commercial agreement. We will continue to process that data for the duration and often subsequently after the contract expires or is terminated.
We will collect and process personal data where it is in the legitimate interest of Buy LEDs Online to do so. Specifically, we use legitimate interest in relation to our clients and in order to identify prospective clients and if engaged, we continue to process personal data to manage our commercial relationship. This will include but not limited to the continued processing (retention) of records of our transactions and interactions. A legitimate Interest Assessment has been conducted to ensure that the legitimate interests of the organisation does not outweigh that of the data subject. The data collected will not be used for any unlawful or unethical purpose.
Buy LEDs Online undertakes marketing activities in order to inform current and potential customers of the latest products and services we offer as well as upgrades and servicing options of the products they might already have purchased from us. The purpose of this marketing is to grow our business.
Business to Business – We conduct business to business (B2B) direct marketing in accordance with the Privacy and Electronic Communications Regulations (PECR) 2003. In order for us to comply with the PECR and the General Data Protection Regulations we have conducted a Legitimate Interest Assessment (LIA) to ensure our marketing activities do not put at risk, the rights and freedoms of data subjects. This LIA will be reviewed regularly as we undertake marketing campaigns.
As we conduct B2B marketing, we do not require consent, however, as a data subject receiving these communications via email, you have the right to object to receiving marketing material and will have the option to opt out on every marketing email you receive.
Business to Customer – We also conduct business to customer (B2C) direct marketing in accordance with the Privacy and Electronic Communications Regulations (PECR) 2003. In order for us to comply with the PECR and the General Data Protection Regulations we collect the consent of data subjects (sole traders, individual subscribers and other partnerships). In providing us with consent to receive direct electronic marketing, you will have the ability to object and opt out of further marketing at any time.
Recipients of data and data transfers
We do not sell any of your personal data to any third party – including your name, address, email address or credit card information.
Buy LEDs Online share personal data with service providers such as accountants, payroll providers and insurance brokers.
In addition, we may disclose your personal data to any member of our group of companies (this means our subsidiaries including our retail outlets) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
Also, we may share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.
Financial transactions relating to our website, online 3rd party outlets and stores are handled by our card payment service providers PayPal, Sage Pay and World Pay. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
We may disclose your personal data with law enforcement and fraud prevention agencies, so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Data is transferred within the EEA and the USA. The USA’s ‘Privacy Shield’ data protection framework has been approved by the EU data protection working party to process EU citizen personal data. We use the services of an accredited cloud hosted data backup service who are based in the USA. This organisation is accredited by the US Privacy Shield Framework.
Buy LEDs Online does process sensitive data as defined by Article 9 of the GDPR. This is restricted to employee health data and is used for the purposes of entering into a contract. We use this data to ensure we can comply with any relevant workplace legislation and to discharge our duty of care.
Categories and type of Personal Data collected
Buy LEDs Online processes non-sensitive data.
We process the following data of our customers:
- Phone number
- Email address
- Fax No.
- Credit reference
- Credit card details
We process the following data of sub-contractors:
- Phone number
- Email address
- Bank Account
- UTR/ NI numbers
We process the following data of our suppliers:
- Phone number
- Email address
- Bank Account
We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication. In addition to the lawful purpose described previously for the above categories, we have a legitimate interest purpose to collect and retain this data to enable and improve our communication and for record keeping purposes.
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted in accordance with legal obligations, such as HMRC rules. Outside of that Buy LEDs Online has developed a retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.
Data Storage and Security
We store data within our own physical network. Our data is backed up to an accredited cloud hosted service, based in the US.
Security of data is provided by the accreditations of our cloud host this includes data backup regimes. Our servers and computer terminals have industry standard firewalls, antivirus and anti-malware installed and updated. We have a process in place to mitigate the impact of any data breach that should occur.
Your Rights as a data subject
The regulations provide a number of rights to you as the Data Subject. Buy LEDs Online is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
- Right of Access – you have the right to know what personal information is held, by whom and why
- The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified
- Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations
- Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified
- Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way
- Right to Object – You have the right to object to profiling and direct marketing
- You also have rights in relation to automated decision making
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
Automated decision making
A subsidiary of Buy LEDs Online does utilise the services of lenders who make automated decisions in relation to applications, by its trade customers, for credit terms. This automated decision making is used to determine credit worthiness of trade customers and is necessary for the entering into or pursuance of a contract.
Third party websites
How to contact us
You can write to us at this address:
Buy LEDs Online
You can telephone us on this number:
+44 (0)1293 652495
You can email us by using this link: