Home / Data Protection Policy

We take your privacy very seriously. This privacy policy contains important information on who we are and how and why we collect, store, use and share your personal information. It also explains your rights regarding your personal information and how to contact us or supervisory authorities if you have a complaint.
We obtain, use and are responsible for certain personal information. When we do so we are subject to the General Data Protection Regulation and relevant UK law, and we are responsible as ‘controller’ of that personal information for those laws’ purposes.

Key terms

We think it’s helpful to start by explaining some key terms in this policy:
We, us, our – Limelight Publicity (a Partnership)
Personal information – Any information relating to an identified or identifiable individual
Special category personal information – Personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, Genetic and biometric data, Data concerning health, sex life or sexual orientation

Personal information we obtain about you

We may obtain and use the following personal information about you:

  • your name and contact information, including email address(es), telephone numbers, Linked In information and the like
  • your gender information if you have given this to us
  • location data
  • your billing information, transaction and payment card information
  • information about how you use our website, IT, communication and other systems

This personal information is required to provide products and services, and for people to be able to contact us. If we do not have the personal information we need, it may delay or prevent us from providing products and/or services.

How we obtain your personal information

We obtain much personal information directly: in person, by telephone, text or email and/or via our website and apps. However, we may also obtain it:

  • from publicly accessible sources like Companies House
  • directly from a third party, such as those we supply
  • from cookies on our website—for more information on our use of cookies, please see our cookie policy
  • via our IT systems, such as:
    • door entry systems and reception logs
    • automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems

How and why we use your personal information

Under data protection law, we can’t use your personal information unless we have a proper reason for doing so, for example:

  • to comply with our legal and regulatory obligations
  • to perform our contracts or to take steps on request before entering into a contract
  • for our legitimate interests or those of a third party
  • where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long your own rights and interests don’t override this. The table below explains what we use (process) personal information for and our reasons for doing so.

What we use personal information for

  1. To provide products and/or services
  2. To prevent and detect fraud
  3. Conducting checks to identify our customers and verify their identity
    Screening for financial and other sanctions or embargoes
    Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, for example under health and safety regulation
  4. Ensuring business policies are adhered to, for example policies covering security and internet use
  5. Operational reasons, such as improving efficiency, training and quality control
  6. Ensuring the confidentiality of commercially sensitive information
  7. Statistical analysis to help us manage our business
  8. Preventing unauthorised access and modifications to systems
  9. Updating customer records
  10. Statutory returns
  11. Ensuring safe working practices, staff administration and assessments
  12. Marketing our services to existing and former customers; third parties who have previously expressed an interest in our services; third parties with whom we have had no previous dealings.
  13. External audits and quality checks, for example for ISO or Investors in People accreditation and the audit of our accounts

Our reasons

  1. To perform contracts or to take steps on request before entering into a contract
  2. For our legitimate interests or those of a third party, for example to minimise fraud
  3. To comply with our legal and regulatory obligations
  4. For our legitimate interests or a third party’s, for example to check we are following our own internal procedures so we can deliver the best service
  5. For our legitimate interests or a third party’s, for example to be as efficient as we can so we can deliver the best service at the best price
  6. For our legitimate interests or a third party’s, for example to protect trade secrets and other commercially valuable information
    To comply with our legal and regulatory obligations
  7. For our legitimate interests or those of a third party, such as being as efficient as we can so we can deliver the best service at the best price
  8. For our legitimate interests or those of a third party, for example to prevent and detect criminal activity
    To comply with our legal and regulatory obligations
  9. For the performance of our contracts or to take steps on request before entering into a contract
    To comply with our legal and regulatory obligations
    For our legitimate interests or those of a third party, for example making sure that we can keep in touch with our customers about existing orders and new products
  10. To comply with our legal and regulatory obligations
  11. To comply with our legal and regulatory obligations
    For our legitimate interests or those of a third party, for example to make sure we are following our own internal procedures and working efficiently so we can deliver the best service
  12. For our legitimate interests or those of a third party, for example to promote our business to existing and former customers
  13. For our legitimate interests or a those of a third party, such as to maintain our accreditations so we can demonstrate we operate at the highest standards
    To comply with our legal and regulatory obligations

Promotional communications

We have a legitimate interest in processing personal information for promotional purposes (see above ‘How and why we use your personal information’). This means we do not usually need consent to send promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat personal information with the utmost respect and never share it with other organisations for marketing purposes.
If you receive any promotional communication from us, you have the right to opt out of receiving promotional communications at any time by:

  • contacting us
  • using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts

We may ask you to confirm or update your marketing preferences if you tell us to provide further products or services, or if there are changes in the law, regulation, or the structure of our business.

Whom we share your personal information with

We routinely share personal information with third parties we use to help deliver our products, such as payment service providers, warehouses and in particular delivery companies
We don’t allow our service providers to handle personal information unless we are satisfied they take appropriate measures to protect it. We also impose contractual obligations on service providers relating to ensure they can only use your personal information to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also potentially need to share some personal information with other parties, such as potential buyers of some of or all our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient will be bound by confidentiality obligations.

Where your personal information is held

Information may be held at our offices, third party agencies, service providers, representatives and agents as described above (see above: ‘Whom we share your personal information with’). Some such third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal information when this occurs, see below: ‘Transferring your personal information out of the UK.

How long your personal information will be kept

We will keep your personal information while we are providing products to the person concerned. Thereafter, we will keep personal information for as long as is necessary:

  • to respond to any questions, complaints or claims
  • to show that we treat people fairly
  • to keep records that law and regulatory or administrative authority require

We will not keep personal information for longer than necessary for the purposes set out in this policy. Different keeping periods apply for different types of personal information. When we no longer need necessary to keep your personal information, we will delete or anonymise it.

Transferring your personal information out of the UK

To deliver services to you, it is sometimes necessary for us to share your personal information outside the UK into the European Economic Area (EEA) and elsewhere, for example

  • with your and our service providers located outside the UK
  • if you are based outside the UK and we are arranging delivery or couriering to you

These transfers are subject to special rules under UK data protection law, and elsewhere, for example in the EEA, where the GDPR applies. This means we can only transfer your personal information to a country or international organisation outside the UK where:

  • the European Commission has historically issued an ‘adequacy decision’ in relation to that country or international organisation; or
  • there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for data subjects; or
  • a specific exception applies under data protection law

These are explained briefly below.

European Commission adequacy decision (where applicable)

The EC can decide that a country provides adequate protection and, if it does, to issue an ‘adequacy decision’ so that personal information can flow from the UK/EEA to that country without further safeguards. Only a few countries currently benefit from one. Other countries we may transfer personal information to do not have the benefit of an adequacy decision. This doesn’t necessarily mean they provide inadequate protection, but we must look at other ways for transferring the personal information.

Transfers with appropriate safeguards

We may transfer your data to a third country where we are satisfied the transfer complies with data protection law, appropriate safeguards are in place, and enforceable rights and effective legal remedies are available for data subjects. The safeguards will usually include using standard EC-approved data protection contract clauses. In relation to transfers to our overseas offices or other companies within our group, the safeguards may instead include legally binding rules and policies that apply to us (known as binding corporate rules), which have been approved by the UK data protection regulator.

Transfers under an exception

Absent an adequacy decision or appropriate safeguards, we may transfer personal information to a third country or international organisation where an exception applies under relevant data protection law, for example

  • the person has explicitly consented to the proposed transfer after having been informed of the possible risks
  • the transfer is necessary for the performance of a contract or to take pre-contract measures on request
  • the transfer is necessary for a contract, between us and another person; or
  • the transfer is necessary to establish, exercise or defend legal claims

We may also transfer information for the purpose of our compelling legitimate interests, so long as your interests, rights and freedoms do not override. Specific conditions apply to such transfers and we will provide relevant information if we seek to transfer your personal information on this ground.

Name of right

  1. Access
  2. Rectification
  3. To be forgotten
  4. Restriction of processing
  5. Data portability
  6. To object
  7. Not to be subject to automated individual decision making

The right to

  1. be given a copy of your personal information
  2. require us to correct any mistakes in your personal information
  3. require us to delete your personal information in certain situations
  4. require us to restrict processing of your personal information in certain circumstances
  5. receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations
  6. object at any time to our processing your personal information for direct marketing (including profiling); in certain other situations to our continued processing of your personal information, for example processing carried out for the purpose of our legitimate interests.
  7. not be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

For further information on each of those rights, including the circumstances in which they apply, please contact us:.

  • email, call or write to us – see below: ‘How to contact us’; and
  • let us have enough information to identify you; and
  • give us proof of your identity and address (a copy of your driving license or passport and a recent utility or credit card bill); and
  • tell us what right you want to exercise and the information to which your request relates.

Keeping your personal information secure

We have appropriate security measures to prevent personal information from being accidentally lost or used or accessed unlawfully. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We continually test our systems, and we have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How to complain

We hope that we can resolve any query or concern you may raise about our use of your information. However, you also have the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner whom you may contact at https://ico.org.uk/concerns or telephone 0303 123 1113.

Changes to this privacy policy

This privacy notice was published on 25 December 2020 and last updated on 24 December 2020.
We may change this privacy notice from time to time by publishing it on the website.

How to contact us or the relevant statutory data protection authority

Please contact us by post, email or telephone if you have any questions about this privacy policy or the personal information we hold about you. You can also contact the relevant data protection authority.
Us
For individuals in the UK: our UK contact details are: Regent House, Queens Road, BARNET EN5 4DN, UK
For individuals in the EEA: you may contact us direct, or our European representative: their contact details are: Schrema GmbH & Co KG, Petersburg 53, D-35075 GLADENBACH Germany
For both, we can be contacted on enquiries@limelightpublicity.co.uk, and we have an online contact service on our website: https://www.limelightpublicity.co.uk/contact-us-info/. You can also call us on +44 (0) 20 8447 4690.
Supervisory authorities
In the UK, the supervisory authority is Information Commissioner’s Office (ICO): they can be contacted on 0303 123 1113 or via live chat. The website is: https://ico.org.uk/
In the EEA, our lead supervisory authority is in Germany, in the Land of Hessen. The authority is the Der Hessische Beauftragte für Datenschutz und Informationsfreiheit. They can be contacted at Postfach 3163, 65021, Wiesbaden, Germany, or contacted online via E-Mail an HBDI. Their telephone number is +49-611-1408-0. Their website is at https://datenschutz.hessen.de/

Date: January 2022
Date of next review: January 2023