Lucas Luxury Packaging Ltd - Data Protection Statement
What is the purpose of this notice?
We collect certain information about you in the course of operating our business. This notice sets out details of the information that we collect, how we process it and who we share it with. It also explains your rights under data protection law in relation to our processing of your data.
Who controls the use of your personal data?
What personal data is collected?
In order to provide our services to you we need to process certain personal data in relation to you, which includes:
Where does Lucas collect personal data from?
Most of your personal data that we collect will be provided by you through our customer/supplier application forms, and your interactions with us. However, certain information may be provided by third parties on your behalf, including the following:
Certain personal information is required as a consequence of any contractual relationship we have with you, to enable us to carry out our contractual obligations to you. Failure to provide this information may prevent or delay the fulfilment of these obligations.
Why do you process my personal data?
We process your personal data in order to provide you with our products and services and to assist us in the operation of our business. Under data protection law we are required to ensure that there is an appropriate basis for the processing of your personal data, and we are required to let you know what that basis is.
There are various options under data protection law, but the primary bases that we use are (a) processing necessary for the performance of our contracts with you, (b) processing necessary in order for us to pursue our legitimate interests, (c) processing where we have your and/or your employees’ consent, and (d) processing that is required under applicable law.
Here are further details of our processing of your personal data below, together with the basis for that processing:
We try to do all of the above by using aggregated or anonymous data where possible, so you won’t be identifiable from the data, but some of this work involves processing your data without anonymizing it. Where we process data, this will be on the basis that it is necessary and proportionate for the purposes of providing such as part of our business.
We also undertake market research and surveys, which provide us with market insights. If we process your personal data for marketing and/or market research, this will be subject to your consent.
Where possible we try to use test data or anonymized data, but on occasion we may have to access live data directly, or we will often make a copy of some of the data that sits in our live systems and run our tests on that to make sure everything is working before we roll out a change. These copies may include your personal data, including details in relation to transactions you have made. In general this processing of your personal data is justified by our legitimate interests in making sure our computer systems run properly and are safe and secure. If we process data when running these tests or providing support services to our users, this will be on the basis that it is necessary and proportionate for the purposes of providing such as part of our business.
In order to process certain personal data in relation to you, (which may include company data), for certain purposes such as surveys, direct marketing, we may need to get your consent. When we process your data on the basis of your consent, you are free to withdraw that consent at any time. You can withdraw your consent by contacting us using the contact details at the bottom of this notice. Please note that if you withdraw your consent we may not be able to continue providing you with the service to which the consent related.
Information you are obliged to provide
We require certain information from you in order to be able to enter into a contract with you and to provide you with our products and/or services. Where this is the case we will indicate on relevant forms what personal data is required in order to enter into the contract with you. If you do not provide the information, we will not be able to provide you with our products and/or services.
Will you provide my information to a third party?
In general, we do not share your personal information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so.
We rely on third-party service providers to perform a variety of services on our behalf, such as website hosting, electronic message delivery, payment and accounts processing, IT infrastructure, computer systems support, data analytics and research. This may mean that we have to share your personal information with these third parties. When we share your personal information in this way, we put in place appropriate measures to make sure that our service providers keep your personal information secure.
From time to time, we may disclose personal information in response to a court order, subpoena, government investigation, or as otherwise required or permitted by law.
Other situations in which we may disclose your personal information to a third party, are:
We may also share aggregated information that cannot identify you for general business analysis,
e.g. we may disclose the number of visitors to its websites or services.
We do not provide information to third parties for their own marketing purposes and we do not undertake mailings for third parties.
We have implemented generally accepted standards of technology and operational security to protect personal information from loss, misuse, alteration or destruction. We require all employees and principals to keep personal information confidential and only authorised personnel have access to this information.
We will retain your personal information in accordance with our data retention policy which sets out data retention periods required or permitted by applicable law.
Transfers outside of the European Economic Area (EEA)
There are certain circumstances where we will transfer your personal data outside of the EEA to a country which is not recognised by the European Commission as providing an equivalent level of protection for personal data as is provided for in the EEA. If we transfer your personal data outside of the EEA please rest assured that we will ensure that appropriate measures are in place to protect your personal data and to comply with our obligations under applicable data protection law. This may mean that we enter into contracts in the form approved by the European Commission, or we ensure that the company to which we transfer your personal data has agreed to abide by an approved transfer mechanism, such as the EU-US Privacy Shield framework. If you would like further details about the measures we have taken in relation to the transfer of your personal data, or copies of the agreements that we have put in place in relation to the transfers, please contact us using the details at the bottom of this notice.
Retention of personal data
We will retain your personal data in accordance with our record retention policy. This policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us. This means that the retention period for your personal data will vary depending on the type of personal data. For further information about the criteria that we apply to determine retention periods please see below:
You have various rights under data protection law, subject to certain exemptions, in connection with our processing of your personal data:
In order to exercise any of the above rights, please contact us using the contact details set out below.
Questions and Complaints
If you have any queries or complaints in connection with our processing of your personal data, you can get in touch with us using the following contact details:
You also have the right to lodge a complaint with the Data Protection Commission if you are unhappy with our processing of your personal data.
on 1890 252 231.