How we handle information (Personal Data or otherwise)
The Legal Bits:
From contact details to your confidential records, in this section we’ll take you through the various ways we look after that information.
Who ‘we’ are and where you can find details about us:
For information, this relates to the handling of information by Lighthouse IG Ltd, Registered in England & Wales, Company Number 12289984, Registered Office: Lime House, 75 Church Road, Tiptree, Essex, CO5 0HB.
We are also registered with the Information Commissioner’s Office under registration number ZA796768.
‘Controller’ vs ‘Processor’:
For the purposes of our own recruitment, finances, insurance, and legal obligations we are a Data Controller. We have some basic contact details of clients about individuals for these purposes. For anything else you will be given a specific notice outlining how that data will be used.
For the purposes of providing you with support, advice and X role ‘as a service’ Lighthouse IG is an agent of you the Data Controller depending on the circumstances. Where possible we avoid processing personal data at all, but where it is necessary we only retain that data while working on your task and remove it once the task is complete and accepted.
For the purposes of the delivery of training sessions, we are a Data Processor and our use of Personal Data will be minimal.
Data Processing Agreements:
In each contract we sign it will be outlined what role each party plays and who is responsible for what where the processing and protection of any Personal Data is concerned.
What do we do with your data?
In order to work with you we may have the following information at any given time. This will be known to you before we have it and is very much dependent on how we are working with you;
- Personal Data on you or your staff
- Personal Data on your customers/citizens
- Business Confidential Data
- Operational Confidential Data
Where possible all the data we have is electronic. Physical copies are discouraged however where this does occur they are handled to the same high standards.
Please note, when paying invoices or for products we do not use or collect your payment information. This is either stored with you (BACS etc) or with PayPal if you are buying products.
There are occasions where we need to use your information in order to;
- Contact you and discuss a service with your consent or as part of the contract
- Send you promotional material with your consent, including my blog posts
- Work with you to resolve a customer query, complaint or data issue as part of the contract
- To administer your attendance at a webinar or other online event with your consent (free ones) or contract (paid ones)
- For my own legal and accounting obligations where it is required for us to retain such data
- To take payment for any products & promotional merchandise as part of the conditions of sale (contract)
- As part of a reference for future client work with your consent
In so far as possible, we ensure that information is either kept within the United Kingdom or the European Union. We have technology that utilises both UK and EU servers. If any information needs to leave either of these locations we will discuss this with you before it does.
In short, as short a time as is possible and necessary. As a summary;
- General correspondence = 1 month from date created
- Contracts = 7 years from delivery date
- Advice and guidance = 7 years from case closure
- Accounting information = 6 years from accounting year end
- Webinar registration information = 5 days after event has occurred
- Training materials and templates = until superseded unless otherwise agreed
- Blog subscription data = until you unsubscribe when it will automatically be deleted.
Put simply, no. Your information is not used for analytical or machine learning related purposes. The tools we use to run the company and deliver my services are very ‘every day’ and simple. If this ever changes (because we’ve gone mad), we will consult you beforehand.
We (with help from some partners below) deploy a number of things to look after and protect the data within our care. This includes (but isn’t limited to) the following;
- High standard passwords
- 2 factor authentication on key systems
- Encryption of remote devices
- VPN for remote working
- Contracts with third parties
- External review and advice on security controls
- Clear policies and training
- Access controls (internal and external)
Where possible, only Lighthouse IG Ltd employees (me) will have ‘routine’ access to your data. However, for reasons like ‘IT maintenance’ and ‘accounting’, third parties will access your information on occasion. Further details on who these organisations are and what they might access are below for your reference.
The following list is the various systems we use to deliver my services and their respective Data Protection summaries:
- Accounting = Xero
- Webinars = ClickMeeting
- Document Management Interface = Office 365 (data is physically stored on CloudTree servers)
- Email Newsletter = MailJet
- Website interface = WordPress (data sits on CloudTree servers)
You have a number of rights over your data depending on what the data is and why we are holding it. If we can honour your request we will, otherwise we will explain why we cannot or may have to liaise with the respective Data Controller of that data. To find out what I have or exercise any rights over your information please contact info@lighthouseig.com (or your respective Data Controller if you know who that is).
You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office (ICO) in the UK) about what I am doing. You can do this via www.ico.org.uk, casework@ico.org.uk or 0303 123 1113.
This website uses very little technology in order to work.
Cookies:
We only use cookies to remember your preferences, to enable the sharing of content on social media (should you chose to) and to protect the security of the website. Remembering your preferences and protecting the security of the site are necessary for the running of the website. Nether collect invasive information on you other than basic IP address and cookie preferences. The social media cookies however will only work with your consent and where you want to share something to your social media via the sharing links on the site.
Version Control:
Version 2.4 Issued 20th January 2023
Who do I share your data with?
Below is a list of partners I work with to deliver services. Some partners I will share personal data with to deliver your training course (for example) and others may only be on the odd occasion. Click on each one to see what I share with them and why.
Lighthouse IG acts as a processor for the delivery of Act Now online and face-to-face courses. As a processor, we are bound by a contract with Act Now and handle information in accordance with their expectations.
Lighthouse IG acts as a processor for the delivery of UMG online and face-to-face courses. As a processor, we are bound by a contract with UMG and handle information in accordance with their expectations.
Lighthouse IG acts as a processor for the delivery of Essex Chambers of Commerce face-to-face courses. As a processor, we are bound by a contract with Essex Chambers of Commerce and handle information in accordance with their expectations.
Lighthouse IG is provides trainer support for Leadership Through Data (LTD). Lighthouse IG acts as a processor for the delivery of LTD courses. As a processor, we are bound by a contract with LTD and handle information in accordance with their expectations.
I work with YorCyberSec on occasion to deliver products and services to mutual clients. Where I do so, I handle information in accordance with that engagement contract. Click here to find out more about them as an organisation.
We work with Cortida on occasion to deliver products and services to mutual clients. Where we do so, we handle information in accordance with that engagement contract. Click here to find out more about them as a orgnanisation.
We work with ‘For Your Information’ (FYI) on occasion to deliver products and services to mutual clients. Where we do so, we handle information in accordance with that engagement contract. Click here to find out more about them as a organisation.
I work with Manton Executives to help me with general admin and run my social media and mailing lists. Click here to find out more about them as an organisation.
Cloud-Tree are responsible for hosting and supporting our IT software and tools. This may require on occasion the need to be exposed to your information. This is only on a case-by-case basis and as a processor, Cloud-Tree is bound to handle that information in a confidential manner. Click here to find out more about them.
Thompson Reid are responsible for running my accounts and bookkeeping. This may require on occasion the need to be exposed to your information. This is only on a case-by-case basis and as a processor, Thompson Reid is bound to handle that information in a confidential manner.
Hiscox Insurance provide our business insurance and legal advice services. This may require on occasion the need to be exposed to your information. This is only on a case-by-case basis and as a separate Data Controller, Hiscox is bound by contract to handle that information in a confidential manner. Click here to view further information on them.
I currently use MailJet to manage my email newsletter subscriptions. You can find out more information about MailJet here.