How we handle information (Personal Data or otherwise)

From contact details to your confidential records, in this section we’ll take you through the various ways we look after that information.

Who ‘we’ are and where you can find details about us:

For information, this relates to the handling of information by Lighthouse IG Ltd, Registered in England & Wales, Company Number 12289984, Registered Office: Lime House, 75 Church Road, Tiptree, Essex, CO5 0HB.

We are also registered with the Information Commissioner’s Office under registration number ZA796768. 

‘Controller’ vs ‘Processor’:

For the purposes of our own recruitment, finances, insurances, and legal obligations we are a Data Controller. For all other services, unless stated otherwise, we are a Data Processor and the client for whom we are providing services in the Data Controller. In our standard contract terms we will outline and agree this with you. 

In order to work with you we may have the following information at any given time. This will be known to you before we have it and is very much dependant on how we are working with you;

  • Personal Data on you or your staff
  • Personal Data on your customers/citizens
  • Business Confidential Data
  • Operational Confidential Data

Where possible all the data we have is electronic. Physical copies are discouraged however where this does occur they are handled to the same high standards. 

Please note, when paying invoices or for products we do not use or collect your payment information. This is either stored with you (BACS etc) or with PayPal if you are buying products. 

There are occasions where we need to use your information in order to;

  1. Contact you and discuss a service with your consent or as part of the contract
  2. Send you promotional material with your consent, including our blog posts
  3. Work with you to resolve a customer query, complaint or data issue as part of the contract
  4. To administer your attendance at a webinar or other online event with your consent (free ones) or contract (paid ones)
  5. For our own legal and accounting obligations where it is required for us to retain such data
  6. To take payment for any products & promotional merchandise as part of the conditions of sale (contract)
  7. As part of a reference for future client work with your consent

In so far as possible we ensure that information is either kept within the United Kingdom or the European Union. We have technology that utilises both UK and EU servers. If any information needs to leave either of these locations we will discuss this with you before it does. 

In short, as short a time as is possible and necessary. As a summary;

  • General correspondence = 1 month from date created
  • Contracts = 7 years from delivery date
  • Advice and guidance = 7 years from case closure
  • Accounting information = 6 years from accounting year end
  • Webinar registration information = 5 days after event has occurred
  • Training materials and templates = until superseded unless otherwise agreed
  • Blog subscription data = until you unsubscribe when it will automatically be deleted.

Put simply, no. Your information is not used for analytical or machine learning related purposes. The tools we use to run the company and deliver our services are very ‘every day’ and simple. If this ever changes, we will consult you beforehand. 

We deploy a number of things to look after and protect the data within our care. This includes (but isn’t limited to) the following; 

  • High standard passwords
  • 3 factor authentication on key systems
  • Encryption of remote devices
  • VPN for remote working
  • Contracts with third parties
  • External review and advice on security controls
  • Clear policies and training
  • Access controls (internal and external)

Where possible, only Lighthouse IG Ltd employees will have ‘routine’ access to your data. However, for reasons like ‘IT maintenance’ and ‘accounting’, third parties will access your information on occasion. Further details on who these organisations are and what they might access are below for your reference. 

The following list is the various systems we use to deliver our services and their respective Data Protection summaries:

You have a number of rights over your data depending on what the data is and why we are holding it. If we can honour your request we will otherwise we will explain why we cannot. To find out what we have or exercise any rights over your information please contact info@lighthouseig.com

You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office (ICO) in the UK) about us via www.ico.org.ukcasework@ico.org.uk or 0303 123 1113 

Our website uses very little technology in order to work. 

Cookies:

We only use cookies to remember your preferences, to enable the sharing of content on social media (should you chose to) and to protect the security of the website. Remembering your preferences and protecting the security of the site are necessary for the running of the website. Nether collect invasive information on you other than basic IP address and cookie preferences. The social media cookies however will only work with your consent and where you want to share something to your social media via the sharing links on the site.

 
Submitting queries & subscribing:
At each point where you can submit your personal data for a query or to subscribe we will outline what we do with that data. 
 
Third Party Websites:
We cannot accept responsibility for any content on other websites that we may link to. We do not share any data with those sites, including any preferences, therefore you need to ensure you read that sites privacy notices etc on your visit. 

Version Control:

Version 2.1 Issued 16th December 2020

Our suppliers and partners

Below is a list of partners we work with to deliver services. Some partners we will share personal data with to deliver your training course (for example) and others may only be on the odd occasion. Click on each one to see what we share with them and why. 

Lighthouse IG acts as a processor for the delivery of Act Now online and face-to-face courses. As a processor, we are bound by a contract with Act Now and handle information in accordance with their expectations

Lighthouse IG acts as a processor for the delivery of UMG online and face-to-face courses. As a processor, we are bound by a contract with UMG and handle information in accordance with their expectations

Lighthouse IG acts as a processor for the delivery of Essex Chambers of Commerce face-to-face courses. As a processor, we are bound by a contract with Essex Chambers of Commerce and handle information in accordance with their expectations

We work with YorCyberSec on occasion to deliver products and services to mutual clients. Where we do so, we handle information in accordance with that engagement contract. Click here to find out more about them as a Controller. 

We are an ’emergency back up’ trainer for Leadership Through Data (LTD). Lighthouse IG acts as a processor for the delivery of LTD courses. As a processor, we are bound by a contract with LTD and handle information in accordance with their expectations

Cloud-Tree are responsible for hosting and supporting our IT software and tools. This may require on occasion the need to be exposed to your information. This is only on a case by case basis and as a processor, Cloud-Tree is bound to handle that information in a confidential manner. Click here to find out more about them. 

We currently use Clickmeeting to run our free and paid for webinars. They act as a Processor of your data when attending our events. Click here to find out more information about them. 

Thompson Reid are responsible for running my accounts and book keeping. This may require on occasion the need to be exposed to your information. This is only on a case by case basis and as a processor, Thompson Reid is bound to handle that information in a confidential manner. 

Hiscox Insurance provide our business insurance and legal advice services. This may require on occasion the need to be exposed to your information. This is only on a case by case basis and as a separate Data Controller, Hiscox is bound by contract to handle that information in a confidential manner. Click here to view further information on them.