This is the privacy notice of The Lightbox Company. In this document, “we” or “us” refers to The Lightbox Company.
We are company number 8901657 registered in England. Our registered office is at 36 Fifth Avenue, Havant, Hampshire, PO9 2PL, UK.
This is a notice to tell you our policy about all information that we record about you. It covers both information that could identify you and information that could not.
We are extremely concerned to protect your privacy and confidentiality. We understand that all users of our web site are quite rightly concerned to know that their data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party. Our policy is both specific and strict. It complies with UK law [and with the laws of all jurisdictions of which we are aware]. If you think our policy falls short of your expectations or that we are failing to abide by our policy, do please tell us.
We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our web site immediately.
Except as set out below, we do not share, or sell, or disclose to a third party, any personally identifiable information collected at this site.
Here is a list of the information we collect from you, either through our web site or because you give it to us in some other way, and why it is necessary to collect it:
- Basic identification and contact information, such as your name and contact details.
This information is used:
- to provide you with the services which you request;
- for verifying your identity for security purposes;
- for marketing our services and products;
- information which does not identify any individual may be used in a general way by us or third parties, to provide class information, for example relating to demographics or usage of a particular page or service.
Our website is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.
Shopify is certified Level 1 PCI DSS compliant. This compliance extends to all online stores powered by Shopify. You can view more information here.
We use Sage Pay to collect/process transaction information. All credit card details are entered on a secured page and they are transferred using SSL technology. No credit card information is stored by ourselves or Shopify. You can view the security policy of Sage Pay here.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.
PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Cookies are small text files that are placed on your computer’s hard drive through your web browser when you visit any web site. They are widely used to make web sites work, or work more efficiently, as well as to provide information to the owners of the site.
Like all other users of cookies, we may request the return of information from your computer when your browser requests a web page from our server. Cookies enable our web server to identify you to us, and to track your actions and the pages you visit while you use our website. The cookies we use may last for a single visit to our site (they are deleted from your computer when you close your browser), or may remain on your computer until you delete them or until a defined period of time has passed.
Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not.
|Purpose||Data Kind||Sessional or Persistent?|
|Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits||Unique Token||Sessional|
storefront and checkout.shopify.com
|Used by our website provider’s internal stats tracker to record the number of visits||No data held||Persistent for 30 minutes from the last visit|
storefront and checkout.shopify.com
|Counts the number of visits to a store by a single customer||No data held||Expires midnight (relative to the visitor) of the next day|
|Stores information about the contents of your cart||Unique token||Persistent for 2 weeks|
|Stores session information for the checkout process||Unique token||Sessional|
|If the shop has a password, this is used to determine if the current visitor has access||Unique token||Indefinite|
Market place information
When we obtain information from you specifically to enable you to buy a service offered on our web site by some other person, we assume that in giving us your information, you are also giving us permission to pass it to the relevant person.
Your domain name and e-mail address are recognised by our servers and the pages that you visit are recorded. We shall not under any circumstances divulge your e-mail address to any person who is not an employee or contractor of ours and who does not need to know, either generally or specifically. This information is used:
- to correspond with you or deal with you as you expect.
- in a collective way not referable to any particular individual, for the purpose of quality control and improvement of our site;
- to send you news about the services to which you have signed up;
- to tell you about other of our services or services of sister web sites.
Information you post on our website
Information you send to us by posting to a forum or blog or in your advertisement is stored on our servers. We do not specifically use that information except to allow it to be read, but you will see in our terms and conditions that we reserve a right to use it in any way we decide.
Website usage information
Financial information relating only to your credit cards
This information is never taken by us either through our website or otherwise. At the point of payment, you are transferred to a secure page on the website of Shopify, SagePay or PayPal. That page may be dressed in our “livery”, but it is not controlled by us. Our staff and contractors never have access to it.
To assist in combatting fraud, we share information with credit reference agencies so far as it relates to clients or customers who instruct their credit card issuer to cancel payment to us without having first provided an acceptable reason to us and given us the opportunity to refund their money.
Business and personal information
This includes all information given to us in the course of your business and ours, such as information you give us in your capacity as our client. We undertake to preserve the confidentiality of the information and of the terms of our relationship. It is not used for any other purpose. We expect you to reciprocate this policy.
We keep information which forms part of our business record for a minimum of six years. That is because we may need it in some way to support a claim or defence in court. That is also the period within which our tax collecting authorities may demand to know it.
Third party advertising
We may use re-marketing from time to time. This involves Google or some other supplier placing a tag or marker on your website in order to be able to serve to you an advert for our products / services when you visit some other website.
Third party content
Our web site is a publishing medium in that anyone may register and then publish information about himself or some other person. We do not moderate or control what is posted. If you complain about any of the content on our web site, we shall investigate your complaint. If we feel it may be justified, we shall remove it while we investigate. Free speech is a fundamental right, so we have to make a judgment as to whose right will be obstructed: yours, or that of the person who posted the content which offends you. If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
Job application and employment
If you send us information in connection with a job application, we may keep it for up to three years in case we decide to contact you at a later date.
If we employ you, we collect information about you and your work from time to time throughout the period of your employment. This information will be used only for purposes directly relevant to your employment. After your employment has ended, we will keep your file for six years before destroying or deleting it.
Content you provide to us
If you provide information to us with a view to it being read, copied, downloaded or used by other people, we accept no responsibility for what that third party may do with it. It is up to you to satisfy yourself about the privacy level of every person who might see your information. If it is available to all the World, you have no control whatever as to how it is used.
Information we obtain from third parties
Although we do not disclose your personal information to any third party (except as set out in this notice), we do receive data which is indirectly made up from your personal information, from software services such as Google Analytics and others. No such information is identifiable to you.
This is information given to us by you in your capacity as an affiliate of us or a customer or client of ours. Such information is retained for business use only. We undertake to preserve the confidentiality of the information and of the terms of our relationship. It is not used for any other purpose. We expect any affiliate to agree to reciprocate this policy. As an exception to this, we have the right to disclose your first name and URL of your affiliate connection to other affiliates and to any other person or organisation, on and off site. The reason is solely to enable us to mention winners and others whose performance as an affiliate is in some way outstanding.
Use of site by children
If you are under 18, you may use our site only with consent from a parent or guardian.
Sale of your personal information
Except as specified above, we do not rent, sell or otherwise disclose any of your information to any person outside our business.
Our web sites are hosted in the UK. We also use outsourced services in countries outside the EU from time to time in other aspects of our business. Accordingly data obtained within the UK may be “processed” outside the UK and data obtained in any other country may be processed within or outside that country.
Disclosure to Government and their agencies. We are subject to the law like everyone else. We may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.
At any time you may review or update the personally identifiable information that we hold about you, by contacting us at the address below. To better safeguard your information, we will also take reasonable steps to verify your identity before granting access or making corrections to your information.
Compliance with the law
This confidentiality policy has been compiled so as to comply with the law of every jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your country, we should like to hear from you, but ultimately it is your choice as to whether you wish to use our website.
Removal of your information
If you wish us to remove personally identifiable information from our web site, you may contact us at firstname.lastname@example.org. To better safeguard your information, we will also take reasonable steps to verify your identity before granting access or making corrections to your information.
When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint. If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and, if we do, what that information is.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.