Orlight Privacy Policy

1 – Scope 
 
This Privacy Policy sets out how your personal data is used and processed in line with the General Data Protection Regulation (EU Regulation 2016/679). We respect and value our customers’ privacy and as such we will only collect your data in ways which are consistent with our obligations and your rights under the law.  
 
This will explain what we do with your information, how we share it and handle it. It will also tell you your options with regards to use of your personal information and how you can access it.  
 
This Policy details what information Orlight Limited and its subsidiaries (‘Orlight’) collect when you: 
 
- Visit our website(s), www.orlight.com, www.orcomm.co.uk  - Use our products and services (our ‘Products’ and ‘Services’); or - When you otherwise do business or make contact with us.  
 
 
2 – Our Information 
 
Orlight Limited is a company registered in England under company number 03331729 whose registered office is at Unit 3, Parkbury, Victor Way, Colney Street, St Albans, AL2 2FL, acting on behalf of itself, its subsidiaries and associated companies and where those subsidiaries are holding companies their subsidiaries and so on, and for the benefit of all their respective present and future subsidiaries, each individually and collectively hereinafter referred to as ‘Orlight’.  
 
 
3 – What Personal Data Do We Collect? 
 
Through the above avenues listed in Section 1, we may collect some or all of the following personal data: 
 
1. Personal details; name, address (incl postcode), email, telephone number  2. Financial details; account details, credit/debit card details, other payment information  3. Employment details; job title, profession, business/company name 

4. Other details; details of interactions, i.e. customer support/previous purchases,  
 
We collect this information when you make an enquiry into our products and services, sign-up to our mailing information, fill out forms, open an account to purchase goods or use our services, give a thirdparty permission to share information they hold about you, contact us in any way or engage with us on social media.  
 
 
4 – Why Do We Collect This Information 
 
Under the GDPR, we are required to have a lawful basis/legitimate interest in the use of your personal data. This will usually be to be able to perform our contract with you, because you have given your consent, or so we are able to give you the best customer experience.  
 
Your personal data may be used for one or more of the following: 
 
- To carry out any obligations arising from any agreements entered into by us and you and to provide you with the information, products and services you request from us  - To provide you with information about other goods and services we offer which you have enquired about or we may feel will be of interest to you.  - To communicate with you to gain feedback on our products or services in order to improve them  - To notify you of any changes to any of our services  - To ensure that content from our site and publications are presented in the most effective manner for you - For internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes. - For recruitment purposes  - To process payments and prevent fraudulent transactions to help protect our customers from fraud  - To assess the effect of our advertising to you and other and to deliver other relevant advertising to you.  - To comply with our contractual or legal obligations to share data with law enforcement.  

5 – How Do You Protect My Personal Data 
 
We implement several security measures to ensure the safeguarding of your data and we take all the appropriate steps required to maintain such protection. These measures include (but are not limited to): 
 
- File encryption on all database servers with restricted files access  - Data encryption between services within our system and provided by third parties  - Disk Encryption on all mobile devices - Firewalls restricting inbound and outbound network traffic  - Endpoint protection on all devices 
 
6 – How Long Will We Keep Your Personal Data  

 
Your data will never be held any longer than is necessary with respect of the reason for which it was first collected and we will always follow the relevant statutory retention limits for personal information where applicable. At the end of the retention period, where it is no longer needed or where you request it to be deleted; your data will either be completely deleted or anonymised, i.e. by aggregating data so it can be used in a non-identifiable way for statistical analysis and business planning.  
 
7 – Do We Share Your Personal Data 

 
There may be times where we share your personal data with other companies in our group so as to facilitate providing you with the Products and Services our companies offer. This includes our subsidiaries and associated companies.  
 
Alternatively, we may sometimes have to share your personal data with third parties who facilitate us in providing our Products and Services to you. This information is restricted only to the Personal Information required for them to fulfil their services to us. These companies can include: 
 
- IT companies who support our website and business systems  - Operational companies, such as delivery couriers  - Marketing companies, i.e. MailChimp, which enables us to manage our electronic communications with you.  

In instances where your personal data is required by a third party, as above, we will ensure that your personal data is handled safely, securely and in accordance with your rights, our obligations and the third party’s obligations under the law.  
 
Where personal information is transferred outside the EEA, we will take further additional steps to ensure your personal data is treated just as safely and securely as it would be within the EU. 
 
There are also, limited circumstances, where we may be legally required to share certain personal data, which could include yours, if we are involved in or complying with legal obligations, a court order, or the instructions of a government body.  
 
8 – How Can You Access Your Personal Data? 

 
In order to know what personal data we have about you, you can submit a “Subject Access Request” which is a formal request for details of that personal data and for a copy of it.  
 
All requests must be made in writing and sent to the Operations Department (operations@orlight.com)  
 
We will respond to your subject access request within one month of receiving it. We usually aim to provide a complete response, however, in some cases, particularly if your request is more complex, more time may be required (up to three months) from the date we receive your request  
 
9 – How Can You Contact Us? 
 
To contact us regarding your personal data and data protection, including making a subject access request, please contact us at operations@orlight.com  
 
10 – If You Live Outside the UK 
 
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Your data will be processed and stored by ourselves and third parties located in the UK as this is where our IT storage facilities and servers are located.  
 
If you live outside the UK, but live within the EEA, and you have a complaint, you have the right to lodge your complaint with the relevant authority within your country of residence.  
 
11 – Changes to This Privacy Policy  
 
We may change this Privacy Policy from time to time. This may be due to changes in the law or our business operations in a way which affects personal data protection.  
 
All changes will be made available via our website.