This privacy notice describes how we will collect, use, share and otherwise process your personal data in connection with your use of our website www.lamaron.thinkific.com (the “Site”) and the services provided there (the “Services”).
This Website and/or Services are not intended for children and we do not knowingly collect data relating to children.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
Lamaron Ltd. (UK Company Registration Number: 15636815; contact: [email protected]) is the controller and is responsible for your personal data (we, us or our in this notice).
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues
We keep our privacy notice under regular review. It may change and, if it does, those changes will be posted on this page and may be required to read and acknowledge the changes to continue your use of the Site or the Services.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
Our Site and Services may, from time to time, contain links to and from the websites of third parties. Please note that these websites (and any services accessible through them) are controlled by those third parties and are not covered by this privacy notice. You should review their own privacy notices to understand how they use your personal data before you submit any personal data to these websites or use these services.
The data we collect about you
We collect, use, store and transfer different kinds of personal data about you. To make it easier for you to use this privacy notice, we group these into the following categories: Identity Data; Contact Data; Profile Data; Transaction Data; Device Data; Content Data; Usage Data; Security Data; Cookies Data; Marketing and Communications Data; Location Data; Connected Data; Social Media Data; Feedback Data; Personalisation Data.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
How is your personal data collected?
We collect your personal data in the following way:
- Registration. We collect your Identity Data and Contact Data when you register your account with the Site.
- Communications. When you communicate with us via email, telephone, one of our online forms or chat we collect your Contact Data. If the communication relates to an error or problem you are having with the Site or one of our Services, we will also collect Usage Data for diagnosis and improvement.
- Information you generate when using our Site and Services. Each time you access and use our Site and Services we collect Content, Device, Personalisation and Usage Data. We collect Content Data where you upload it to the Site or interact with the content available on the Site.
- Information we collect through monitoring the use of our Site, Sites and Services. Each time you access and use our Site and Services we collect information about that access and use, being Device, Content, Cookies, and Usage Data.
- Additional information we otherwise collect through our Site, Sites and Services where we have your consent to do so. Where you provide your consent, we collect your Location Data on an ongoing basis while you have the Site installed on your device.
- Direct Marketing. We collect and record Direct Marketing Data when we add you to our marketing database, you request to change your direct marketing preferences, or you interact with our direct marketing communications.
- Information we receive from third parties. We will receive personal data about you from third parties we partner with to provide the services namely: Identity, Contact and Direct Marketing Data from data brokers or aggregators and from publicly available sources such as the worldwide web, Companies House and the electoral register based inside the UK.
Cookies
We use the Thinkific platform to host our courses and this may involve the use of cookies (small files placed on your device) to improve your experience and our development of the Site and our Services. For detailed information on the cookies we may use use, the purposes for which we use them and how you can exercise your choices regarding our use of your cookies, see Thinkific’s privacy and cookie notice at https://www.thinkific.com/privacy-policy/ and https://www.thinkific.com/cookies-policy/
How we use your personal data
We will only use your personal data when we have a lawful basis to do so. Our lawful basis for each purpose for which we use your personal data is specified below. Most commonly we will use your personal data in the following circumstances:
- Consent. Where you have freely consented before the processing in a specific, informed and unambiguous indication of what you want. When you provide us with personal information to subscribe to a service on our site, make a purchase, or participate in or consume a digital product, you imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to unsubscribe if consent is implied. You can withdraw your consent at any time by contacting [email protected].
- Performance of a contract. Where we need to process your personal data to perform a contract with you or where you ask us to take steps before we enter into a contract with you. Where we rely on performance of a contract and you do not provide the necessary information, we will be unable to perform your contract.
- Legitimate interests. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Legal obligation. Where we need to use your personal data to comply with a legal or regulatory obligation. Where we rely on legal obligation and you do not provide the necessary information, we may be unable to fulfil a right you have or comply with our obligations to you, or we may need to take additional steps, such as informing law enforcement or a public authority or applying for a court order.
Delivery and improvement of our Site and purchases
Purpose or activity | Type of personal data | Lawful basis for processing |
To permit you to install the Site and register you as a new Site user | Identity Contact Financial Device | Performance of a contract, Legitimate interests (delivering our Site to you) |
To take steps towards providing you with services at your request, to process and fulfil in-Site orders/purchases and deliver services to you, including managing payments and sending you service communications | Identity Contact Transaction Device
| Performance of a contract |
To provide you with your membership or subscription benefits, fulfil your purchase or redemption of gift cards | Identity Contact Transaction | Performance of a contract |
Enforce our terms and conditions, including to collect money owed to us | Identity | Legitimate interests (to recover debts due to us) |
Account management and profiling
Purpose or activity | Type of personal data | Lawful basis for processing |
Combining the information we collect about you into a single customer account profile | Contact Direct marketing | Legitimate Interests (to publicise and grow our business) |
Direct marketing
Purpose or activity | Type of personal data | Lawful basis for processing |
To send you direct marketing communications via email, text and/or push notification | Contact Device Direct Marketing | Consent Unless we can rely on the soft opt-in and you have not opted out, in which case we rely on Legitimate Interest (to publicise and grow our business) |
To send you direct marketing communications by telephone or post | Contact Device Direct Marketing | Legitimate interests (to publicise and grow our business) Unless you have opted out, in which case we rely on Consent |
Troubleshooting, improvement and security
Purpose or activity | Type of personal data | Lawful basis for processing |
To administer, monitor and improve our business, Services and this Site including troubleshooting, data analysis and system testing | Identity Contact Device | Legitimate interests (for running our business, provision of administration and IT services, network security, maintaining the security of our Site and Services, providing a secure service to users and preventing fraudulent and other misuse of our Site) |
Applying security measures to our processing of your personal data, including processing in connection with the Site | All personal data under this privacy notice | Legal obligation (applying appropriate technical and organisational measures) |
Otherwise monitoring use of the Site and deploying appropriate security measures | Contact Security Transaction | Legitimate interests (running our business, provision of administration and IT services, network security, maintaining the security of our Site and services, providing a secure service to users and preventing fraudulent and other misuse of our Site) |
Rights and obligations
Purpose or activity | Type of personal data | Lawful basis for processing |
To comply with our other legal obligations, including compliance with tax legislation, judicial, law enforcement and government authorities' requests | All personal data under this privacy notice | Legal obligation |
Cookies and personalisation
Purpose or activity | Type of personal data | Lawful basis for processing |
To deploy and process personal data collected via Cookies, as set out in the Thinkific cookies note referred to above | Cookies | Legitimate interests (delivering and securing the Site and our Services) |
To deploy and process personal data collected via Cookies as set out in the Thinkific cookies note referred to above | Cookies | Consent |
Other communications
Purpose or activity | Type of personal data | Lawful basis for processing |
To notify you of changes to the Site, Services, your purchases and our terms and conditions for ongoing contracts | Contact | For ongoing or prospective contracts, Performance of a contract Otherwise, Legitimate interests (in servicing our users and prospective users) |
To notify you of updates to this privacy notice | Contact Transaction | Legal obligation (to inform you of our processing under Articles 13 and 14 of the UK GDPR) |
To respond to your requests to exercise your rights under this notice | As relevant to your request | Legal obligation (complying with data subject requests under Chapter 3 of the UK GDPR) |
To ask you to complete a survey and process your response (where applicable, please also see the separate privacy notice) | Contact | Legitimate interests (to analyse how users use our products or Services and to develop them and grow our business) Unless you have previously opted out, where we will rely on Consent |
To otherwise respond to your enquiries, fulfil your requests and to contact you where necessary | As relevant to your enquiry or request | Legitimate interests (service our users and prospective users) |
Personal data sharing
Purpose or activity | Type of personal data | Lawful basis for processing |
Share personal data with our third-party providers and business partners for purposes not otherwise set out above (see Disclosures of your personal data) | Identity Contact Financial Transaction Device
| Legitimate interests (for the purpose relevant to the recipient, as set out at "Disclosures of your personal data” |
Business contacts
Purpose or activity | Type of personal data | Lawful basis for processing |
Process personal data relating to staff members of our business contacts, including suppliers, customers and prospects | Identity Contact Financial Transaction Device | Legitimate interests (servicing and receiving products or services, to or from our business contacts and carry out our B2B business) |
Automated decision making and profiling
We do not make decisions based solely on automated processing or profiling that produce legal effects concerning you (or have similarly significant effects).
Criminal offence data and special category data
We do not intentionally collect criminal offence data about you. However we may process data relating to criminal offences in monitoring the use of our Site for security purposes, where we suspect you may have committed a crime, such as attempting to make a fraudulent purchase or claim or circumvent the security of the Site or Services. In such circumstances we will provide that information to law enforcement and/or use it to establish, exercise or defend a legal claim. In those circumstances, according to the type of activity and purpose, we will rely on legitimate interests (protecting our business, employees and other users) and legal obligation (where required by legal, judicial or law enforcement to disclose or process that information).
Disclosures of your personal data
We may share your personal data with the following third parties:
- Internal third parties. Other companies in the Lamaron Group.
- External third parties. Your internet and and mobile network operator to allow you to access the Site.
- Service providers such as Thinkific, designers and website professionals who have access to the Site.
- Our professional advisors including lawyers, auditors, insurers, consultants and other advisors who provide legal, accounting, insurance and other related services.
- Your service providers that you have appointed and we need to contact to fulfil your requests, such as your banking or payment card provider to process your transactions.
- Marketing and promotional partners and co-operatives with whom we share data to enhance our offerings and identify prospective customers.
- Third party partners where you have expressly subscribed to receive marketing from or with them.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
- HM Revenue and Customs, regulators, law enforcement, public authorities or other third parties acting as controllers based in the UK where necessary to exercise our rights or comply with a legal obligation.
International transfers
Where we transfer your personal data between the UK and the EEA those transfers are made pursuant to the UK government's adequacy decision in favour of countries in the EEA and the European Commission's adequacy decision in favour of the UK.
Where we transfer your personal data between our group companies, we ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data. These rules are called "binding corporate rules".
Whenever we transfer your personal data out of the, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data. Thinkific will keep your data in the USA, using Amazon Web Services data centres. Amazon are listed on the US Data Privacy Framework and therefore your personal data being held here is covered by UK adequacy regulations. Thinkific itself is based in Canada, and its processing activities are covered by the ‘PIPEDA’ and as such is also covered by UK adequacy regulations. Stripe, who takes your payment, is based in the USA but is also listed on the US Data Privacy Framework and therefore your personal data being held here is covered by UK adequacy regulations. Your data may also be stored on our MS 365 servers, which are based in Dublin and mirrored in Amsterdam, (so inside he EEA).
- Where we use certain service providers located outside the EEA, such as Thinkific we also use specific contracts which give personal data the same protection it has in the UK. Stripe’s privacy notice can be found here: https://stripe.com/gb/privacy. Microsoft’s can be found here: https://www.microsoft.com/en-gb/trust-center/privacy and Stripe’s can be found here: https://stripe.com/gb/privacy
Data security
Information you provide to us is stored on secure servers (to the best of our knowledge and belief) provided by third parties which are located in the UK, the EEA, Canada or the USA. You can find more about the measures Thinkific takes to protect your personal data here https://www.thinkific.com/security-overview/ . Stripe’s security measures can be found here: https://docs.stripe.com/security?locale=en-GB and Microsoft’s here https://www.microsoft.com/en-gb/trust-center/privacy
Any payment transactions carried out by us or our chosen third-party provider of payment processing service, Stripe and their privacy notice can be found here: https://stripe.com/gb/privacy
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Site or Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we rely on the procedures and security features provided by Stripe and Thinkific and other providers involved in the provision of the Services to protect your personal data from loss, unauthorised use or access.
Certain Services include social networking, chat room or forum features. Ensure when using these features that you do not submit any personal data that you do not want to be seen, collected or used by other users.
Data retention
By law we have to keep basic information about our customers (including Contact, Identity, Security and Transaction Data) for six years after they cease being customers for tax and other legal purposes.
In some circumstances you can ask us to delete your data: see Your legal rights below for further information.
Once we no longer have a legal right to hold your personal data, we will delete or, in some circumstances, we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
You have the following rights under data protection laws in relation to your personal data.
- Access. Request access to and/or a copy of the personal data we process about you (commonly known as a data subject access request).
- Correction. Request correction of any incomplete or inaccurate data we hold about you. (We may need to verify the accuracy of the new data you provide to us.)
- Deletion. Request us to delete or remove personal data where there is no good reason for us continuing to process it. You also can ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we have processed your information unlawfully or where we need to erase your personal data to comply with law. (In some cases, we may need to continue to retain some of your personal data where required by law. If these apply, we will notify you at the time of our response.)
- Objection. Object to us processing your personal data where (a) we are relying on legitimate interests as the lawful basis and you feel the processing impacts on your fundamental rights and freedoms, or (b) the processing is for direct marketing purposes. In some cases, we may refuse your objection if we can demonstrate that we have compelling legitimate grounds to continue processing your information which override your rights and freedoms.
- Restriction.Request that we restrict or suspend our processing of your personal data:
- if you want us to establish the data's accuracy;
- where our use of the data is unlawful, but you do not want us to erase it;
- where we no longer require it, but you need us to hold onto it to establish, exercise or defend legal claims; or
- you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
- Data portability. Request we transfer certain of your personal data to you or your chosen third party in a structured, commonly used, machine-readable format. This right only applies to information processed by automated means that we process on the lawful bases of consent or performance of a contract.
- Withdraw consent. Withdraw your consent at any time where we are relying on consent to process your personal data. Please know that this does not affect the lawfulness of any processing carried out before you withdraw your consent, and after withdrawal, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- Complain to the UK data protection regulator. If you are unhappy with how we process your personal data, we ask that you contact us first using the details below so that we have the chance to put it right. However, you also have the right to make a complaint to the ICO at any time.
You can exercise any of these rights at any time by contacting us [email protected].
Description of categories of personal data
- Identity Data: first name, last name, title, and Profile Data.
- Contact Data: first name, last name, contact address, email address and telephone numbers, your communication preferences and copies of the communications between you and us.
- Profile Data: your email address, username and password.
- Transaction Data: billing and delivery addresses, payment card details, history of your payments, purchases, deliveries, returns and refunds and the applicable terms and conditions of your purchases.
- Device Data: the type of device you use, your unique device identifier, IP address, time zone setting, and other data about the device you are using.
- Content Data: information that you store or generate in the Site.
- Usage Data: logs and detail of your use of our Apps and Services, being the dates and times on which you download, access and update the Site and our Services, any error or debugging information, and the resources that you access and the actions we and you take in relation to them and Cookies Data.
- Security Data: information we collect about your use of the Site, our Services and our Sites in order to ensure your and our other users' safety and security, being Usage Data, the Cookies Data generated by Thikific and the information provided to us by our payment processing provider.
- Cookies Data: the information collected through the cookies and similar technologies listed in the Thinkific Cookies Notice.
- Direct Marketing Data: your direct marketing preferences, consents for receiving direct marketing from us and/or our third parties and the history of the direct marketing communications we have sent to you.
- Connected Data: information stored on your Device that you permit the Site to connect to, being Contacts lists, login information, and other related data.
- Feedback Data: your feedback and survey responses.