Lucas Promotions Ltd - Data Protection Statement

What is the purpose of this notice? 

We  collect  certain  information  about  you  in  the  course  of  operating  our business.   This notice sets out details of the information that we collect, how we process it and who we share it with. It also explains your rights under data protection law in relation to our processing of your data.

Who controls the use of your personal data?

 info@lucaspromotions.com

What personal data is collected? 

In order to provide our services to you we need to process certain personal data in relation to you, which includes:

• –  We  collect  the  following  biographical  data:  name,  assumed names,  address,  phone  number,  email  address, 

• –  If  you  pay  by  direct  debit  or  receive  payments  through  electronic funds  transfers,  we  will  collect  the  IBAN,  BIC  and  the  name  of  your  bank/building society.

• –  If  you  interact  with  us  we  will  record  details  of  those interactions  (e.g.  phone calls and logs  of  phone  calls,  email  correspondence  and hard  copy  correspondence).   

• -   When   you   interact   with   us   online   (by   computer,   tablet   or smartphone), you will often provide personal data to us, which you will be aware of when using the services or for which you give consent. We also automatically collect data about your use of our services, such as the type of device you are using and its IP address, and how you interact with the services.   Further details are available in the cookies policy  and/or  the  Data  Protection  Statement  that  accompanies  the relevant service.

Where does Lucas collect personal data from?

 Most of your personal data that we collect will be provided by you through our customer/supplier application forms, and your interactions with us. However, certain information may be provided by third parties on your behalf, including the following:

• Commercially available sources, such as public databases (where permitted by law).

• – If you are applying to open an account with us, you will need to provide us with details of your references, so that we can properly assess and process your application. Details may be provided electronically.

• – When you access our online services we will collect the information that you provide to us online. We will also automatically collect certain data in relation to your use of  our  services,  such  as  the  type  of  device  you  are  using  and  its  IP address and how you interact with the services.

• – We may  receive  your  personal  data  from  insurers  to  verify your company details and credit history, as well as for other regulatory reasons.

Certain personal information is required as a consequence of any contractual relationship we have with you, to enable us to carry out our contractual obligations to you. Failure to provide this information may prevent or delay the fulfilment of these obligations.

Why do you process my personal data?

We process your personal data in order to provide you with our products and services and to assist us in the operation of  our  business.  Under data protection  law  we  are  required  to  ensure  that there is an appropriate basis for the processing of your personal data, and we are required to let you know what that basis is.

There are various options under data protection law, but the primary bases that we use are (a)  processing  necessary  for  the  performance  of  our  contracts  with  you,  (b)  processing necessary in order for us to pursue our legitimate interests, (c) processing where we have your and/or your employees’ consent, and (d) processing that is required under applicable law.

Here  are  further  details  of  our  processing  of  your  personal  data  below,  together  with  the basis for that processing:

• We  will  process  your  personal  data  in  order  to administer your account.  This includes processing your personal data in order to make and receive payments, and to maintain our records of the products and services that you have purchased.     Where we process your personal data in order to administer your account this will be on the basis that it is necessary in order for the performance of our contract with you.

• We provide different channels to engage with you in order to perform our contractual obligations, including where you have opted to avail of electronic channels such as email or fax. Where we process data in the context of providing these products and/or services, this will be on the basis that it is necessary and proportionate for the purposes of providing such as part of our business.

• In order to process payments that you make or receive, we will need to process personal data in relation to the payment. Where we process such related data, this will be on the basis that it is necessary and proportionate for the purposes of administering your account.

• Like all companies it is essential to ensure that we can manage the costs and determine what products and/or services each of our clients have purchased. In order to do this we undertake extensive modelling of the current and historic transactions made by our customers, which we use to identify patterns, to try to predict future trends and how they might affect our business, and to undertake pricing, profitability and other studies. This information may be used to help us develop new products and/or services.   We also carry out auditing and quality control to check  that  our  processes  are  robust  and  are  being     In addition, we also need to process your data to meet certain regulatory and legislative obligations that apply to our business.

We  try  to  do  all  of  the  above  by  using  aggregated  or  anonymous  data  where possible, so you won’t be identifiable from the data, but some of this work involves processing your data without anonymizing it. Where we process data, this will be on the basis that it is necessary and proportionate for the purposes of providing such as part of our business.

• If  you  consent  to  us  sending  you  marketing  messages  about  our products and services we will process your personal data in order to make sure that any marketing messages that we send you are relevant to you. With your permission, this may include  processing  your  data  to  identify  services  that  might  be particularly  relevant  to    We may also  use  it  to  ensure  that  we  don’t  send  you details about a product and/or service that isn’t relevant to you.  

We  also  undertake  market  research  and  surveys, which  provide  us  with  market  insights. If we process your personal data for marketing and/or market research, this will be subject to your consent.

• It  is  an  unfortunate  feature  of  any business  that  fraud  can  occur  from  time  to    We have a number of systems and procedures in place to monitor for potentially fraudulent activity.    If we identify a suspicious request or transaction, we will process your personal data in order to investigate further  and  to  take  appropriate  measures  to  protect  Lucas  and  its employees    and    on    occasion    this    may    require    further    access    to    company records.  Where we process data in connection with fraud prevention and account management, this will be on the basis that it is necessary and proportionate for the purposes of administering your account.

• Lucas relies on state of the art technology and computer systems to run our business and to process accounts. We engage third party IT developers and support engineers who are constantly testing our systems, running trials of new software, and providing support to our users.

Where possible we try to use test data or anonymized data, but on occasion we may have to access live data directly, or we will often make a copy of some of the data that  sits  in  our  live  systems  and  run  our  tests  on  that  to  make  sure  everything  is working before we roll out a change.  These copies may include your personal data, including details in relation to transactions you have made.   In general this processing of your personal data is justified by our legitimate interests in making sure our computer systems  run  properly  and  are  safe  and  secure.   If  we  process  data  when running  these  tests  or  providing  support  services  to  our  users,  this  will  be  on  the basis  that  it  is  necessary  and  proportionate  for  the  purposes  of  providing  such as part of our business.

Consent

In order to process certain personal data in relation to you, (which may include company data), for certain purposes such as surveys, direct marketing, we may need to get your consent. When we process your data on the basis of your consent, you are free to withdraw that consent at any time.  You can withdraw your consent by contacting us using the contact details at the bottom of this notice.   Please note that if you withdraw your consent we may not be able to continue providing you with the service to which the consent related.

Information you are obliged to provide

We require certain information from you in order to be able to enter into a contract with you and to provide you with our products and/or services.   Where this is the case we will indicate on relevant forms what personal data is required in order to enter into the contract with you. If you do not provide the information, we will not be able to provide you with our products and/or services.

Will you provide my information to a third party?

In general, we do not share your personal information with third parties (other than service providers acting on our behalf) unless we have a lawful basis for doing so.

We rely on third-party service providers to perform a variety of services on our behalf, such as website hosting, electronic message delivery, payment and accounts processing, IT infrastructure, computer systems support, data analytics and research. This may mean that we have to share your personal information with these third parties. When we share your personal information in this way, we put in place appropriate measures to make sure that our service providers keep your personal information secure.

From time to time, we may disclose personal information in response to a court order, subpoena, government investigation, or as otherwise required or permitted by law.

Other situations in which we may disclose your personal information to a third party, are:

• perform other services we request from service providers;
• in the course of a sale or an acquisition of Lucas Promotions Limited;
• where permitted by law, to protect and defend our rights and property; and
• when required by law, and/or public authorities;

We may also share aggregated information that cannot identify you for general business analysis,
e.g. we may disclose the number of visitors to its websites or services.

We do not provide information to third parties for their own marketing purposes and we do not undertake mailings for third parties.

Information Security

We have implemented generally accepted standards of technology and operational security to protect personal information from loss, misuse, alteration or destruction. We require all employees and principals to keep personal information confidential and only authorised personnel have access to   this information.

We will retain your personal information in accordance with our data retention policy which sets out data retention periods required or permitted by applicable law. 

Transfers outside of the European Economic Area (EEA)

There  are  certain  circumstances  where  we  will  transfer  your  personal  data  outside  of  the EEA  to  a  country  which  is  not  recognised  by  the  European  Commission  as  providing  an equivalent level of protection for personal data as is provided for in the EEA.  If we transfer your  personal  data  outside  of  the  EEA  please  rest  assured  that  we  will  ensure  that appropriate  measures  are  in  place  to  protect  your  personal  data  and  to  comply  with  our obligations under applicable data protection law.  This may mean that we enter into contracts in the form approved by the European Commission, or we ensure that the company to which we transfer your personal data has agreed to abide by an approved transfer mechanism, such as the EU-US Privacy Shield framework.   If you would like further details about the measures we have taken in relation to the transfer of your personal data, or copies of the agreements that we have put in place in relation to the transfers, please contact us using the details at the bottom of this notice.

Retention of personal data

We will retain your personal data in accordance with our record retention policy.  This policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it. It is also kept in accordance with any legal requirements that are imposed on us.  This means that the retention period for your personal data will vary depending on the type of personal data.   For further information about the criteria that we apply to determine retention periods please see below:

• – We have certain statutory and regulatory obligations to retain personal data for set periods of time.

• – When we assess how long we keep personal data we take into account whether that data may be required in order to defend any legal claims which may be made. If such data is required, we may keep it until the statute of limitations runs out in relation to the type of claim that can be made (which varies from 2 to 12 years).

• – As we only collect personal data for defined purposes, we assess how long we need to keep personal data for in order to meet our reasonable business purposes.

Your rights 

You  have  various  rights  under  data  protection  law,  subject  to  certain  exemptions,  in connection with our processing of your personal data:

• Right to access the data - You have the right to request a copy of the personal data that we hold about you, together with other information about our processing of that personal data.

• Right to rectification – You have the right to request that any inaccurate data that is held about you is corrected, or if we have incomplete information you may request that we update the information such that it is complete.

• Right to erasure – You have the right to request us to delete personal data that we hold about you. This is sometimes referred to as the right to be forgotten.

• Right to restriction of processing or to object to processing – You have the right to request that we no longer process your personal data for particular purposes, or to object to our processing of your personal data for particular purposes.

• Right to data portability – You have the right to request us to provide you, or a third party, with a copy of your personal data in a structured, commonly used machine readable format.

In order to exercise any of the above rights, please contact us using the contact details set out below.

Questions and Complaints 

If  you have any queries or  complaints  in connection with our  processing  of  your  personal data, you can get in touch with us using the following contact details:

• Post: Data Protection Officer, Unit A9, Network Enterprise Park, Kilcoole, Co. Wicklow

• info@lucaspromotions.com

You also have the right to lodge a complaint with the Data Protection Commission if you are unhappy with our processing of your personal data. 

on 1890 252 231.