Illuminate Operations LLC., Illuminate Technologies LLC. & Illuminate Technologies UK Ltd.
Illuminate recognise the importance of personal information, and the privacy and security of this information is extremely important to us. This policy is intended to give a clear view of what data we collect, how we use it, how long we keep it for and how we get rid of it. This policy applies to anyone who deals with us, whether they visit our website, use any of our services, email us, contact us or visit our premises.
Illuminate will never sell personal data and we will only share it with other organisations we work with to deliver the services we provide, where they have demonstrable Privacy and Security policies pursuant to the way we work.
Personal Data We Collect
Personal data is any data which may identify a person or be identified as relating to them. For example, name, address, phone number and email address. We will sometimes need to collect this information, but we will only collect the personal data we need. Further data such as date of birth, age and employment status can be collected in connection with projects we might be working on, services we have been hired to deliver, or projects we are working on with others.
Personal data can be provided to us in various ways. It can be submitted through forms on our website, verbally over the phone, or we can receive emails or visitors to our premises. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect information, we cannot guarantee the security of any data transmitted to our site; any transmission is at the users own risk. Once we have received information, we will use strict procedures and security features to try to prevent unauthorised access.
Personal Data that is Provided
This includes information given to us when interacting with us, for example, when filling out a contact form, a Non-Disclosure form, registering as a client with us, placing an order or communicating with us. For example:
- Personal details – name, address, phone number, email address, etc.
- Financial details – bank name, bank address, bank account number and sort code.
- Technical information used in projects – usernames, passwords, databases, concepts, logos, drawings, designs, documents, spreadsheets and so on.
Personal Data Created by Involvement with Us
Activities and involvement with us will generate personal data being created. This could include project details, documentation and so on. During a project we will generate a great deal of personal data. Depending on the project, we may be generating custom software applications, login systems, membership platforms, e-commerce systems, database systems and support systems.
How We Use Personal Data
As we are a global company, we are governed by many principles. With regards to personal data, we align ourselves with the rigorous requirements of GDPR, which currently sets the highest standard for personal data protection across the EU and US. It is with full and conscientious adherence to this that we can with full confidence, state that we will only use personal data on relevant lawful grounds, as permitted by the EU General Data Protection Regulation (from 25th May 2018)/ UK Data Protection Act and Privacy of Electronic Communication Regulation.
Personal data provided to us will be used for the purposes of carrying out our business, in a transparent manner, in accordance with any preferences expressed by the owner of that data. Below we have listed the main uses of the data we collect:
- Sales: We deliver hardware and software projects. If we have been contracted to provide these services, we will need to collect personal data to carry out these services. This may include names, addresses and phone numbers, but also data and business-sensitive information.
- Accounting: We are required by law to keep accurate and up to date accounts of our business transactions. Any company or individual interacting with us in this way may be added to our accounting system.
- Marketing: We may occasionally run marketing campaigns; within the campaign all subscribers will be given the option to opt out of receiving any further marketing material.
- Recruitment and Employment: Anyone employed by us, will be required to provide personal data, including what is deemed to be ‘sensitive personal data’; such data may include but is not limited to health information, details regarding family and information relating to criminal convictions. This data is stored on third-party HR systems, who have been reviewed by Illuminate and found to be compliant with privacy and data protection requirements. As employers we have responsibilities with regards to this data; we have contractual responsibilities which arise from our contract of employment, outlining data relating to payroll, bank details, addresses, sickness and absence. We also have statutory responsibilities imposed upon us by law relating to tax, national insurance, work permits and equal opportunities monitoring. Internally, we also have management responsibilities, which are necessary for the functioning of the business. This includes data relating to employment, training, absence, disciplinary matters, email and phone number.
- Disclosure of Personal Data to other bodies: To carry out the running of our business day-to-day, provide employee benefits and to fulfil the requirements of the projects we work on, we sometimes need to disclose data to other bodies or third-party suppliers. Where we share information with other bodies, we will ensure that they have adequate procedures for records to ensure that the information is managed in accordance with the relevant legislation and regulatory guidance.
Any individual or company who have interacted with us can contact us at any time to change or discuss their privacy preferences, using the details below:
Illuminate Data Controller
Write to us:
Illuminate Technologies UK Ltd.
4/5 Lochside Avenue
Edinburgh EH12 9DJ
Illuminate Operations LLC.
8825 Stanford Blvd
Columbia, MD 21045
United States of America
Rights under GDPR
Under the GDPR, where we are using data under consent, the individual has the right to withdraw that consent at any time. They also have the right to ask us to stop using personal data for marketing purposes. This request must be submitted to us via the contact details above.
Subject Access Requests
Subject Access Requests can be submitted via the contact details above. There is no charge for making this request, although verification of identity will be required. Illuminate will respond within 30 days of verifying the identity.
Any personal data provided to us, will be retained in line with our Document and Data Management and Retention Policy, and with adherence to any potential audit required by law, after which time it will be permanently deleted. We may also disclose personal information to third parties if we are compelled to by law, or to comply with any legal obligation.
How Data is Secured
Information systems and data security is imperative to us to ensure that we are keeping data safe. We operate and implement robust procedures for managing data and the hardware it is present on.
How to Complain
Please contact us in the first instance regarding any issues around the use of personal data, via the contact details above; we would welcome the opportunity to resolve any problem or query. If the resolution is not satisfactory, the issue should be raised with the Information Commissioners Office (ICO), who are contactable via their website: https://ico.org.uk.
The Illuminate website uses analytical and Performance cookies to give us visibility into how the site is being used. The kind of activity these monitor include, but are not limited to, how many people visit the website, how long people spend viewing the website, and which pages are visited for the longest period. No personal identifiable data is collected with these cookies.
Storage of Information
Illuminate have offices in the UK and US, and as such, our data storage and hosting services are also based in the UK and US with reputable providers.
Right to Portability
Under the GDPR, if we have collected personal data through consent, or because we needed it to provide a product or service (under a contract), the individual has the right to receive their information back in a ‘machine-readable’ format. This request must be submitted to us via the contact details above.
Changes to this Policy
This policy will be reviewed at regular intervals for continuing suitability.