Last updated: 2nd September 2021

 

INTRODUCTION

​

Important information and who we are

Welcome to Lightning Social Ventures Ltd’s Privacy and Data Protection Policy (“Privacy Policy”).

At Lightning Social Ventures Ltd (company number 12670000) we are committed to protecting and respecting your privacy and Personal Data as a data controller in compliance with the law and guidelines of the Data Protection Act 2018 (“DPA”) and the EU General Data Protection Regulation (“GDPR”) as implemented into domestic law by the European Union (Withdrawal Agreement) Act 2020 (together “Data Protection Law”) . In this Privacy Policy, Lightning Social Ventures Ltd will be referred as “we”, “us”, or “our”. Additionally, there are references to “You”. In these instances, “You” may be a visitor to our websites (lightning.org, and any subdomains and test sites linked to within lightning.org), a customer that is an individual, or an employee of a customer (in each case, a “Customer”), or a user of our Customer’s products or services (“End User”).

​

This Privacy Policy explains how we collect, process and keep your data safe. 

This Privacy Policy applies to all our employees and staff members and all Personal Data processed at any time by us.

 

LEGAL BASIS FOR DATA COLLECTION

​

Types of Data / Privacy Policy Scope

“Personal Data” means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together below. Not all of the following types of data will necessarily be collected from you and the Personal Data we do collect will depend on your use of our website but this is the full scope of data that we may collect and when we might collect it from you:

• “Profile/Identity Data”: This is data you provided in your profile which may include Name, Date of Birth, Address, Contact details, Nationality, Right to reside in the UK, Gender, Religion, Ethnic group, Sexual orientation, Household details, Illness or disability, Employment status and history, Reason for needing support and type of support needed, Grant application history and Details of benefits claimed and/or received.

• “Contact Data”: This is data relating to your phone number, addresses, email addresses, phone numbers.

• “Marketing and Communications Data”: This is your preferences in receiving marketing information and other information from us.

• “Financial Data”: This is data relating to your finances e.g. transaction history, transaction amounts and descriptions, account name and number, currency, account balance.

• “Technical Data”: This is your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to engage with us. We also use cookies or similar tracking technologies to collect usage statistics and to help us provide and improve our services. You can find more information about how we use cookies and your related choices in our Cookie Policy.

• “Customer Support Data”: This includes feedback and survey responses.

• “Usage Data”: information about how you use our website, products and services.

We may collect personal data from third parties, such as official registers and databases, as well as fraud-prevention agencies and partners who help us to provide our services. This includes information to help us check your identity.

From time to time we may also aggregate some of your data with the data of other people and produce data summaries to create “Aggregated Data” which we may use and share with third parties. Aggregated Data could be derived from your Personal Data but will not directly or indirectly reveal your identity or be traceable back to you. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Policy.

We do not collect any information about criminal convictions and offences.

​

The Legal Basis for Collecting and Processing your Personal Data

There are a number of justifiable reasons under the Data Protection Law that allow collection and processing of Personal Data. We rely on the lawful bases of:

• “Consent”: Certain situations allow us to collect and process your Personal Data, such as when you tick a box that confirms you are happy to receive email newsletters from us, or ‘opt in’ to a service.

• “Contractual Obligations”: We may require certain information from you in order to fulfil our contractual obligations and provide you with the promised service.

• “Legal Compliance”: We’re required by law to collect and process certain types of data, such as information related to fraudulent activity or other illegal actions.

• “Legitimate Interest”: We might need to collect and process certain information from you to be able to meet our legitimate interests - this covers aspects that can be reasonably expected as
  part of running our business, that will not have a material impact on your rights, freedom or interests. Examples could be your address, so that we know where to deliver something to, or your name, so that we have a record of who to contact moving forwards.

For special category data we collect and process your data on the following basis:

• “Consent”: If you have agreed for us to collect and process your data, such as opting in to share your information as part of the grant application.

• “Substantial public interest”: In accordance with the Data Protection Act 2018, Schedule 1, Part 2. This includes processing for diversity monitoring purposes.

​
 

HOW WE USE YOUR PERSONAL DATA

​

Our Uses

We will only use your Personal Data when we are permitted to do so by the Data Protection Law. Set out below are some examples of the different types of Personal Data we collect and the lawful basis for processing that Personal Data.

The examples provided below are indicative in nature and the purposes for which we use your data may be broader than described but we will never process your data without a legal basis for doing so. For further inquiries please contact our Data Protection Officer using the details in the “Get in Touch” section below.

 

For Customers

Activity - Delivering our services to you

Type of data - Profile/Identity Data

Lawful basis for processing data - Contractual Obligations

​

Activity - Conducting any due diligence that we are required to do in order for you to receive our services

Type of data - Profile/Identity Data

Lawful basis for processing data - Legal Obligation

Activity - To provide you with updates on our activities, services and products; to record your marketing preferences and any feedback or responses for the purposes of improving our services.

Type of data - Contact Data, Marketing and Communications Data, Customer Support Data & Usage Data

Lawful basis for processing data - Consent

 

For End-Users

Activity - Delivering our services to you and improving our services

Type of data - Profile/Identity Data, Financial Data & Special Category Data (gender, religion, ethnic group and sexual orientation).

Lawful basis for processing data - Legitimate Interest

​

Activity - To provide you with updates on our activities, services and products; to record your marketing preferences and any feedback or responses for the purposes of improving our services.

Type of data - Contact Data,  Marketing and Communications Data, Customer Support Data & Usage Data

Lawful basis for processing data - Consent

​

Activity - For diversity monitoring.

Type of data - Profile/Identity Data & Special Category Data (Religion, ethnic group and sexual orientation).

Lawful basis for processing data - Legitimate Interest and Reasons of substantial public interest (with a basis in law)

 

Activity - To anonymise or pseudonymise the Personal Data in order for it to be used to be part of a market study or analytics by us or a third party.

Type of data - Profile/Identity Data, Financial Data, Technical Data, Customer Support Data & Usage Data

Lawful basis for processing data - Legitimate Interest

 

For Website Visitors

Activity - To allow us to run the operation of our website and ensure that our provision of services through our website runs as smoothly as possible

Type of data - Technical Data

Lawful basis for processing data - Consent & Usage Data

​

Activity - To provide you with updates on our activities, services and products; to record your marketing preferences and any feedback or responses for the purposes of improving our services.

Type of data - Contact Data, Marketing and Communications Data, Customer Support Data & Usage Data

Lawful basis for processing data - Consent

 

Marketing and Content Updates

You will receive marketing and new content communications from us if you have created an account and chosen to opt into receiving those communications. From time to time we may make suggestions and recommendations to you about goods or services that may be of interest to you. You can opt out of receiving marketing communications from us at any time by following the instructions in those communications.

 

Change of Purpose

We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact our Data Protection Officer using the details in the “Get in Touch” section below

If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by the Data Protection Law.

 

YOUR RIGHTS AND HOW YOU ARE PROTECTED BY US

​

How Does Lightning Social Ventures Ltd Protect End Users’ and Customers' Personal Data?

We are concerned with keeping your data secure and protecting it from inappropriate disclosure. We implement a variety of security measures to ensure the security of your Personal Data on our systems, including database encryption and periodic training to assist company employees in the prevention of network, cyber and privacy losses. Any Personal Data collected by us is only accessible by a limited number of employees who have special access rights to such systems and are bound by obligations of confidentiality. If and when we use subcontractors to store your data, we will not relinquish control of your Personal Data or expose it to security risks that would not have arisen had the data remained in our possession. However, unfortunately no transmission of data over the internet is guaranteed to be completely secure. It may be possible for third parties not under the control of Lightning Social Ventures Ltd to intercept or access transmissions or private communications unlawfully. While we strive to protect your Personal Data, we cannot ensure or warrant the security of any Personal Data you transmit to us. Any such transmission is done at your own risk. If you believe that your interaction with us is no longer secure, please contact us using the details in the “Get in Touch” section below.

 

Object to processing, including Direct Marketing

You may have the right in certain circumstances to ask us to stop processing your Personal Data. You always have the right to ask us to stop processing your Personal Data for direct marketing purposes, at any time, by following the process set out in the “Marketing and Content Updates” section above.

Where you opt out of receiving these marketing messages, we will continue to retain other Personal Data provided to us as a result of interactions with us not related to your marketing preferences.

​

Request access

You have the right to request a copy of the Personal Data we hold about you (also known as a data subject access request). 

 

Request to restrict processing

You may, in certain circumstances, have the right to ask us to restrict the processing of your data or to suppress your data.

 

Request correction or erasure

If we hold any of your Personal Data, you have the right to ask us to correct any inaccurate data we hold about you or delete the data where there is no legitimate reason for us to continue to process it. We may not always be able to delete or correct on request if it is not within our control or if we are subject to legal requirements to keep the data.

​

Get in Touch

Lightning Social Ventures Ltd is your Data Controller and responsible for your Personal Data. We have appointed a Data Protection Officer (“DPO”) who is responsible for our compliance with Data Protection Law. If you have any questions about this Privacy Policy or how we use your Personal Data, or wish to exercise your legal rights regarding your Personal Data, please contact our DPO using the details set out below:

Email address: data@lightningreach.org

​

What we may need from you

You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, if your request is clearly unfounded, repetitive, or excessive, we could refuse to comply with your request or charge a reasonable fee.

​

We may need to request specific information from you to help us confirm your identity and ensure you have the right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

​

Time limits to respond 

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

 

How to Complain

If you have any concerns about our use of your Personal Data, you can contact, or make a complaint to, our DPO at the email address set out above and we will work with you to address your concerns.

Alternatively, if you are unhappy with how we have used your Personal Data, you can also complain to the Information Commissioner's Office (“ICO”), the UK supervisory authority for data protection issues, using the following details:. 

The ICO’s address:            

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

 

YOUR DATA AND THIRD PARTIES

​

Will We Share Your Data With Third Parties?

We may share your Personal Data with third parties: 

• to enforce or apply our Terms of Service and other agreements;

• with partners or suppliers who process Personal Data on our behalf (such as our professional advisers, auditors or IT suppliers) - we take the security and protection of your Personal Data seriously and only allow such suppliers to use your Personal Data for specified purposes and in accordance with our instructions;

• if we have to do so to fulfil our legal obligations;

• to protect the rights, property, or safety of Lightning Social Ventures Ltd, our customers, or others;

• with a business entity directly or indirectly Controlling, Controlled by or under common Control with a party (an “Affiliate”). This will be subject to confidentiality obligations to use it only for the purposes for which we disclose it to them and pursuant to our instructions;

• for any other notified purpose with your consent;

• in the event that Lightning Social Ventures Ltd anticipates a change in control or the acquisition of all or part of our business or assets or with interested parties in connection with the licensing of our technology. If Lightning Social Ventures Ltd is sold or makes a sale or transfer, we may, in our sole discretion, transfer, sell or assign your Personal Data to a third party as part of or in connection with that transaction. Upon such transfer, the Privacy Policy of the acquiring entity may govern the further use of your Personal Data

We may also share your Personal Data with other partners or suppliers in order to enable us to provide you with the products and services you request. These partners or suppliers may include:

• Fraud prevention agencies to ensure you are not involved in fraudulent activities;

• Identity verification organisations to ensure that the information you provide is associated with the identity of a real person, such as Onfido. Please see their Privacy Policy here;

• Technology providers that enable you to connect your bank account or other financial accounts, such as Plaid Inc. Please see their Privacy Policy here;

• Joint Data Controllers of your information such as the organisation that may have introduced you to us in order for us to fulfil our services to both you and them (“Introducing Organisation”)

• Service providers, such as charities, to identify and connect you to financial, or other, support that is likely to be suited to your circumstances

We will endeavour to obtain your consent before sharing your data with these third parties. However, there may be instances where we are required to share your data and will not obtain your consent beforehand - for example when sharing your information with an Introducing Organisation using the legal basis of Legitimate Interest, or with a grant giving organisation in order to fulfil our Contractual Obligations to you.

 

Third-Party Links

This Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit.

​

HOW LONG WILL WE RETAIN YOUR DATA FOR?

We will only retain your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for. We may retain your Personal Data for a longer period than usual in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. If you would like further information, please email data@lightningreach.org.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

 

INTERNATIONAL TRANSFER OF DATA

Your information may be stored and processed in the UK or other countries or jurisdictions outside the UK where Lightning Social Ventures Ltd has facilities. We are currently storing data in the UK, but may store or process data outside the UK if required in the future. By using Lightning Social Ventures Ltd, you are permitting and consenting to the transfer of information, including Personal Data, outside of the UK.

 

NOTIFICATION OF CHANGES AND ACCEPTANCE OF POLICY

We keep our Privacy Policy under review and will place any updates on this webpage. By using Lightning Social Ventures Ltd, you consent to the collection and use of data by us as set out in this Privacy Policy. Continued access or use of Lightning Social Ventures Ltd will constitute your express acceptance of any modifications to this Privacy Policy.