Version 1 – Effective Date: 1st November 2019
At Shapelamp, we take data privacy seriously. Please read this privacy notice to ensure that you are fully informed. If you have any questions or concerns, please contact us using the contact details provided on the Website.
1. About Us
Shapelamp enables users to design and customize LED lighting products to a variety of shapes, colours and configurations which can be purchased by users (the “Services”). The Services are offered on an online platform accessed from www.shapelamp.com (the “Website”).
Shapelamp is a joint venture between Altern Limited, a company registered in Malta with registration number C 45287 and with its registered address at KW17A, Corradino Industrial Estate, Paola PLA300, Malta (“Altern”) and Sean Co Limited, a company registered in Malta with company registration number C 86056 and with its registered address at 15, Lyrae, Triq il-Frawli, Attard, ATD1812, Malta (“SeanCo”). Altern and SeanCo are joint controllers of your Personal Data. The joint venture is referred to in this privacy notice as “Shapelamp”.
In this privacy notice, these terms have the following meanings:
“Data Subject” means any person to whom Personal Data relates. Persons purchasing products from the Website are generally Data Subjects. Persons browsing the Website without purchasing products from the Website may possibly be Data Subjects.
“Personal Data” means any information that identifies or can be used to identify a Data Subject, directly or indirectly. Examples of Personal Data include, but are not limited to, first and last name, date of birth, and e-mail address. Personal Data does not include data where the identity has been removed (“Anonymous Data”)
“You” and “Your” means, depending on the context, you as a Data Subject.
“Us and “Our” means Shapelamp.
3. The Purpose of this Privacy Notice
This privacy notice explains who we are, what Personal Data we collect and how we collect it, share and use Personal Data, as well as how you can exercise your privacy rights. It also explains how Shapelamp collects and processes your Personal Data when using the Website.
4. Personal Data We Collect
The Personal Data that we may collect broadly falls into the following categories:
a. Registration data: You may wish to open a Shapelamp account on the Website to use the Services as a registered user. When you register for an account, you will be asked to provide certain basic information such as your first name, last name, e-mail address, and password, along with other informatin required to communicate with you and supply the products you require.
b. Billing and communication data: If you use our Services to purchase products, you may also need to provide us with payment and billing information, such as your credit card details and billing address. Shapelamp will also maintain a record of your billing transactions and purchases and any communications and responses.
(iii) Third party or publicly available sources: From time to time, we may obtain data from third-party sources, such as public databases, social media platforms, and third-party data providers. Examples of the information we receive from other sources include device information such as IP addresses, location, and online behavioural data.
We do not ask to be provided with any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data) for marketing purposes. Nor do we collect any information about criminal convictions and offences for marketing purposes.
5. Use of Personal Data and Legal Basis for Collection and Processing
We may use the Personal Data we collect through the Website and the Services or other sources for a range of reasons, as per the below table:
|Data Category||Purpose||Legal Basis|
|Data we collect automatically and data collected from third-party or publicly available sources||To provide, support and improve the Website and the Services||Legitimate Interest|
|Data you provide to us in the Registration process (‘Registration Data’), including first name, last name, e-mail address and other Personal Data requested at registration stage||For you to set up an account, and for us to provide access to certain parts of the Website which would otherwise be restricted, from which parts of the Website we will provide our Services, including communicating with you as necessary; and from which you may purchase products and use all or part of the Services.||Consent given by you|
|Data you provide to us, namely Communication Data, including first name, last name, e-mail address, message, comments and other Personal Data submitted by you in communicating with Shapelamp, whether through the Website or other means, including but not limited to e-mail.||For you to communicate with us and for us to communicate with you and provide customer support.||Consent given by you; and to fulfil contractual obligations as the case may be.|
|Billing information, including credit card details, billing party and billing address, as well as Personal Data connected to such billing information||To bill and collect money owed to us by you. This includes sending you e-mails, invoices, receipts, notices, alters etc. We use third-parties for secure credit card transaction processing, and those third-parties collect billing information to process your orders and credit card payments.||To fulfil contractual obligations|
Please note that in addition to the above, we may use the Personal Data we collect through the Services or other sources (whether you provide such Personal Data to us or whether it is automatically collected or acquired from third-parties) for a range of reasons, including:
a. To meet legal requirements;
b. To provide information to representatives and advisors, including attorneys and accountants;
c. To use in legal proceedings;
d. To respond to lawful requests by public authorities;
e. For data analytics purposes;
f. For other purposes to carry out legitimate business purposes
When we rely on a legal basis of legitimate interests, we have carried out a Legitimate Interests Assessments to ensure that we have weighed your interests and any risks posed to you and to ensure that our processing is proportional and appropriate. Typically, our legitimate interests include improving, maintaining, providing, and enhancing our technology, products, and services; ensuring the security of the Website and the Services; and for our marketing activities.
In some cases, we may also have a legal obligation to collect Personal Data from you, in which case that would apply as the legal basis for collecting and processing such Personal Data.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
6. Cookies and Tracking Technologies
We and our partners may use technologies to collect and store information when you use our Website and Services, and this may include using cookies and similar tracking technologies to collect Personal Data such as:
a. Device information: We collect information about the device and applications you use to access the Website and the Services, such as your IP address, your operating system, your browser ID, and other information about your system and connection
b. Log data: We collect log files that record data each time a device accesses the Website and the Services.
c. Product usage data: We collect usage data about you whenever you interact with our Website and Services, which may include the dates and times you access the Website and Services and your browsing activities (such as what portions of the Services are used). We also collect data regarding the performance of the Services. This information allows us to improve the content and operation of the Website and the Services, and facilitate research and analysis of the Website and the Services.
7. Other Data Protection Rights
You have the following data protection rights:
1. To access, correct, update or request deletion of Personal Data.
2. To object to the processing of your Personal Data.
3. To request restriction of processing of your Personal Data.
4. To request Personal Data portability.
5. If Personal Data is collected or processed on the basis of consent, to withdraw such consent. Withdrawing your consent will not affect the lawfulness of any processing conducted prior to withdrawal, nor will it affect processing of Personal Data conducted in reliance on lawful processing grounds other than consent.
6. To complain to a data protection authority about the collection and use of Personal Data.
If you wish to exercise any of the rights set out above, please get in touch with us. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
8. How We Share Information
We do not share or disclose any of your Personal Data without your consent, other than for purposes specified in this notice or where there is a legal requirement. We may use third party providers to provide our services; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
In pursuit of the above, we may share and disclose your Personal Data to the following types of third parties for the purposes described in this privacy notice:
a. Our Service Providers: Sometimes, we share your information with third-party service providers, who help us provide and support our Website and Services and other business-related functions.
b. Advertising partners: kindly note Clause 9 below in this respect.
c. Any competent law enforcement body, regulatory body, authority, court or other third party where we believe disclosure is necessary on account of any applicable law, or to exercise, establish, or defend our legal rights.
d. A potential new joint venture member or acquirer in the event that the joint venture is reorganised or restructured, or in the case of a sale, merger, consolidation, liquidation, reorganisation or
e. Any other person with your consent.
9. Your Choices and Opt-Outs
If you opted in our marketing e-mails and communications, you can opt out of receiving such communication. You may do so by clicking the ‘unsubscribe’ link at the bottom of the marketing message received. Also, opt-out requests can be made by messaging us directly.
Please note that some communications (such as service messages, account notifications, billing notifications) are considered transactional and necessary for the management of your account on the Website, and therefore cannot be opted out unless you cancel your account registration.
10. Security & Data Transfers
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
International Data Transfers
Personal Data in the European Union is protected by the General Data Protection Regulation (GDPR) but some other countries may not necessarily have the same high standard of protection for your Personal
Data. Sometimes we may have to share your Personal Data with third party processors which are based outside of the EU, however when we do so we will ensure that this is done under an adequacy decision or under standard contractual clauses approved by the EU Commission.
11. Retention of Data
We will only retain your Personal Data for as long as necessary to fulfil its collection purposes including any legal, contractual, regulatory or accounting requirements. We will hold on to your Personal Data for as long as our relationship subsists or to prove that we provided our services, for a period of 5 years after the relationship ends, or where the right subsists, up until the Personal Data is deleted in pursuit of a request from your end.
12. Changes to this Privacy Notice
We may change this privacy notice at any time and from time to time. The most recent version of the privacy notice is reflected by the version date located at the top of this privacy notice. All updates and amendments are effective immediately upon notice, which may be given by any means, including, but not limited to, by posting a revised version of this privacy notice or other notice on the Website.
We encourage you to review this privacy notice often and to stay informed of changes that may affect you.
13. Questions and Concerns
If you have any questions, comments, or if you have a concern about the way in which we handled any privacy matter, or if you would like to send us a communication or message in pursuit of any of your rights in accordance with this privacy notice, please use our contact page on www.shapelamp.com/contact or e-mail us on [email protected].
Altern and SeanCo are joint controllers and responsible for your Personal Data. You have the right to make a complaint at any time to the Office of the Information and Data Protection Commissioner (IDPC), the Maltese supervisory authority for data protection issues (www.idpc.org.mt). We would, however, appreciate the chance to deal with your concerns before you approach the IDPC so please contact us in the first instance.