Privacy Policy

Your privacy is important to us. This page (our “Privacy Policy”) is where we explain to you what personal information we may collect from you when you instruct us to provide you with our services or when you access our website.

The type of personal information that we collect and the method of collection will depend on whether you are a customer of our business or if you are only visiting our website or making general business enquires. In order to explain how we handle personal information, this Privacy Policy details how we obtain your consent, how your personal information may be collected, how we may use that personal information, where we store it, how long we store it for, and how we protect it.

This policy also explains your rights in relation to your personal information.

Who we are

We are Lugo Limited, a company registered and incorporated in Scotland, whose company number is SC258909, and whose registered office is at 16 High Street, Linlithgow, EH49 7AE, United Kingdom. But, for the purposes of this Privacy Policy, it’s just easier if we refer to ourselves as “we” or “us”. If you consent to us collecting your personal information via our website, contact us with general business enquires, or agree to receive marketing communications from us then, for the purpose of data protection legislation, we will be the data controller for the personal information which relates to those matters.

If you are a client of our business and receive services from us then we will be the data processor for any personal information that we may process on your behalf and we will access, store, retain, and process personal information in accordance with the terms of the services agreement between you and us.

What this policy covers

This Privacy Policy applies to any services that we may provide to you and any use of our website. In the context of this Privacy Policy, “personal information” means information which, on its own or in combination with other information, can be used to identify you, in particular by reference to an identifier such as your name, your address, or location data. This Privacy Policy will govern how we may use that personal information.

We will process the personal information you provide us with in adherence with all Scottish data protection legislation. These laws include the EU General Data Protection Regulation for as long as it applies to the United Kingdom and the Data Protection Act 2018.

How you consent to us collecting or processing your personal information

Website.

When you visit our website you should see an overlay at the bottom of your screen directing you to this Privacy Policy.

By clicking or selecting the “I Agree” button that appears in the overlay then you are demonstrating to us that you are freely giving us informed and specific consent for us to collect and process your personal information for the purposes specified in this Privacy Policy and you are accepting and consenting to the practices described.

If you do not click or select the “I Agree” button that appears in the overlay at the top of your screen then we will endeavour to not collect your personal information.

If you do not see an overlay at the top of your screen then you may have already accepted our Privacy Policy. You may also be using a pop-up blocker or similar tools that may prevent this policy from being brought to your attention. Please ensure that any pop-up blockers are disabled when you use our site. We cannot be held liable to you if you use pop-up blocks or similar tools that prevent us from complying with our obligations under the legislation.

Services.

If you receive services from us then we will process personal information on your behalf in accordance with the terms of the service agreement between you and us. The types of personal information that we process and the duration of that processing will vary on a case-by-case basis.

Information we may collect

You may give us personal information about you by filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. This includes information you may provide to us when you subscribe to our services or enquire into our services.

If you are not one of our client’s then, depending on how you contact us, we may ask you to provide us with your:

  • Full name;
  • Postal address;
  • Landline and/or mobile number;
  • E-mail address; and
  • IP address.

If you are one of our client’s then the type of personal information that we may process on your behalf varies depending on your business and the services that you have asked us to provide. However, broadly speaking, we may process the following personal information on your behalf:

  • Names;
  • Addresses;
  • E-Mail addresses;
  • IP Addresses;
  • Financial information; and
  • Government issued identification.

Please contact us if you would like further information about the types of personal information we may process on your behalf. This type of personal information will vary from client to client and more detailed information can be found in your services agreement with us.

How is your personal information collected?

The way we collect personal information can be broadly categorised into the following:

  • Information given by you directly: In order to provide you with our services we may ask you to provide personal information or we may access personal information in an ancillary capacity when accessing your systems. For example, we ask for your contact information when you open a support ticket with us, contact us for technical assistance, take part in training and events, contact us with questions/enquiries, or request a quote for equipment/services.
  • Information we collect about you. When you visit our website and accept our Privacy Policy then we will collect personal information using cookies and other similar technologies for analytics purposes. Our website uses cookies to distinguish you from other users of our website and to save and retain certain parameters about you and your usage of our website.

    Our analytics provider is Google through its Google Analytics service. Google is a global company with many of its services based outside of the United Kingdom and the European Union. You can find out more about how Google treats your personal information [HERE].

    Google may transfer your personal information outside of the United Kingdom and the European Union.

    The below list details the cookies used in our website.

    CookieDescription
    __RequestVerificationTokenThis cookie is set by web application built in ASP.NET MVC Technologies. This is an anti-forgery cookie used for preventing cross site request forgery attacks.
    _gaThis cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
    _gat_gtag_UA_24228616_3This cookie is set by Google and is used to distinguish users.
    _gidThis cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
    _GRECAPTCHAThis cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
    AADNonce.formsNo description available.
    CONSENTThese cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
    cookielawinfo-checkbox-advertisementThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
    cookielawinfo-checkbox-analyticsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functionalThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessaryThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-othersThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performanceThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    DcLcidNo description available.
    FormsWebSessionIdNo description
    IDEUsed by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
    test_cookieThis cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
    undefinedNo description available.
    usenewauthrolloutNo description
    viewed_cookie_policyThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    VISITOR_INFO1_LIVEThis cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
    YSCThis cookies is set by Youtube and is used to track the views of embedded videos.
    yt-remote-connected-devicesThese cookies are set via embedded youtube-videos.
    yt-remote-device-idThese cookies are set via embedded youtube-videos.

How we may use your personal information

We will only use your personal data when the law allows us to do so. Most commonly, we will use your personal data in the following circumstances:

  • Where you have consented before the processing.
    Consent means processing your personal information where you have signified your agreement by a statement or clear opt-in to processing for a specific purpose. Consent will only be valid if it is a freely given, specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us.
  • Where we need to perform a contract that we are about to enter or have entered with you.
    Performance of contract means processing your personal information where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. This includes complying with our terms and conditions of service.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights to not override those interests.
    Legitimate interest means the interest of our company in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
  • Where we need to comply with a legal or regulatory obligation.
    Complying with a legal obligation means processing your personal information where it is necessary for compliance with a legal obligation that we are subject to.

We will only send you direct marketing communications by e-mail, SMS, or telephone if we have your consent. You have the right to withdraw that consent at any time by contacting us.

We will not pass your personal information to any third party for marketing purposes.

Purposes for which we will use your personal information

  • Website.
    The personal information that we may collect about you when you visit our website helps us to provide you with a good experience when you browse our website and also allows us to improve our website. We use analytics cookies to allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. These cookies also allow us to see overall patterns of usage on our site and help us record any difficulties you may have with our website. The lawful basis for processing this personal information is your consent.
  • Services.
    If you are one of our client’s or become a client of our business then we may process personal information on your behalf. This includes personal information about you, your colleagues, staff, employees, and representatives.The personal information that we collect is necessary for the purposes of supplying our services and we will only collect or process personal information where it is necessary for performing our services.If part of providing our services to you we need to share your personal information with our identified suppliers then we will tell you. You can find a list of our current approved suppliers at www.lugoit.co.uk/subprocessors.By way of example, we may use your personal information:

    • To provide you with a quote for services/hardware or IT support;
    • If you enter into a contract with us, to provide you with products or services we will use your personal information to fulfil our obligations as stated in the contract;
    • If you submit a query to us, to interact with you;
    • If you participate in our marketing, to contact and engage with you through our website, social media and at specified events;
    • Establish and administer a database of information regarding your IT systems to allow us to support your needs;
    • Internal record keeping; and
    • Processing payment for the purchase of our products and/or services.

The lawful basis for processing of this personal information is our obligation to perform our contract with you and we may also process personal information for our legitimate interests in order to ensure adherence to our services agreement and to ensure compliance with laws.

Disclosure of your information

We will only share and disclose your personal information with your consent. In some circumstances we may need to disclose personal information to select third-parties to provide you with additional services and business functions. The disclosure of this personal information is only to the extent necessary for us to fulfil our contractual obligations or as required by law. We will not use, sell, or transfer your personal data to any third-parties for marketing purposes without your express consent.

You can find a current list of our approved third-party suppliers at www.lugoit.co.uk/subprocessors.

We undertake an annual review of our commercial relationships with our third-party suppliers in order to ensure that they process personal information in accordance with our instructions and in compliance with UK data protection legislation.

The transfer of personal information from us to an of our approved third-party suppliers is subject to a signed agreement that ensures the protection of your personal information.

Where we store your personal information

We will not knowingly transfer your personal information outside of the UK or the European Economic Area without your consent.

We store your personal information in secure facilities located in 16 High Street, Linlithgow, EH49 7AE. We take the protection of your personal information seriously and have several layers of security measures in place including SSL, encryption, two factor authentication, firewalls and end-point protection. We ensure that all staff are aware of their responsibilities to store and transfer personal information securely. We utilise IT documentation tools to ensure your personal information is kept in a secure place that only authorised personnel can access.

In certain circumstances it may be necessary for us to transfer your personal information outside of the UK and the European Economic Area. You can find the list of our approved third-party suppliers at www.lugoit.co.uk/subprocessors. This page also explains where your personal information may be stored and what measures have been put in place to protect that personal information.

While we will do our best to store and protect your personal information, please be aware that the transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted from our website and any transmission is at your own risk. Once we have received your data we have internal processes and procedures to prevent unauthorised access.

Your legal rights

Under certain circumstances you have the following rights under data protection laws in relation to your personal information.

You have the right to:

  • Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. Data subject access requests must be in writing. Please see our contact details at the bottom of this page if you wish to submit a request.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us and your identity.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully, or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
    • If you want us to establish the data’s accuracy;
    • Where our use of the data is unlawful but you do not want us to erase it;
    • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    • You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

What if I do not consent or withdraw my consent?

If you are not a client or have only visited our website then you withdraw your consent at any time by contacting us.

If you are a client of our business then personal information processed by us as part of the services we provide will be held in accordance with the terms of our services agreement. If you do not consent to us collecting personal information as part of the services that we supply then we cannot guarantee the full provision of services and cannot be held responsible or liable to you for any reduction or restriction in access to our services.

Retention Policy

We will only keep your personal information for as long as necessary to provide you with your contracted services and to enable us to meet out regulatory obligations. We are also required to keep data for the purposes of satisfying our legal, accounting, and reporting requirements. At the end of this time period we will securely delete all personal data that identifies you or could be used to identify you.

You can read our data retention policy at www.lugoit.co.uk/retention

Changes to our Privacy Policy

We may need to change this Privacy Policy if there are changes to our services or legislation. If this policy is changed it will be updated on our website. Once we change our Privacy Policy, it will become legally binding on you thirty (30) days after we post it on our site. During that period you’re welcome to contact us if you have questions about the changes.

Contact & Complaints

We hope that this Privacy Policy provides you with the information you need. If you have any queries in respect of this Privacy Policy, your rights as a data subject, or the way in which your personal information is processed by us then please contact us as follows:

Contact: Ron Weatherup, Managing Director
Telephone: +44 (0)300 024 2242
E-Mail: accounts@lugoit.co.uk
Postal: Lugo Limited, 16 High Street, Linlithgow, EH49 7AE, United Kingdom.

If you are still dissatisfied you have the right to contact the Information Commissioner, who regulates compliance with data protection legislation in the UK at: ico.org.uk. You can also call the ICO on +44 (0)303 123 1113 or +44 (0)1625 545 745 or you can write to them at: Information Commissioner’s Office

Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF.