Our Data Protection Policy
1. Information We Collect
Our Website typically collects two kinds of information about you: (a) information that you provide which personally identifies you; and (b) information that does not personally identify you which we automatically collect when you visit our Website or that you provide us.
- Personally Identifiable Information: Our definition of personally identifiable information includes any information that may be used to specifically identify or contact you, such as your name, address, e-mail address, phone number, etc. As a general policy, to facilitate the use of Lightcastlebd.com content, you must provide personally identifiable information when registering. Affiliates of Lightcastlebd.com may also be required to provide a tax identification number.
- Non-Personal Information: Non-Personal Information: Our definition of non-personal information is any information that does not personally identify you. Non-personal information can include certain personally identifiable information that has been de-identified; that is, information that has been rendered anonymous. We obtain non-personal information about you from information that you provide us, either separately or together with your personally identifiable information. We also automatically collect certain non-personal information from you when you access our Websites. This information can include, among other things, IP addresses, the type of browser you are using (e.g., Internet Explorer, Firefox, Safari, etc.), the third party website from which your visit originated, the operating system you are using (e.g., Vista, Windows XP, Macintosh OS, etc.), the domain name of your Internet service provider (e.g. link3, mazeda etc.), the specific areas of the Website that you visit, and the duration of your visit
2. Data Handling Procedures and Review
- Review current mailing lists: We check contacts in Asian countries for records of consent. Remove individuals without a proactive consent notice. Those related with marketing automation create a separate segmentation list for these contacts to secure consent in the future.
- Document all the data collection channels and steps: We document all the channels from which our site receives contact data such as events, website registrations, partners, sales, list purchases, etc., and ensure there is a consent process for each channel.
- Communicate within the organization the seriousness of GDPR: We Ensure that each team member understands the potential consequences of not following the regulations. We suggest working with learning and development teams to roll out a data-handling course to all employees.
3. Actions we take while collecting personal Data
- Provide clear consent wording: We as an organization are obligated to use clear, non-legalese language that allows the person to provide unambiguous consent. As our company collects personal information through a web form, we post clearly how the information will be utilized.
4. How We Use & Share the Information Collected
- Personally Identifiable Information: The personally identifiable information you submit to us is generally used to carry out your purchase of Lightcastlebd.com content. In the event you have become a Lightcastlebd.com Member, the personally identifiable information you submit to us will be used to identify you as a Lightcastlebd.com Member and to facilitate your access to Membership benefits. We may also use this information to later contact you for a variety of reasons, such as customer service, providing you promotional information about our products and services or those of our other affiliated companies (“affiliated companies”), or to communicate with you about the services we have provided.
- Non-Personal Information: We use non-personal information in a variety of ways, including to help analyze site traffic, understand customer needs and trends, carry out targeted promotional activities, and to improve our services. We may use your non-personal information by itself or aggregate it with information we have obtained from others. We may share your non-personal information with our affiliated companies and third parties to achieve these objectives and others, but remember that aggregate information is anonymous information that does not personally identify you.
5. Actively Managing Existing Contacts and Leads in Our Database
Sending a re-verification email (double opt-in): While sending all active LightCastle contacts a new request to re-verify their email address and renew their consent to receive email, mobile in-app, phone or direct mail communication. We believe in the right to privacy and consent thus we prohibit emailing individuals who previously unsubscribed.
6. Other Uses & Information
- IP Addresses: An IP address is a number that is automatically assigned to your computer whenever you are surfing the Internet. Web servers (computers that “serve up” web pages) automatically identify your computer by its IP address. When visitors request pages from our Websites, our servers typically log their IP addresses. We collect IP addresses for purposes of system administration, to report non-personal aggregate information to others, and to track the use of our Website. IP addresses are considered non-personal information and may also be shared as provided above. We reserve the right to use IP addresses and any personally identifiable information to identify a visitor when we feel it is necessary to enforce compliance with our Website rules or to: (a) fulfill a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our Website, or other users; or (d) in an emergency to protect the health and safety of our Website’s users or the general public.
- Cookies: “Cookies” are small text files from a website that are stored on your hard drive. These text files make using our Website more convenient by, among other things, saving your passwords and preferences for you. Cookies themselves do not typically contain any personally identifiable information. We may analyze the information derived from these cookies and match this information with data provided by you or another party.
- Email Communications: If you send us an email with questions or comments, we may use your personally identifiable information to respond to your questions or comments, and we may save your questions or comments for future reference. For security reasons, we do not recommend that you send non-public personal information, such as passwords, social security numbers, or bank account information, to us by email. However, aside from our reply to such an email, it is not our standard practice to send you email unless you request a particular service or sign up for a feature that involves email communications, it relates to purchases you have made with us (e.g., product updates, customer support, etc.), we are sending you information about our other services, or you consented to being contacted by email for a particular purpose. In certain instances, we may provide you with the option to set your preferences for receiving email communications from us; that is, agree to some communications but not others.
- Transfer of Assets: As we continue to develop our business, we may sell or purchase assets. If another entity acquires us or all (or substantially all) of our assets, the personally identifiable information and non-personal information we have about you will be transferred to and used by this acquiring entity. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such information may be considered an asset of ours and as such may be sold or transferred to third parties.
- Other: Notwithstanding anything herein to the contrary, we reserve the right to disclose any personally identifiable information or non-personal information about you if we are required to do so by law, with respect to copyright or other intellectual property infringement claims, or if we believe that such action is necessary to: (a) fulfill a government request; (b) conform with the requirements of the law or legal process; (c) protect or defend our legal rights or property, our Website, or other users; or (d) in an emergency to protect the health and safety of our Website’s users or the general public.
7. Public Forums
9. Keeping Your Information Secure
We have implemented security measures we consider reasonable and appropriate to protect against the loss, misuse and alteration of the information under our control. Please be advised, however, that while we strive to protect your personally identifiable information and privacy, we cannot guarantee or warrant the security of any information you disclose or transmit to us online and are not responsible for the theft, destruction, or inadvertent disclosure of your personally identifiable information.
10. Our Data Breach Plan
According to our GDPR requires us to report data breaches no later than 72 hours after we become aware of the breach. We are proactive and have designed a data breach action plan as a precaution.
The following are our planned best practices for responding to a data breach.
- Communicate internally to all employees and provide training to all customer-facing employees on how to respond and assist customers.
- A social media response plan, ensuring enough staff are available to respond to social media posts.
- Publish as much information as possible, as quickly as possible, about the breach on the company website or direct customers to a microsite designed to dispense information about the breach.
- Notify affected parties. Send an appropriate form of communication, whether through email, paper mail or a phone call, notifying affected parties about the breach.
- Communicate to affected parties and media that the business is taking all measures to mitigate the damage of the breach.
- Inform affected parties and media that they should report any suspicious activity with regard to use of their personal data to the business and the proper authorities (if applicable).
- Engage the public relations firm or external communications to issue a press release and/or hold news conferences to inform the public about the breach. Be as transparent as possible.
- Provide clear instruction about how to file complaints, get assistance or reach the customer service department.
- Provide assistance to customers who are suffering negative consequences resulting from the breach.
- Update affected parties and media about how the company will prevent future breaches.
- Coordinate with internal stakeholders to ensure compliance going forward.
11. Other Sites
Our Website may link to or contain links to other third party websites that we do not control or maintain, such as in connection with purchasing catering services or other services or products referenced on our Website. We are not responsible for the privacy practices employed by any third party website. We encourage you to note when you leave our Website and to read the privacy statements of all third party websites before submitting any personally identifiable information.
12. Contact Information
We will respond to your request and, if applicable and appropriate, make the requested change in our active databases as soon as reasonably practicable. Please note that we may not be able to fulfill certain requests while allowing you access to certain benefits, features and services offered on or through our Website.