1.Introduction

This privacy notice provides you with details of how we collect and process your personal data through your use of our website www.lappella.com.


By providing us with your data, you warrant to us that you are over 13 years of age. If you are under 13, you must obtain parental permission to use our website.

Under the UK Data Protection Act 1998 and EU General Data Protection Regulation (GDPR), the data controller of your personal information collected by us is Lappella Ltd, Company Registration number 13246396 (England and Wales)

We have appointed a Data Protection Officer who is in charge of privacy-related matters for us. If you have any questions about this privacy notice, please contact the Data Protection Officer using the details set out below.

Data protection Officer Lappella Ltd, The Red Carpet Cinema, Barton Marina, Barton Under Needwood, Staffordshire DE13 8AS

Email address: contact@lappella.com

It is important that the information you provide is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at contact@lappella.com

This notice will be updated from time to time. Please check this notice from time to time to keep up to date. 

If you fail to provide data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

The key areas regarding the collection of personal data are as follows.

  • Data Collected about you
  • Why we collect your data
  • How we collect your data
  • Who we may share your data with
  • Data security
  • Data retention
  • International transfers
  • Marketing communication
  • Disclosures of personal information
  • Your legal rights
  • Third Party links
  • Cookies

 

1. Data Collected about you

Personal data means any information capable of identifying an individual. It does not include anonymised data.

We may collect, use, store and transfer different kinds of personal data about you as follows

  • Customer Data includes your name, title, billing address, delivery address email address, phone number, contact details, purchase details and your card details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. We also may use this data for the purposes of fraud prevention. We process this data on the grounds of performing a contract between you and us and/or taking steps at your request to enter into such a contract.
  • Usage Data includes data about how you use our website and any online services and any data you post for publication on our website or through other online services. services and business. The collection of this data enables us to properly administer our website and our business.
  • Technical Data includes data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. This data is used to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful grounds for this processing is to enable us to administer our website and our business and to grow our business and to decide our marketing strategy.
  • Communication Data includes any communication that you send to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful grounds for this processing is to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
  • Marketing Data includes data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free giveaways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful grounds for this is to analyse how customers use our products/services, to develop them, to grow our business and to create our marketing strategy.
  • We may use Customer Data, Usage Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you and to measure or understand the effectiveness of the advertising we serve you. We may also use such data to send other marketing. Our lawful grounds for this processing is to grow our business.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. If we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at contact@lappella.com. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

We do not carry out automated decision-making or any type of automated profiling.

 

2. Why we collect your data

We collect your data in accordance with EU GDPR legislation where we have a legitimate interest to satisfy the following:

  • To Fulfil any orders placed with us
  • To process refunds
  • To create an account for you
  • To communicate with you
  • To send you marketing communications such as newsletters and catalogues or provide you with information about our products, offers or services that you request from us, or we believe may be of interest to you.
  • To store information about your preferences to allow us to customise our website and marketing communications according to your interests
  • To notify you about changes to our service
  • To communicate with you if you have entered a competition with us
  • To obtain and analyse your feedback as part of customer surveys
  • To handle any disputes we may have with you
  • To comply with our legal obligations


3. How we collect your data

We collect data from you when you register an account with us, subscribe to marketing communications from us, submit enquiries to us and/or purchase from us. We also collect information that you provide voluntarily to our Customer Services team, whether in writing, by telephone, e-mail or live chat.

We also collect some information automatically using cookies to improve the shopping experience. By using our website you agree that we can place these types of cookies on your device and access them when you visit the site in the future.

Please note that if you do not have cookies enabled, you will be unable to place an order on our website.

 

4. Who we share your data with

We may have to share your personal data with the parties set out below:

  • External third parties such as service providers, and professional advisors.
  • Government bodies that require us to report processing activities.
  • Fraud prevention agencies at the time of purchase.
  • Third parties to whom we sell, transfer, or merge parts of our business or our assets.

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

 

5. Data Security

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation.

All online orders are encrypted using the universally recognised USC SSL security system and no credit card details are retained and in addition, our website is pci compliant. We will take all reasonable care to keep the details of your order and payment secure, but in the absence of negligence on our part, we cannot be held liable for any loss you may suffer if a third party procures unauthorised access to any data you provide when accessing or ordering from the Website.

We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to.

You can tell whether a webpage is secure as 'https' will replace the 'http' at the front of the www.lappella.com in your browser address window, also a small locked padlock will appear in your browser window

6. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We determine the correct time to keep the data on the basis of the amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes if these can be achieved by other means and legal requirements.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.  We also keep this basic information about our customers for up to seven years following your most recent purchase from us, to enable us to deal efficiently with any after-sales queries that you may have.  We keep customer profile information that you have indicated you are happy for us to have in order to keep you up to date regarding our products and will keep this information until such time as you indicate you no longer wish us to keep this data, or until a maximum of seven years following your most recent positive interaction with a marketing communication (e.g. clicking on a link in an email taking you to our website) – whichever of these two periods is shorter.

In some circumstances, we may anonymise your personal data for research or statistical

 

7. International Transfers

We may share your personal data with our service providers outside the European Economic Area (EEA).

There is certain criteria for disclosing data to countries outside of the European Economic Area (EEA) . For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en

Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is in place:

  • We will only transfer your personal data to countries that the European Commission have approved as providing an adequate level of protection for personal data by; or
  • Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en
  • If we use US-based providers that are part of EU-US Privacy Shield, we may transfer data to them, as they have equivalent safeguards in place.
  • If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

  Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

8. Marketing communications

Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business).

Under the Privacy and Electronic Communications Regulations, we may send you marketing communications from us if you made a purchase or asked for information from us services or you agreed to receive marketing communications. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. In all these cases you can opt-out of receiving these communications from us by clicking unsubscribe.

Before we share your personal data with any third party for their own marketing purposes we will get your express consent.

You can ask to stop sending you marketing messages at any time by emailing us at contact@lappella.com at any time.

You can ask us or third parties to stop sending you email marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by contacting us.

If you opt-out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc.

 

9. Disclosures of your personal data

We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above.

  1. External Third Parties as set out in the Glossary.
  2. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

10. Your Legal Rights

Under data protection laws you have rights in relation to your personal data as stated below.

  • Request access to a copy of the personal information we hold about you
  • Request correction of any incomplete or inaccurate information we hold about you
  • Request erasure of information where there is no good reason for continued processing
  • Request restriction to suspend our processing of your personal information based on consent or our legitimate interest
  • Request exclusion from automated decision -making including profiling
  • Opt out of marketing communications which we send you
  • Opt out of third-party marketing communications

You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. If you wish to exercise any of the rights set out above, please email us at contact@lappella.com

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.

If you are not happy with any aspect of how we collect and use your data you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

11. Third-Party Links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

External Third Parties

  1. Service providers acting as processors based in the UK or EU who provide marketing, IT, e-commerce and system administration services.
  2. Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the UK and EU who provide consultancy, banking, legal, insurance and accounting services.
  3. HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  4. Customer service call, email, webchat, display advertising and website behavioural service providers, acting as processors or controllers, based in the UK, EU or USA.

Social media platforms, search engines and service providers based in the US

 

12. Cookies

Cookies are used to helps us to provide you with a good experience when you browse our website and also allows us to improve our site

Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. They help us to improve our site and to deliver a better and more personalised service. They enable us:

  • To estimate our audience size and usage pattern.
  • To store information about your preferences, and so allow us to customise our site according to your individual interests.
  • To speed up your searches.
  • To recognise you when you return to our site.

We may use your data to provide you, via email, post, telephone or SMS with information, products or services that you request from us or which we feel may be of interest to you, or share your details with selected third parties which we believe may be of interest to you, where you have consented to be contacted for such purposes.
We will use information held about you to carry out our obligations arising from any contracts entered into between you and us.

 

There are five categories of cookies

Strictly Necessary Cookies - These cookies are required for the operation of our website. They enable services you have specifically asked for, they allow you to move around the website and use certain features, such as accessing secure pages.
Session Cookies – These cookies allow the site to ‘remember’ content from page to page for example shopping basket. These cookies expire when the user leaves the site or closes the browser.
Analytical or Performance Cookies - These cookies collect information about how you use the website, for example pages you go to and any error messages you experience. These cookies don't gather information that identifies you, they are anonymous and help to improve how the website works.
Functionality Cookies - These cookies are used to recognise you when you return to our website and allow our website to remember choices you make, and tailor the website to provide enhanced content for you.
Targeting Cookies - These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to you. They are also used to limit the number of times you see an advertisement. We may also share this information with third parties for this purpose.
Persistent cookies - This type of cookie is saved on your computer for a fixed period (usually a year or longer) and is not deleted when the browser is closed. Persistent cookies are used where we need to know who you are for more than one browsing session. For example, we use this type of cookie to store your preferences, so that they are remembered for the next visit.

We may change the cookies we use from time to time so we recommend that you review this cookies policy and your cookie settings regularly.


Third Party Cookies
Third parties may also use cookies, over which we have no control

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookie policy.

For further information about cookies please visit www.aboutcookies.org You can set your browser not to accept cookies and the above website will tell you how to remove cookies from your browser. However, occasionally some of our website features may not function properly as a result of disabling cookies.

If you have any questions about our privacy policy or information we hold about you please contact us​ -

by email contact@lappella.com

or write to us at ​Lappella Ltd, ! Wales Lane, Barton Under Needwood, Staffordshire DE13 8JF

Complaints

If you feel that Lappella is not abiding by its posted privacy policy, you should first e-mail  contact@lappella.com . You can also write to us at:-
Lappella Limited, The Red Carpet Cinema, Barton Marina, Barton Under Needwood, Staffordshire DE13 8AS