Privacy Policy

Introduction

When you use our technology, website, applications, portals, or services, we will be collecting your personal data.

Personal data, sometimes known as personal information, is information that relates to an identified, or identifiable, living individual. It does not include data where all identification information has been removed (anonymous data).

This Privacy Policy demonstrates our commitment to ensuring you privacy rights, so you know:

  • What information we collect about you
  • How we collect your personal information
  • How we use your personal information
  • Who we may share your personal information with
  • Where we store your personal information
  • How long we keep your personal information
  • How we protect your personal information
  • Our basis for data processing
  • Your rights and choices about your information and how we use it

Who Are We?

Ashwoods Lightfoot Limited (“We”/ “Us”/ “Our”). We are a company registered in England & Wales under company number 08287918. Our registered address is Winslade Park, Manor Drive, Clyst St Mary, Exeter EX5 1FY.

We own and operate the relevant “Lightfoot,” “Winnie” and “Earnie” “Website(s)”, mobile application software, per the listed version stated within the application that you are using, including applications called “Lightfoot,” “Winnie by Lightfoot” and “Earnie Goes Picking” (App(s)) and the portals “Lightfoot,” “Winnie” and “Earnie” (Portal(s)) and any variation thereof.

We can be contacted in writing at the address above or by email at compliance@lightfoot.co.uk if you have any comments about this Privacy Policy.

We last updated this Privacy Policy on 7th November 2024.

What Personal Information Do We Collect About You?

We may collect certain information about you when you use Websites within the lightfoot.co.uk domain, Our Apps, the Portals or one of Our Lightfoot devices. Depending on the type of account you have with Us, the type of information We collect may include:

  • your name, address, email address, phone number or other contact details
  • emergency contact information
  • vehicle information including make, model, and registration number
  • Information about your social media accounts such as your username name, date of birth, and gender if you interact with Our social media pages
  • information about your computer or other device (such as its IP address) and the pages that you visited (see below for more details)
  • Payment details such as your credit card information
  • Your PayPal details so you can collect prizes that are of monetary value
  • Information about your employment and employer (for example, where your employer provides this service/for Our fleet customers)
  • Your photograph (profile picture or a photo We may take if you win one of Our competitions)
  • Your likeness (in vehicle camera recordings)
  • Your step count
  • pick rate and trolley timings
  • Information that the Lightfoot device collects automatically about your driving and your location
  • other information referred to on the App

We collect information about you in two dissimilar categories:

  • Identifiable information – this is information that allows Us to identify you, such as name and email address, telephone number etc.
  • Anonymous information – We may collect information that does not personally identify you but categorises you into a group or sector (e.g., age, marital status, lifestyle) and We can use this information to tailor Our products and services more accurately.

How Will We Collect Your Personal Information?

When you use the Website, Apps, or Portals to contact Us

We may collect personal information from you when you:

  • Give Us your contact details so you can receive further information from Us, or Our newsletter
  • Use Our “Contact Us” form to leave Us questions, queries, or feedback
  • Contact Us via email
  • Sign up to a personal account and fill in the online form
  • Contact Us using social media

They will also collect certain information automatically such as:

  • the number of times you log in
  • which pages you visit
  • which services you use
  • your IP address and details of which web browser and version you have used

We do this using cookies and page tagging techniques which include those from Hot Jar for Our Portals, Google analytics for Our Website and HubSpot for emails and Facebook.

If you want more information about how We use cookies, you can find out more by reading Our “Cookies Policy” found here www.lightfoot.co.uk/policies.

When you use the Apps or Portals to monitor or measure behaviours or performance

We collect personal information from you when you:

  • create an account with Us
  • sign up to performance monitoring services
  • sign up to behaviour monitoring services e.g. Step Count

They will also collect certain information automatically such as:

  • the number of times you log in
  • which pages you visit
  • which services you use
  • your IP address and details of which web browser and version you have used

We do this using cookies and page tagging techniques which include those from Hot Jar for Our Portals, Google analytics for Our Website and HubSpot for emails and Facebook.

If you want more information about how We use cookies, you can find out more by reading Our “Cookies Policy” found here www.lightfoot.co.uk/policies.

When Using A Lightfoot Device In Your Vehicle

Information provided by your Lightfoot device:

When you install a Lightfoot device it includes technology to record information about how, where and when the vehicle is being driven. We collect this information and aggregate it with other information collected by Us.

Examples of the type of information:

  • data relating to driving efficiency, vehicle journeys (time and distance), inertial information, and diagnostic fault codes
  • data relating to your alertness and distractions whilst driving the vehicle
  • We may request your vehicle identification number so that We can provide you with more precise feedback based on your specific vehicle
  • We collect information on the location of your vehicle, including your trip route, the fuel used and the parked location of your vehicle. Parked vehicle location information enables the service that helps you to find your parked vehicle
  • The hardware uses technologies such as GPS, Wi-Fi, and/or cell tower triangulation to record its location. Where you are using a driver ID keypad, it is your responsibility to maintain confidentiality of your unique code as that is the link between you and the information being collected

Information We Collect From Other Sources

Accounts Paid For By A Third Party

We may receive information from the third party that is paying for your access, for example your employer. This is so We can provide you with your Lightfoot Device and account set up invitation. It also allows you to sign up to Our Apps, Portals, and Our associated services.

Other Organisations

We work with other organisations such as payment processing companies, internet search engines, rewards partners, marketing organisations and cookie providers who may provide Us with information about you.

These organisations, which may change from time to time, include but are not limited to:

How will We use your personal information?

When you use the Website, Apps, or Portals to contact Us

  • We will use your information to respond to you and administer your account
  • To understand how you use Our Website, Apps, or Portals

When you use the Apps or Portals to monitor or measure behaviours or performance

The personal data allows Us to:

  • provide a real time analysis of your activities, as well as a more detailed analysis of your performance against your current and historical targets
  • provide you with Our services, as listed in Our terms supplied to you or your employer
  • offer competitions, enabling you to compete in leagues with other users and qualify for the opportunity to win prizes
  • administer and manage competitions, as set out in the competition terms and conditions
  • check your details if they appear to be incorrect
  • anonymously analyse and compare your data and that of other App or Portal users, to generate statistical information about users and patterns, for the purpose of enhancing the Lightfoot experience and product for users
  • provide you with rewards and offers that meet your profile and performance
  • The use of information received from Health Connect (step count) will adhere to the Health Connect Permissions policy, including the Limited Use requirements

When Using A Lightfoot Device In Your Vehicle

The personal data allows Us to:

  • provide a real time analysis of your driving, as well as a more detailed analysis of your driving performance
  • confirm alertness and whether there are distractions
  • provide you with Our services, as listed in Our terms supplied to you or your employer
  • offer competitions, enabling you to compete in leagues with other drivers and qualify for the opportunity to win prizes
  • administer and manage competitions, as set out in the competition terms and conditions
  • check your details if they appear to be incorrect
  • anonymously analyse and compare your data and that of other device users to generate statistical information about users and patterns, for the purpose of enhancing the Lightfoot experience and product for users
  • provide you with rewards and offers that meet your profile and your use of your current vehicle.

What This Means In Practice

We may use your information to:

  • Provide you with your Lightfoot in vehicle device and its associated services
  • Provide you with your App, portal or Website account and its associated services
  • Provide you with services via Our Apps, Portals, or Websites
  • Fulfil any contracts We have entered into with you, or your employer
  • Provide information about driving behaviour to your employer if your Lightfoot device and/or subscription was supplied through your employer
  • Provide third party services that you requested from Us or are that are included in the services your signed up for
  • Provide, or (with your consent) allow permitted third parties to provide, offers of goods or services relevant to your driving. Normally offers will relate to breakdown assistance services, vehicle insurance, trade in offers, and new vehicle finance offers and will be tailored based on the information We hold. Occasionally We, or such selected third parties, may also contact you with such offers by email, SMS/MMS message, phone, social media. You will only receive such offers if you agree and can unsubscribe at any point
  • administer and manage competitions, as set out in the competition terms and conditions
  • Analyse Our services and tailor them to future needs
  • Prevent and detect fraud
  • Administer Our Websites, Apps, and Portals (such as troubleshooting, data analysis and research)
  • Help Us implement measures to keep Our Websites, Portals, and Apps safe and secure

We will send you Our Newsletter and other offers if you sign up for an account via the Websites, Portals or Apps and provide consent.

If you are the registered user of an in-vehicle Lightfoot device, or use Our Apps,  Portals, or Websites, We may send you information about Our special offers, or offer you the chance to sign up to receiving offers from third parties about related products (such as car insurance and breakdown cover).

We may use your information for market research and analysis so that We can ensure that We tailor Our services to the requirements of Our users.

Depending on what contact information you have given to Us, We may contact you by email, SMS/ MMS message, or social media.

We will only do this where you have consented to receiving such information from Us. You can opt out of such marketing at any time via the App or Portal account settings or by emailing Us at compliance@lightfoot.co.uk.

Who Might We Share Your Personal Information With?

Your Employer or another Lightfoot contracted Customer

If you are a user where your device or access is provided by a third party such as an employer, We will share information about you with that third party per Our agreement with them. The type of information will depend on the services that the third party subscribes to, and you will be informed about what information is shared, by your employer. The third party is the data controller for this data and further information about how they use it can be obtained from them.

If you enter competitions and win prizes, the information you provided to create an account, such as your name, photo, and total winnings, may be shared with your employer upon their request.

Other Third Parties

If you wish to take advantage of Our offers which are provided via a third party, then you will be asked for your consent before We transfer you to any other organisation’s website.

We may also share your information with:

  • Our business partners, suppliers, and sub-contractors for the performance of any contract We enter into with them
  • Our Website’s providers, who need to see your information in order to keep Our Websites functioning
  • Analytics and search engine providers who analyse information about your use of Our Websites and help Us to tailor the product and offers that We offer to you and other users

We work with the following organisations, which may change from time to time, including but not limited to:

This Privacy Policy only applies to Lightfoot technology, Websites, Apps, Portals, or services, and not to any Third Parties. We may provide links to other websites and content, and We suggest that you check the policies of these sites before giving them your personal information as We cannot accept responsibility.

Legal Requirements & Law Enforcement

We may also share your personal data in the following circumstances:

  • If We sell Our business, the personal information that We hold will be part of the transferred assets
  • We are required by law, or to enforce or apply Our terms of use. This includes exchanging information with other organisations for the purposes of fraud protection and credit risk reduction

Where Do We Store Your Personal Information?

We are committed to ensuring that both We and Our suppliers have appropriate technical, administrative, and physical procedures in place to ensure that your information is protected against loss or misuse.

We require all Our suppliers who manage your personal information to have appropriate technical, administrative, and physical procedures in place to ensure that your information is protected against loss or misuse. We work closely with Our suppliers to make sure that this requirement is met.

If a supplier is outside of the EEA, We will ensure that they have entered into a data transfer agreement that is consistent with the requirements of applicable law and that gives the individuals enforceable rights and effective legal remedies and provides adequate levels of protection in relation to any Personal Data that is transferred.

Any card payment transactions enacted by or on behalf of Lightfoot will be encrypted. Where We have given you (or where you have chosen) a password which enables you to access certain parts of Our site, you are responsible for keeping this password confidential.

How Long Will We Keep Your Personal Information?

We only hold your personal information for as long as necessary for the purposes for which We collected your information.

We outline below how long We retain information for and how it is deleted:

Description of dataRetention PeriodReason for Retention PeriodMethod of Disposal
Contact detailsStatutory or 1 year after contract endContract fulfilmentDelete or anonymise data
Demographic details1 year after contract endProvision of services + deletion timeDelete or anonymise data
Payment detailsStatutory or 1 year after contract endContract fulfilmentDelete or anonymise data
Transaction historyStatutory limitsStatutory requirementDelete or anonymise data
Vehicle information1 year after contract endProvision of Our services + deletion timeDelete or anonymise data
Photographs1 year after contract end for product system   As agreed with the subject for any marketing including competition winnersProvision of Our services + deletion time   Promotion of goods and services.  Delete data files
Video Recordings366 days or as agreed with the contract holderContract fulfilment + deletion timeDelete data files
Driver behaviour1 year after contract endProvision of Our services + deletion timeDelete or anonymise data
Location information associated with driving1 year after contract endProvision of Our services + deletion timeDelete or anonymise data
Online browsing history and statistics3 yearsProvision of services + deletion timeDelete or anonymise data
CRM based marketing database3 years after the last enquiry has been received or within 7 days of a request to unsubscribeProvision of information on Our news, product, and services.Delete data files
User KPI information1 year after contract endProvision of Our services + deletion timeDelete or anonymise data
Step CountDuration of the contract/account.Provision of Our services + deletion timeAnonymise data

We have set these timescales in accordance with any applicable legislation and where none exists then We will keep your information for the duration of any contract that you, or your employer, have entered into with Us, and then for a period of 7 years after which time it will be deleted.

Where you have requested marketing information from Us, then We will only keep this information for a maximum of up to 3 years. If you do not contact Us further during this period, then your information will be deleted.

How Do We Protect Your Personal Information?

We are committed to protecting the personal data of Our customers and have implemented a comprehensive set of security measures to ensure the confidentiality, integrity, and availability of your information. Our data security practices include:

  • Encryption: All personal data at rest, or in transit from that point onwards, is encrypted using industry-standard protocols, such as TLS (Transport Layer Security).
  • Access Controls: Access to personal data is restricted to authorised personnel only. We enforce strict access control policies and employ multi-factor authentication (MFA) to ensure that only those with a legitimate need can access your information.
  • Regular Audits and Monitoring: We conduct regular security audits and vulnerability assessments to identify and mitigate potential security risks. Our systems are continuously monitored for suspicious activity, and We employ intrusion detection systems (IDS) to prevent unauthorised access.
  • Data Minimisation: We adhere to the principle of data minimisation, collecting only the personal data necessary for the purposes for which it is processed. Unnecessary or redundant data is securely deleted.
  • Secure Software Development: Our software development lifecycle incorporates security best practices, including regular code reviews, static and dynamic code analysis, and penetration testing to identify and resolve security vulnerabilities before they can be exploited.
  • Employee Training: All employees undergo regular training on data protection and information security to ensure they are aware of their responsibilities and the importance of maintaining the security of personal data.
  • Incident Response Plan: We have a robust incident response plan in place to promptly address and mitigate the impact of any data breaches or security incidents. In the event of a breach, affected customers will be notified in accordance with applicable laws and regulations.

We continually review and enhance Our security measures to keep pace with evolving threats and ensure the highest level of protection for your personal data.

We are also ISO 27001 and Cyber Security Plus accredited providing independent assurance of Our data and information security practices.

Emails

We have procedures and security features in place to try and keep your data secure once We receive it. If you choose to send Us information via email, We cannot guarantee the security of this information until it is delivered to Us.

What Is Our Basis For Processing Your Data?

The law only allows Us to use your personal information in certain limited circumstances.

We will most commonly process your personal information in the following situations:

  • Where We need to perform a contract We have entered into with you or a third party where they are paying for the service (e.g., to provide you with a Lightfoot device and the accompanying services).
  • Where you have consented (e.g., you have signed up for a personal account and given Us your consent)
  • Where it is necessary for Our legitimate interests, and We have considered your rights and freedoms and have concluded that Our processing does not adversely affect these (e.g., where We would like to send you marketing about similar products to those which you have purchased from Us or have expressed an interest in).
  • Where We need to comply with a legal obligation (e.g., to comply with tax laws).

What Rights And Choices Do You Have About Your Personal Information & How We Use It?

Under the Data Protection Act 2018, the UK GDPR and/or the Privacy and Electronic Communications Regulations (PECR), you have the right to:

Access to information

You have the right to access information that We hold about you. If you wish to receive a copy of the information that We hold, also known as a Data Subject Access Request, please contact compliance@lightfoot.co.uk or write to Us at the address at the beginning of this Privacy Policy.

Changing or deleting your information

You can ask Us at any time to change, amend or delete the information that We hold about you or ask Us not to contact you with any further marketing information. You can also ask Us to restrict the information that We process about you.

You can request that We change, amend, delete your information or restrict Our processing by using the check boxes on the forms We use to collect your information, emailing Us at compliance@lightfoot.co.uk, or writing to Us at the address at the beginning of this Privacy Policy.

Right to prevent automated decision making

You have a right to ask Us to stop any automated decision making. If you would like to request that We stop, or you have any questions or concerns We would be happy to discuss them with you and you can contact Us at compliance@lightfoot.co.uk.

Transferring Personal Information

You have the right to request that your personal data is transferred by Us to another organisation (this is called “data portability”). Please contact Us at compliance@lightfoot.co.uk with the details of what you would like Us to do, and We will aim to comply with your request. It may not be technically feasible, but We will work with you to try and find a solution.

Complaints

If you make a request to Us under this Privacy Policy and you are unhappy with the response, you can ask for the request to be reviewed under Our internal complaints procedure. Our internal complaints procedure allows your request to be reviewed by Our ISMS team lead who will aim to resolve the issue.

If you have been through the internal complaints procedure and are still not happy with the result, then you have the right to complain to the Information Commissioner’s Office (ICO). They can be contacted as follows:

Address:

Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Website: www.ico.org.uk Telephone: 0303 1231113

If you are an international resident, you may wish to complain to the relevant country’s ICO equivalent.

Changes To Our Privacy Policy

The internet and data privacy best practice are continually developing. We therefore reserve the right to revise this Privacy Policy at any time. If this Privacy Policy changes in any way, We will place an updated version on this page. Regularly reviewing this page ensures you are always aware of what information We collect, how We use it and under what circumstances, if any, We will share it with other parties.

How To Contact Us

Questions, comments, and requests regarding this Privacy Policy are welcomed and should be addressed to compliance@lightfoot.co.uk.