Privacy and Cookies
When you browse our website and make purchases from it, you are entrusting us with your personal data. We take our responsibility in this matter seriously and do our utmost to protect your data to the best of our ability.
In this privacy and cookie statement, we explain as clearly as we can how we endeavour to safeguard your privacy when processing your data, and what choices you yourself can make in this regard.
Who is responsible for the processing of my personal data?
We are Lamp en Licht Online B.V. (hereinafter referred to as ‘Lampandlight’), having our registered office at Smaragdweg 52, 5527 LB Hapert, the Netherlands.
We are the party that is responsible for placing the lampandlight.eu website at your disposal, and for the associated processing of personal data.
What does this mean for me?
We comply with applicable privacy legislation in all our data-processing operations. Among other things, this means the following:
We clearly explain the purposes for which we process personal data. For instance, we do so by means of this privacy and cookie statement
We retain as few personal data as possible and where possible, we only process those details which we need to provide you with the service you wish to purchase
We explicitly ask your permission to process your personal data if your consent is required or if we think it is appropriate – for instance, by offering you various options or settings
We take security measures in order to protect your personal data. These same obligations are also imposed on parties that process personal data on our behalf
We respect your rights, such as the right to data inspection, rectification or erasure upon your request
What are my options?
In order to allow you to be in charge of your own privacy, we ask you whether you wish to allow us to process more or rather less information about your interactions with our website. You can select the right setting yourself, at any time.
If you want us to tailor our special offers, advertisements and services to your interests, preferences and requirements, you can authorise us to process your data to this end - rather like a shopkeeper who knows you well can do a better job of helping you find what you need. If, for whatever reason, you don’t want this, you may also choose to allow us to process only those data that are strictly necessary.
So what exactly ARE personal data?
Personal data are all data that contain information about who you are and about your current or past activities. That includes things like your name, phone number and email address. Any numbers or references by which you can be identified, such as your customer number, IP address or cookie ID, are also personal data. These are also known as ‘pseudonymised personal data’, because such a number or reference can be considered a pseudonym. When you visit our website, your browsing history and (if you place an order with us) your order history are also personal data if you as a person are identifiable from these data. We can take steps to protect your privacy, such as by partly anonymising your browsing behaviour by deleting all data from which you are identifiable. When it is impossible or practically impossible to establish on the basis of data to which person those data pertain, these are not (or no longer) personal data. To give an example, when we only keep count of how often a particular link or page is clicked but do not store any data about who clicked (because we do not store any IP addresses or other identifying information), those data are anonymous data, so not personal data.
Which of my data will be processed, and why?
Which of your personal data we will process and for what purposes is determined first and foremost by your settings, choices and actions on our website. Please find below a list of descriptions of what kind of personal data we will need to process for which action or activity.
Visiting our website
When you go to our website, it is necessary for us to process certain data, such as your IP address at the very least, to enable you to access and use the website. Your IP address is a unique number that has been assigned to you by your Internet provider. Without your IP address, we cannot display the website you want to visit on your device.
In order to identify and resolve technical issues and security incidents, our webserver keeps logs on every time a page on our website is accessed. If you have not indicated that you object to our collecting statistical data, we may use such logs for that purpose, too.
By ticking or unticking boxes in the settings menu, you can choose to accept or reject cookies and other forms of data processing that are not strictly necessary for the functioning of the website but may be useful for related purposes, such as collecting statistical data, saving your user preferences and personalising offers and adverts.
Placing an order
When you place an order, we need data such as:
- Your payment details, to establish whether you have paid for the order
- Your contact details, to send you updates on how your order is being processed
- Your full name and address, so as to be able to have your order delivered.
When you place an order, you have the opportunity to prevent us from sending you special offers or information on products or services similar to the ones you have purchased. As long as you do not opt out, we may send you emails to keep you up to date on offers which we think may be of interest to you, judging from the things you have previously purchased from us.
Creating an account
To make using our website easier for you, we offer you the opportunity to create an account with us. If you do, you will not have to re-enter all your details the next time you place an order. If you wish to create an account, in addition to the information pertaining to your order, you must enter a password, which we will store in a secure way (see the ‘Security’ section below).
Communicating with us
We allow you to communicate with us in various ways, e.g. chat, email and telephone. We will process your communications with us so as to better able to respond to your question or request.
Signing up for our newsletter
You can subscribe to our emails containing special offers even without placing an order with us. If you provide us with your email address for this purpose, we can use it to send you special offers. You can unsubscribe at any time, in the manner indicated in the emails.
Taking part in market research, giving feedback
We do our utmost to make our services as user-friendly and valuable as possible for you. We may invite you to help us do so – for instance, by taking part in market research, no strings attached. For example, we may ask you how satisfied you are with our services and how likely you are to recommend us to others (net promotor score, NPS). Whether or not you take part in such market research is entirely up to you. Your opinions or feedback will not be shared with others.
Sharing photos on social media using the #yeslampandlighteu hashtag
You can share snaps showing atmospheric light in your home with us by using the#yeslampandlighteu hashtag. Please read the requirements your photos must meet here.
How can my data be processed for marketing purposes?
Marketing cookies and similar data processing techniques
If you choose to consent to marketing cookies and similar data processing techniques, this will enable our marketing partners to process your interactions on our website and combine these with your interactions on other websites on which you actively consented to this. They may use the information thus obtained to make assumptions about any wishes and preferences you might have. These assumptions can then be used to decide which special offers and advertisements would be most interesting to you.
Depending on the type of marketing strategy used, which may be modified from time to time, we may define ‘audiences’ or ‘segments’ of groups of persons that have certain characteristics or actions in common and to whom, for that reason, we would like to show our advertisements more (or less) often. Since we can keep track of whether people place an order after seeing a particular advertisement, we can gain an insight into the efficacy of our marketing campaigns.
Websites and services that show our advertisements or other advertisers’ advertisements (say, your favourite news site) by means of marketing cookies or similar techniques often use automated systems that allow advertisers to bid certain amounts of money to show an advertisement. The advertisement you will be shown is the one that received the highest bid at that time, because it is expected that this is the product or service that is most in line with your interests and needs. After all, it is believed that this will make it more likely that you will want to purchase this product or service. Being advertisers ourselves, we, too, can use such services so as to be able to show you those special offers and advertisements that we hope will prove most interesting to you.
It is important for you to be aware that there are many factors determining which advertisement you will be shown, and where. Your interactions on our website and whether or not you consent to our using marketing cookies and processing your data may be one factor determining this, but in many cases, they are not necessarily decisive.
We may also use marketing cookies to tailor the contents of our website to your preferences as effectively as possible.
In order to protect your privacy, we do not provide our marketing partners with your name. Your browsing behaviour is linked to a pseudonymous number (cookie ID or user ID) which our marketing partners will not normally be able to trace back to your actual identity.
Further down in this privacy statement, we provide a list of the cookies and providers we may use, broken down by category. It is up to you whether you allow these cookies and consent to us sharing your data with these parties.
Google Customer Match
When you consent to marketing cookies and data processing for marketing purposes, we will also be able to use Google Customer Match. With the help of this Google service, we try to show people who bought something from us before ads that are as relevant and interesting to them as possible when they are logged into their Google account. In practice, this works more or less as follows.
If you have bought something from us within the past 30 days (or another period), we will try to ensure that you are not shown any ads for that exact same product for a while, as you have already bought it. But if you purchased the product from us many times before, that may have a very different effect. Because in that case, we can infer from your repeat purchases that you are regularly in need of this product. With LED lights, for example, we can then determine that you may need more of them, or that you might buy more of the same or similar products on a regular basis. Furthermore, we know that some of our products go very well with others. For example, we offer matching lines of living room and kitchen lighting. If you bought a product from us and we feel that one of our other products would go very well with that, we can try to ensure that you are shown ads for such matching products.
Please be advised that your purchases are not manually monitored by our staff for this purpose. Instead, we do this through an automated process using Google Customer Match that protects your privacy as much as possible. The technology of this works as follows.
We process the email address with which you placed an order on our website (and any other data you may have entered, such as your phone number) into a ‘hash code’ (a long string of characters that is generated by an algorithm). We then provide this hash code to Google, which has likewise converted the email addresses and any additional data provided by its users, such as phone numbers, into hash codes by means of the same algorithm. If you have a Google account that is registered to the email address with which you placed an order with us, Google recognises this hash code. The use of hash codes is a form of pseudonymisation, which is recognised as a key data protection technique in the GDPR and other applicable data protection legislation.
As long as you are logged into your Google account, Google will be able to show you ads that are as relevant to you as possible based on the settings we entered in Google’s advertising services. That said, please beware that our settings are not the only factors that Google considers when deciding which ads are shown to you in Google’s own services and on web pages or apps with Google advertising space or advertising space provided through Google. If you do not consent to the use of marketing cookies and similar techniques, the abovementioned forms of data processing for Google Customer Match will not take place.
You can also use the settings menu in your Google account to switch off the personalisation of ads in Google services based on your browsing and clicking behaviour. As far as we are aware, the most recent link for this is: https://adssettings.google.com.
Google Enhanced Conversions
Another service that is switched on when you allow us to use marketing cookies and similar forms of data processing is Google Enhanced Conversions. The purpose of this service is to more effectively measure the effectiveness of the ads we show you through Google. If you do something online after seeing an ad that fits in with the purpose of the ad, that is referred to as a ‘conversion’. That is the case when you buy a product from us, but other behaviours, such as subscribing for a newsletter, also count as a conversion. The challenge is to measure the effectiveness of ads as precisely as possible while at the same time protecting your privacy as best as possible.
Google Enhanced Conversions helps with this, through a process somewhat similar to that used for Customer Match. With Google Enhanced Conversions, we likewise generate a hash code of your email address (and of any other data you may have entered, such as your phone number) as soon as a ‘conversion’ (usually a purchase) takes place, which hash code we send to Google. Google then checks if this hash code matches with any of the hash codes it has generated for the email addresses, phone numbers and other suchlike data in its customer database. If you were logged into your Google account when you viewed one of our ads, we can establish through the hash code how much time passed between your viewing of the ad and the purchase (or other conversion), based on which we can determine the probability that the ad was effective.
If you have subscribed to our newsletter, you will receive weekly emails from us providing special offers and information, which we try to make as interesting as possible for you. These emails come with technology that allows us to see whether you open our messages and what hyperlinks presented in the email you actually click. We analyse such information to determine whether many people read our emails.
What are the legal bases on which my data will be processed?
The main privacy act applicable EU-wide, the General Data Protection Regulation (GDPR), states that data-processing operations must always be based on one of the legal bases that are expressly specified in the Regulation. We process data based on the following legal bases:
- Consent If you have given us your informed consent, we are allowed to process your data on that basis. For example, this is true for:
- Our using cookies and similar techniques for marketing purposes
- Your subscribing to our newsletter (before you have even placed an order)
- Agreement. If your data must be processed to allow us to honour or prepare for a contractual agreement with you, we are allowed to process your data on that basis. For example, this is true for:
- Your accessing pages on our website
- Our processing your order.
- Legal obligation. If your data must be processed in order for us to meet a legal obligation, we are allowed to process your data on that basis. For example, this is true for:
- Our keeping records of our dealings with our customers to meet our obligations to the Dutch Tax and Customs Administration (Belastingdienst)
- Our surrendering records upon the request of competent authorities, such as the police or a regulatory body.
- Legitimate interests. If our interests in processing your personal data, or those of a third party, override your interest in not having them processed, we are allowed to process your data on that basis. For example, this is true for:
- Our protecting our website and fending off DDOS and other attacks
- Our sending you emails about products similar to the one(s) you have already purchased from us, unless you have opted out of such emails.
What parties may receive my data?
In order to be able to present you with our website and services, we avail ourselves of services provided by various other parties. Some of the parties we hire must process your personal data themselves. This is true, for instance, for delivery services such as PostNL, which need your address to be able to deliver your order.
If necessary to allow us to provide the service you have requested, we may pass on your data to the following categories of parties:
- Delivery services
- Payment service providers
- Review platforms for web shops
- Hosting providers
- Providers of content distribution networks (CDNs), which help ensure that the website loads quickly
- Website developers
- Providers of customer and relation management (CRM) platforms
- Providers of certain features on our website, such as the chat function
- Providers of cookies and similar techniques on our website, including cookies placed by our (external) marketing partners if you have consented to that.
We will not sell your data to these service providers, or to any other party for that matter. We enter into agreements with service providers such as the aforementioned parties in which we lay down what they are and are not allowed to do with your data.
Other than that, lampandlight will not provide the data you have provided to third parties if you have not consented to this, unless this is absolutely necessary or unless we are required by law to do so – For example, the police may ask us for information within the context of a fraud investigation. In such cases, lampandlight is legally obliged to provide the requested information.
How long will my data be retained?
Generally speaking, our webserver’s logs are retained no longer than three (3) months. Logs that relate to (potential) technical issues or security incidents may be retained until we consider the problem or incident resolved.
Cookies and similar data
The retention period for cookies and similar data can be found on the page where you can set your preferences for which types of cookies and data-processing operations you wish to authorise.
When you place an order on our website, lampandlight will retain your data for five years after you have placed your last order, or longer if we are legally obliged to retain the data longer, e.g. data that is to be inspected by the Dutch Tax and Customs Administration.
All the information recorded in your account, including your name, address, contact details and a complete overview of all your orders, will be deleted five years after your last log-in.
If you contact us through a contact form, email, Facebook, Twitter, WhatsApp or chat message, lampandlight will retain your data for as long as we need it to review your question or request. We will delete the communications once we are sufficiently certain that your request or question has been resolved properly and in full, or once the period of limitation specified in any contractual agreements that may apply has expired.
When you comment on a blog post or post a review of our website, your comment will be published and your data will be retained until you delete the comment or review.
Photos you have shared with #yeslampandlighteu
If you have consented to our using your photo by posting it with the #yeslampandlighteu hashtag, we may continue using your photo until you withdraw your consent. Please read the requirements your photos must meet here.
Where will my data be stored?
We will as much as possible store your data within the European Union or the European Economic Area, which comprises the EU Member States plus Norway, Iceland and Liechtenstein. The servers through which our website is made available on the Internet are located in the EU. The companies that own these servers are also established in the EU. These companies may be part of a multinational group of companies that is headquartered and/or has branches established outside of the EEA. In that case, the branch established in the EU with which we have made an agreement is obliged to ensure at all times that your personal data are only transferred to countries outside the EEA where these data are provided an equivalent level of protection as within the EEA.
We process your customer data, such as details of what you bought from us and when, your name, home address and contact details, with the help of Salesforce, a leading global customer data platform provider. Until we are able to ensure that Salesforce processes all customer data solely within the EU, it may be that all or our some of your customer data are stored at Salesforce in the US. Salesforce has obtained certification under the EU-US Data Privacy Framework (see below for more information about this), which has been adopted to protect personal data transferred between the EU and the US. In addition, Salesforce has established binding corporate rules to protect your data within the global Salesforce group. These rules have been checked and approved by EU data protection authorities. Furthermore, to protect your personal data, Salesforce has included the EU’s standard contractual clauses (SCCs) in the agreement that applies to Salesforce’s services.
Several of our marketing partners are headquartered in or have branches in the US. By allowing the use of marketing cookies and similar forms of data processing, you also consent to the transfer of the personal data that are necessary for this to our marketing partners in the US, such as your cookie ID and information on your browsing and clicking behaviour that is linked to your cookie ID. In addition, several of the companies that assist us with collecting and analysing statistical data are also established in the US. We want to inform you as best as possible about the transfer of personal data to the US to enable you to make an informed decision about this.
Since July 2023, a data transfer agreement is once again in place between the EU and the US for companies that have completed a self-certification process in the US. This agreement is called the EU-US Data Privacy Framework. The self-certification entails that companies in the US declare that they will comply with the Data Privacy Framework, which contains various obligations and requirements that are essentially equivalent to those to which companies are subject in the EU in order to protect your personal data. The US Federal Trade Commission (FTC) monitors that US companies adhere to their commitments made in this regard.
In recent years, several cases were brought before the European Court of Justice in which the data transfer agreements in force at the time between the EU and the US were challenged. To date, the European Court of Justice has ruled that both of the successive two previous data transfer agreements in force between the EU and the US did not ensure an adequate level of protection for personal data of people residing in the EU. There is a possibility that this will also happen with the present Data Privacy Framework. In that case, we will cease the transfer of personal data to the US or in some other way ensure that your personal data are adequately protected in the US.
The various standard measures that we and our partners take to protect your privacy as best as possible, such as shielding (part of) your IP address, hashing and pseudonymisation, also help to minimise the possibility of you experiencing adverse consequences due to the international transfer of your personal data. If you do not consent to cookies and do not allow data processing for marketing purposes nor for statistical purposes, you prevent your personal data from being transferred to the US.
How will my data be protected?
We will take appropriate technical and organisational measures to protect your data from loss and unlawful processing (e.g. access by unauthorised parties).
Among other things, lampandlight will implement the following security measures:
- Access to personal data is restricted by means of a user name and password.
- Instead of the digits of your password, we will only retain a mix of letters and numbers (the ‘hash’) that is derived from your password by means of an algorithm, so as to prevent others from being able to read your password. Thanks to this measure, not even our own employees can read your password
- We use secure connections (HTTPS, SSL/TLS) that protect all the information that is exchanged between yourself and our website when you enter your personal data
- We keep logs of all requests to inspect personal data.
What are my rights with regard to my personal data?
You have the following rights with regard to your personal data:
- You can submit a request for inspection of the data about you that we have processed.
- You can apply for an overview, in a widely used format, of the data about you that we have processed.
- You may submit a request for rectification or erasure of the data if they are incorrect, irrelevant or no longer relevant.
If you wish to exercise these rights, feel free to contact us. You can find our contact details at the bottom of this privacy and cookie statement.
If you have any complaints about how we are handling your data, feel free to contact us. Alternatively, you have the right to lodge a complaint with the relevant supervisory authority, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
Does this privacy and cookie statement also cover other websites?
This privacy statement does not apply to third-party websites to which we provide access through hyperlinks on our website. Lampandlight cannot guarantee that these third parties will process your personal data in a reliable or safe manner. We recommend that you first read the privacy statement of such a third-party website before you use it.
Is this privacy and cookie statement subject to change?
Lampandlight reserves the right to amend this privacy and cookie statement as necessary. We recommend that you consult this privacy statement regularly to make sure you are aware of any amendments.
This privacy and cookie statement was last amended on 28 April 2022.
If I have any questions, whom can I contact?
If you have any questions about how we process your personal data, please do not hesitate to contact us. We would be pleased to help you.