Privacy Policy

The LightCo — Privacy Information

Privacy
Policy.

How we collect, use, and protect the information of our customers, trade partners, and website visitors.

This Privacy Policy applies to The LightCo, an Australian lighting manufacturer operating the website thelightco.com.au. It governs how we handle personal and business information collected from retail customers, trade enquiries, wholesale partnerships, and general website use. We serve both individual buyers and trade partners — including interior designers, contractors, retailers, and B2B buyers — primarily in the United Kingdom and internationally. This policy was last updated in May 2026.

Contents

Who We Are
Information We Collect
How We Use Your Information
Legal Basis for Processing
Sharing Your Information
Data Retention
Your Rights (UK / Australia)
Cookies & Tracking
Security
Changes to This Policy

Section 01

Who We Are

The LightCo is an Australian-owned and operated lighting manufacturer. We design, manufacture, and supply lighting products to both retail customers and trade or wholesale partners globally, with a primary focus on the United Kingdom market. Our business operates under Australian law; however, because we actively supply customers in the United Kingdom, we are mindful of our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

For the purposes of this policy, The LightCo acts as the data controller in respect of personal data collected via our website and order processes.

Data Controller Contact: The LightCo · info@thelightco.com.au · thelightco.com.au

Section 02

Information We Collect

We collect information in the course of operating our website and managing customer and trade relationships. The categories of information we may collect are as follows:

Customer & Account Information

Name, email address, phone number, and delivery address (retail and trade customers)
Company name, trading name, and business registration details (trade accounts)
Contact person name and job title (trade and wholesale enquiries)
Purchase order history, invoices, and payment records

Website & Device Information

IP address, browser type, operating system, and device identifiers
Pages visited, time spent on site, and referral source
Cookie data and similar tracking technologies (see Section 9)
Geographic location inferred from IP address

Enquiry & Communication Information

Messages submitted via our contact form or sent by email
Sample requests, custom project briefs, and quotation correspondence
Records of telephone conversations where notes are taken

Transaction Information

Order details, product specifications, and delivery instructions
Payment method type (we do not store full card numbers — payments are processed by third-party providers)
Freight and customs documentation where applicable

Section 03

How We Use Your Information

We use the information we collect for the following purposes:

Purpose	Description
Order fulfilment	Processing and dispatching orders, arranging freight, and providing shipping documentation
Trade account management	Setting up and maintaining wholesale accounts, managing credit terms, and verifying business details
Customer support	Responding to trade enquiries, sample requests, damage claims, and after-sales support
Invoicing & payments	Issuing invoices, processing payments, and managing accounts receivable
Custom project management	Managing bespoke product specifications, production timelines, and project communications
Marketing communications	Sending product updates, new range announcements, and promotional offers to opted-in trade contacts
Website improvement	Analysing traffic and behaviour to improve our website experience and product offering
Legal compliance	Meeting our obligations under Australian and UK law, including tax, export, and data protection requirements

Section 04

Legal Basis for Processing

For customers and contacts in the United Kingdom, our processing of personal data is based on one or more of the following lawful grounds under UK GDPR:

Contract: Processing is necessary to fulfil a trade order or manage a wholesale account relationship
Legitimate interests: We have a legitimate business interest in maintaining trade relationships, managing our accounts, and improving our services — provided this does not override your rights
Legal obligation: Processing required to comply with applicable law (e.g. tax records, export documentation)
Consent: For marketing communications, we rely on your opt-in consent, which you may withdraw at any time

Section 05

Sharing Your Information

We do not sell your personal or business information. We share data only where necessary to deliver our services or meet legal obligations, with the following categories of recipients:

Shopify Inc. — our e-commerce platform provider, who hosts our store and processes order data on our behalf (Shopify's privacy policy: shopify.com/legal/privacy)
Payment processors — including Stripe or other providers integrated via Shopify, who handle card and payment processing under their own PCI-DSS compliant environments
Freight and logistics partners — carriers such as DHL, FedEx, or freight forwarders who require consignee details to arrange delivery and customs clearance
Customs and government authorities — export documentation may be shared with Australian Border Force and UK Border Force as required by law
Accounting and ERP software — our internal business management tools used for invoicing and record-keeping
Professional advisers — legal, accounting, or insurance professionals under confidentiality obligations, where required

All third parties with whom we share data are required to handle it in accordance with applicable privacy law and their own privacy commitments.

Section 06

Data Retention

We retain personal and business information for as long as necessary to fulfil the purposes described in this policy and to comply with our legal obligations:

Data Type	Retention Period
Trade account records	Duration of the trading relationship plus 7 years (for tax and audit purposes)
Order & invoice records	7 years from date of transaction (Australian tax law requirement)
Enquiry & contact records	3 years from last contact, unless a trading relationship is established
Marketing consent records	Until consent is withdrawn, plus 12 months thereafter
Website analytics data	Up to 26 months (aggregated, non-identifiable where possible)

When data is no longer required, it is securely deleted or anonymised.

Section 07

Your Rights

If you are located in the United Kingdom, you have the following rights under UK GDPR. Equivalent rights apply to individuals in Australia under the Privacy Act 1988.

Right of Access

Request a copy of the personal data we hold about you or your business.

Right to Rectification

Ask us to correct inaccurate or incomplete information we hold.

Right to Erasure

Request deletion of your data where there is no longer a lawful reason to retain it.

Right to Restrict Processing

Ask us to pause processing of your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, commonly used format where applicable.

Right to Object

Object to processing based on legitimate interests, or to direct marketing at any time.

Withdraw Consent

Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

Right to Complain

Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, please contact us at info@thelightco.com.au. We will respond within 30 days. We may need to verify your identity or business authority before processing your request.

Section 08

Cookies & Tracking

Our website uses cookies and similar technologies to operate effectively and improve your experience. Cookies are small data files stored on your device. We use the following types:

Essential cookies: Required for core website functionality including shopping cart, login sessions, and security. These cannot be disabled.
Analytics cookies: Used to understand how visitors interact with our site (e.g. Google Analytics). Data is aggregated and anonymised where possible.
Preference cookies: Remember your settings such as currency selection and region.
Marketing cookies: Used to serve relevant content to trade visitors who have opted into communications. Only set with your consent.

You can manage cookie preferences via your browser settings or through the cookie consent banner on our site. Note that disabling certain cookies may affect website functionality.

Section 09

Security

We implement appropriate technical and organisational measures to protect your information against unauthorised access, loss, or disclosure. These include SSL/TLS encryption for all data transmitted via our website, Shopify's PCI-DSS compliant payment processing, and access controls limiting staff access to personal data on a need-to-know basis.

While we take all reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. If you have concerns about the security of your information, please contact us promptly.

Section 10

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices or legal obligations. When material changes are made, we will update the date below and notify active trade accounts by email where appropriate. Continued use of our website following an update constitutes acceptance of the revised policy.

Privacy Enquiries: For any questions about this policy, to exercise your data rights, or to update your information, please contact us at info@thelightco.com.au or via our contact page. We aim to respond within 30 calendar days.

Last updated: May 2026 Applies to: thelightco.com.au Governing law: Australian Privacy Act 1988 & UK GDPR