Privacy policy
Last Updated: 18/02/2025
Feilo Sylvania UK Limited (seat address: Unit D, The Drove Retail Park, McKinley Way, Newhaven, BN9 0FA, United Kingdom; company registration number: 00487252) (“we”, “us”, “our”, “Data Controller”) as the data controller is committed to protect your privacy. This Data Privacy Notice (“Privacy Notice”) describes the details of the processing of your personal data i.e. how we collect, use, and disclose your personal data when you visit, use our services, or make a purchase from sylvania-shop.co.uk (the "Site"), subscribe to our newsletter, or otherwise communicate with us regarding the Site (collectively, the "Services") in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (“United Kingdom General Data Protection Regulation” or “UK GDPR”). For purposes of this Privacy Notice, "you" and "your" mean you as the user of the Services, whether you are a customer, website visitor, or another individual whose information we have collected pursuant to this Privacy Notice.
Please carefully read through this Privacy Notice and understand our purposes and practices of collection and processing of your personal data, including how we use, store, share and transfer your personal data. In this Privacy Notice you will also find ways to exercise your rights relating to your personal data (e.g. access, update, delete).
Should you have any questions about our privacy practices or this Privacy Notice, or if you would like to exercise any of the rights available to you, please email us at E-CommerceUKI@sylvania-lighting.com or contact us at The Drove Retail Park, Unit D, Newhaven, ENG, BN9 0FA, GB.
For more information, please see our group privacy policy available on our website at the following link: https://www.sylvania-group.com/professional/legal-pages/privacy-policy/
1. What personal data do we collect and how do we use it?
1.1. The types of personal data we obtain about you depends on how you interact with our Site and use our Services. When we use the term "personal data", we are referring to information that identifies, relates to, describes or can be associated with you.
1.2. We do not share or otherwise use your personal data, except as described in this Privacy Notice.
1.3. The categories of processed personal data and the purposes for which we process them are as follows:
1.3.1. Providing products and services
We use your personal data to provide you with the Services, including to process your payments, fulfil your orders, to send notifications to you related to your purchases, returns, exchanges or other transactions, to arrange for shipping, facilitate any returns and exchanges. We engage Shopify to operate our Site, therefore your personal data is collected and processed through Shopify’s servers.
For this purpose, we rely on our contract with you for service provision (Article 6(1)(b) of the UK GDPR).
For the provision of products and services we process the following personal data: information regarding your order including your full name, billing address, shipping address, payment confirmation, e-mail address and phone number.
We share your name, e-mail address, delivery address and phone number with our delivery partner (APC Overnight) for shipping purposes.
We may also enhance your shopping experience by enabling Shopify to match your account with other Shopify services that you may choose to use. In this case, Shopify will process your personal data as set forth in its Privacy Policy and Consumer Privacy Policy.
Retention time: 6 years after fulfilment of the contract.
1.3.2. Invoicing
Upon your request we issue an invoice for your order. The following data will be indicated on the invoice: name, address, issue date, ordered items.
When we issue the invoice, we process your personal data to comply with legal obligations (Article 6(1)(c) of the UK GDPR).
Retention time: the invoices are kept for 6 years to comply with tax obligations.
1.3.3. Account registration and management
While you can place an order without registering on our Site, you can create an account for more convenient shopping experience. We process your personal data to create and manage your account, including sending notifications to you related to your account, facilitating any other features and functionalities related to your account.
To create, maintain and otherwise manage your account we rely on your consent (Article 6(1)(a) of the UK GDPR), and we process the following personal data: name, e-mail address, address (from your order), date of birth (for sending special birthday offers), phone number (optional), password and order history.
The data is shared with Shopify as the hosting service provider of our Site.
Retention time: 2 years after your account becomes inactive. Your account remains active if you have made a purchase or logged into your account within the last 12 months.
1.3.4. Marketing and advertising
If you provide your e-mail address under the “Join our mailing list for exciting updates” section, “10% off” pop up, or if you do not object to the “Email me with news and offers” purpose during checkout, we use your e-mail address to send you marketing, advertising and promotional communications (together, “promotional communications”) by e-mail, and to show you advertisements for products or services.
This may include using your personal data (your Usage Data, e.g. clicks, time spent on a product’s page) to better tailor the Services and advertising on our Site and other websites (social media). These advertisements will be automatically tailored to your interest based on your Usage Data.
We send you marketing communication regarding our products, services and promotions based on our legitimate interest (Article 6(1)(f) of the UK GDPR) to promote our Services and expand our business.
Conclusion of the legitimate interest balancing test: It is our legitimate interest to provide the potential customers with relevant information about our products and Services. For the promotional communication, the data subject can provide their data on a voluntary basis. It is also our legitimate interest to send the promotional communications with personalised content to the subscribers in order to maintain their interest in our offers and services and to provide a more efficient customer service. The data processing restricts the rights and freedoms of data subjects concerning their personal data only to a very limited extent and therefore these do not have priority over the data processing.
Retention time: until you decide to unsubscribe from our newsletter. Regarding the advertising, until you clear your browser cookies.
1.3.5. Security and fraud prevention
We use your personal data to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity (e.g. fraudulent purchases/transactions). If you choose to use the Services and register an account, you are responsible for keeping your account credentials safe. We highly recommend that you do not share your username, password, or other access details with anyone else. If you believe your account has been compromised, please contact us immediately.
For this purpose, the legal basis is on our legitimate interest (Article 6(1)(f) of the UK GDPR) to prevent fraud, unauthorised use of accounts and damage to our company and to our customers.
Conclusion of the legitimate interest balancing test: It is the legitimate interest of the Data Controller to detect, investigate or take action regarding possible fraudulent, illegal or malicious activity. The data processing only affects the data subject negatively if they are actually committed fraudulent, illegal or malicious activity, otherwise it restricts their rights and freedoms concerning their personal data only to a very limited extent and therefore these do not have priority over the data processing.
Retention time: until the conclusion of the investigation, or until the final decision is issued in the relevant administrative or judicial proceedings.
1.3.6. Customer service
To provide you with customer service support, which typically includes answering your questions about your order, our products or services, as well as handling complaints. You can contact our customer service department by online chat, social media (e.g. Facebook, Instagram, TikTok), e-mail or post.
For this purpose, we collect your name, contact data (username, e-mail address or address, whichever way of communication you choose to use), the details of your order, and any further personal data you decide to share with us during our communication.
If you contact us regarding your order, we process your personal data based on our contract with you for service provision (Article 6(1)(b) of the UK GDPR); if you contact us for a matter unrelated to your order the basis of the processing is your consent (Article 6(1)(a) of the UK GDPR).
Retention time: 6 years from the fulfilment of the contract, or from the closing of your case.
1.3.7. Review and feedback
Our Site provides you with the opportunity to leave public comments about our products and services. You can also leave us comments on our social media sites, or you can share your review via e-mail. It is at your sole discretion to leave a comment, share your feedback or not, and to decide what personal data you are sharing.
While we encourage you to leave feedback, please refrain from sharing your sensitive or special category data, or personal data of others. Please note that if you post your review on our publicly available platforms (i.e. Site, social media) your feedback will be publicly available as well.
For this purpose, we process any personal data you share in your comment, based on your consent (Article 6(1)(a) of the UK GDPR).
Retention time: we do not delete your feedback or comments from our public sites, however you can decide at any time to delete them yourself. We anonymise the feedback received via nonpublic channels on an annual basis, and afterwards we only store the anonymised data and use it for statistical or improvement purposes. The data may be kept for a longer time, if needed for the successful conclusion of an administrative or legal proceeding.
1.3.8. Service improvement
If you decide to leave us a review of our products and services, these may be used for the purpose of improving our products and services. From the personal data included in your comments, only the personal data that is actually relevant for the improvement of the services (the core content of the feedback) will be used for this purpose.
We process your personal data based on our legitimate interest (Article 6(1)(f) of the UK GDPR) to improve our products and services and tailor them to the needs of our customers.
Conclusion of the legitimate interest balancing test: It is our legitimate interest to improve our products and services to meet customer needs and expectations. The continuous improvement of services is essential for the company to remain competitive on the market. The data processing restricts the rights and freedoms of data subjects concerning their personal data only to a very limited extent and therefore these do not have priority over the data processing.
Retention time: the data will be anonymised after it has been determined what improvements need to be made or until the improvement is implemented.
In addition to the specific purposes set out above, we may use information we collect about you to comply with the arising legal obligations, enforce any applicable terms of service, and to protect the Services, our rights, and the rights of our users or others. In the event of such, your personal data may be kept until the final decision is issued in the relevant administrative or judicial proceedings.
1.4. Data Subjects
The data subjects are the visitors of our Site and the users of our Services.
The Services are not intended to be used by children, and we do not knowingly collect any personal data about children. If you are the parent or guardian of a child who has provided us with their personal data, you may contact us using the contact details set out in this Privacy Notice to request deletion.
As of the Effective Date of this Privacy Notice, we do not have actual knowledge that we process personal data of individuals under 16 years of age.
1.5. Cookies
To ensure the adequate operation of our Site, and to provide you with optimised user experience we use Cookies on our Site.
For specific information about the Cookies that we use related to powering our store with Shopify, see https://www.shopify.com/legal/cookies.
We use Cookies to power and improve our Site and our Services (including to remember your actions and preferences), to run analytics and better understand user interaction with the Services (in our legitimate interests to administer, improve and optimise the Services). We may also permit third parties and services providers to use Cookies on our Site to better tailor the services, products and advertising on our Site and other websites.
Most browsers automatically accept Cookies by default, but you can choose to set your browser to remove or reject Cookies through your browser controls. Please keep in mind that removing or blocking Cookies can negatively impact your user experience and may cause some of the Services, including certain features and general functionality, to work incorrectly or no longer be available.
1.6. Except for the purpose described in Section 1.3.1, 1.3.2. and 1.3.6., the processing of your personal data is not based on legal or contractual obligation, and you are not obliged to provide your personal data. However, some features of the Services may require you to directly provide us with your certain personal data. You may elect not to provide this data, but doing so may prevent you from using or accessing these features or the Services.
1.7. How do we collect your personal data?
To provide the Services, we collect your personal data primarily from you, however in some cases specified in this Privacy Notice we obtain your persona data from third parties. We especially obtain your personal data through Shopify, since the operation of our Site and the provision of our services thereon are carried out on Shopify’s systems and servers.
1.7.1. Information We Collect about Your Usage
We may also automatically collect certain information about your interaction with the Services ("Usage Data"). To do this, we may use cookies, pixels and similar technologies ("Cookies"). Usage Data may include information about how you access and use our Site and your account, including device information, browser information, information about your network connection, your IP address and other information regarding your interaction with the Services.
2. Who has access to your data?
Your personal data will be shared with our employees to the extent it is needed for them to complete their work.
2.1. Recipients
Furthermore, in certain circumstances, we may disclose or provide access to your personal data to third parties we contracted to support our services, or if any legal obligation arises.
Such circumstances may include the following:
1. To operate our Site, we engage with Shopify International Limited (seat address: 2nd Floor Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland; company registration number: 560279) (“Shopify”). As Shopify is a multinational organization, it may transfer your personal data to third countries. In the event of such transfer, Shopify undertakes to ensure the adequate level of protection for your personal data.
2. Shopify also provides support for our marketing activities, by enabling the Site to collect your e-mail addresses for marketing communications. We only use your data collected and processed on Shopify’s servers for the operation of our Site and to provide you with the Services, as described in this Privacy Notice. For further information on how Shopify processes your personal data, you can find more information in Shopify’s privacy policy, available here: https://www.shopify.com/legal/privacy
3. For shipping purposes, we transfer your personal data (name, e-mail address, delivery address, phone number) to our delivery service provider (currently: Alternative Parcels Company Limited., seat address: National Sortation Centre, Blakeney Way, Kingswood Lakeside, Cannock, Staffordshire, WS11 8LD; company reg. number: No. 2855735; “APC Overnight”).
4. If you choose to leave a public comment or feedback on our Site or on our social media page, these contents will be accessible by anyone visiting these pages. Please note that we have no control over who visits our sites and thus who can access the data shared in your comment. We also cannot ensure that such parties will respect your privacy or keep your data secure. In this respect, we are not responsible for the privacy or security of any information that you make publicly available, or for the accuracy, use or misuse of any information that you decide to disclose.
- In the event of a business transaction (e.g. merger) we may transfer your personal data to the business parties involved to ensure the continuity of Services.
- In the event of getting involved in court or administrative proceedings for the purpose of complying with any applicable legal obligations, enforcing contractual obligations or exercising our contractual rights, or to provide evidence for the proceeding, we may transfer your personal data to the court, authority and our legal representatives.
Please note that we may transfer, store and process your personal data outside the UK. Your personal data is also processed by staff and third-party service providers and partners in other countries.
If we transfer your personal data outside of the UK, we will rely on recognised transfer mechanisms like the Standard Contractual Clauses adopted by the Information Commissioner, or any equivalent contracts issued by the relevant competent authority of the UK, unless the data transfer is to a country that has been determined to provide an adequate level of protection.
2.2. Transfer of Personal Data Within Our Group
As our company is part of a multinational company group (the Feilo Sylvania Group) your personal data may be transferred within the Feilo Sylvania Group to ensure group level management and efficient business running.
Feilo Sylvania Group mainly covers Europe, the Middle East and Africa (EMEA), Latin America (LATAM) and Southeast Asia. The head office, with our shares service centre (SCC), is based in Hungary and the supporting back offices are based in the UK and in Belgium. Your personal data may therefore be transferred outside the UK and the European Economic Area (EEA).
To ensure the adequate protection of your personal data transferred within our organisation, the members of the Feilo Sylvania Group have concluded a Data Sharing Agreement. If you would like further details on the safeguards we have in place, you can contact us directly as described in this Privacy Notice.
3. Third Party Websites and Links
Our Site may provide links to websites or other online platforms operated by third parties. If you follow links to sites not affiliated with or controlled by us, you should review their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such sites, including the accuracy, completeness, or reliability of information found on these sites. Information you provide on public or semi-public venues, including information you share on third-party social networking platforms may also be viewable by other users of the Services and/or users of those third-party platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators, except as disclosed on the Services.
4. Your Rights Relating to Your Personal Data
We respect your rights and control over your personal data. You may exercise any of these rights where indicated on our Site or by contacting us using the contact details provided in this Privacy Notice. However, please note that these rights are not absolute, and may be exercised under certain circumstances and/or with limitations. In certain cases, we may decline your request as permitted by law.
You do not have to pay a fee, and we will respond to you within 30 days. If you decide to e-mail us, in your request, please make clear what information you would like to have changed, whether you would like to have your personal data deleted from our database or otherwise let us know what limitations you would like to put on our use of your personal data. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes. In accordance with applicable laws, you may designate an authorised representative to make requests on your behalf to exercise your rights. Before accepting such a request from a representative, we will require the representative to provide proof that you have authorised them to act on your behalf.
You have the following rights:
4.1. Withdrawal (Article 7 of the UK GDPR)
When the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.
4.2. Access (Article 15 of the UK GDPR)
You have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data, as well as the information defined in Article 15 of the UK GDPR (e.g. how we use and share your personal data).
4.3. Rectification (Article 16 of the UK GDPR)
You have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4.4. Erasure (“right to be forgotten”) (Article 17 of the UK GDPR)
You have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay and the Data Controller shall have the obligation to erase personal data related to you without undue delay where one of the grounds defined in Article 17 of the UK GDPR applies.
4.5. Restriction of processing (Article 18 of the UK GDPR)
You have the right to obtain from the Data Controller restriction of processing where one of the reasons listed in Article 18 of the UK GDPR applies.
4.6. Data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us who received your personal data from you.
4.7. Objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on our or third party’s legitimate interest, including profiling based on those provisions.
If you visit our Site with the Global Privacy Control opt-out preference signal enabled, we will automatically treat this as a request to opt out of the collection of your device and browser information in connection with your visit to the Site for the purposes of targeted advertising.
If you feel that your personal data rights have been breached, we encourage you to contact us using the contact details provided in this Privacy Notice. However, you can contact and lodge a complaint with the local data protection authority directly (Information Commissioner's Office, website: https://ico.org.uk/). You can also lodge a complaint before the competent court, on which you can find further information on the following websites: www.justice.gov.uk (England and Wales), www.scotcourts.gov.uk (Scotland), www.justice-ni.gov.uk (Northern Ireland).
5. Security
We use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your personal data (e.g. physical and electronic access controls, data recovery management, backups).
Please be aware that no security measures are perfect or impenetrable, and we cannot guarantee “perfect security.” In addition, any information you send to us may not be secure while in transit. We recommend that you do not use insecure channels to communicate sensitive or confidential information to us.
6. Changes to this Privacy Notice
We may update this Privacy Notice from time to time, including to reflect changes to our practices or for other operational, legal, or regulatory reasons. We will post the revised Privacy Notice on the Site, update the "Last updated" date and take any other steps required by applicable law.
