Privacy Policy

LW Labs Ltd Privacy Information Notice.

This privacy notice aims to give you information on how LW Labs Limited (“LWL”) of Unit 3, Wilson Business Park, Harper Way, Markham Vale, Chesterfield, S44 5JX, England collects and processes your personal data through your use of our website, including any data you provide to us when purchasing a product, signing up to our newsletter or engaging with us on our social media platforms.

LWL shall determine the purpose and means by which that personal data is processed. We are a data controller within the meaning of the Data Protection Act 2018 (“DPA”) and the General Data Protection Regulations 2018 (“GDPR”). LWL has a dedicated Data Protection Officer; David Johal.

This document explains our role as a data controller and the personal data that will be processed by LWL.

The GDPR provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

It is important to note that the rights available to you under the GDPR depend upon the lawful bases for which we process the personal data. As such, not all rights are available to you.

This document explains your rights and explains about the collection and use of your personal data.

We reserve the right to update this Privacy Information Notice periodically. You should check this policy occasionally to ensure you are aware of the most recent version.

What is Personal Data?

The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.

The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.

Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

The GDPR refers to sensitive personal data as “special categories of personal data”. The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.

Third Party Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. LWL does not control these third-party websites and we take no responsibility for their privacy statements. We recommend that you read the privacy information notice of every website that you visit.

Consent and your Contractual Obligation to provide the Personal Data

By engaging with us via our website, newsletter or on social media in relation to the products and services that we offer, you are agreeing to us contacting you by post, telephone, email, direct messaging (and any other form of social media messaging) and SMS in relation to the products and services that we offer and those of other companies that we work with. You can opt-out of receiving contact from us in relation to the products and services that we offer and those of other companies that we work with at any time by providing us with notice either verbally or in writing.

Engaging with us on one of our social media platforms, including liking/following our pages may result in the collection and transmission of your personal data to the social media company. Social media companies will have separate policies on how they collect and use your personal data and you are encouraged to review those policies before engaging with us on our social media platforms, including liking/following our pages.

The Categories of Personal Data obtained

The personal data that we shall process will vary dependent upon the purpose for which we are processing your data. We may collect, store, process and, where applicable, transfer the following categories of personal data:

Identity Data:

  • Full Name
  • Title
  • Username
  • Marital Status
  • Date of Birth

User Data:

  • Username
  • Password
  • Purchase History
  • Order Information
  • Other indicators as to your likes, interests, preferences and feedback/reviews

Contact Data:

  • Address
  • Contact Telephone Numbers/Email Address
  • Delivery Address
  • Billing Address

Financial Data:

  • Payment Card Details
  • Bank Card Details
  • Any other Payment Details provided to us

Transaction Data:

  • Payment information (to and from us)
  • Purchase history

Technical Data:

  • Internet Protocol (IP) Address
  • Browser Type
  • Browser Version
  • Browser Plug-In Type and Versions
  • Operating System and Platform
  • Cookie IDs
  • Time Zone and Location Information
  • Login Data
  • Web Log Information
  • Device Identifiers

Website Use Data:

  • How you use our website, the products and services that we offer
  • Your browsing activity including cancelled/aborted purchases and intended purchases
  • Connection Information
  • Data pertaining to your visits to our website and page views
  • The links clicked
  • Other actions you take on our website including marketing preferences

Marketing Data:

  • Your preferences in relation to marketing from us and our companies who we work with

The processing of personal data will be restricted to what is reasonably necessary.

Purposes for Processing Personal Data and our Lawful Basis for doing so

There are several purposes for processing your personal data. We must identify a lawful basis for processing your data. We set out below, our typical purposes for processing your data together with our lawful basis for processing that data.

Legitimate Interest - the interest of LWL in conducting and managing our business to enable us to provide you with the best customer experience including our products and services and a secure experience. In considering our interest, we balance any potential impact on you (both positive and negative) together with your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

You can obtain further information about how we assess our legitimate interests against any potential impact on you by emailing: data@lwlabs.co.uk.

Contract – we process your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Consent – we require your clear confirmation for processing of personal data to take place.

Purpose Data Type Lawful Basis for Processing
Registering New Customers Identity, Contact To enable us to perform our contractual duties with you
Order Processing including processing and managing payment information, fees/charges. To collect and recover monies owed to us. Product delivery. Identity, Contact, Financial, Transaction, Marketing (a) To enable us to perform our contractual duties with you;
(b) Our legitimate interest to recover monies due to us.
Manage your relationship with us including changes to our policies, requesting you to undertake reviews of the products/services we offer. Identity, Contact, User, Marketing (a) To enable us to perform our contractual duties with you;
(b) Fulfill a legal obligation;
(c) In accordance with our legitimate interests in keeping our records and usage data current.
Customer Reviews of the Products and Services that we offer Identity, Contact, Technical, Financial, Website Use (a) To enable us to perform our contractual duties with you;
(b) In accordance with our legitimate interests to progress the business, the products and serves offered based upon customer reviews and feedback.
Protect LWL and its website (data analysis, prevent, detect and handle fraudulent or other illegal activity, system testing, troubleshooting, support, hosting of data. Identity, Contact, Technical, Financial, Website Use (a) In accordance with our legitimate interests in operating our business, in the provision of administration and IT services including network security, to prevent fraud/illegal activity;
(b) To comply with a legal obligation
Website Content/Advertising Identity, Contact, Profile, Technical, Website Use, Marketing In accordance with our legitimate interests to understand how customers use the products and services that we offer and in order to develop the same in order to progress the business and to inform customers of our marketing plan.
Website Development and Improvement of the products, services, marketing and overall customer experience that we offer via the use of data analytics Technical, Website Use In accordance with our legitimate interests to ensure our website is relevant and updated, to develop our business, to inform our marketing strategy and to understand the types and behaviours of customers for our products and services.
Offer a personalised experience to customers by making recommendations/suggestions of products/services that we offer which may be of interest Identity, Contact, User, Technical, Website Use (a) In accordance with our legitimate interests to develop the products and services that we offer and in order to progress and grow the business;
(b) Consent in certain circumstances – see Marketing section.
Marketing – to deliver our customers with a variety of choices pertaining to the products and services that we offer, or offered by companies who we work with. Identity, Contact, User, Technical, Website Use, Transaction, Marketing Consent

You can ask us to stop sending you marketing messages at any time by emailing us at: data@lwlabs.co.uk or by logging into your account and unchecking the relevant boxes.

Your personal data will also be held by us when you engage with us on one of our social media platforms. Engaging with us on one of our social media platforms, including liking/following our pages may result in the collection and transmission of your personal data to the social media company. Social media companies will have separate policies on how they collect and use your personal data and you are encouraged to review those policies before engaging with us on our social media platforms, including liking/following our pages. If you follow, like or comment on any of our social medial pages or posts we may contact you via direct messaging (or another form of messaging as that platform allows) about the products and services that we offer. Unless you contact us further, our processing of your data in such a situation will be limited to sending you a direct message (or other form of message as available on that platform). You have the right to opt-out of receiving such messages.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above, where this is required or permitted by law.

The Sources of Personal Data

We do not anticipate that Personal Data about you will be obtained from anyone other than you.

The Categories of Recipients of the Personal Data

We may be required to share your personal data with the other parties in order to meet the data processing purposes detailed above. We require all other parties to respect the security of your personal information and to treat it in accordance with the law. We anticipate the recipients of personal data may include:

  • Service providers acting as data processors based in the European Economic Area (EEA) who provide IT, system administration services, payment providers to facilitate purchases, fulfilment providers to facilitate order management, packaging and delivery and marketing and communications services providers in order to personalise your experience and communicate with you;
  • Professional advisers including lawyers, bankers, auditors and insurers based in the EEA who provide consultancy, banking, legal, insurance and accounting services;
  • HM Revenue & Customs, regulators, law enforcement bodies and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances and otherwise in defence of legal claims;
  • Market researchers, fraud prevention agencies and analytics providers.

We store some personal data on servers owned, operated and maintained by third party providers. Those providers have their own duties under the GDPR as data processors. By registering as a customer with us, purchasing a product or engaging with us on our website, via email or on social media, you are agreeing that we may store and process your personal data in accordance with the lawful bases identified above and in accordance with this notice.

Our offices operate Closed Circuit Television Cameras (CCTV), installed for the purpose of preventing criminal activity and in order to protect our staff and visitors. As such, if you visit our offices, you may be captured on CCTV footage.

The Retention Periods for Personal Data

Personal data shall be retained by us for as long as necessary in order to allow us to fulfill the purposes for which the data was collected. This includes data held to fulfill any accounting, reporting or legal requirement. We may retain personal data from closed accounts to comply with legal requirements, prevent fraud and resolve disputes. After it is no longer necessary for us to retain your personal information, we dispose of it securely according to our data retention and deletion policies.

By law we have to keep basic information about our customers which includes Contact, Identity, Financial and Transaction Data for six years after they cease being customers for tax purposes.

Personal data may be retained by us beyond this retention period for the purpose of contacting you in relation to the services that we offer; such contact may be made by us. . Your data may be suppressed at the six-year point or later so that only your contact information remains for the purpose of such contact. You have the right to opt-out of receiving such communications by choosing to opt-out of communications relating to the services that we offer, and those of other companies that we work with. This does not prevent us from retaining your personal data for six years in accordance with our retention policy.

The Right of Access

You have the right to access your personal data. This is known as a “subject access request”. You can make a subject access request verbally or in writing.

You have the right to obtain the following from us:

  • confirmation that we are processing your personal data;
  • a copy of your personal data; and
  • other supplementary information:
    • the purposes of our processing;
    • the categories of personal data concerned;
    • the recipients or categories of recipient we disclose the personal data to;
    • our retention period for storing the personal data;
    • the existence of your right to request rectification, erasure or restriction or to object to such processing;
    • the right to lodge a complaint with the ICO or another supervisory authority;
    • information about the source of the data, where it was not obtained directly from the individual;
    • the existence of automated decision-making (including profiling); and
    • the safeguards we provide if we transfer personal data to a third country or international organisation.

All of the information that forms the “supplementary information” category is contained within his privacy information notice.

You are only entitled to your own personal data, and not to information relating to other people (unless the information is also about you or you are acting on behalf of someone).

In most cases, we will provide a copy of the information to you free of charge if you request the information. However, we can charge a reasonable fee when a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information. The fee will be based on the administrative cost of providing the information to you.

If you make a request, the information shall be provided without delay and at the latest within one month of receipt. However, we are able to extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, we must inform you within one month of the receipt of the request and explain why the extension is necessary.

Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we can:

  • charge a reasonable fee taking into account the administrative costs of providing the information; or
  • refuse to respond.

Where we refuse to respond to a request, we shall write to you without undue delay and at the latest within one month in order to explain why we are refusing your request and informing you of your right to complain to the supervisory authority (the ICO) and of your ability to seek to enforce this right through a judicial remedy.

If we have doubts about the identity of the person making the request we can ask for more information. We will let you know without undue delay and within one month that we need more information from you to confirm your identity. We do not need to comply with the request until we have received the additional information.

The Right to Rectification

You have a right to have inaccurate personal data rectified or completed if it is incomplete.

You can make a request for rectification verbally or in writing and we have one calendar month thereafter to respond to a request.

We can refuse to comply with a request for rectification if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature.

If we consider that a request is manifestly unfounded or excessive we can:

  • request a reasonable fee to deal with the request; or
  • refuse to deal with the request.

In either case we will write to you in order to justify our decision. The reasonable fee charged will be based on the administrative costs of complying with the request. In circumstances where we consider a reasonable fee is required, we will not comply with the request until we have received the fee.

Where we refuse to respond to a request, we shall write to you without undue delay and at the latest within one month in order to explain why we are refusing your request and informing you of your right to complain to the supervisory authority (the ICO) and of your ability to seek to enforce this right through a judicial remedy.

We can extend the time to respond by a further two months if the request is complex or we have received a number of requests from you. In those circumstances we will let you know without undue delay and within one month of receiving your request and explain why the extension is necessary.

If we have doubts about the identity of the person making the request we can ask for more information. We will let you know without undue delay and within one month that we need more information from you to confirm your identity. We do not need to comply with the request until we have received the additional information.

The Right to Erasure

The right to erasure is also known as ‘the right to be forgotten’. Personal data will be erased in accordance with our retention policy. This right is not absolute and if you have any queries about the right to erasure, you should contact us by emailing: data@lwlabs.co.uk.

The Right to Restrict Processing

You have the right to request the restriction or suppression of your personal data. You can make a request for restriction verbally or in writing. It may be that your request prevents us from fulfilling our contractual obligations to you. If we consider that to be the case, we shall contact you to explain the position.

You have the right to request we restrict the processing of your personal data in the following circumstances:

  • you contest the accuracy of you personal data and we are verifying the accuracy of the data;
  • the data has been unlawfully processed (ie in breach of the lawfulness requirement of the first principle of the GDPR) and you oppose erasure and request restriction instead;
  • we no longer need the personal data but you need us to keep it in order to establish, exercise or defend a legal claim; or
  • you have objected to us processing your data under Article 21(1) GDPR, and we are considering whether our legitimate grounds override yours.

In most cases we will not be required to restrict your personal data indefinitely but will need to have the restriction in place for a certain period of time. Further, it may not be possible for us to fulfil our contractual obligations to you if we are subject to a restriction of our processing activities. If we consider this to be the case, we shall write to you explaining our position.

When processing is restricted, we are permitted to store the personal data, but not use it. We must not process the restricted data in any way except to store it unless:

  • we have your consent;
  • it is for the establishment, exercise or defence of legal claims;
  • it is for the protection of the rights of another person (natural or legal); or
  • it is for reasons of important public interest.

If we have disclosed the personal data in question to others, we will contact each recipient and inform them of the restriction of the personal data - unless this proves impossible or involves disproportionate effort. If asked to, we will also inform you about these recipients.

The GDPR defines a recipient as a natural or legal person, public authority, agency or other body to which the personal data are disclosed. The definition includes controllers, processors and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

In many cases the restriction of processing will only be temporary, specifically when the restriction is on the grounds that:

  • you have disputed the accuracy of the personal data and we are investigating this; or
  • you have objected to us processing your data on the basis that it is necessary for the performance of a task carried out in the public interest or the purposes of our legitimate interests, and we are considering whether our legitimate grounds override yours.

Once we have made a decision on the accuracy of the data, or whether our legitimate grounds override your, we may decide to lift the restriction. If we do this, we will inform you before we lift the restriction.

We can refuse to comply with a request for restriction if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. If we consider that a request is manifestly unfounded or excessive we can:

  • request a "reasonable fee" to deal with the request; or
  • refuse to deal with the request.

In either case we will wrote to you in order to justify our decision. The reasonable fee charged will be based on the administrative costs of complying with the request. In circumstances where we consider a reasonable fee is required, we will not comply with the request until we have received the fee.

Where we refuse to respond to a request, we shall write to you without undue delay and at the latest within one month in order to explain why we are refusing your request and informing you of your right to complain to the supervisory authority (the ICO) and of your ability to seek to enforce this right through a judicial remedy.

We have one calendar month to respond to a request. However, we can extend the time to respond by a further two months if the request is complex or we have received a number of requests from you. We will let you know within one month of receiving your request and explain why the extension is necessary.

If we have doubts about the identity of the person making the request we can ask for more information. We will let you know without undue delay and within one month that we need more information from you to confirm your identity. We do not need to comply with the request until we have received the additional information.

The Right to Data Portability

The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.

The right only applies to information you have provided to us.

The right to data portability gives you the right to receive personal data that you have provided to us in a structured, commonly used and machine-readable format. It also gives you the right to request that we transmit this data directly to another data controller.

The right to data portability only applies to personal data. This means that it does not apply to genuinely anonymous data. However, pseudonymous data that can be clearly linked back to you is within scope of the right.

If the requested information includes information about others (e.g. third party data) we will need to consider whether transmitting that data would adversely affect the rights and freedoms of those third parties.

Providing third party data to you may not be a problem if you provided this data to us within the information that you provided to us in the first place. However, we will need to give careful consideration as to whether there will be an adverse effect on the rights and freedoms of third parties, in particular when we are transmitting data directly to another controller.

If the requested data has been provided to us by multiple data subjects (e.g. a joint bank account) we need to be satisfied that all parties agree to the portability request. This means that we may have to seek agreement from all the parties involved.

The right to data portability entitles you to:

  • receive a copy of your personal data; and/or
  • have your personal data transmitted from one controller to another controller.

You have the right to receive your personal data and store it for further personal use.

We can achieve this by either:

  • directly transmitting the requested data to you; or
  • providing access to an automated tool that allows you to extract the requested data yourself.

This does not create an obligation on us to allow you more general and routine access to our systems – only for the extraction of their data following a portability request.

If your personal data is transported, the data will be retained by us in accordance with our retention policy.

You have the right to ask us to transmit your personal data directly to another controller without hindrance. Without hindrance means that we should not put in place any legal, technical or financial obstacles which slow down or prevent the transmission of the personal data to you, or to another organisation. However, there may be legitimate reasons why we cannot undertake the transmission. For example, if the transmission would adversely affect the rights and freedoms of others. It is however our responsibility to justify to you why these reasons are legitimate and why they are not a ‘hindrance’ to the transmission.

If we provide information directly to you or to another organisation in response to a data portability request, we are not responsible for any subsequent processing carried out by you or the other organisation. We are responsible for the transmission of the data and will take appropriate measures to ensure that it is transmitted securely and to the right destination. If we provide data to you, it is possible that you will store the information in a system with less security than ours. You should ensure that any system that you store information on has adequate security.

When we receive personal data that has been transmitted as part of a data portability request, we will process this data in line with data protection requirements.

In deciding whether to accept and retain personal data, we will consider whether the data is relevant and not excessive in relation to the purposes for which we will process it. We shall also consider whether the data contains any third party information.

We can refuse to comply with a request for restriction if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. If we consider that a request is manifestly unfounded or excessive we can:

  • request a "reasonable fee" to deal with the request; or
  • refuse to deal with the request.

In either case we will write to you in order to justify our decision. The reasonable fee charged will be based on the administrative costs of complying with the request. In circumstances where we consider a reasonable fee is required, we will not comply with the request until we have received the fee.

Where we refuse to respond to a request, we shall write to you without undue delay and at the latest within one month in order to explain why we are refusing your request and informing you of your right to complain to the supervisory authority (the ICO) and of your ability to seek to enforce this right through a judicial remedy.

We have one calendar month to respond to a request. However, we can extend the time to respond by a further two months if the request is complex or we have received a number of requests from you. We will let you know within one month of receiving your request and explain why the extension is necessary.

If we have doubts about the identity of the person making the request we can ask for more information. We will let you know without undue delay and within one month that we need more information from you to confirm your identity. We do not need to comply with the request until we have received the additional information.

The Right to Object

Under the GDPR you have the right to object to the processing of your personal data. This effectively allows you to ask us to stop processing your personal data.

However, the right to object only applies in certain circumstances. Whether it applies depends on our purposes for processing and our lawful bases for processing.

You can object if the processing is for:

  • a task carried out in the public interest;
  • the exercise of official authority vested in us; or
  • our legitimate interests (or those of a third party).

In these circumstances the right to object is not absolute and you must give specific reasons why you are objecting to the processing of your data. These reasons should be based upon your particular situation. In these circumstances, we can continue processing if:

  • we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or
  • the processing is for the establishment, exercise or defence of legal claims.

If we are satisfied that we do not need to stop processing the personal data in question, we will write to you in order to let you know. We will explain our decision and inform you of your right to make a complaint to the ICO, or another supervisory authority, and of your ability to seek to enforce your rights through a judicial remedy.

Where we have received an objection to the processing of personal data and we have no grounds to refuse, we will stop processing the data. This may mean that we need to erase personal data as the definition of processing under the GDPR is broad and includes storing data. However, this will not always be the most appropriate action to take. Erasure may not be appropriate if we process the data for other purposes as we need to retain the data for those purposes.

If we are processing data for scientific or historical research, or statistical purposes, the right to object is more limited.

You have the absolute right to object to the processing of your personal data if it is for direct marketing purposes. However, this does not automatically mean that we need to erase your personal data and in most cases it will be preferable to suppress your details. Suppression involves retaining just enough information about you to ensure that their preference not to receive direct marketing is respected in future.

We can refuse to comply with a request for restriction if the request is manifestly unfounded or excessive, taking into account whether the request is repetitive in nature. If we consider that a request is manifestly unfounded or excessive we can:

  • request a "reasonable fee" to deal with the request; or
  • refuse to deal with the request.

In either case we will wrote to you in order to justify our decision. The reasonable fee charged will be based on the administrative costs of complying with the request. In circumstances where we consider a reasonable fee is required, we will not comply with the request until we have received the fee.

Where we refuse to respond to a request, we shall write to you without undue delay and at the latest within one month in order to explain why we are refusing your request and informing you of your right to complain to the supervisory authority (the ICO) and of your ability to seek to enforce this right through a judicial remedy.

We have one calendar month to respond to a request. However, we can extend the time to respond by a further two months if the request is complex or we have received a number of requests from you. We will let you know within one month of receiving your request and explain why the extension is necessary.

If we have doubts about the identity of the person making the request we can ask for more information. We will let you know without undue delay and within one month that we need more information from you to confirm your identity. We do not need to comply with the request until we have received the additional information.

Rights in relation to automated decision making and profiling.

The GDPR has provisions on:

  • automated individual decision-making (making a decision solely by automated means without any human involvement); and
  • profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.

We do not engage in automated individual decision-making.

In order to tailor the product and services we offer to our customers, we may collect data on a customer’s buying and browsing habits.

The Right to lodge a complaint with a Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”). The ICO are the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Rights in relation to Transfers of the Personal Data to any Third Countries or International Organisations

The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations. These restrictions are in place to ensure that the level of protection of individuals afforded by the GDPR is not undermined.

We utilise social media platforms in the course of our business. Engaging with us on one of our social media platforms, including liking/following our pages may result in the collection and transmission of your personal data to the social media company. Social media companies will have separate policies on how they collect and use your personal data and you are encouraged to review those policies before engaging with us on our social media platforms, including liking/following our pages.

The Internet is a global medium and your information may therefore be transferred outside the European Economic Area (EEA) en route. Your information may be transferred to any country, including countries outside the EEA where the transfer is necessary for the purposes of establishing, exercising or defending legal rights, obtaining legal advice, or in connection with any legal proceedings.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please read our Cookie Policy.

Accountability and Governance

We take data protection and protecting your data extremely seriously. Our contact details together with details of our Data Protection Officer are contained within this document.

We have in place and implement comprehensive but proportionate processes, policies, records and logs for handling personal data including keeping records of what we do and why. Our combined approach ensures compliance with the DPA, GDPR and in accordance with our duties as a data controller. We ensure that our staff are fully aware and comply with the processes, policies, records and logs when processing data.

We implement technical and organisational measures to ensure, and demonstrate, compliance with the Data Protection Act, General Data Protection Regulations and in accordance with our duties as data controller. Those measures are risk-based and proportionate and are reviewed and updated as necessary.

LW Labs: Evolving the CBD industry

We're more than just a supplier; we want to help make your brand the best that it can be.

TOP