Privacy Policy

Personal Data Management

The LEDL entity that has entered into an agreement with a customer or the LEDL entity providing services or communicating with a customer is in charge of the personal data. According to applicable data protection laws, this LEDL entity acts as the controller of the personal data. Each such entity operates as an independent controller of the personal data, and this Data Privacy Policy (DPP) applies to all these companies.

The Personal Data We Collect and Its Sources

We gather the following types of personal data:

Business contact details shared with us: name, designation, job title, email address, business address, telephone number, and mobile number.

Additional information given to us during our business interactions, such as interests in LEDL products, marketing preferences, registration and login details, audit logs, contracts or orders, invoices, payments, credit/debit card or other payment details, and history with business partners.

Information a browser provides when visiting an LEDL website or mobile app: IP address, site visit origin, time spent on the site or specific page, clicked links, comments made, browser type, visit date and time, etc.

How We Use Personal Data

Depending on our products and services, we might use the personal data to:

1. Process and update about order status,
2. Deliver and manage our services, software, and products,
3. Offer customer support and handle requests and inquiries,
4. Conduct customer satisfaction surveys, and
5. Analyse data (for market research, trend analysis, financial analysis, and customer segmentation).

We collect only the personal data necessary for these activities ONLY. We might also anonymize personal data so it doesn’t identify an individual and use it for purposes like improving our services, software, products, and testing our IT systems.

Legal Basis for Using Personal Data

We use personal data based on one of the following legal grounds:

1. Fulfilling contractual obligations or as part of pre-contractual measures;
2. Complying with legal requirements, such as tax or reporting obligations, cooperation with authorities, or statutory retention periods;
3. Relying on our legitimate interests in managing and enhancing our business relationship.
4. Retention of Personal Data
5. We retain personal data only as long as necessary for the purposes outlined in this DPP, after which we securely delete the data, unless legal or regulatory obligations require us to keep it longer for dispute resolution purposes.

Security Measures for Personal Data

We implement suitable security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction, and limit access to personal data to LEDL employees who need it for their job roles as per this DPP. Specifically, we undertake measures like:

Access Control and Pseudonymization: Implementing physical and logical access controls, pseudonymization to ensure data cannot be linked to a specific person without additional information.

Integrity: Controlling data transfer to prevent unauthorized data alterations or deletions and ensuring data entry accountability.

Availability and Resilience: Setting up availability controls to avoid data loss or destruction and ensuring rapid recovery systems are in place.

Regular Testing, Assessment, and Evaluation: Managing data protection, incident response, and ensuring data protection by design and default, alongside clear contract controls with third parties.