Privacy Policy | My Site 1

Last Updated: 25 January 2026
Spectrumtek is committed to protecting your privacy and handling your personal data securely, transparently, and in full compliance with UK and European Union data protection law. This includes the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the Data Protection Act 2018.
This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, make a purchase, contact us for support, or engage with our services across the United Kingdom and European Union.
________________________________________

1. Who We Are

Spectrumtek Ltd is the UK's leading specialist supplier of professional LED light bars, LED work lights, spotlights, controllers, and lighting accessories serving customers throughout the United Kingdom and European Union.
Data Controller: For the purposes of UK and EU data protection law, Spectrumtek Ltd acts as the data controller for the personal information we collect and process.
Our Contact Details:
Email: info@spectrumtek.co.uk
Registered Office Address:
Spectrumtek Ltd
71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom
Company Registration Number:
VAT Registration Number:
If you have any questions about this Privacy Policy, how we handle your personal data, or wish to exercise your data protection rights, please contact us using the details above.
________________________________________

2. What Personal Data We Collect

We collect and process several categories of personal data to provide our products and services to customers in the UK and EU. The personal information we collect includes:
A. Information You Provide Directly to Us
When you interact with Spectrumtek, you may provide us with the following personal data:
Account and Order Information:
• Full name
• Billing address
• Delivery/shipping address
• Email address
• Telephone number
• Account username and password (if you create an account)
• Order history and purchase records
• Product preferences and wish list items
Payment Information:
• Payment card details (processed securely by our third-party payment providers)
• Billing information
• Transaction history
Communications:
• Messages, emails, and correspondence you send to us
• Customer service inquiries and support tickets
• Product reviews and feedback
• Warranty claim information
• Technical support requests
• Installation questions and vehicle details (when seeking product advice)
Marketing Preferences:
• Email marketing consent status
• Communication preferences
• Areas of interest (e.g., off-road lighting, agricultural products, commercial fleet solutions)
B. Information We Collect Automatically
When you visit and browse the Spectrumtek website, we automatically collect certain information through cookies and similar technologies:
Technical Information:
• IP (Internet Protocol) address
• Device type and model
• Operating system and version
• Browser type and version
• Screen resolution and display settings
• Unique device identifiers
Usage Information:
• Pages you visit on our website
• Time spent on each page
• Click patterns and navigation paths
• Referring website (how you arrived at our site)
• Exit pages
• Date and time of your visit
• Shopping cart activity and abandoned baskets
• Search queries within our website
• Product pages viewed
Location Information:
• General geographic location (country, region, city) derived from IP address
• Language preferences
C. Information From Third-Party Sources
We may receive personal data about you from trusted third-party service providers:
Payment Processors:
• Payment confirmation and transaction data from Wix Payments, PayPal, Stripe, and other payment service providers
• Fraud prevention information
Delivery and Logistics Partners:
• Delivery status updates
• Address verification information
• Proof of delivery confirmation
Advertising and Marketing Platforms:
• Information from Meta (Facebook/Instagram), Google Ads, and other advertising platforms regarding ad performance and user interactions
• Social media profile information (if you interact with our social media pages)
Business Information Providers:
• Company details and VAT information for commercial customers (from publicly available business registers)
________________________________________

3. How We Use Your Personal Data

Spectrumtek uses your personal information for the following purposes:
Essential Business Operations
Order Processing and Fulfillment:
• Processing and confirming your orders
• Arranging payment processing and verification
• Preparing products for dispatch
• Coordinating delivery with courier services throughout the UK and EU
• Providing order tracking information
• Confirming successful delivery
Customer Service and Support:
• Responding to your enquiries and support requests
• Providing technical guidance on product selection and installation
• Assisting with warranty claims and returns
• Resolving complaints and issues
• Offering pre-purchase consultation on compliance and suitability
Account Management:
• Creating and maintaining your customer account
• Storing your order history and preferences
• Managing your login credentials securely
• Processing account modifications or deletions
Returns, Refunds, and Warranties:
• Processing return requests under our 30-day return policy
• Handling warranty claims under our 2-year warranty
• Arranging replacements or refunds
• Managing damaged goods claims
Legal and Compliance

Legal Obligations:

• Complying with UK and EU tax regulations and accounting requirements
• Meeting regulatory reporting obligations
• Responding to lawful requests from authorities
• Maintaining records as required by law (e.g., 6-year retention for financial records under UK tax law)

Fraud Prevention and Security:

• Detecting and preventing fraudulent transactions
• Protecting against unauthorized access to accounts
• Maintaining website and system security
• Verifying customer identity when necessary
• Preventing misuse of our services
Business Improvement and Development

Website and Service Improvement:

• Analyzing how customers use our website to improve navigation and user experience
• Identifying technical issues and bugs
• Testing new features and functionality
• Optimizing website performance and loading times
• Understanding which products and content are most popular

Product Development:
• Understanding customer needs and preferences
• Developing new products and services relevant to UK and EU markets
• Improving existing product ranges
• Sourcing products that meet customer demand
Personalization:
• Customizing your shopping experience based on browsing history
• Showing relevant product recommendations
• Remembering your preferences and settings
• Displaying content relevant to your location (UK or specific EU country)
Marketing and Communications (With Your Consent)
Marketing Communications:
• Sending promotional emails about new products, special offers, and sales
• Providing updates on LED lighting technology and applications
• Sharing installation guides, technical articles, and how-to content
• Announcing new product launches relevant to your interests
• Sending exclusive discount codes and early access opportunities
Market Research:
• Conducting customer satisfaction surveys
• Requesting product reviews and feedback
• Understanding market trends and customer preferences across UK and EU markets
Advertising:
• Displaying targeted advertisements on third-party platforms (e.g., Google, Facebook, Instagram)
• Remarketing to visitors who have shown interest in our products
• Measuring advertising effectiveness and return on investment
Important: We only send marketing communications and use your data for non-essential purposes with your explicit consent. You can withdraw consent at any time by unsubscribing from emails or contacting us directly.
________________________________________
4. Legal Basis for Processing Your Personal Data
Under UK GDPR and EU GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal grounds:
1. Performance of a Contract
When it applies: When you place an order with Spectrumtek
Why we need it: To fulfill our contractual obligations to deliver the products you've purchased
What we process: Order details, delivery information, payment processing, customer service related to your order
Your rights: You cannot object to this processing as it's necessary to complete your order. However, you can cancel your order (subject to our terms and conditions) or choose not to do business with us.
2. Legitimate Interests
When it applies: For running and improving our business operations
Our legitimate interests:
• Preventing fraud and maintaining security
• Improving our website and products
• Understanding customer needs and market trends
• Efficient business administration
• Network and information security
• Internal reporting and business development
Balancing your rights: We've carefully balanced our legitimate interests against your privacy rights. We only use your data in ways you would reasonably expect and that have minimal privacy impact.
Your rights: You have the right to object to processing based on legitimate interests. Contact us if you wish to exercise this right, and we'll assess your specific situation.
3. Consent
When it applies: For marketing communications, non-essential cookies, and optional data processing
What requires your consent:
• Sending you promotional emails and newsletters
• Using certain analytics and advertising cookies
• Sharing data with marketing platforms for targeted advertising
• Processing data for market research purposes
Your rights: You can withdraw your consent at any time by:
• Clicking "unsubscribe" in any marketing email
• Adjusting cookie settings in your browser
• Contacting us at info@spectrumtek.co.uk
• Updating your account preferences
Withdrawing consent does not affect the lawfulness of processing before withdrawal and won't affect order processing or essential communications.
4. Legal Obligation
When it applies: When we're legally required to process your data
Examples:
• Retaining financial records for 6 years under UK tax law
• Providing information to HMRC (UK tax authority) or equivalent EU tax authorities
• Responding to valid legal requests from courts or regulatory authorities
• Complying with anti-money laundering regulations
• Meeting accounting and audit requirements
Your rights: You cannot object to processing required by law, but you can contact the relevant supervisory authority if you believe the legal requirement is being applied incorrectly.
________________________________________
5. How We Share Your Personal Data
Spectrumtek does not sell, rent, or trade your personal information to third parties for their marketing purposes. We only share your data when necessary to provide our services, comply with legal obligations, or protect our legitimate interests.
Trusted Service Providers and Processors
We work with carefully selected third-party service providers who process personal data on our behalf under strict contractual terms:
E-commerce Platform:
• Wix – Website hosting, online store functionality, order management
• Location: Various (including servers outside UK/EEA with appropriate safeguards)
Payment Processing:
• Wix Payments, PayPal, Stripe (specify which you use) – Secure payment transaction processing
• These providers have their own privacy policies and security measures
• We never store complete payment card details on our servers
Delivery and Logistics:
• Royal Mail, DPD, DHL, UPS, Parcel Force (specify your couriers) – UK and EU delivery services
• We share name, delivery address, phone number, and order details necessary for shipping
• Couriers have their own privacy policies governing tracking and delivery data
Email and Marketing Services:
• Mailchimp, Klaviyo, SendGrid (specify your platform) – Email marketing and transactional email delivery
• We share email addresses, names, and preferences for customers who have consented to marketing
• These services are used to send order confirmations, shipping notifications, and promotional emails
Analytics and Advertising:
• Google Analytics – Website usage analysis and performance monitoring
• Google Ads, Meta (Facebook) Ads – Advertising campaign management and performance tracking
• Google Tag Manager – Tag and tracking code management
• These services may use cookies and tracking technologies (see our Cookie Policy)
Customer Support and Communication:
• Zendesk, Freshdesk (if applicable) – Customer service ticketing and support management
• Intercom, LiveChat (if applicable) – Live chat functionality
IT and Security Services:
• Cloud hosting providers
• Cybersecurity and anti-fraud services
• IT support and maintenance providers
• Backup and disaster recovery services
Business Intelligence and Operations:
• Accounting software providers (e.g., Xero, QuickBooks)
• CRM (Customer Relationship Management) systems
• Inventory management systems
Contractual Protections: All third-party processors are contractually required to:
• Process data only on our instructions
• Implement appropriate security measures
• Maintain confidentiality
• Delete or return data when services end
• Comply with UK GDPR and EU GDPR requirements
• Allow audits of their data protection practices
Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring organization. We will notify you of any such change and the new entity will be required to handle your data in accordance with this Privacy Policy.
Legal Requirements and Protection of Rights
We may disclose your personal data when required or permitted by law:
Legal Obligations:
• Compliance with court orders, subpoenas, or legal processes
• Responding to lawful requests from public authorities (police, tax authorities, regulatory bodies)
• Meeting regulatory reporting requirements
Protection of Rights:
• Enforcing our Terms and Conditions
• Protecting against fraud, security threats, or illegal activity
• Defending legal claims or investigations
• Protecting the rights, property, and safety of Spectrumtek, our customers, or others
With Your Consent
We may share your data with other third parties if you give us specific consent to do so.
Aggregated and Anonymous Data
We may share aggregated, anonymized data that cannot identify you personally with:
• Business partners for market research
• Industry associations for bench marking
• Researchers for statistical purposes
This anonymous data does not constitute personal data under GDPR.
________________________________________
6. International Data Transfers
Some of our service providers store or process personal data outside the United Kingdom and European Economic Area (EEA), which includes all EU member states plus Iceland, Liechtenstein, and Norway.
When we transfer your data internationally, we ensure it receives an equivalent level of protection as required by UK GDPR and EU GDPR.
How We Protect International Transfers
UK Adequacy Decisions: Countries recognized by the UK government as providing adequate data protection (e.g., EEA countries, certain other approved jurisdictions)
EU Adequacy Decisions: Countries recognized by the European Commission as providing adequate data protection
Standard Contractual Clauses (SCCs):
• Legally binding contracts approved by the UK Information Commissioner's Office (ICO) and the European Commission
• Impose data protection obligations on the recipient
• Provide enforceable rights for data subjects
• Most common mechanism for transfers to countries without adequacy decisions (e.g., United States)
Additional Safeguards:
• Encryption of data in transit and at rest
• Access controls and authentication measures
• Regular security audits of international processors
• Data Processing Agreements with strict security requirements
• Ongoing monitoring of third-party compliance
Your Rights Regarding International Transfers
You have the right to:
• Obtain information about the safeguards we use for international transfers
• Request copies of the Standard Contractual Clauses or other transfer mechanisms
• Object to specific transfers in certain circumstances
To obtain this information, contact us at info@spectrumtek.co.uk. We will provide details within one month.
Specific Service Providers with International Data Transfers
While specific providers may change, our current service providers that may involve international data transfers include:
• Cloud hosting services (servers may be located in multiple countries)
• Email marketing platforms (often use servers in the United States with SCC protection)
• Payment processors (global payment networks with data processed internationally)
• Analytics providers (Google Analytics processes data internationally)
All international transfers are conducted with appropriate safeguards as described above.
________________________________________
7. How Long We Keep Your Personal Data
Spectrumtek retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.
Retention Periods by Data Category
Order and Transaction Records:
• Retention period: 6 years from end of financial year in which transaction occurred
• Legal basis: UK tax law (HMRC requirements), EU equivalent requirements for accounting records
• Includes: Purchase history, invoices, payment records, delivery information, warranty information
Customer Accounts:
• Active accounts: Retained while account remains active and in use
• Inactive accounts: May be deleted after [2-3 years] of inactivity (we'll notify you beforehand)
• Deleted on request: We'll delete your account and associated data when you request it (subject to legal retention requirements)
• Includes: Login credentials, saved addresses, order history (see above for order retention), preferences
Email Marketing and Communications:
• Retention period: Until you unsubscribe or withdraw consent
• Post-unsubscribe: We retain a minimal record (email address + unsubscribed status) to prevent accidentally re-subscribing you
• Suppression list: Maintained indefinitely to honor your unsubscribe preference
Customer Service Communications:
• Retention period: 3 years after last contact
• Purpose: To maintain service history and resolve potential future issues
• Includes: Email correspondence, support tickets, warranty claims, technical queries
Website Analytics and Cookies:
• Retention period: Varies by cookie type (see Cookie Policy for details)
• Analytics data: Typically 26 months (Google Analytics default)
• Session cookies: Deleted when browser closes
• Persistent cookies: Expire after set period (14 days to 2 years depending on purpose)
Marketing Campaign Data:
• Retention period: 2 years from campaign end
• Purpose: Measuring campaign effectiveness and ROI
• Anonymized: After retention period, data is anonymized for historical analysis
Security and Fraud Prevention Records:
• Retention period: Up to 6 years
• Purpose: Fraud detection, security incident investigation, pattern recognition
• Legal basis: Legitimate interests in security and fraud prevention
CCTV Footage (if applicable to warehouse/office):
• Retention period: 30 days
• Purpose: Security and crime prevention
• Legal basis: Legitimate interests in property and personnel security
Data Deletion and Anonymization
After retention periods expire:
Secure Deletion:
• Data is permanently and securely deleted from active systems
• Backups containing expired data are overwritten according to backup rotation schedules
• Deletion methods meet industry standards for data sanitization
Anonymization:
• Some data may be anonymized rather than deleted
• Anonymized data cannot identify you personally
• Used for statistical analysis, business intelligence, and historical records
• Anonymous data is not subject to GDPR as it's no longer personal data
Extended Retention in Special Circumstances
We may retain data beyond standard periods when:
Legal Claims:
• Ongoing legal proceedings or disputes require retention
• Until claim is resolved and any appeal period expires
Regulatory Investigations:
• Required by regulatory authorities
• Until investigation concludes
Your Request:
• You've specifically requested we retain certain information
• Until you withdraw this request
We'll inform you if we extend retention periods for these reasons.
Early Deletion Requests
You can request deletion of your data before the standard retention period expires (Right to Erasure/"Right to be Forgotten"). However, we may need to retain certain data if:
• Required by law (e.g., financial records for tax purposes)
• Necessary for legal claims or defense
• Required to fulfill our contract with you (e.g., ongoing warranty coverage)
• Needed to comply with legal obligations
We'll explain any limitations when responding to your deletion request.
________________________________________
8. Your Rights Under UK GDPR and EU GDPR
Under UK and EU data protection law, you have powerful rights regarding your personal data. Spectrumtek is committed to facilitating the exercise of these rights.
1. Right of Access (Subject Access Request)
What it means: You can request a copy of the personal data we hold about you.
What you'll receive:
• Confirmation of whether we process your personal data
• Copy of your personal data in a commonly used electronic format
• Information about how we use your data, who we share it with, and how long we keep it
• Details of your other rights
How to exercise: Email info@spectrumtek.co.uk with "Subject Access Request" in the subject line. We may need to verify your identity before providing information.
Timeframe: We'll respond within one month (extendable by two further months for complex requests).
Cost: Usually free. We may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.
2. Right to Rectification
What it means: You can ask us to correct inaccurate or incomplete personal data.
Examples:
• Updating your delivery address
• Correcting misspelled name
• Adding missing information to your account
How to exercise: Email info@spectrumtek.co.uk or update information directly in your account settings (if available).
Timeframe: We'll make corrections within one month and notify any third parties with whom we've shared the incorrect data (where appropriate).
3. Right to Erasure ("Right to be Forgotten")
What it means: You can request deletion of your personal data in certain circumstances.
When it applies:
• Data is no longer necessary for the purpose it was collected
• You withdraw consent (where processing was based on consent)
• You object to processing and there are no overriding legitimate grounds
• Data has been unlawfully processed
• Legal obligation requires deletion
• Data was collected in relation to online services offered to a child
When we may refuse:
• Legal obligation requires us to retain data (e.g., 6-year tax record retention)
• Necessary for legal claims or defense
• Required to fulfill our contract with you
• Public interest, scientific research, or statistical purposes
How to exercise: Email info@spectrumtek.co.uk with "Deletion Request" in the subject line.
Timeframe: Within one month, we'll either delete your data or explain why we can't.
4. Right to Restriction of Processing
What it means: You can ask us to temporarily limit how we use your data.
When it applies:
• You contest the accuracy of data (we'll restrict until accuracy is verified)
• Processing is unlawful but you don't want data deleted
• We no longer need the data but you need it for legal claims
• You've objected to processing (we'll restrict while verifying our legitimate grounds)
Effect: We'll store the data but not otherwise process it (except with your consent, for legal claims, or to protect others' rights).
How to exercise: Email info@spectrumtek.co.uk with "Restriction Request" in the subject line.
5. Right to Data Portability
What it means: You can receive your personal data in a structured, commonly used, machine-readable format and transmit it to another organization.
When it applies:
• Processing is based on consent or contract performance
• Processing is carried out by automated means
What's included:
• Data you've provided to us
• In formats like CSV, JSON, or XML (commonly machine-readable)
What's NOT included:
• Data we've derived or inferred about you
• Data that would affect others' rights
How to exercise: Email info@spectrumtek.co.uk with "Data Portability Request" in the subject line, specifying format preference if you have one.
Timeframe: Within one month.
6. Right to Object
What it means: You can object to certain types of processing.
A. Object to Direct Marketing:
• Absolute right – we must stop immediately
• Includes email marketing, postal marketing, and marketing calls
• Also covers profiling for direct marketing purposes
How to object to marketing:
• Click "unsubscribe" in any marketing email (immediate effect)
• Email info@spectrumtek.co.uk
• Update preferences in your account
B. Object to Processing Based on Legitimate Interests:
• You can object to processing we conduct based on our legitimate interests
• We must stop unless we can demonstrate compelling legitimate grounds that override your interests
• Includes: fraud prevention (in some cases), business analytics, certain security measures
How to exercise: Email info@spectrumtek.co.uk with "Objection to Processing" in the subject line, explaining your grounds for objection.
C. Object to Automated Decision-Making and Profiling:
• You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal effects or similarly significantly affect you
• Note: Spectrumtek does not currently engage in automated decision-making that produces legal effects on individuals
7. Right to Withdraw Consent
What it means: Where we process your data based on consent, you can withdraw that consent at any time.
Applies to:
• Marketing communications
• Non-essential cookies
• Optional data processing activities
Effect:
• We'll stop processing for that purpose
• Doesn't affect lawfulness of processing before withdrawal
• Doesn't affect processing based on other legal grounds (e.g., contract, legal obligation)
How to exercise:
• Click "unsubscribe" in marketing emails
• Adjust cookie settings in browser
• Email info@spectrumtek.co.uk
• Update account preferences
8. Right to Lodge a Complaint with a Supervisory Authority
What it means: You can complain to a data protection supervisory authority if you believe we've violated your data protection rights.
For UK Residents:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
For EU Residents:
You can lodge a complaint with the supervisory authority in:
• Your country of habitual residence
• Your place of work
• The place where the alleged infringement occurred
Find your EU Data Protection Authority:
https://edpb.europa.eu/about-edpb/about-edpb/members_en
Our commitment: We take complaints seriously and encourage you to contact us first at info@spectrumtek.co.uk. We'll work to resolve your concerns promptly. However, you always have the right to approach a supervisory authority directly.
________________________________________
How to Exercise Your Rights
Step 1: Contact Us
Email: info@spectrumtek.co.uk
Subject line: Clearly state which right you're exercising (e.g., "Subject Access Request," "Deletion Request")
Step 2: Verify Your Identity
For security, we may ask you to verify your identity by providing:
• Order number from a recent purchase
• Email address associated with your account
• Registered billing address
• Other information that proves you are the data subject
Step 3: We'll Respond
• We'll acknowledge your request promptly
• We'll fulfill or respond to most requests within one month
• For complex or numerous requests, we may extend this by two additional months (we'll explain why)
• If we refuse a request, we'll explain the reasons and inform you of your right to complain to a supervisory authority
No charge: Exercising your rights is usually free. We may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests.
________________________________________
9. Cookies and Tracking Technologies
Spectrumtek uses cookies and similar tracking technologies to improve your browsing experience, analyze website traffic, and deliver personalized content and advertising.
What Are Cookies?
Cookies are small text files stored on your device (computer, smartphone, tablet) when you visit websites. They allow the website to recognize your device and remember information about your visit.
Types of Cookies We Use
1. Strictly Necessary Cookies (Essential)
• Purpose: Enable core website functionality
• Examples: Shopping cart, secure login, payment processing, security features
• Duration: Session (deleted when browser closes) or short-term persistent
• Legal basis: Legitimate interests (necessary for website operation)
• Can you refuse? No – these are essential for the website to work. Disabling these cookies will prevent core functionality.
2. Performance and Analytics Cookies
• Purpose: Understand how visitors use our website
• Examples: Google Analytics, page load times, error tracking, popular pages
• Duration: Typically 26 months (Google Analytics default)
• Legal basis: Consent (required under UK GDPR and EU GDPR for non-essential cookies)
• Can you refuse? Yes – via cookie banner or browser settings
3. Functionality Cookies
• Purpose: Remember your preferences and settings
• Examples: Language preference, currency, previously viewed products, saved filters
• Duration: Varies (typically 30 days to 2 years)
• Legal basis: Consent or legitimate interests (depending on specific cookie)
• Can you refuse? Yes – but website experience may be degraded
4. Advertising and Marketing Cookies
• Purpose: Deliver relevant advertisements and measure campaign effectiveness
• Examples: Google Ads, Meta Pixel (Facebook/Instagram), retargeting pixels
• Duration: Typically 90 days to 2 years
• Legal basis: Consent (required)
• Can you refuse? Yes – via cookie banner or browser settings
• Third parties: These cookies are often placed by advertising platforms and governed by their privacy policies
How to Control Cookies
Cookie Consent Banner:
• When you first visit our website, you'll see a cookie consent banner
• You can accept all cookies, reject non-essential cookies, or customize your preferences
• You can change your choices at any time by [accessing cookie preferences link in footer]
Browser Settings:
• All modern browsers allow you to refuse cookies or delete existing cookies
• Chrome: Settings > Privacy and Security > Cookies and other site data
• Firefox: Settings > Privacy & Security > Cookies and Site Data
• Safari: Preferences > Privacy > Cookies and website data
• Edge: Settings > Cookies and site permissions
Warning: Blocking all cookies will prevent some website features from working, including shopping cart functionality and secure login.
Third-Party Opt-Out Tools:
• Google Analytics Opt-out: https://tools.google.com/dlpage/gaoptout
• Network Advertising Initiative: https://optout.networkadvertising.org/
• European Interactive Digital Advertising Alliance: https://www.youronlinechoices.com/
Full Cookie Policy
For comprehensive details on all cookies used by Spectrumtek, including specific cookie names, purposes, and durations, please see our [Cookie Policy] [link to separate cookie policy page if you have one].
Do Not Track Signals
Some browsers have "Do Not Track" (DNT) features. Our website does not currently respond to DNT signals, as there is no industry consensus on how to interpret them. We will update our practices if industry standards develop.
________________________________________
10. How We Protect Your Personal Data
Spectrumtek takes data security seriously and implements appropriate technical and organizational measures to protect your personal information from unauthorized access, loss, misuse, alteration, or destruction.
Technical Security Measures
Encryption:
• HTTPS/SSL encryption for all website traffic (data in transit is encrypted)
• Encrypted data storage for sensitive information at rest
• TLS (Transport Layer Security) for email communications containing personal data
Secure Payment Processing:
• PCI DSS compliant payment processing through certified third-party providers (PayPal, Stripe, Wix Payments)
• We never store complete payment card details on our servers
• Tokenization of payment information where applicable
Access Controls:
• Role-based access control (RBAC) – employees only access data necessary for their job function
• Multi-factor authentication (MFA) for administrative access to systems
• Strong password policies enforced for all accounts
• Regular access reviews to ensure appropriate permissions
Network Security:
• Firewall protection on all network perimeters
• Intrusion detection and prevention systems (IDS/IPS)
• Anti-malware and antivirus software on all systems
• Regular security patches and updates applied promptly
• Vulnerability scanning and penetration testing conducted periodically
Data Backup and Recovery:
• Regular automated backups of critical data
• Encrypted backup storage in geographically separate locations
• Disaster recovery plans to ensure business continuity
• Regular backup restoration testing to verify integrity
Fraud Prevention:
• Anti-fraud systems to detect suspicious transactions
• Address verification for high-value orders
• Suspicious pattern detection algorithms
• Manual review of flagged orders
Organizational Security Measures
Staff Training:
• Data protection training for all employees handling personal data
• Security awareness programs covering phishing, social engineering, and best practices
• Regular refresher training on GDPR compliance and security protocols
• Confidentiality agreements signed by all staff
Policies and Procedures:
• Data Protection Policy governing internal data handling
• Data Breach Response Plan for rapid incident response
• Data Retention and Deletion Policy ensuring compliant data lifecycle management
• Access Control Policy defining who can access what data
• Vendor Management Policy for third-party processor oversight
Physical Security:
• Secure facilities with access controls for offices containing data
• Visitor management procedures
• Clean desk policy to prevent unauthorized access to physical documents
• Secure disposal of paper records containing personal data (shredding)
Vendor Management:
• Due diligence assessments before engaging third-party processors
• Data Processing Agreements with contractual security obligations
• Regular audits of third-party security practices
• Right to audit clauses in contracts
Monitoring and Logging:
• Security event logging to detect unauthorized access attempts
• Regular log review by security personnel
• Anomaly detection systems to identify unusual patterns
• Audit trails for sensitive data access
Data Breach Response
Despite our best efforts, no data transmission over the internet or storage system is 100% secure. In the unlikely event of a personal data breach:
Immediate Response:
• Contain the breach to prevent further data loss
• Assess severity and determine affected individuals
• Document the incident with full details
Notification:
• Supervisory Authority: We'll notify the ICO (UK) or relevant EU authority within 72 hours if the breach poses a risk to your rights and freedoms
• Affected Individuals: We'll notify you without undue delay if the breach poses a high risk to your rights and freedoms
• Communication: We'll explain what happened, what data was affected, likely consequences, and measures we're taking
Remediation:
• Close security gaps that caused the breach
• Implement additional safeguards to prevent recurrence
• Review and update security policies and procedures
• Provide support to affected individuals (e.g., identity monitoring if appropriate)
Your Role in Security
While we implement robust security measures, you also play a role in protecting your data:
Account Security:
• Use strong, unique passwords for your SpectrumTek account
• Don't share your login credentials with others
• Log out after using shared or public computers
• Enable two-factor authentication if available
Recognize Phishing:
• Be suspicious of unsolicited emails asking for personal information
• Verify sender before clicking links or downloading attachments
• Don't click suspicious links – navigate to our website directly
• Report suspicious emails purporting to be from Spectrumtek to info@spectrumtek.co.uk
Secure Your Devices:
• Keep software updated with latest security patches
• Use antivirus software on your devices
• Secure your Wi-Fi network with strong encryption
• Be cautious on public Wi-Fi – avoid entering sensitive information
Security Disclaimer
While Spectrumtek employs industry-standard security measures and continuously works to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your personal information.
You transmit information to us at your own risk. However, once we receive your data, we use commercially reasonable efforts to protect it in accordance with this Privacy Policy and applicable law.
If you have security concerns or questions about our practices, contact us at info@spectrumtek.co.uk.
________________________________________
11. Children's Privacy
Spectrumtek is committed to protecting the privacy of children.
Age Restriction:
• Our website and services are not intended for individuals under 16 years of age
• We do not knowingly collect personal data from children under 16
• We do not knowingly market to children
Parental Notice: If you are a parent or guardian and believe your child under 16 has provided us with personal information, please contact us immediately at info@spectrumtek.co.uk.
Our Response:
• We will promptly investigate any reports of data collection from children
• We will permanently delete any personal data from children under 16
• We will take additional safeguards to prevent future collection from minors
Age Verification:
• We may request age verification during account creation
• We rely on honest disclosure of age during registration
• If we discover a user is under 16, we will terminate the account and delete associated data
Note: The age of digital consent varies across EU member states (from 13-16 years depending on country). We apply the highest standard (16 years) across all jurisdictions to ensure comprehensive protection.
________________________________________
12. Marketing Communications
Spectrumtek respects your communication preferences and complies with UK and EU marketing regulations.
When We Send Marketing
With Your Consent: We will only send you marketing emails, promotional offers, newsletters, and product updates if:
• You've explicitly consented by ticking an opt-in box during checkout or account creation
• You've subscribed to our mailing list
• You've entered a competition or promotion and consented to marketing
Soft Opt-In (Existing Customers): Under UK law, we may send marketing about similar products to existing customers who purchased from us, provided:
• You haven't opted out
• We gave you an easy opt-out option at the time of sale
• You're given an easy opt-out in every marketing message
Types of Marketing Communications
Email Marketing:
• New product launches relevant to your interests (off-road, agricultural, commercial, etc.)
• Special offers, discounts, and sales promotions
• LED lighting technology updates and innovations
• Installation guides, how-to articles, and technical content
• Company news and updates
• Exclusive customer-only deals
Frequency:
• We send marketing emails approximately [X] times per month
• We may send more frequent communications during special sales periods
• You can adjust frequency preferences in your account or by contacting us
What We Don't Do
We will NOT:
• Sell your email address to third parties for their marketing
• Send marketing to anyone who hasn't consented or who has opted out
• Make it difficult to unsubscribe
• Continue sending marketing after you've unsubscribed
• Send spam or unsolicited communications
How to Unsubscribe
Easy Unsubscribe Options:
1. Click "Unsubscribe" Link:
• Every marketing email contains a clear "unsubscribe" link at the bottom
• One click removes you from marketing emails immediately
• Effect is permanent (we won't re-subscribe you without your explicit consent)
2. Update Account Preferences:
• Log into your Spectrumtek account
• Navigate to "Communication Preferences" or "Email Settings"
• Adjust your preferences or unsubscribe completely
3. Email Us:
• Send email to info@spectrumtek.co.uk with "Unsubscribe" in subject line
• Include the email address you want removed
• We'll process your request within 48 hours
4. Contact Customer Service:
Email: info@spectrumtek.co.uk
What Happens After You Unsubscribe
Marketing Stops:
• You'll stop receiving promotional emails within 48 hours
• May take up to 5 business days if an email campaign was already scheduled
Transactional Emails Continue: You'll still receive essential, non-marketing emails including:
• Order confirmations
• Shipping notifications
• Delivery updates
• Warranty and returns information
• Customer service responses
• Account security notifications
• Legal notices and policy updates
These transactional emails are necessary to fulfill our contract with you and are sent based on legal grounds other than consent.
Suppression List:
• We maintain a suppression list of unsubscribed email addresses
• Ensures we don't accidentally re-add you to marketing
• This minimal record (email address + unsubscribed status) is retained indefinitely to protect your preferences
Profiling and Personalisation
What We Do:
• Segment email lists based on purchase history and interests (e.g., off-road enthusiasts, agricultural customers, fleet operators)
• Personalize content to show products relevant to your previous purchases or browsing
• Optimize send times based on when you typically engage with emails
Your Rights:
• You can object to profiling for direct marketing purposes
• You can request details about how we profile and segment our audience
• You can opt out entirely by unsubscribing
Third-Party Marketing
We do NOT share your contact information with third parties for their marketing purposes.
However, we use third-party platforms to deliver our marketing:
• Email service providers (e.g., Mailchimp, Klaviyo)
• Advertising platforms (e.g., Google Ads, Meta/Facebook Ads)
These platforms are bound by Data Processing Agreements and cannot use your data for their own marketing.
Your Control
You are always in control of the marketing communications you receive from Spectrumtek. We respect your preferences and make it easy to opt out at any time.
Questions about marketing? Contact info@spectrumtek.co.uk.
________________________________________
13. Updates to This Privacy Policy
Spectrumtek may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.
When We Update This Policy
Reasons for updates:
• Changes to UK or EU data protection law
• Introduction of new products, services, or features
• Changes to how we collect, use, or share personal data
• Feedback from regulators or supervisory authorities
• Improvements to transparency and clarity
• Addition or removal of third-party service providers
How We Notify You of Changes
Minor Changes:
• Posted on this page with updated "Last Updated" date at the top
• No additional notification required
• We encourage you to review this policy periodically
Material or Significant Changes:
• Email notification sent to registered customers
• Prominent notice on our website homepage
• Pop-up or banner when you next visit our site
• Explanation of changes and how they affect you
• Opportunity to review updated policy before it takes effect
What constitutes a "material" change:
• New purposes for processing personal data
• Sharing data with new categories of third parties
• International transfers to new countries without adequacy decisions
• Significant changes to your rights or our obligations
• Major changes to data retention periods
• Substantial expansion of data collection
Your Continued Use
By continuing to use Spectrumtek's website and services after we post changes to this Privacy Policy, you acknowledge and accept the updated policy.
If you disagree with changes:
• You can stop using our services
• You can delete your account (contact us at info@spectrumtek.co.uk)
• You can exercise your data protection rights (including right to erasure)
Version History
Current Version:
• Version: 2.0
• Effective Date: 25 January 2026
• Summary of Changes: Added EU GDPR compliance, expanded rights section, clarified international transfers, enhanced security section
Previous Versions:
• Available upon request by contacting info@spectrumtek.co.uk
Regular Review
We review this Privacy Policy at least annually to ensure it remains:
• Accurate – Reflects our actual practices
• Compliant – Meets current legal requirements
• Clear – Easy to understand for customers
• Comprehensive – Covers all aspects of data processing
Last Reviewed: January 2026
Next Scheduled Review: January 2027
How to Stay Informed
Subscribe to Updates:
• Join our mailing list to receive notifications of policy changes
• Check this page periodically for the "Last Updated" date
• Bookmark this page for easy access
Questions about Changes: If you have questions about changes to this Privacy Policy or how they affect you, contact us at info@spectrumtek.co.uk. We're happy to explain updates in detail.
________________________________________
14. Contact Us & Data Protection Enquiries
Spectrumtek is committed to transparency and protecting your privacy rights. If you have any questions, concerns, or requests related to this Privacy Policy or how we handle your personal data, please don't hesitate to contact us.
General Contact Information
Email:
info@spectrumtek.co.uk
Post:
SpectrumTek Ltd
71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom

Business Hours: Monday-Friday, 9:00 AM - 5:00 PM (GMT/BST)

What We Can Help With
Privacy Policy Questions:
• Clarification on any section of this policy
• Explanation of how we use specific types of data
• Information about third parties we work with
• Details about international data transfers
Exercising Your Rights:
• Subject Access Requests (request copy of your data)
• Rectification (correct inaccurate data)
• Erasure (delete your data)
• Restriction of processing
• Data portability
• Objection to processing
• Withdrawal of consent
Data Concerns:
• Suspected data breach
• Unauthorized access to your account
• Concerns about how your data is being used
• Questions about data retention
• Third-party data sharing concerns
Marketing and Communications:
• Unsubscribe from marketing emails
• Update communication preferences
• Report spam or suspicious emails claiming to be from Spectrumtek
Technical Issues:
• Cookie and tracking technology questions
• Website privacy settings
• Account security concerns
Response Times
General Enquiries:
• We aim to respond within 48 hours during business days (Monday-Friday)
Data Protection Rights Requests:
• We'll acknowledge receipt immediately
• Full response provided within one month
• May extend by two additional months for complex requests (we'll explain why)
Urgent Security Matters:
• Priority response for data breach reports and account security issues
• Initial response within 24 hours
How to Submit a Request
For Best Results, Include:
1. Clear subject line – State the nature of your request (e.g., "Subject Access Request," "Unsubscribe from Marketing")
2. Your contact information – Email address associated with your account, order number, registered address
3. Specific details – What you're requesting, what data you're concerned about
4. Proof of identity – For security, we may ask you to verify identity before processing certain requests
Identity Verification: To protect your privacy, we may request:
• Recent order number
• Registered email address and billing address
• Other information that proves you are the account holder
This prevents unauthorized access to your personal data.
Complaints and Concerns
Contact Us First: We encourage you to contact us directly if you have concerns about how we've handled your personal data. We take all complaints seriously and will work to resolve issues promptly and fairly.
Escalate to Supervisory Authority: If you're not satisfied with our response or believe we've violated data protection law, you have the right to lodge a complaint with a supervisory authority:
UK Residents:
Information Commissioner's Office (ICO)
Website: https://ico.org.uk/make-a-complaint/
Phone: 0303 123 1113
Email: casework@ico.org.uk
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
EU Residents:
Contact the data protection authority in your country of residence or where the alleged infringement occurred.
Find your EU DPA: https://edpb.europa.eu/about-edpb/about-edpb/members_en
Legal Entity Information
Full Company Name: Spectrumtek Ltd
Registered Office Address:
71-75 Shelton Street
Covent Garden
London, WC2H 9JQ
United Kingdom
Country of Incorporation: England and Wales
This information is provided to ensure full transparency and meet regulatory requirements for data controllers operating in the UK and EU.
________________________________________
Summary: Your Privacy Matters to Spectrumtek
We are committed to:
✅ Transparency – Clear communication about how we use your data
✅ Security – Robust technical and organizational measures to protect your information
✅ Control – Giving you rights and choices over your personal data
✅ Compliance – Meeting all UK GDPR and EU GDPR requirements
✅ Respect – Honoring your preferences, especially regarding marketing
✅ Accountability – Taking responsibility for protecting your privacy
You can trust Spectrumtek with your personal data. We handle it with care, use it responsibly, and protect it diligently as we serve customers throughout the United Kingdom and European Union.
Questions? Contact us anytime at info@spectrumtek.co.uk
________________________________________
Spectrumtek Ltd – Professional LED Lighting & Controllers. Privacy Protected. Trust Assured.