Introduction
We take the protection of the data of the users of our website very seriously and are committed to safeguarding the information that users provide to us in connection with their use of our website. Furthermore, we are committed to protecting and using your data in accordance with applicable law.
This Privacy Policy explains our practices regarding the collection, use, and disclosure of your data through the use of our digital services when you access the services via your devices.
Please read this Privacy Policy carefully and make sure you fully understand our practices regarding your data before using our services. If you have read this policy, fully understand it, and do not agree with our practices, you must discontinue using our digital services. By using our services, you acknowledge the terms of this Privacy Policy. Continued use of the services constitutes your consent to this Privacy Policy and any amendments thereto.

In this Privacy Policy you will learn:
• How we collect data
• What data we collect
• Why we collect these data
• To whom we disclose the data
• Where the data is stored
• How long the data is retained
• How we protect the data
• How we handle minors
• Updates or changes to the Privacy Policy

What data do we collect?
Below is an overview of the data we may collect:

• Unidentified and non-identifiable information that you provide during the registration process or that is collected through the use of our services (“non-personal data”). Non-personal data do not allow for the identification of the individual from whom they were collected. The non-personal data we collect mainly consist of technical and aggregated usage information.
• Individually identifiable information, i.e. any data that can identify you or could reasonably be used to identify you (“personal data”). The personal data we collect through our services may include information requested from time to time, such as names, email addresses, postal addresses, telephone numbers, IP addresses, and more. If we combine personal and non-personal data, we will treat them as personal data for as long as they remain combined.

How do we collect data?
Below are the main methods we use to collect data:

• We collect data when you use our services. When you use our digital services, we may collect, record, and store usage, sessions, and related information.
• We collect data that you provide directly to us, for example, when you contact us directly through a communication channel (e.g., an email containing a comment or feedback).
• We may collect data from third-party sources, as described below.

Why do we collect these data?
We may use your data for the following purposes:

• to provide and operate our services;
• to develop, customize, and improve our services;
• to respond to your feedback, requests, and inquiries and to provide support;
• to analyze demand and usage patterns;
• for other internal, statistical, and research purposes;
• to enhance our data security and fraud prevention capabilities;
• to investigate violations and enforce our terms and policies, and to comply with applicable laws, regulations, or governmental requests;
• to send newsletters, updates, and other information related to Lights. You may choose whether you wish to continue receiving such emails. If not, simply click the unsubscribe link in these emails.

To whom do we disclose this data?
We may share your data with our service providers to operate our services (e.g., storing data through third-party hosting services, providing technical support, etc.).

We may also disclose your data under the following circumstances:
(i) to investigate, detect, prevent, or take action regarding unlawful activities or other misconduct;
(ii) to establish or exercise our legal rights;
(iii) to protect our rights, property, or personal safety, as well as the safety of our users or the public;
(iv) to collect, hold, and/or manage your data through authorized third-party providers (e.g., cloud service providers), as appropriate for charitable purposes;
(vi) to collaborate with third-party providers to improve your user experience.
To avoid misunderstandings, we clarify that we may transfer, share, or otherwise use non-personal data at our sole discretion.

When you visit or access our services, we authorize third parties to use web beacons, cookies, pixel tags, scripts, and other technologies and analytics tools (“tracking technologies”). These technologies may allow third parties to automatically collect your data to improve your navigation experience on our digital assets, optimize their performance, deliver a tailored user experience, and support security and fraud prevention.

For more information, please read our Cookie Policy.

Without your consent, we will not share your email address or other personal data with advertising companies or advertising networks.

We may provide advertising through our services and digital assets (including websites and applications that use our services), which may also be tailored to you—such as ads based on your recent browsing behavior across websites, devices, or browsers.

Where do we store the data?

Non-personal data
Please note that our organization, as well as our trusted partners and service providers, are located around the world. For the purposes described in this Privacy Policy, we store and process all non-personal data we collect in various jurisdictions.

Personal data
Personal data may be maintained, processed, and stored in Germany and Uganda, and, as legally required or necessary for the proper provision of our services, in other jurisdictions (as further explained below).

How long are the data retained?
Category: Always
Please note that we retain the collected data for as long as necessary to provide our services, comply with our legal and contractual obligations to you, resolve disputes, and enforce our agreements.
We may correct, amend, or delete inaccurate or incomplete data at our own discretion at any time.

How do we protect the data?
The hosting service for our digital assets provides us with the online platform that allows us to offer our services to you. Your data may be stored through our hosting provider’s data storage, databases, and general applications. They store your data on secure servers behind a firewall and provide secure HTTPS access to most areas of their services.

All payment options offered by us and our hosting provider for our digital assets comply with the PCI-DSS (Payment Card Industry Data Security Standard) requirements of the PCI Security Standards Council, a collaboration of brands such as Visa, MasterCard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of credit card information (including physical, electronic, and procedural measures) by our store and service providers.

Despite the measures and efforts undertaken by us and our hosting provider, we cannot guarantee absolute protection and absolute security of the data you upload, post, or otherwise share with us or others.
For this reason, we ask that you set secure passwords and, whenever possible, refrain from transmitting confidential information to us or others whose disclosure you believe could cause you significant or lasting harm. As email and instant messaging are not considered secure communication channels, we also ask that you avoid sharing confidential information via these channels.

How do we handle minors?
The services are not intended for users who have not yet reached the legal age of majority. We will not knowingly collect data from children. If you are not of legal age, you should not download or use the services or provide any information to us.

We reserve the right to request proof of age at any time to verify that minors are not using our services. If we become aware that a minor is using our services, we may deny and block their access and may delete any data stored about that user. If you believe that a minor has provided data to us, please contact us as described below.

We use your personal data only for the purposes set out in this Privacy Policy and only when we believe that:

• the use of your personal data is necessary to perform or enter into a contract (e.g., to provide the services themselves or customer or technical support);
• the use of your personal data is necessary to comply with legal or regulatory obligations; or
• the use of your personal data is necessary to support our legitimate business interests (provided that this is always done in a proportionate manner and with respect for your privacy rights).

As an EU resident, you may:

• request confirmation as to whether personal data concerning you are being processed or not, and request access to your stored personal data and certain supplementary information;
• request receipt of the personal data you have provided to us in a structured, commonly used, and machine-readable format;
• request the rectification of your personal data stored with us;
• request the deletion of your personal data;
• object to the processing of your personal data;
• request the restriction of the processing of your personal data; or
• lodge a complaint with a supervisory authority.

Please note, however, that these rights are not unlimited and may be subject to our own legitimate interests and regulatory requirements. If you have general questions about the personal data we collect and how we use them, please contact us as described below.

In the course of providing the services, we may transfer data across borders to affiliated companies or other third parties and from your country/jurisdiction to other countries/jurisdictions worldwide. By using the services, you consent to the transfer of your data outside the EEA.

If you are a resident of the EEA, your personal data will only be transferred to locations outside the EEA when we are satisfied that adequate or comparable levels of data protection are in place. We will take appropriate steps to ensure that we have suitable contractual arrangements with our third parties to ensure that adequate safeguards are implemented to minimize the risk of unlawful use, alteration, deletion, loss, or theft of your personal data and that these third parties act at all times in accordance with applicable laws.

We do not sell users' personal data for the purposes and intentions of the CCPA.

Updates or changes to the Privacy Policy
We may revise this Privacy Policy at our sole discretion from time to time; the version published on the website is always current (see “Last revised” below). We ask that you review this Privacy Policy regularly for any updates. In the event of material changes, we will post a notice about them on our website. If you continue to use the services after receiving notice of changes on our website, this constitutes your acknowledgment and agreement to the updated Privacy Policy and your consent to be bound by the terms of these changes.

Contact
If you have general questions about the services or the data we collect about you and how we use them, please contact us at:

Email address: lights.uganda@gmail.com

DISCLAIMER
The information contained herein does not constitute legal advice and should not be relied upon as such. Specific requirements regarding legal terminology and policies may vary from state to state and/or jurisdiction to jurisdiction. As stated in our Terms of Use, you are responsible for ensuring that your services are permitted under the laws applicable to you and that you comply with them.
To ensure that you fully meet your legal obligations, we strongly recommend seeking professional legal advice to better understand the requirements that apply specifically to you.

Last revised in November 2025