GDPR Compliance

Your data protection rights under UK and EU law

Our Commitment to Data Protection

Luminous Bond Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our responsibilities regarding your personal data seriously and have implemented robust measures to ensure compliance.

This page provides specific information about your rights under data protection law and how we fulfil our obligations as a data controller.

Data Controller Information

Luminous Bond Ltd acts as the data controller for personal information processed in connection with our services. This means we determine the purposes and means of processing your personal data.

Data Controller: Luminous Bond Ltd
Address: 47 Colmore Row, Birmingham, B3 2BS
Email: [email protected]

Principles of Data Processing

We adhere to the core principles established by data protection legislation:

  • Lawfulness, fairness, and transparency: We process data only when we have a lawful basis and are transparent about our practices
  • Purpose limitation: We collect data for specified, explicit purposes and do not process it in ways incompatible with those purposes
  • Data minimisation: We collect only the data necessary for the purposes we have identified
  • Accuracy: We take reasonable steps to ensure personal data is accurate and up to date
  • Storage limitation: We retain data only for as long as necessary for the purposes collected
  • Integrity and confidentiality: We implement appropriate security measures to protect personal data
  • Accountability: We maintain records and can demonstrate compliance with these principles

Your Data Subject Rights

Under data protection law, you have several rights regarding your personal information:

Right of Access

You may request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR). We will provide this information free of charge within one month of receiving your request. In complex cases, we may extend this period by a further two months, but we will inform you if this is necessary.

Right to Rectification

If you believe any personal data we hold is inaccurate or incomplete, you have the right to request correction. We will respond within one month and either make the correction or explain why we believe the data is accurate.

Right to Erasure

In certain circumstances, you may request deletion of your personal data. This right applies when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and no other legal basis applies
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with a legal obligation

This right is not absolute. We may refuse erasure where we need to retain data to comply with legal obligations or for the establishment, exercise, or defence of legal claims.

Right to Restriction of Processing

You may request that we limit how we use your data. This applies when:

  • You contest the accuracy of the data (restriction applies while we verify)
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing (restriction applies while we consider your objection)

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format. You may also request that we transmit this data directly to another controller where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is for legal claims.

You have an absolute right to object to processing for direct marketing purposes.

Rights Related to Automated Decision-Making

You have rights in relation to automated decision-making, including profiling, that produces legal effects or similarly significantly affects you. Currently, we do not use fully automated decision-making processes that would fall under this provision.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected] with sufficient information to identify yourself and specify which right you wish to exercise.

We may request additional information to verify your identity before processing your request. This is a security measure to ensure personal data is not disclosed to unauthorised persons.

We will respond to valid requests within one month. If your request is complex or we receive multiple requests, we may extend this by a further two months and will notify you accordingly.

Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Performance of a contract: Processing necessary to deliver services you have requested
  • Legitimate interests: Processing necessary for our legitimate business interests, provided these do not override your fundamental rights
  • Legal obligation: Processing required to comply with laws applicable to our business
  • Consent: Where you have given explicit consent for specific processing activities

Data Protection Impact Assessments

For processing activities likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments (DPIAs) to identify and minimise risks. This includes assessments when implementing new technologies or processing special category data.

Data Breach Procedures

We have procedures in place to detect, investigate, and report personal data breaches. Where a breach is likely to result in a risk to individuals' rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to affected individuals, we will also notify those individuals directly.

International Transfers

We primarily process data within the United Kingdom. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with adequacy decisions
  • Standard contractual clauses approved by the Information Commissioner
  • Binding corporate rules where applicable

Third-Party Processors

Where we engage third parties to process personal data on our behalf, we ensure:

  • Written contracts are in place setting out the processor's obligations
  • Processors provide sufficient guarantees of compliance with data protection requirements
  • Processors act only on our documented instructions
  • Appropriate technical and organisational security measures are implemented

Record Keeping

We maintain records of our processing activities as required by Article 30 of the UK GDPR. These records include the purposes of processing, categories of data subjects and personal data, recipients, transfers, retention periods, and security measures.

Supervisory Authority

The supervisory authority for data protection in the United Kingdom is the Information Commissioner's Office (ICO). If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the ICO:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire, SK9 5AF
Website: ico.org.uk

We would appreciate the opportunity to address any concerns before you approach the ICO, so please contact us in the first instance.

Updates to This Information

We review our data protection practices regularly and may update this information accordingly. Significant changes will be communicated appropriately.

This page was last reviewed in January 2026.

We use cookies to enhance your browsing experience and analyse site traffic. By continuing to use this site, you consent to our use of cookies. Learn more

Cookie Preferences

Necessary Cookies

Essential for the website to function properly. These cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website by collecting anonymous information.

Marketing Cookies

Used to track visitors across websites to display relevant advertisements.

Preference Cookies

Allow the website to remember choices you make and provide enhanced features.