Our Commitment to GDPR
lumina-fine is committed to ensuring the protection and proper handling of personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines our approach to data protection and your rights as a data subject.
Data Controller
lumina-fine acts as the data controller for personal information collected through this website and in the course of providing our services. We are responsible for determining how and why your personal data is processed.
Lawful Basis for Processing
We process personal data only when we have a lawful basis to do so. The legal bases we rely upon include:
- Consent: Where you have given clear consent for us to process your personal data for a specific purpose
- Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
- Legal obligation: Where processing is necessary for compliance with a legal obligation
- Legitimate interests: Where processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights
Your Data Protection Rights
Under the UK GDPR, you have the following rights:
- Right of access: You can request a copy of the personal data we hold about you
- Right to rectification: You can request correction of inaccurate or incomplete data
- Right to erasure: You can request deletion of your personal data in certain circumstances
- Right to restrict processing: You can request that we limit how we use your data
- Right to data portability: You can request a copy of your data in a machine-readable format
- Right to object: You can object to certain types of processing, including direct marketing
- Rights related to automated decision-making: You have the right not to be subject to decisions based solely on automated processing
How to Exercise Your Rights
To exercise any of your data protection rights, please contact us using the details provided below. We will respond to your request within one month of receipt. In certain circumstances, this period may be extended by two further months where necessary, taking into account the complexity and number of requests.
Data Security Measures
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing personal data. These measures include:
- Secure storage of electronic and physical records
- Access controls limiting who can view personal data
- Regular review of our data handling practices
- Staff training on data protection requirements
International Data Transfers
We do not routinely transfer personal data outside the United Kingdom. If such transfers become necessary, we will ensure appropriate safeguards are in place in accordance with UK GDPR requirements.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
Complaints
If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). You can contact the ICO through their website at ico.org.uk or by post at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Contact Our Data Protection Team
For any questions regarding this notice or our data protection practices, please contact us at [email protected] or write to our office address.
Last updated: June 2026