GDPR Compliance

Your data protection rights under UK GDPR

Last updated: January 2024

Luminex Wave is committed to complying with data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page outlines how we uphold your data protection rights and fulfil our obligations as a data controller.

Our Commitment

We treat your personal data with respect and care. Our approach to data protection is built on the following principles:

  • We process personal data lawfully, fairly, and transparently
  • We collect data only for specified, explicit, and legitimate purposes
  • We minimise data collection to what is necessary
  • We keep data accurate and up to date
  • We retain data only as long as necessary
  • We implement appropriate security measures

Your Rights Under UK GDPR

Data protection law provides you with specific rights regarding your personal information. We are committed to facilitating the exercise of these rights.

Right to Be Informed

You have the right to know how we collect and use your personal data. Our Privacy Policy provides comprehensive information about our data processing activities, including the purposes of processing, the legal bases we rely on, and how long we retain your data.

Right of Access

You can request a copy of the personal information we hold about you. This is commonly known as a Subject Access Request (SAR). We will respond to such requests within one month, providing the information free of charge in most cases. If a request is manifestly unfounded or excessive, we may charge a reasonable fee or refuse to comply.

Right to Rectification

If you believe the personal data we hold about you is inaccurate or incomplete, you have the right to request correction. We will address rectification requests within one month and will inform any third parties with whom we have shared your data about the correction.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal ground for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

Please note that we may be required to retain certain data to comply with legal or regulatory obligations, particularly in financial services.

Right to Restrict Processing

You can request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or when processing is unlawful but you do not want erasure.

Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data directly to another organisation where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will cease such processing immediately. For other objections, we will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. Where such processing is necessary for a contract or based on consent, you have the right to obtain human intervention, express your point of view, and contest the decision.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact our Data Protection Officer:

Data Protection Officer
Luminex Wave
47 Queens Road
Clifton, Bristol
BS8 1QQ

Email: [email protected]

When making a request, please provide sufficient information to verify your identity and clearly describe the right you wish to exercise. We may ask for additional information to confirm your identity before proceeding.

Response Times

We aim to respond to all data protection requests within one month of receipt. If a request is particularly complex or we receive multiple requests, we may extend this period by up to two additional months. In such cases, we will inform you of the extension and explain the reasons within the first month.

Legal Bases for Processing

We process personal data under the following legal bases:

  • Contract: Processing necessary to perform our agreement with you
  • Legal obligation: Processing required to comply with laws and regulations, including financial services regulations
  • Legitimate interests: Processing for our business interests where these do not override your fundamental rights
  • Consent: Processing based on your explicit, informed consent

Data Protection Measures

We implement appropriate technical and organisational measures to ensure the security of personal data, including:

  • Encryption of data in transit and at rest
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and audits
  • Staff training on data protection principles
  • Incident response procedures for data breaches
  • Secure disposal of data when no longer needed

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

International Data Transfers

We primarily process personal data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK authorities, adequacy decisions, or other valid transfer mechanisms under UK GDPR.

Complaints

If you are dissatisfied with how we have handled your personal data or responded to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: ico.org.uk

We encourage you to contact us first so we have the opportunity to address your concerns directly.

Updates

We may update this page to reflect changes in our practices or legal requirements. Material changes will be communicated through our website. We recommend reviewing this page periodically.