Information presented on this website is promotional in nature

Last updated: 18 June 2026

Our Commitment to Data Protection

lucidior-scrub is committed to ensuring that your personal data is protected and handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines our approach to data protection and your rights under these regulations.

Data Controller

lucidior-scrub acts as the data controller for personal information collected through our website and in the course of providing our services. This means we are responsible for deciding how we hold and use personal information about you.

Contact details:

Email: [email protected]

Address: Greenfield House, 47 Victoria Street, Bristol, BS1 6BY, United Kingdom

Principles of Data Processing

We adhere to the following data protection principles when processing your personal data:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
  • Purpose limitation: We collect data only for specified, explicit, and legitimate purposes
  • Data minimisation: We ensure data collected is adequate, relevant, and limited to what is necessary
  • Accuracy: We take reasonable steps to ensure data is accurate and kept up to date
  • Storage limitation: We keep data only for as long as necessary
  • Integrity and confidentiality: We process data securely and protect against unauthorised access
  • Accountability: We are responsible for demonstrating compliance with these principles

Types of Personal Data We Process

In the course of our business operations, we may process the following categories of personal data:

  • Identity data: name, title, job role
  • Contact data: email address, business address
  • Technical data: IP address, browser type, device information
  • Usage data: information about how you use our website
  • Communication data: records of correspondence with us
  • Service data: information related to services we provide to you

Lawful Bases for Processing

We rely on the following lawful bases for processing your personal data:

Consent

Where you have given explicit consent for us to process your data for specific purposes, such as receiving marketing communications. You may withdraw consent at any time.

Contract Performance

Where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.

Legitimate Interests

Where processing is necessary for our legitimate business interests, provided such interests are not overridden by your rights. Our legitimate interests include:

  • Responding to enquiries and providing customer service
  • Improving our services and website functionality
  • Protecting our business and users from fraud
  • Administering and managing our business operations

Legal Obligation

Where processing is necessary to comply with legal or regulatory obligations to which we are subject.

Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

Right of Access

You may request a copy of the personal data we hold about you. We will respond to valid requests within one month.

Right to Rectification

You may request that we correct any inaccurate personal data or complete any incomplete data we hold about you.

Right to Erasure

You may request deletion of your personal data in certain circumstances, including where it is no longer necessary for the purpose for which it was collected.

Right to Restriction of Processing

You may request that we restrict processing of your data in certain circumstances, such as while we verify the accuracy of data you have questioned.

Right to Data Portability

Where technically feasible, you may request that we transfer your personal data to another organisation in a structured, commonly used format.

Right to Object

You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision Making

You have rights in relation to automated decision-making and profiling. We do not currently use automated decision-making that produces legal or similarly significant effects.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Access controls limiting who can access personal data
  • Encryption of data where appropriate
  • Regular testing of security measures
  • Staff training on data protection
  • Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

International Data Transfers

We primarily process data within the United Kingdom. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

Complaints

If you have concerns about how we handle your personal data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Website: ico.org.uk

Policy Updates

This policy may be updated periodically to reflect changes in our practices or legal requirements. The date of the last update is shown at the top of this document.