GDPR Policy - Data Protection Compliance
Our commitment to protecting your personal data in accordance with the UK General Data Protection Regulation.
Last updated: 18 June 2026
Our Commitment to Data Protection
lucidior-scrub is committed to ensuring that your personal data is protected and handled in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy outlines our approach to data protection and your rights under these regulations.
Data Controller
lucidior-scrub acts as the data controller for personal information collected through our website and in the course of providing our services. This means we are responsible for deciding how we hold and use personal information about you.
Contact details:
Email: [email protected]
Address: Greenfield House, 47 Victoria Street, Bristol, BS1 6BY, United Kingdom
Principles of Data Processing
We adhere to the following data protection principles when processing your personal data:
- Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner
- Purpose limitation: We collect data only for specified, explicit, and legitimate purposes
- Data minimisation: We ensure data collected is adequate, relevant, and limited to what is necessary
- Accuracy: We take reasonable steps to ensure data is accurate and kept up to date
- Storage limitation: We keep data only for as long as necessary
- Integrity and confidentiality: We process data securely and protect against unauthorised access
- Accountability: We are responsible for demonstrating compliance with these principles
Types of Personal Data We Process
In the course of our business operations, we may process the following categories of personal data:
- Identity data: name, title, job role
- Contact data: email address, business address
- Technical data: IP address, browser type, device information
- Usage data: information about how you use our website
- Communication data: records of correspondence with us
- Service data: information related to services we provide to you
Lawful Bases for Processing
We rely on the following lawful bases for processing your personal data:
Consent
Where you have given explicit consent for us to process your data for specific purposes, such as receiving marketing communications. You may withdraw consent at any time.
Contract Performance
Where processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.
Legitimate Interests
Where processing is necessary for our legitimate business interests, provided such interests are not overridden by your rights. Our legitimate interests include:
- Responding to enquiries and providing customer service
- Improving our services and website functionality
- Protecting our business and users from fraud
- Administering and managing our business operations
Legal Obligation
Where processing is necessary to comply with legal or regulatory obligations to which we are subject.
Your Rights Under UK GDPR
You have the following rights in relation to your personal data:
Right of Access
You may request a copy of the personal data we hold about you. We will respond to valid requests within one month.
Right to Rectification
You may request that we correct any inaccurate personal data or complete any incomplete data we hold about you.
Right to Erasure
You may request deletion of your personal data in certain circumstances, including where it is no longer necessary for the purpose for which it was collected.
Right to Restriction of Processing
You may request that we restrict processing of your data in certain circumstances, such as while we verify the accuracy of data you have questioned.
Right to Data Portability
Where technically feasible, you may request that we transfer your personal data to another organisation in a structured, commonly used format.
Right to Object
You may object to processing based on legitimate interests. We will cease processing unless we can demonstrate compelling legitimate grounds.
Rights Related to Automated Decision Making
You have rights in relation to automated decision-making and profiling. We do not currently use automated decision-making that produces legal or similarly significant effects.
Data Security Measures
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
- Access controls limiting who can access personal data
- Encryption of data where appropriate
- Regular testing of security measures
- Staff training on data protection
- Incident response procedures
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.
International Data Transfers
We primarily process data within the United Kingdom. Where we transfer data outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
Complaints
If you have concerns about how we handle your personal data, please contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire
SK9 5AF
Website: ico.org.uk
Policy Updates
This policy may be updated periodically to reflect changes in our practices or legal requirements. The date of the last update is shown at the top of this document.