Your data protection rights under UK GDPR.
Last updated: January 2024
lumen-grid is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a recruitment company, we process personal data as part of our core business activities and take our responsibilities as a data controller seriously.
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how organisations collect, store, process, and share personal data. The UK GDPR, which incorporates GDPR into UK law following Brexit, gives individuals greater control over their personal information.
Under GDPR, you have the following rights regarding your personal data:
You have the right to know how your data is being collected and used. Our Privacy Policy provides this information in clear, accessible language.
You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to valid requests within one month.
If you believe the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it.
Also known as the "right to be forgotten", you can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
You can ask us to temporarily stop processing your personal data in certain situations, for example, if you contest its accuracy.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller.
You can object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.
As a recruitment agency, we process personal data for several purposes:
We only process personal data when we have a valid lawful basis under GDPR:
We implement appropriate technical and organisational measures to protect personal data, including:
We retain personal data only for as long as necessary for the purposes for which it was collected. Our standard retention periods are:
If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office (ICO).
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform affected individuals without undue delay.
To exercise any of your GDPR rights, please contact us:
We will respond to your request within one month. In complex cases, this may be extended by two months, but we will inform you of any delay.
If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk
For any questions about GDPR compliance or data protection at lumen-grid, please contact:
Data Protection Officer
lumen-grid
47 Commerce Square
Birmingham B3 2QZ
Email: [email protected]