GDPR Compliance

Last updated: January 2024

Our Commitment to GDPR Compliance

lumen-grid is committed to ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. As a recruitment company, we process personal data as part of our core business activities and take our responsibilities as a data controller seriously.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how organisations collect, store, process, and share personal data. The UK GDPR, which incorporates GDPR into UK law following Brexit, gives individuals greater control over their personal information.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

Right to Be Informed

You have the right to know how your data is being collected and used. Our Privacy Policy provides this information in clear, accessible language.

Right of Access

You can request a copy of the personal data we hold about you. This is known as a Subject Access Request (SAR). We will respond to valid requests within one month.

Right to Rectification

If you believe the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or update it.

Right to Erasure

Also known as the "right to be forgotten", you can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can ask us to temporarily stop processing your personal data in certain situations, for example, if you contest its accuracy.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller.

Right to Object

You can object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

How We Process Your Data

As a recruitment agency, we process personal data for several purposes:

• Candidate data: To match you with suitable job opportunities, contact you about vacancies, and facilitate the recruitment process
• Client data: To provide our recruitment services, communicate about vacancies, and manage our business relationship
• Website visitors: To improve our website, respond to enquiries, and send marketing communications (with consent)

Lawful Basis for Processing

We only process personal data when we have a valid lawful basis under GDPR:

• Consent: You have given us explicit permission to process your data
• Contract: Processing is necessary to fulfil a contract with you
• Legitimate interests: Processing is necessary for our legitimate business purposes, provided it doesn't override your rights
• Legal obligation: We are required to process data to comply with the law

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

• Secure storage systems with access controls
• Encryption of data in transit and at rest
• Regular security assessments and updates
• Staff training on data protection
• Incident response procedures

Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected. Our standard retention periods are:

• Candidate data: Up to 3 years from last contact, unless you request earlier deletion
• Client data: Duration of business relationship plus 6 years for legal/tax purposes
• Website enquiries: 2 years from submission

International Data Transfers

If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the Information Commissioner's Office (ICO).

Data Breaches

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, inform affected individuals without undue delay.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us:

• Email: [email protected]
• Post: lumen-grid, 47 Commerce Square, Birmingham B3 2QZ

We will respond to your request within one month. In complex cases, this may be extended by two months, but we will inform you of any delay.

Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Contact Our Data Protection Team

For any questions about GDPR compliance or data protection at lumen-grid, please contact:

Data Protection Officer
lumen-grid
47 Commerce Square
Birmingham B3 2QZ
Email: [email protected]