Information presented on this website is advertising in nature

GDPR Compliance Statement

Last updated: June 18, 2026

Our Commitment to Data Protection

Luminous-phoenix.com is committed to full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This statement outlines how we implement GDPR principles and protect your rights as a data subject.

Data Protection Principles

We adhere to the following GDPR principles in all our data processing activities:

Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and transparently. We clearly communicate what data we collect, why we collect it, and how we use it through our Privacy Policy and direct communications.

Purpose Limitation

We collect personal data for specific, explicit, and legitimate purposes. We do not process data in ways incompatible with those purposes without obtaining additional consent or establishing a new legal basis.

Data Minimization

We collect only the personal data that is adequate, relevant, and necessary for the purposes for which it is processed. We regularly review the data we hold and delete information that is no longer required.

Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. We provide mechanisms for individuals to update or correct their information and promptly address reported inaccuracies.

Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected. We maintain clear data retention policies and securely delete or anonymize data when it is no longer needed.

Integrity and Confidentiality

We implement appropriate technical and organizational measures to ensure data security, protecting against unauthorized or unlawful processing and accidental loss, destruction, or damage.

Accountability

We take responsibility for compliance with GDPR principles and maintain documentation demonstrating our compliance efforts.

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR:

Consent

For marketing communications and certain optional services, we obtain your explicit, freely given, specific, and informed consent. You can withdraw consent at any time through the unsubscribe mechanism in our communications or by contacting us directly.

Contract

Processing is necessary for the performance of our equipment rental contract with you, including reservation management, equipment fitting, payment processing, and customer support.

Legal Obligation

We process certain data to comply with legal obligations, including financial record-keeping requirements, tax obligations, and other applicable UK legislation.

Legitimate Interests

We process data based on legitimate interests for fraud prevention, business administration, service improvement, and protecting our legal rights, provided such processing does not override your fundamental rights and freedoms.

Your Data Subject Rights

Under UK GDPR, you have comprehensive rights regarding your personal data:

Right of Access

You have the right to obtain confirmation that we process your personal data and to receive a copy of that data along with supplementary information about the processing. We will respond to access requests within one month of receipt.

Right to Rectification

You can request correction of inaccurate personal data and completion of incomplete data. We will update records promptly upon verification of corrected information.

Right to Erasure

You can request deletion of your personal data in specific circumstances, including when data is no longer necessary for its original purpose, when you withdraw consent, when you object to processing, or when data has been unlawfully processed. This right is subject to certain exceptions, including where we must retain data to comply with legal obligations.

Right to Restriction of Processing

You can request that we limit how we use your personal data in certain situations, such as when you contest data accuracy or object to processing. During restriction periods, we will store but not actively process restricted data except with your consent or for specific legal reasons.

Right to Data Portability

For data you have provided to us based on consent or contract, and which we process by automated means, you can request that data in a structured, commonly used, and machine-readable format. You can also request direct transmission to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. For direct marketing objections, we will cease processing immediately. For other objections, we will assess whether compelling legitimate grounds override your interests, rights, and freedoms.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not currently employ fully automated decision-making processes with such effects.

Exercising Your Rights

To exercise any of your data subject rights:

  • Contact us via email at info at luminous-phoenix.com
  • Clearly state which right you wish to exercise
  • Provide sufficient information to identify you and verify your identity
  • Specify the scope of your request where applicable

We will respond to your request within one month of receipt. In complex cases or where we receive multiple requests, we may extend this period by two additional months, but we will inform you of any extension and the reasons for it.

We do not charge a fee for exercising your rights unless your request is clearly unfounded, excessive, or repetitive, in which case we may charge a reasonable administrative fee or refuse to act on the request.

Data Security Measures

We implement comprehensive security measures to protect personal data:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security assessments and vulnerability testing
  • Employee training on data protection and security
  • Secure disposal procedures for physical and electronic records
  • Business continuity and disaster recovery plans
  • Vendor management processes ensuring third-party compliance

Data Breach Procedures

We have established procedures to detect, report, and investigate personal data breaches. In the event of a breach likely to result in a risk to your rights and freedoms:

  • We will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • We will communicate the breach to affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms
  • We will document all breaches, including facts, effects, and remedial action taken

International Data Transfers

Personal data is primarily processed and stored within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place:

  • Adequacy decisions recognizing equivalent data protection standards
  • Standard contractual clauses approved by the UK authorities
  • Binding corporate rules where applicable
  • Specific derogations for particular situations as permitted by GDPR

Third-Party Processing

When we engage third-party service providers to process personal data on our behalf, we:

  • Execute written data processing agreements meeting GDPR requirements
  • Ensure processors provide sufficient guarantees of technical and organizational security measures
  • Conduct due diligence on processor compliance capabilities
  • Monitor processor performance and compliance
  • Maintain records of processing activities as required by GDPR

Records of Processing Activities

We maintain detailed records of our processing activities as required by Article 30 of the UK GDPR, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients to whom data has been or will be disclosed
  • International transfers and associated safeguards
  • Time limits for erasure of different categories of data
  • Description of technical and organizational security measures

Complaints and Supervisory Authority

If you believe we have not complied with your data protection rights or GDPR requirements:

  • First, contact us directly at info at luminous-phoenix.com to allow us to address your concerns
  • You have the right to lodge a complaint with the UK Information Commissioner's Office (ICO)

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Updates to This Statement

We review and update this GDPR compliance statement regularly to reflect changes in our practices, legal requirements, or guidance from supervisory authorities. Significant changes will be communicated through our website and, where appropriate, directly to affected individuals.

Contact Information

For questions about our GDPR compliance, to exercise your data subject rights, or to raise data protection concerns, contact us at:

Email: info at luminous-phoenix.com
Address: 38 Riverside Quarter, Bristol, BS1 6UQ, United Kingdom