GDPR Compliance

Last updated: 6 May 2026

Our Commitment to GDPR

Luminous Skill is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller Information

Luminous Skill acts as the data controller for personal information collected through our website and services.

Contact details:

Email: [email protected]

Address: 47 Colmore Row, Birmingham B3 2BS, United Kingdom

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent: When you submit enquiry forms or subscribe to communications
  • Contract: When processing is necessary for providing our educational services
  • Legitimate interests: For improving our services and website functionality
  • Legal obligation: When required to comply with UK laws and regulations

Your GDPR Rights

Under the UK GDPR, you have the following rights:

Right to Access

You can request a copy of the personal data we hold about you. We will provide this information within one month of your request.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data when it is no longer necessary for the purposes collected or when you withdraw consent.

Right to Restrict Processing

You can request limitation of how we use your data in certain circumstances.

Right to Data Portability

You can request your data in a structured, commonly used format to transfer to another service.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with:

  • Your full name
  • The right you wish to exercise
  • Any relevant details to help us locate your information

We will respond within one month. In complex cases, we may extend this by two months and will inform you of any delay.

Data Security Measures

We implement appropriate technical and organisational security measures including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls limiting who can view personal data
  • Staff training on data protection
  • Secure backup procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours
  • Notify affected individuals without undue delay
  • Provide information about the nature of the breach and steps taken

International Data Transfers

We do not transfer personal data outside the United Kingdom. All data is stored and processed within the UK.

Data Retention

We retain personal data only as long as necessary for the purposes collected:

  • Enquiry data: 2 years from last contact
  • Participant data: 7 years after programme completion for safeguarding purposes
  • Financial records: As required by HMRC regulations

Children's Data

We process data about children only with appropriate parental or guardian consent. Parents and guardians have the right to access, rectify, or erase their child's data at any time.

Complaints

If you believe we have not handled your data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk

Telephone: 0303 123 1113

Updates to This Page

We may update this GDPR compliance information to reflect changes in our practices or legal requirements. The date at the top of this page indicates when it was last revised.