Information on this site is advertising in nature.
Home About Services Contact

GDPR Compliance

Our commitment to data protection under the UK GDPR

Our Commitment to Data Protection

lush-space is committed to ensuring that your personal data is processed in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page provides information about how we comply with these regulations.

Data Controller Information

lush-space acts as the data controller for personal information collected through this website. As data controller, we are responsible for deciding how your personal data is processed and for ensuring compliance with applicable data protection laws.

Contact details:
lush-space
47 Greenway Business Park
Manchester, M15 4QT
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We process personal data only when we have a valid lawful basis. The lawful bases we rely upon include:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose, such as receiving information about our services
  • Contract: Processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
  • Legal obligation: Processing is necessary for us to comply with the law
  • Legitimate interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those interests

Your Rights Under UK GDPR

The UK GDPR provides you with certain rights regarding your personal data:

Right to Be Informed

You have the right to be informed about how we collect and use your personal data. This GDPR page and our Privacy Policy provide this information.

Right of Access

You have the right to request a copy of the personal data we hold about you. This is commonly known as a Subject Access Request (SAR).

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed.

Right to Erasure

You have the right to request the deletion of your personal data in certain circumstances, including when the data is no longer necessary for the purpose for which it was collected.

Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain circumstances.

Right to Data Portability

You have the right to receive personal data you have provided to us in a structured, commonly used, machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing based on legitimate interests, direct marketing, and processing for research purposes.

Rights Related to Automated Decision Making

You have rights related to automated decision making and profiling. We do not currently make decisions based solely on automated processing that produce legal effects concerning you.

Exercising Your Rights

To exercise any of your rights, please contact us at [email protected] with your request. We will respond to valid requests within one month. In complex cases or where we receive numerous requests, we may extend this period by up to two additional months, in which case we will inform you.

We do not charge a fee for most requests. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Data Protection Principles

We adhere to the following data protection principles:

  • Data is processed lawfully, fairly, and transparently
  • Data is collected for specified, explicit, and legitimate purposes
  • Data collected is adequate, relevant, and limited to what is necessary
  • Data is accurate and kept up to date
  • Data is kept only as long as necessary
  • Data is processed securely with appropriate technical and organisational measures

International Data Transfers

We primarily process data within the United Kingdom. If we transfer personal data outside the UK, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Contact the Supervisory Authority

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Website: ico.org.uk

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. Please check this page periodically for updates.