GDPR Information

Last updated: 9 April 2026

Our Commitment to GDPR Compliance

lumen-cry Limited is committed to complying with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. We take our data protection responsibilities seriously and have implemented policies and procedures to ensure your personal information is handled lawfully and transparently.

This page provides specific information about your GDPR rights and how we meet our obligations as a data controller.

Data Controller Information

Data Controller: lumen-cry Limited
Company Registration: 08742916
Registered Address: 42 Riverside Gardens, Norwich, Norfolk, NR1 3QH, United Kingdom
Contact Email: [email protected]

Your GDPR Rights Explained

1. Right to Be Informed

You have the right to clear, transparent information about how we collect and use your personal data. We provide this through our Privacy Policy and this GDPR page.

2. Right of Access

You can request a copy of all personal data we hold about you. This is known as a Subject Access Request (SAR). We will provide this information free of charge within one month of your request.

To make a SAR, email us at [email protected] with "Subject Access Request" in the subject line. We may ask for identification to verify your identity before releasing information.

3. Right to Rectification

If you believe any information we hold about you is inaccurate or incomplete, you have the right to have it corrected. We will update our records within one month and notify any third parties with whom we have shared the data.

4. Right to Erasure (Right to Be Forgotten)

In certain circumstances, you can request that we delete your personal data. This applies when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

This right does not apply if we need to retain data for legal obligations, such as accounting records or contractual requirements.

5. Right to Restrict Processing

You can ask us to suspend processing of your personal data in the following situations:

  • You contest the accuracy of the data and we are verifying it
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you require it for legal claims
  • You have objected to processing and we are verifying whether our legitimate grounds override yours

6. Right to Data Portability

You can request to receive your personal data in a structured, commonly used, machine-readable format. This applies to data you have provided to us with your consent or for contract performance, and where processing is carried out by automated means.

You can also request that we transfer this data directly to another service provider where technically feasible.

7. Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. If you object to direct marketing, we will stop such processing immediately. For objections based on legitimate interests, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

8. Rights Related to Automated Decision Making

We do not use automated decision making or profiling that produces legal effects or similarly significant impacts on individuals.

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. The table below outlines the types of data we process and the legal basis:

Client Service Data

Legal Basis: Contract Performance
Purpose: To deliver gardening and landscaping services you have requested

Email Communications

Legal Basis: Legitimate Interest
Purpose: To respond to enquiries and maintain business relationships

Marketing Communications

Legal Basis: Consent
Purpose: To send information about services where you have opted in

Website Analytics

Legal Basis: Legitimate Interest
Purpose: To improve website functionality and user experience

Financial Records

Legal Basis: Legal Obligation
Purpose: To comply with accounting and tax requirements

Data Protection Principles

We adhere to the GDPR's six data protection principles:

  • Lawfulness, Fairness, and Transparency: We process data legally, fairly, and with clear communication
  • Purpose Limitation: We collect data for specific, explicit purposes and do not use it for incompatible purposes
  • Data Minimisation: We collect only the data necessary for our stated purposes
  • Accuracy: We take reasonable steps to ensure data is accurate and up to date
  • Storage Limitation: We retain data only as long as necessary and have clear retention policies
  • Integrity and Confidentiality: We implement appropriate security measures to protect your data

International Data Transfers

We do not routinely transfer personal data outside the United Kingdom. If circumstances require such a transfer, we will ensure appropriate safeguards are in place, such as:

  • Transfers to countries with adequacy decisions from the UK government
  • Use of Standard Contractual Clauses approved by the ICO
  • Your explicit consent for the specific transfer

Data Breach Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach is likely to result in high risk
  • Document the breach, its effects, and remedial action taken
  • Take immediate steps to contain and minimise the impact

Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]
Post: lumen-cry Limited, 42 Riverside Gardens, Norwich, Norfolk, NR1 3QH, United Kingdom

Please include the following in your request:

  • Your full name and contact details
  • A clear description of the right you wish to exercise
  • Any relevant details that will help us locate your information
  • Proof of identity (we may request this to protect your data)

We will respond to your request within one month. In complex cases, we may extend this by up to two additional months and will explain the reason for any delay.

Complaints and Supervisory Authority

If you are unhappy with how we have handled your personal data, please contact us first so we can address your concerns. If you remain dissatisfied, you have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline: 0303 123 1113
Website: lumen-cry.com
Report a Concern: lumen-cry.com/make-a-complaint

Updates to This Information

We review our GDPR compliance regularly and may update this page to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website and, where appropriate, directly to affected individuals.