GDPR Information

Your data protection rights under UK GDPR

Data Controller

Luminous Cruise is the data controller responsible for your personal information. We are committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Controller Contact:
Luminous Cruise
42 Castle Street
Liverpool, L2 9SH
United Kingdom
Email: [email protected]

Personal Data We Process

We process various categories of personal data depending on your relationship with us:

Website Visitors

  • IP address and device information
  • Browser type and settings
  • Pages visited and navigation patterns
  • Cookie data as outlined in our Cookies Policy

Prospective Clients

  • Contact information provided through inquiries
  • Initial financial concerns or questions
  • Communication preferences

Clients

  • Personal identification details
  • Financial information including income, expenses, debts, and assets
  • Employment and career information
  • Financial goals and objectives
  • Records of advice provided and decisions made
  • Payment and billing information

Lawful Basis for Processing

We process personal data under the following lawful bases as defined by UK GDPR:

Consent

We may process certain data based on your explicit consent, such as sending marketing communications. You have the right to withdraw consent at any time.

Contract Performance

Processing is necessary to deliver the financial guidance services you have requested and agreed to receive.

Legal Obligation

We process data to comply with legal and regulatory requirements applicable to financial services providers in the UK.

Legitimate Interests

We may process data based on legitimate business interests, such as improving our services, preventing fraud, or maintaining security, provided these interests do not override your fundamental rights.

Your Rights Under UK GDPR

You have comprehensive rights regarding your personal data:

Right to Be Informed

You have the right to clear, transparent information about how we use your personal data, provided through this notice and our Privacy Policy.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal data. We will update our records promptly upon verification.

Right to Erasure

In certain circumstances, you can request deletion of your personal data. This right applies when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with a legal obligation

Note that this right may be limited by legal obligations requiring us to retain certain records.

Right to Restrict Processing

You can request that we limit how we use your data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You can request to receive personal data you provided to us in a structured, commonly used format, and have the right to transmit that data to another organization where technically feasible.

Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. Our financial guidance always involves human analysis and judgment.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us:

We will respond to your request within one month. In complex cases, we may extend this by two additional months and will inform you of any such extension.

We may need to verify your identity before fulfilling certain requests to ensure we protect your personal data from unauthorized access.

Data Security Measures

We implement appropriate technical and organizational measures to ensure data security:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication procedures
  • Staff training on data protection principles
  • Secure backup and recovery procedures
  • Incident response and breach notification protocols

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. We will also report qualifying breaches to the Information Commissioner's Office within 72 hours of becoming aware of the breach.

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions recognizing equivalent data protection standards
  • Standard contractual clauses approved by the UK authorities
  • Binding corporate rules for transfers within multinational organizations

Data Retention

We retain personal data only as long as necessary for the purposes outlined or as required by law:

  • Client records: Seven years after relationship ends (regulatory requirement)
  • Financial advice documentation: Seven years (regulatory requirement)
  • Website analytics: Two years
  • Marketing consent records: Until consent is withdrawn, then retained for compliance purposes
  • Inquiry records from non-clients: Two years

Children's Data

Our services are not directed at children under 18. We do not knowingly collect or process personal data from children. If you believe we have collected data from a child, please contact us immediately for deletion.

Supervisory Authority

You have the right to lodge a complaint with the UK's supervisory authority for data protection:

Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Helpline: 0303 123 1113
Website: ico.org.uk

While you have the right to contact the ICO, we encourage you to contact us first so we can address your concerns directly.

Updates to This Notice

We review and update this GDPR information regularly to ensure ongoing compliance. Material changes will be communicated through our website and, where appropriate, directly to affected individuals.

Questions or Concerns

If you have questions about how we process your personal data or wish to exercise your rights, please contact us at [email protected].