This Privacy Policy explains how Luma Tech Solutions ("we", "us", or "our") collects, uses and protects personal data when you visit lumatechsolutions.co.uk or get in touch with us. We aim to be straight with you: we collect as little as we need, we don't sell or share your data with marketers, and you can ask us to delete it whenever you like.

This policy is written to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Luma Tech Solutions is a sole-trader IT business based in Marlow, Buckinghamshire. We are the "data controller" for the personal data we collect through this website.

Contact: hello@lumatechsolutions.co.uk

2. What information we collect

We collect personal data in three places:

  • The contact form. When you fill in the form on our contact page, we collect: your name, your email address, your phone number (if you provide one), the service you're interested in, the message you send us, and an internal "source" tag identifying which page or call-to-action your enquiry came from. We also record the date and time of submission.
  • Server logs. Our hosting provider's web server records routine information about every request: your IP address, the page you requested, the time of the request, your browser's user-agent string, and the page that referred you (if any). This is standard for almost every website and is used for security, debugging and abuse prevention.
  • Cookies. We only set strictly-necessary cookies — see section 8 below for the specifics. We do not use any analytics, advertising or social-media tracking cookies, which is why you don't see a cookie consent banner on this site.

If you become a client and we exchange emails, those emails will of course contain whatever you choose to send us. We treat that correspondence as confidential.

3. How we use your information

We use your personal data to:

  • Reply to your enquiry and discuss whether we can help.
  • Provide quotes, scheduling and any subsequent services if you choose to engage us.
  • Keep records of our work, invoices and correspondence to the extent we are legally required to (UK tax and accounting law).
  • Keep the site available, secure, and free of abuse.
  • Respond to lawful requests from regulators, courts or law enforcement where required.

We do not:

  • Send you marketing emails unless you specifically ask to be added to a mailing list (we don't currently run one).
  • Sell or rent your personal data to anyone, ever.
  • Profile you or feed your data into automated decision-making.

4. Legal basis for processing

We rely on the following legal bases under UK GDPR:

  • Contract / pre-contract steps (Article 6(1)(b)) — when you ask us about a service, we process the data you give us so we can respond and, if it goes ahead, deliver the work.
  • Legal obligation (Article 6(1)(c)) — record-keeping for tax and accounting purposes (HMRC requires us to keep business records for at least six years).
  • Legitimate interests (Article 6(1)(f)) — we run the website and keep server logs to operate the service securely and prevent abuse. We've considered your interests and rights, and we believe these uses don't override them. If you disagree, please get in touch (see section 9).

5. How long we keep it

  • Contact form submissions are kept for as long as is reasonably necessary to respond to your enquiry, and — if you become a client — for the duration of our working relationship plus any period required by tax law.
  • Unconverted enquiries are reviewed periodically and deleted when there's no realistic prospect of contact resuming.
  • Records of completed work, invoices and correspondence are kept for at least six years from the end of the tax year in which the work happened, as required by HMRC.
  • Server logs are typically kept for around 30 days for security and debugging purposes.

6. Who we share it with

We share personal data only with a small number of trusted service providers ("processors") who help us run the business, and only the data necessary for the service they provide:

  • Zoho Mail — handles inbound and outbound email for our @lumatechsolutions.co.uk address. Your enquiry message is delivered through their servers.
  • Hetzner Online GmbH — hosts the website and database. The contact-form database lives on a server at their facility in Germany.
  • Google (reCAPTCHA) — when you submit the contact form, your browser sends a verification request to Google's reCAPTCHA service to confirm you're not a bot. Google receives your IP address and limited usage data; we receive only a pass/fail score. See Google's Privacy Policy for details.
  • Our accountant, where the data is necessary for our statutory accounts.

We may also share data where we are legally required to — for example with HMRC, the police, or in response to a valid court order.

We do not sell, rent or trade your personal data with anyone.

7. International transfers

Our website is hosted in Germany (within the European Economic Area). The UK government has confirmed that the EEA provides an adequate level of protection for personal data, so no additional safeguards are needed for transfers from the UK to our German hosting facility.

Where any of our other processors handle data outside the UK or EEA, we rely on appropriate safeguards (such as the UK International Data Transfer Agreement or the EU Standard Contractual Clauses with the UK addendum).

8. Cookies

We split cookies into three categories. You can change your preferences at any time using the "Cookie preferences" link in the page footer.

Strictly necessary (always on)

Required for the website and contact form to work. The law does not require consent for these.

  • csrftoken — set by Django to protect the contact form against cross-site request forgery (a security attack). Lasts for one year.
  • sessionid — set when needed to remember a session across the contact-form flow. Cleared when you close your browser.
  • lt_consent — remembers your cookie preferences so we don't ask you again on every visit. Lasts for one year.
  • Google reCAPTCHA cookies (_GRECAPTCHA) — set on Google's domain when you load the contact page, so Google can decide whether you're a bot before you submit the form. We treat this as strictly-necessary because without it the contact form is open to spam abuse.

Analytics (off by default)

Helps us understand which pages are useful and where people get stuck — aggregate, never identifying. We are not currently running any analytics tools; this category exists so that if we ever add a privacy-friendly tool (such as Plausible) it will respect your choice.

Marketing (off by default)

Reserved for any future advertising or remarketing. We do not currently use any tools in this category and have no plans to.

We do not use Google Analytics, Facebook Pixel, or any other third-party tracking today. The consent banner is in place so that when (if) we add such tools, you'll have already chosen whether they are allowed to run.

9. Your rights under UK GDPR

You have the following rights in respect of your personal data:

  • Right of access — ask for a copy of the personal data we hold about you.
  • Right to rectification — ask us to correct anything that's wrong.
  • Right to erasure ("right to be forgotten") — ask us to delete your data, subject to any legal obligation we have to keep records.
  • Right to restrict processing — ask us to pause our use of your data while we sort out a query you have raised.
  • Right to data portability — ask for a machine-readable copy of the data you provided to us.
  • Right to object — object to our processing where we rely on legitimate interests.
  • Right to withdraw consent — where we rely on consent (we don't currently, but if that changes you can withdraw it at any time).

10. How to exercise your rights

Email us at hello@lumatechsolutions.co.uk with a brief description of what you'd like us to do. We aim to respond within five working days and to fulfil straightforward requests within one calendar month, as required by UK GDPR. We may ask for proof of identity if it isn't obvious that the request is from you.

Exercising any of these rights is free of charge.

11. Complaints

If you have a concern about how we have handled your personal data, please contact us first — we'd much rather hear from you and put it right than not know about it. If you're not satisfied with our response, you have the right to lodge a complaint with the UK's data-protection regulator:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline: 0303 123 1113
ico.org.uk

12. Changes to this policy

We may update this Privacy Policy from time to time — for example, if we change the tools we use or the services we offer. The "Last updated" date at the top of this page will reflect any change. Material changes will be highlighted on the page so that returning visitors notice them.

13. Contact

If you have questions about this policy or about how we handle your personal data, please contact:

Luma Tech Solutions
Marlow, Buckinghamshire, United Kingdom
Email: hello@lumatechsolutions.co.uk