Purpose of this policy
At Luzern we take the protection of our customers personal data seriously. This Privacy and Data Protection Policy is a statement of Luzern Technology Solutions Ltd (Luzern) commitment to protect the rights and privacy of individuals in accordance with Data Protection Acts and the EU General Data Protection Regulations (GDPR).
Luzern collect, process and use consumer personal information to provide the following services:
Data Protection Principles
Luzern shall perform our data protection responsibilities in accordance with the following 6 Guiding Principles from the GDPR:
• Lawfulness, fairness and transparency
We shall obtain and process personal data lawfully, fairly and in a transparent manner.
• Purpose Limitation
We shall collect personal data for purposes that are specific, explicit and for legitimate purposes, and this data will not be further processed in a manner incompatible with these purposes.
• Data Minimisation
We shall only collect personal data that is adequate, relevant and limited to what is necessary.
We will adopt procedures that ensure high levels of data accuracy, completeness, and that data is kept up-to-date, and have a process in place to rectify inaccuracies when notified of them.
• Storage Limitation
We will not keep customer personal data for any longer than necessary, in a form which permits identification of a data subject.
• Integrity and Confidentiality
We will take appropriate technical and organisational security measures to ensure protection against unauthorised or unlawful processing and against accidental loss, destruction or damage of personal data
Disclosure of Information to 3rd Parties
We may provide non-personal data to third parties, where such information is combined with similar information of other users of our website. For example, we might inform third parties regarding the number of unique users who visit our website, the demographic breakdown of users, or the activities that visitors to our website engage in while on our website. The third parties to whom we may provide this information may include partners, clients or potential clients.
We will not disclose your personal data to third parties unless you have consented to this disclosure. We will disclose your personal data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order, or other statutory requirement.
Luzern will notify the Data Protection Officer promptly – within a maximum of 72 hours – in the event of a personal data breach, and take reasonable steps to minimize harm and secure customer data. Additionally, notifications will be made as soon as possible to individuals impacted by the breach where the impact of the breach is deemed a serious risk to their rights and freedoms.
Data Subject Rights
We acknowledge individuals rights over the personal data provided to Luzern, we are fully committed to complying with these, and have processes in place to allow individuals exercise those rights through submitting Subject Access Requests.
These rights cover the areas below:
Subject Access Requests in relation to the above areas – or other questions in relation to the protection of the personal data you have provided Luzern – should be submitted by sending a Subject Access Request to us at the below email address. We will endeavour to acknowledge a request as soon as possible, and provide a full and final response within 1 month of the request:
Overall responsibility for ensuring compliance with GDPR rests with Luzern. However, our responsibility varies depending upon whether we are acting as either a data controller or a data processor. All employees and contractors of Luzern who separately collect, control or process the content and use of personal data are individually responsible for compliance with the GDPR. The Data Protection Co-ordinator is Luzern’s Data Protection Officer, and in this role co-ordinates the provision of support, assistance, advice, and training within Luzern to ensure that the company – and individuals within it – are in a position to comply with the legislation.
The Data Protection Officer can be contacted at the below email address:
Procedures and Guidelines
Luzern is firmly committed to ensuring personal privacy and compliance with Data Protection Acts including the GDPR, which includes the provision of best practice guidelines and procedures in relation to all aspects of Data Protection. All Luzern employee’s are briefed and trained on the importance and sensitivity of such data, are aware of the need to protect such data and their responsibilities when it comes to customer personal data, and to uphold all of these principles.
Review and Changes to This Policy
This Data Protection Policy will be reviewed regularly in light of any legislative or other relevant developments.
Any changes to the Policy will be posted on this website so you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.