GDPR is an EU regulation that sets guidelines for the collection and processing of personal information of individuals. GDPR is applicable to any organisation which processes and holds personal data about individuals and will be known in the UK as the Data Protection Act 2018.

What is personal data?

Personal data is information that can be used on its own orwith other data to identify, contact or locate a single person, or to identify an individual in context. For example, a name AND address is classed as personal data. A name on its own is not.

What is sensitive personal data?

Sensitive personal data needs more protection when handling it.  This type of data could create more significant risks to a person’s fundamental rights and freedoms. This may include financial, medical or information relating to religious, political or sexual preferences.

Data Subject 

Any individual who can be identified, directly or indirectly via an identifier such as name, ID number, location data, address.

Storing & Processing Data

Basis 1 – contractual – contract with individual and need to process personal data to comply with obligations under contract.

Basis 2 – Legitimate interest - It is the most flexible lawful basis for processing data.  It is most likely that, under this basis, your data would be used in ways you would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.

Basis 3 – Consent - Must be freely given and can be withdrawn at any time.

Basis 4 – Legal obligations – processing of personal data required to comply with common law or statutory obligations.

Basis 5 – Vital interests – processing for life/death purposes. Protect life.

Basis 6 – Public tasks – need to process personal data in the exercise of official authority. – specific tasks in public interest

Right to be informed

Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.  Individuals have the right to be told how personal data will be handled.

Right of Access (Subject Access)

Data subjects can submit a subject access request (SAR) which gives the right to request a copy of the information a data controller holds about them.  

Right to Rectification

Data subjects must be allowed to tell us to request that we review and correct inaccurate personal data we hold about them.

Right to Erasure (Right to be Forgotten)

The right to erasure does not provide an absolute right to be forgotten. Individuals have a right to have personal data erased to prevent processing in specific circumstances.

Right to Restrict Processing

Provides data subject with the right to ask us to stop processing personal data if they contest.

Right to Object

Individuals can object to processing based on legitimate interests or direct marketing and for research or statistical purposes.

Right to Portability

Allows individuals to obtain and reuse their personal data for their own purposes across different services.

If you would like to exercise any of these rights, please email

Breach – what to do

If you feel that Luminus has breached Data Protection law, you can email  For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner’s Office (ICO) at:

Information Commissioner's Office

Wycliffe House

Water Lane


Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Alternatively visit or email

Privacy Statement

You can see our Privacy Statement here:


There is also information about how we handle your data here:


Marketing Preferences

Luminus Group will keep you updated by providing information that is relevant to your tenancy (for further information, please refer to our Privacy Notice). In addition to these communications, we would also like to occasionally send you marketing information on other products and services we offer, and which we think will be of interest to you. In return for your permission, we promise to treat your contact details with the utmost care, and to never pass them on to other companies. 

Please note, you can change your mind on your marketing preferences at any time by contacting our customer services team on  0345 266 9760 or email, or by resubmitting this online form.