Privacy Policy

LUMA Privacy & Data Protection Policy

Version 1.1 – March 2026

1. Purpose & Scope

LUMA Leadership Development Ltd (“LUMA”, “we”, “our”, or “us”) is committed to protecting your privacy and handling your personal data responsibly, lawfully, and transparently.

This notice explains:

  • what personal data we collect
  • how we use and protect it
  • how long we keep it
  • your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018

This policy applies to personal data collected through:

  • our website (www.lumadevelopment.co.uk)
  • email, forms, or other direct contact
  • participation in our coaching, assessments, or leadership development programmes
  • surveys, questionnaires, research activities, or interactive tools (such as leadership insight surveys or word-cloud exercises)

2. Data Controller

LUMA Leadership Development Ltd is the data controller responsible for deciding how your personal data is collected and used.

We are registered with the Information Commissioner’s Office (ICO) as a data controller.

Contact details:
LUMA Leadership Development Ltd
2 The Old Gardens
Daventry Road
Staverton
Northamptonshire
NN11 6JH

Email: hello@lumaleadership.co.uk

If you have questions about how we handle your data, please contact us via email.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at
https://www.ico.org.uk

3. Data Protection Principles

We follow the core principles of UK data protection law. LUMA will:

  • process your data fairly, lawfully, and transparently
  • collect it only for clear and legitimate purposes
  • ensure it is relevant, accurate, and kept up to date
  • retain it only as long as necessary
  • store and process it securely

4. What Data We Collect

We collect and process different types of personal data depending on how you interact with us.

a) Information you provide directly

When you contact LUMA, sign up for updates, complete a form, or take part in a programme, we may collect:

  • Contact information – name, email address, phone number, organisation, and job role
  • Coaching or assessment information – notes, reflections, development goals, and assessment reports (e.g. Hogan Assessments)
  • Survey or research responses – information submitted through leadership insight surveys, questionnaires, or interactive tools such as word-cloud exercises
  • Administrative information – invoices, payment information, and correspondence
  • Marketing preferences – your consent choices for communications

b) Information collected automatically

When you use our website, we may collect limited technical information including:

  • IP address
  • browser type and device information
  • pages visited and time spent on the site
  • interaction data (clicks, navigation patterns)
  • cookies and similar tracking technologies

Please see our Cookie Policy for further details.

5. How We Use Your Data

We use your personal data for the following purposes:

  • responding to enquiries and providing requested information
  • delivering coaching, leadership development programmes, and assessments
  • administering client relationships and contracts
  • processing payments and maintaining financial records
  • improving our services, research, and leadership insight tools
  • sending relevant updates or marketing communications (where you have opted in)
  • maintaining the security and performance of our website

You may unsubscribe from marketing communications at any time.

LUMA does not sell or rent personal data, and we never share it with third parties for their own marketing purposes.

6. Data Sharing & Third Parties

We use trusted third-party service providers to help us operate securely and efficiently. These may include:

  • Microsoft 365 / OneDrive – email and document storage
  • Hogan Assessments – psychometric assessment services
  • Accounting software providers – invoicing and financial management
  • Website hosting providers – website infrastructure
  • Website analytics providers (e.g. Google Analytics) – website performance and usage analysis
  • Survey or research tools (e.g. Lovable) – collecting feedback or generating anonymised word-cloud insights

These providers act as data processors and only process personal data on our instructions under appropriate security and confidentiality agreements.

We may also disclose data where required by law or to protect our legal rights.

7. International Data Transfers

LUMA primarily stores and processes personal data within the United Kingdom and European Economic Area (EEA).

Where cloud platforms or service providers transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations
  • Standard Contractual Clauses (SCCs)

8. Data Security

We take the security of personal data seriously.

Your information is stored in secure, password-protected systems and access is restricted to those who require it for legitimate business purposes.

In the unlikely event of a data breach, we have procedures in place to investigate, contain, and report incidents in line with legal requirements.

9. Data Retention

We retain personal data only as long as necessary for the purposes it was collected or to meet legal obligations.

Typical retention periods include:

  • Client records: up to 7 years after completion of services
  • Enquiry or marketing contacts: up to 2 years unless you opt into ongoing communications
  • Assessment data (Hogan): stored securely within Hogan’s platform according to their retention policies

10. Your Rights

Under UK data protection law, you have the right to:

  • access your personal data
  • request correction of inaccurate information
  • request deletion of your data (“right to be forgotten”)
  • restrict or object to processing
  • withdraw consent for marketing communications
  • request data portability

To exercise any of these rights, please contact:

hello@lumaleadership.co.uk

We may request proof of identity before processing requests.

If you are not satisfied with our response, you can contact the Information Commissioner’s Office (ICO) at
https://www.ico.org.uk

11. Updates to This Policy

This Privacy Policy may be updated occasionally to reflect changes in legal requirements or how we operate.

The most recent version will always be available on our website.

Last updated: March 2026