GDPR Compliance

Our commitment to protecting your personal data under EU regulations

The General Data Protection Regulation (GDPR) provides comprehensive data protection rights for individuals in the European Union and European Economic Area. As an Irish company serving Irish clients, we are fully compliant with GDPR requirements.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of all personal data we hold about you. We will provide this information within one month of your request.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, including when:

The data is no longer necessary for the purpose it was collected
You withdraw consent and there is no other legal basis for processing
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

Right to Restriction of Processing

You have the right to request restriction of processing your personal data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to processing of your personal data in certain circumstances, particularly for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects. We do not use automated decision-making in our services.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent

When you provide explicit consent for specific processing activities, such as receiving marketing communications.

Contract Performance

When processing is necessary to perform our services under our agreement with you.

Legal Obligation

When processing is necessary to comply with legal obligations, such as tax and regulatory requirements.

Legitimate Interests

When processing is necessary for legitimate interests pursued by us or a third party, provided these interests do not override your fundamental rights.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data protection:

Encryption: All data transmission is encrypted using SSL/TLS protocols
Access Controls: Strict access controls limit who can view personal data
Staff Training: All staff receive regular data protection training
Vendor Management: Third-party processors are carefully vetted and contractually bound
Regular Audits: We conduct regular security and compliance audits
Incident Response: We maintain procedures for responding to data breaches

Data Transfers

We store and process your personal data within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions confirming adequate protection in the destination country
Other legally recognized transfer mechanisms

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the Data Protection Commission within 72 hours of becoming aware
Notify affected individuals without undue delay
Document the breach and our response
Take measures to mitigate potential adverse effects

Children's Privacy

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

Exercising Your Rights

To exercise any of your GDPR rights, contact us:

Email: [email protected]
Address: 15 Fitzwilliam Square, Dublin 2, D02 XE14, Ireland

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

Complaints

If you believe we have not complied with your data protection rights, you have the right to lodge a complaint with the Irish Data Protection Commission:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
www.luminous-piston.com

Updates to This Notice

We may update this GDPR compliance notice periodically to reflect changes in our practices or legal requirements. We will post any changes on this page with an updated revision date.

Last updated: May 15, 2026