UK GDPR-Compliant

Last updated: 30th January 2026

Who we are: Luach Consulting Group ("LuachCG", "we", "us", "our")

Website: www.luachcg.com

Contact: brian@luachcg.com

1. Purpose of this Notice

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you access our website and the members-only area. We act as the data controller for data described here.

2. What Personal Data We Collect

Account & Access Data: email address, password (hashed), name (if provided), role/organisation (if provided).

Usage Data: log-in timestamps, pages viewed, device/browser information, IP address (for security/fraud prevention), and similar analytics.

Communications: your enquiries, support requests, and our correspondence with you.

Marketing Preferences: your opt-in/opt-out choices (only if you choose to receive marketing).

We do not intentionally collect special category data (e.g., health, ethnicity). Please do not submit such data through our forms.

3. Why We Use Your Data (Purposes) & Lawful Bases

We process your personal data only when we have a lawful basis:

Purpose

Lawful Basis

Provide and manage your access to the members-only area

Contractual necessity (UK GDPR Art. 6(1)(b))

Account support, service communications, security and fraud prevention

Legitimate interests (Art. 6(1)(f))—to ensure site integrity and user security

Analytics to improve site performance and content (aggregated where possible)

Legitimate interests (Art. 6(1)(f))

Optional marketing emails/newsletters

Consent (Art. 6(1)(a))—you can withdraw at any time

Legal/regulatory compliance, enforcing our Terms

Legal obligation (Art. 6(1)(c)) and/or Legitimate interests (Art. 6(1)(f))

4. Cookies and Similar Technologies

We may use essential cookies (for sign-in and security) and optional analytics cookies (to understand usage). Where required, we will ask for your consent via a cookie banner and provide granular controls.

See our Cookie Notice for details on cookie types, durations, and how to manage preferences.

5. How We Share Your Data

We share data only as necessary and with safeguards:

Service providers (processors): e.g., hosting, analytics, email service, security tools. They act under contract, follow our instructions, and implement appropriate security.

Legal reasons: where required to comply with law or to protect our rights, users, or the public.

We do not sell your personal data.

6. International Transfers

If we transfer data outside the UK/EEA (e.g., to cloud providers), we use lawful transfer mechanisms such as UK Addendum to the EU SCCs, IDTA, or an adequacy decision. Details are available on request.

7. How Long We Keep Your Data

Account email & access data: retained while your membership is active. If you close your account, we will delete or anonymise within 30 days, unless we must retain certain data to comply with legal obligations or resolve disputes.

Support/communications: typically up to 24 months after resolution, unless needed longer for legal reasons.

Analytics: retained only as aggregated statistics where feasible.

8. Your Rights (UK GDPR/Data Protection Act 2018)

You have the right to:

Access your data and receive a copy

Rectify inaccurate or incomplete data

Erase data (where applicable)

Restrict or object to processing (including where based on legitimate interests)

Data portability (for data you provided to us, where processed by automated means)

Withdraw consent at any time (for marketing or other consent-based processing)

Lodge a complaint with the ICO (ico.org.uk) if you are unhappy with our handling

To exercise your rights, contact brian@luachcg.com

9. Security

We use administrative, technical, and organisational measures appropriate to the risk, including encryption in transit (HTTPS), hashed passwords, access controls, and vendor due diligence. However, no system is 100% secure.

10. Children's Data

Our services are not directed to children under 16, and we do not knowingly collect children's data.

11. Changes to This Policy

We may update this Policy from time to time. We will post changes on this page and adjust the "Last updated" date. Material changes may be notified by email for registered members.

12. Contact

For questions or to exercise your rights:

Email: brian@luachcg.com

Supervisory authority: Information Commissioner's Office (ico.org.uk)