Privacy Policy

1. Introduction

Lucent Flow, trading as Lucent Energy (hereinafter referred to as “the Company”), is committed to protecting the privacy and security of personal data. This Data Privacy Policy outlines the principles and practices that the Company follows to ensure compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

2. Data Controller and Data Protection Officer

Data Controller: Lucent Flow (t/a Lucent Energy), 12 Meadow Hill Road, Tunbridge Wells, TN1 1SQ, info@lucentenergy.co.uk
Data Protection Officer (DPO): Onil Banerjee, onil@lucentenergy.co.uk

3. Principles of Data Processing

The Company adheres to the following principles when processing personal data:

  • Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.

  • Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in a way incompatible with those purposes.

  • Data Minimisation: The data collected is adequate, relevant, and limited to what is necessary for the intended purposes.

  • Accuracy: The Company ensures that data is accurate and, where necessary, kept up to date.

  • Storage Limitation: Data is retained only as long as necessary for the purposes for which it is processed.

  • Integrity and Confidentiality: Data is processed securely to prevent unauthorised or unlawful processing and accidental loss, destruction, or damage.

  • Accountability: The Company accepts responsibility for complying with these principles and can demonstrate compliance.

4. Legal Basis for Processing

The Company processes personal data on the following legal bases:

  • Consent: The data subject has given clear consent for processing for a specific purpose.

  • Contract: Processing is necessary to fulfil a contract or to take steps before entering into a contract.

  • Legal Obligation: Processing is required to comply with legal obligations.

  • Legitimate Interests: Processing is necessary for the Company’s legitimate interests or those of a third party, unless overridden by the data subject’s rights.

5. Data Subject Rights

Under the UK GDPR and DPA 2018, individuals have the right to:

  • Be informed about how their personal data is collected and used.

  • Access their personal data and supplementary information.

  • Have inaccurate personal data rectified or completed.

  • Request the erasure of personal data (“right to be forgotten”).

  • Restrict or suppress processing of personal data.

  • Obtain and reuse their data across different services (data portability).

  • Object to data processing in certain circumstances.

  • Not be subject to solely automated decision-making, including profiling, that produces legal or similarly significant effects.

6. Data Security

The Company takes appropriate technical and organisational measures to ensure the security of personal data, including:

  • Encryption: Protecting data in transit and at rest.

  • Access Control: Restricting access to authorised personnel only.

  • Security Assessments: Regularly reviewing security procedures and systems.

  • Breach Protocols: Detecting, reporting, and investigating personal data breaches promptly and in accordance with GDPR requirements.

7. Data Retention

Personal data is retained only for as long as necessary to meet the purposes for which it was collected, including fulfilling legal, accounting, or regulatory obligations. Retention periods are outlined in the Company’s Data Retention Policy.

8. Data Transfers

If personal data is transferred outside the UK, the Company ensures appropriate safeguards are in place, such as Standard Contractual Clauses or other mechanisms in line with the UK GDPR.

9. Data Breach Notification

In the event of a personal data breach, the Company will notify the Information Commissioner’s Office (ICO) within 72 hours, where feasible. Where the breach poses a high risk to the rights and freedoms of individuals, those individuals will also be notified without undue delay.

10. Changes to this Policy

This policy may be updated from time to time. Any changes will be communicated via our website or other appropriate means.

11. Contact Information

If you have any questions, concerns, or requests related to this Privacy Policy or how your data is handled, please contact:

Data Protection Officer (DPO): Onil Banerjee
Email: onil@lucentenergy.co.uk
Address: 12 Meadow Hill Road, Tunbridge Wells, TN1 1SQ

This Privacy Policy is effective as of 01/04/2025.