top of page

Data Processing Agreement

Privacy Policy for Lumivox Design

Effective Date: 01/05/2025

Between:
Data Controller: [Client’s Business Name]
Data Processor: Lumivox Design (Farah Burma)
Website: https://lumivoxdesign.com

1. Purpose

This DPA outlines how I, Lumivox Design, handle personal data on your behalf in compliance with the UK GDPR and Data Protection Act 2018. This is only applicable if I'm processing customer or user data for you — e.g., via a contact form, mailing list setup, CRM integration, etc.

2. Types of Data Processed

  • Names

  • Email addresses

  • Phone numbers

  • IP addresses

  • Any other data collected via your website or systems (per your instructions)

3. Obligations of the Data Processor (Me)

  • Process data only under your documented instructions

  • Keep data confidential and secure

  • Assist you in responding to data subject requests (access, erasure, etc.)

  • Notify you promptly of any data breach

  • Delete or return personal data upon contract termination (unless legally required to retain it)

4. Sub-Processors

I may use vetted sub-processors (e.g., Google Workspace, Webflow, Canva, MailerLite) to deliver services. A list can be provided upon request. All sub-processors are bound by GDPR-compliant terms.

5. Security Measures

I take reasonable technical and organisational measures to protect personal data, including:

  • Password-protected systems

  • Encrypted backups

  • Regular updates and patches

  • Access control (only I access your data)

6. Data Retention

I don’t keep your client data longer than necessary. Once a project wraps, I delete or return any data unless agreed otherwise or required by law.

7. International Transfers

If data is transferred outside the UK/EEA, it’s only to countries with adequate protections or under appropriate safeguards (like Standard Contractual Clauses).

8. Termination

This agreement remains in effect for as long as I process data for you. Upon termination, data will be returned or deleted unless otherwise required by law.

9. Liability

Each party is responsible for complying with their data protection obligations. I won’t be liable for breaches caused by your failure to implement appropriate policies or provide accurate instructions.

bottom of page