GDPR Compliance
INNERLUXES is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679.
1. Overview
This GDPR Compliance Policy explains how INNERLUXES collects, uses, stores, and protects personal data of individuals within the European Economic Area (EEA) and the United Kingdom. We are deeply committed to data privacy and transparency.
Key principle: We only collect the minimum amount of personal data necessary to deliver our services, and we never sell your data to third parties.
This policy applies to all personal data processed through our website, services, client engagements, recruitment processes, and any other interactions with INNERLUXES.
2. Data Controller
INNERLUXES acts as the Data Controller for personal data collected through our website and direct interactions. For client projects where we process data on behalf of clients, we act as a Data Processor under appropriate Data Processing Agreements (DPAs).
For any data-related inquiries, you may contact our designated Data Protection representative at innerluxes@gmail.com.
3. Data We Collect
Personal Identification Data
- Full name, email address, phone number
- Company name and job title
- Mailing address and country of residence
Technical Data
- IP address, browser type and version
- Device information and operating system
- Pages visited, time spent, and referral source
Recruitment Data
- CV/resume, cover letter, portfolio links
- Employment history and skills
- Expected salary and availability
Communication Data
- Messages sent through contact forms
- Email correspondence with our team
- Feedback and survey responses
4. Lawful Basis for Processing
We process personal data under the following lawful bases as defined by Article 6 of the GDPR:
- Consent: Where you have given clear, informed consent for us to process your data for a specific purpose (e.g., newsletter subscription).
- Contractual Necessity: Where processing is necessary to fulfil a contract with you or to take steps at your request before entering into a contract.
- Legitimate Interest: Where processing is necessary for our legitimate business interests, provided those interests do not override your fundamental rights.
- Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject.
5. How We Use Your Data
We use personal data exclusively for the following purposes:
- To provide, maintain, and improve our services
- To respond to enquiries and support requests
- To process and evaluate job applications
- To send project updates and relevant communications
- To comply with legal obligations and enforce our terms
- To analyse website performance and user experience
- To protect against fraud, abuse, and security threats
6. Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. We may share data with:
- Service Providers: Trusted third-party providers who assist in delivering our services (hosting, analytics, email), bound by strict confidentiality agreements.
- Legal Requirements: When required by law, court order, or governmental authority.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, with prior notice to affected individuals.
All third-party processors are vetted to ensure GDPR compliance and are required to sign Data Processing Agreements.
7. International Data Transfers
As an international agency, we may transfer personal data outside the EEA. When we do, we ensure adequate safeguards are in place:
- Transfers to countries with an EU adequacy decision
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules where applicable
- Explicit consent for specific transfers when required
8. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Client data: Duration of the business relationship plus 6 years for legal and accounting requirements.
- Recruitment data: Up to 12 months after the last interaction, unless consent is given for longer retention.
- Website analytics: Aggregated and anonymised data may be retained indefinitely.
- Contact enquiries: Up to 24 months from last correspondence.
9. Your Rights Under GDPR
As a data subject, you have the following rights:
- Right of Access: Request a copy of all personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your personal data ("right to be forgotten").
- Right to Restrict Processing: Request limitation of how we use your data.
- Right to Data Portability: Receive your data in a structured, machine-readable format.
- Right to Object: Object to processing based on legitimate interests or direct marketing.
- Right to Withdraw Consent: Withdraw previously given consent at any time.
- Right to Lodge a Complaint: File a complaint with your local supervisory authority (e.g., the ICO in the UK).
To exercise any of these rights, please email innerluxes@gmail.com. We will respond within 30 days.
10. Security Measures
We implement robust technical and organisational measures to protect your personal data:
- SSL/TLS encryption for all data in transit
- Encrypted storage for sensitive personal data at rest
- Role-based access controls and multi-factor authentication
- Regular security audits and vulnerability testing
- Employee training on data protection and privacy best practices
- Incident response procedures for data breaches
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay.
11. Cookies
Our website uses cookies to enhance your browsing experience. We use:
- Strictly Necessary Cookies: Essential for the website to function (e.g., session management, theme preference).
- Analytics Cookies: Help us understand how visitors use our site (anonymised, no personally identifiable data).
- Functional Cookies: Remember your preferences and settings.
We do not use advertising or tracking cookies. You can manage cookie preferences through your browser settings at any time.
12. Changes to This Policy
We may update this GDPR Compliance Policy periodically. When we make material changes, we will update the "Effective" date at the top of this page and, where appropriate, notify you via email or a prominent notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.
Questions About GDPR?
If you have any questions about this policy or wish to exercise your data rights, please contact us at innerluxes@gmail.com or visit our Contact page.