GDPR Compliance
Our commitment to protecting your personal data
General Data Protection Regulation
Lucid Tract is committed to full compliance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This page outlines our compliance measures and your rights under these regulations.
Data Controller
Lucid Tract acts as the data controller for personal information collected through our website and services. We determine how and why your personal data is processed.
Contact details:
Lucid Tract
42 Wellington Street
Leeds, LS1 4JJ
United Kingdom
Email: [email protected]
Lawful Basis for Processing
We process personal data only when we have a lawful basis to do so:
- Consent: When you provide explicit consent through forms or direct communication
- Contract: Processing necessary to deliver pension planning services you've requested
- Legal obligation: Compliance with FCA regulations and financial services law
- Legitimate interests: Operating our business, preventing fraud, and improving services
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
You have the right to request copies of your personal data. We will provide this information within one month of your request.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances. This right may be limited by legal retention requirements for financial services records.
Right to Restrict Processing
You have the right to request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data.
Right to Data Portability
You have the right to request transfer of your personal data to another organization or directly to you in a commonly used, machine-readable format.
Right to Object
You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis.
Rights Related to Automated Decision Making
We do not use automated decision-making or profiling in our pension advisory services. All advice is provided by qualified human advisers.
Exercising Your Rights
To exercise any of your GDPR rights, please contact us at [email protected] with:
- Your full name and contact details
- The specific right you wish to exercise
- Any relevant details to help us locate your information
We will respond to your request within one month. In complex cases, we may extend this by two additional months and will inform you of any such extension.
Data Security Measures
We implement appropriate technical and organizational measures to ensure data security:
- Encryption of data in transit and at rest
- Regular security audits and penetration testing
- Access controls and authentication systems
- Staff training on data protection and security
- Secure backup and disaster recovery procedures
- Confidentiality agreements with all staff and contractors
Data Breach Notification
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify the Information Commissioner's Office (ICO) within 72 hours
- Inform affected individuals without undue delay
- Provide clear information about the breach and our response
- Take immediate steps to mitigate any harm
International Data Transfers
We process and store all personal data within the United Kingdom and European Economic Area. If we need to transfer data outside these regions, we will ensure appropriate safeguards are in place, such as:
- Standard contractual clauses approved by the European Commission
- Adequacy decisions confirming appropriate data protection standards
- Your explicit consent for the transfer
Children's Privacy
Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.
Data Protection Officer
For questions specifically related to data protection and GDPR compliance, you may contact our Data Protection Officer at [email protected] with "DPO" in the subject line.
Supervisory Authority
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe we have not complied with GDPR requirements:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: 0303 123 1113
Website: www.ico.org.uk
Regular Reviews
We regularly review our GDPR compliance measures and update our practices to maintain the highest standards of data protection. This page was last reviewed on May 11, 2026.