Skip to main content

    Cookie Preferences

    We use cookies to enhance your experience and for security purposes. We need your consent for non-essential cookies. Privacy Policy

    Privacy Policy

    Last updated: 30 March 2026

    1. Introduction

    LuwaSuite Ltd ("LuwaSuite", "we", "us", or "our") is committed to protecting your privacy and handling your personal data in an open and transparent manner.

    This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website (luwasuite.co.uk) and use our software platform.

    We are registered in England and Wales under company number 16779331. Our registered office is in Manchester, United Kingdom.

    2. Data Controller

    • Website visitors and prospective customers: LuwaSuite Ltd is the data controller for personal data we collect directly from you.
    • Platform users and employee data: Our customers (employers) are the data controllers. LuwaSuite acts as a data processor on their behalf.

    For data protection enquiries, contact our Data Protection Officer at dpo@luwasuite.co.uk

    3. Information We Collect

    3.1 Information You Provide

    • Contact information (name, email address, phone number, company name)
    • Account credentials (email address, password)
    • Billing information (company details, VAT number, payment method)
    • Communications with us (support requests, feedback, enquiries)
    • Demo booking information

    3.2 Information Collected Automatically

    • Device information (browser type, operating system, device type)
    • Usage data (pages visited, features used)

    3.3 Employee Data (Processed on Behalf of Customers)

    When employers use LuwaSuite, they may upload employee data including:

    • Personal details (name, date of birth, contact information)
    • Employment information (job title, department, salary, start date)
    • Immigration data (visa type, eVisa details, Right to Work evidence)
    • Attendance records (clock-in/out times, GPS locations)
    • Documents (contracts, qualifications, certifications)

    4. How We Use Your Information

    • To provide and maintain our services
    • To process your subscription and payments
    • To communicate with you about your account and our services
    • To respond to your enquiries and support requests
    • To send marketing communications (with your consent)
    • To improve our website and services
    • To comply with legal obligations
    • To protect our rights and prevent fraud

    5. Legal Basis for Processing

    • Contract: To perform our contract with you (providing services)
    • Legitimate interests: For business purposes such as improving services, marketing to existing customers, and fraud prevention
    • Consent: Where you have given consent (e.g., marketing emails)
    • Legal obligation: To comply with applicable laws

    6. Data Sharing

    We may share your data with:

    • Service providers: Cloud hosting, payment processing, email delivery, analytics
    • Professional advisors: Lawyers, accountants, auditors as necessary
    • Law enforcement: When required by law or to protect rights
    • Business transfers: In connection with mergers, acquisitions, or asset sales

    We do not sell your personal data to third parties.

    7. International Transfers

    Your data is primarily stored in UK and EU data centres. Where we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK ICO, adequacy decisions where applicable, and binding corporate rules for certain providers.

    8. Data Retention

    • Account data: Duration of account plus 2 years
    • Marketing data: Until you unsubscribe plus 1 year
    • Transaction records: 7 years for tax/legal compliance
    • Employee data (as processor): As directed by the employer

    9. Your Rights

    Under UK GDPR, you have the right to:

    • Access: Request a copy of your personal data
    • Rectification: Request correction of inaccurate data
    • Erasure: Request deletion of your data ("right to be forgotten")
    • Restriction: Request limitation of processing
    • Portability: Receive your data in a portable format
    • Objection: Object to processing based on legitimate interests
    • Withdraw consent: Withdraw consent at any time

    To exercise these rights, contact dpo@luwasuite.co.uk

    10. Security

    We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (TLS 1.3) and at rest (AES-256), access controls, and regular security assessments.

    11. Complaints

    If you have concerns about our data practices, please contact us first at dpo@luwasuite.co.uk. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

    12. Changes to This Policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our platform. The "Last updated" date at the top indicates when the policy was last revised.

    13. Contact Us

    LuwaSuite Ltd

    Data Protection Officer

    Email: dpo@luwasuite.co.uk

    Manchester, United Kingdom

    Ask us anything about
    Home Office compliance

    🟢 We're online