Lean Up With Lewis is committed to protecting your personal data and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This page explains how we meet our data protection obligations and your rights as a data subject.

1. Data controller

Lean Up With Lewis is the data controller responsible for determining how and why personal data is processed on this website.

If you have any questions about data protection, you can contact us via the contact form on this website.

2. Our commitment to data protection

We are committed to ensuring that personal data is:

• Processed lawfully, fairly, and transparently

• Collected for specified, explicit, and legitimate purposes

• Limited to what is necessary

• Accurate and kept up to date

• Stored securely

• Retained only for as long as necessary

3. Lawful bases for processing

We process personal data under one or more of the following lawful bases:

• Consent – where you have actively opted in (e.g. newsletters)

• Contract – where data is required to deliver services you have requested

• Legitimate interests – to operate and improve our website and services

• Legal obligation – where processing is required by law

4. How we protect your data

We use appropriate technical and organisational measures to safeguard personal data, including:

• Secure website hosting

• Encrypted payment processing via third-party providers

• Restricted access to personal data

• Regular system and security updates

5. Data processors and third parties

We may use trusted third-party data processors to help deliver our services, including:

• Website and hosting providers

• Payment processors

• Email communication tools

• Analytics and performance services

All processors are required to process data in accordance with UK GDPR and only on our instructions.

6. International data transfers

Where personal data is transferred outside the UK, appropriate safeguards are in place to ensure data is protected in line with UK GDPR requirements.

7. Your data protection rights

You have the right to:

• Request access to your personal data

• Request correction or deletion of your data

• Restrict or object to processing

• Withdraw consent at any time

• Request data portability

• Lodge a complaint with the Information Commissioner’s Office (ICO)

8. Exercising your rights

You may exercise your rights by contacting us via the contact form on this website. We aim to respond to all valid requests within one month.

9. Data breaches

In the event of a personal data breach, we will assess the risk and, where required, report the breach to the ICO and affected individuals in accordance with UK GDPR.

10. Updates to this policy

This GDPR & Data Protection page may be updated from time to time to reflect changes in legislation or our data practices.