Legal

PRIVACY NOTICE

Version: 2.0 
Last updated: January 2026 
Effective date: January 2026 

This Privacy Notice explains how Lucky Beard processes personal data across all regions in which we operate, in compliance with applicable data protection laws including: 

• EU General Data Protection Regulation (GDPR) (EU Regulation 2016/679) 
• UK GDPR and the Data Protection Act 2018 
• South African Protection of Personal Information Act, 2013 (POPIA) 

This Notice applies where Lucky Beard acts as a data controller or responsible party. 

1. Who We Are (Global Data Controllers) 

Lucky Beard operates globally through the following legal entities: 

• Lucky Beard Limited (Ireland) – Company No. 610580 
  Registered office: 3rd Floor, 40 Mespil Road, Dublin 4, Ireland 
• Lucky Beard UK Limited (United Kingdom) – Company No. 11409849 
  Registered office: 1 West Ferry Circus, Canary Wharf, London, E14 4HD, United Kingdom 
• Lucky Beard (Pty) Ltd (South Africa) – Registration No. 2014/164529/07 
  Registered office: Southdowns Ridge Office Park, 1240 John Vorster Avenue, Irene, 0062, South Africa 

For the purposes of this Privacy Notice: 

• The Lucky Beard entity with which you interact (for example, through a contract, recruitment process, or local office) will generally act as the primary data controller or responsible party. 
• Where personal data is processed through shared group systems (such as CRM, HR, finance or IT platforms), the relevant Lucky Beard entities act as joint controllers, in accordance with Article 26 GDPR. 

For EU GDPR purposes, Lucky Beard Limited (Ireland) is the main establishment, and the Irish Data Protection Commission is the lead supervisory authority. 

2. Scope of This Privacy Notice 

This Privacy Notice applies to: 

• Website visitors 
• Clients and prospective clients 
• Business contacts and suppliers 
• Job applicants and candidates 
• Employees and contractors 

It describes what personal data we collect, how we use it, the legal bases for processing, how long we retain it, who we share it with, and your rights. 

3. Personal Data We Collect 

3.1 Website Users 

• Identifiers and contact details (e.g. name, email address) 
• Technical data (IP address, browser type, device information) 
• Usage data collected via cookies and similar technologies 

3.2 Clients, Prospective Clients & Business Contacts 

• Contact details and professional information 
• Communications and correspondence 
• Publicly available professional information (e.g. LinkedIn profiles) 

3.3 Job Applicants 

• Identification and contact information 
• CVs, portfolios, education and employment history 
• Interview notes and assessment results 
• Special category data where legally permitted (e.g. health or diversity data) 

3.4 Employees 

• Payroll and financial information 
• Benefits and pension data 
• Performance, training and HR records 
• Special category data processed in accordance with employment law obligations 

4. Legal Bases for Processing 

We process personal data only where we have a lawful basis. 

Purpose  | Legal Basis 

Website enquiries and contact forms | Consent or legitimate interests 

Marketing communications  | Consent or legitimate interests (B2B soft opt-in) 

Client contracts and service delivery | Performance of a contract 

Recruitment and hiring | Legitimate interests and steps prior to contract 

Employment administration | Performance of a contract and legal obligation 

Legal compliance | Legal obligation 

IT security and fraud prevention | Legitimate interests 

Where special category data is processed, we rely on Article 9 GDPR conditions or equivalent POPIA provisions, including employment law obligations or explicit consent where required. 

5. Cookies and Tracking Technologies 

We use cookies and similar technologies on our website to ensure it functions correctly, to understand how visitors use our site, and to support our marketing activities. 

Cookies used on our website fall into the following categories: 

• Strictly necessary cookies – required for core site functionality and security. These cookies are always active. 
• Analytics cookies – help us understand how visitors interact with our website so we can improve performance and usability. 
• Marketing cookies – help us deliver relevant content and measure the effectiveness of our campaigns. 

Analytics and marketing cookies are only placed on your device with your consent, which is collected via our cookie banner when you first visit our website. You can withdraw or manage your consent at any time through our cookie settings. 

Further details about the specific cookies we use, their purposes, and retention periods are available in our Cookies Policy. 

6. Marketing Communications 

We may send marketing communications where: 

• You have given consent; or 
• We have a legitimate interest to contact you in a B2B context 

You may opt out at any time by using the unsubscribe link or contacting us. 

7. Data Sharing 

We may share personal data with: 

• IT, hosting, CRM, HR, payroll and professional service providers 
• Regulators, tax authorities and law enforcement where required by law 

All processors are bound by written agreements in line with Article 28 GDPR and POPIA requirements. 

8. International Data Transfers 

We may transfer personal data between our offices and to third-party providers outside your country. 

Transfers are safeguarded using: 

• EU Standard Contractual Clauses (SCCs) 
• UK International Data Transfer Agreement (IDTA) or UK Addendum 
• POPIA-compliant contractual protections 

We conduct transfer risk assessments and apply appropriate technical and organisational safeguards. 

9. Data Retention 

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, regulatory, contractual, and business requirements. 

Indicative retention periods include: 

• Website enquiries and marketing contacts: until you opt out or after 24 months of inactivity 
• Job applicants: up to 12 months after the recruitment process concludes, unless a longer period is required or permitted by law 
• Client and supplier records: for the duration of the contractual relationship plus up to 6 years 
• Employee records: for the duration of employment and for the period required by applicable employment, tax, and social security laws thereafter 

Retention periods may vary depending on jurisdiction and the nature of the data. Further details are set out in our internal data retention policies. 

10. Data Security 

We implement technical and organisational measures including: 

• Access controls and least-privilege principles 
• Staff confidentiality obligations and training 
• Incident and data breach response procedures 

11. Your Rights 

EU GDPR and UK GDPR 

If you are located in the European Union or the United Kingdom, you have the right to: 

• Be informed about how we use your personal data 
• Request access to your personal data 
• Request rectification of inaccurate or incomplete data 
• Request erasure of your personal data 
• Request restriction of processing 
• Object to processing, including the right to object to direct marketing at any time 
• Request data portability, where applicable 
• Withdraw consent at any time, where processing is based on consent 

South Africa (POPIA) 

If you are located in South Africa, you have the right to: 

• Request access to your personal information 
• Request correction or deletion of personal information 
• Object to the processing of your personal information 
• Lodge a complaint with the Information Regulator 

12. How to Exercise Your Rights 

Requests can be made by contacting us at: 

Email: privacy@luckybeard.com 

We will respond within one month, unless an extension is permitted by law. 

13. Complaints 

• EU: Irish Data Protection Commission 
• UK: Information Commissioner’s Office (ICO) 
• South Africa: Information Regulator (POPIA) 

14. Updates to This Notice 

We may update this Privacy Notice periodically. The latest version will always be published on our website.