Privacy Policy

Lobium privacy notice is provided by Lobium Limited. 

This notice explains what personal information we collect, how it is used and shared. It applies to users of this website, our customers and clients.

This privacy notice was created on: 2021-12-09

Last updated: 2022-01-09

About us and how to get in touch

Lobium is the controller of the personal information we process unless otherwise stated.

We are a Limited Company registered in England and Wales at Companies House. Registration number: 13821282.

For data protection and privacy we are regulated by the UK’s Information Commissioner’s Office. Reference number: ZB288454.

You can contact us regarding your rights and this privacy notice by:


Post: Data Controller, Lobium Ltd, attn. Tim Werkhoven, Springfield House 99-101 Crossbrook Street, Cheshunt, Waltham Cross, England, EN8 8JR.

How do we get your personal information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • We met in person or online and exchanged contact details
  • You contacted us to make an enquiry
  • You signed up to an event or to receive event invitations from us
  • You signed up to receive news from us
  • You joined our WhatsApp group
  • You or your organisation signed up to join as a supporter or member
  • We are providing a product or service for you or your company
  • You have applied to work with us
  • You are working with us as a collaborator, constellation member, contractor or employee
  • You, or your company, are a supplier to us

We may also receive information about you indirectly, in the following scenarios:

  • Someone recommended you to us, introduced us or included you in communications with us
  • A friend or colleague invited you to an event
  • You have an existing relationship with our team
  • You are working for one of our partners or members
  • A previous employer or contact may provide us with a reference
  • Through publicly available information such as Twitter or LinkedIn

We collect some information about you automatically in the following ways:

  • We use services to keep our website secure, they may notify us of your IP address if they identify suspicious activity
  • We use cookies or similar technologies by third parties. Some cookies are required for the operation of our services – these are called ‘strictly necessary’. 

For what purposes do we use your information?

We use the personal information we collect to provide our services, to improve and optimise what we do, to protect you and Lobium.

We may use this information to:

  • Do business with you, including invoice or make payments
  • Share documents with you securely
  • Provide you with information that you request from us
  • Send you news and updates
  • Invite you to events and manage event attendance
  • Inform you of any changes to our products, services or website
  • Maintain legally required records, such as for accounting and tax
  • Employ, contract or work with you
  • Manage you and your work if you are employed or contracted by us
  • Operate discussion groups

What is the legal basis for using this information?

The lawful bases we rely upon for processing your data are:

Contractual obligation – if you ask us to do something before entering into a contract, and for providing products and services under contract – such as a membership agreement or contracted project.

Legitimate interests – where you are a partner, client or member we may use this lawful basis, where you’d reasonably expect us to get in touch beyond the direct contract – such as to update you with relevant news and information or new products or services that might be of interest to you. Where we use this basis we will test the purpose, necessity and balance of rights for using it.

Consent – for example, if you would like to receive newsletters from us and are not an existing or prospective partner, client or member; or where used, to manage cookies that are not strictly necessary.

How do I unsubscribe or withdraw consent?

If you receive an email newsletter or invite from us we provide a way to unsubscribe in every email.  

If you have consented to some of our cookies to be placed on your browser, you may opt-out at any time. 

If you are a member of one of our WhatsApp groups, using the WhatsApp settings for the group you can mute conversations so that you don’t get notified for every message, or you can remove yourself from the group.

What are my data protection rights?

For rights requests please contact

Can I get a copy of the information you’ve collected about me?

Yes. You have the right to ask us to confirm if we are processing your personal data, for copies of your personal information, and supplementary information.

Can I amend the information you’ve collected about me?

We try to keep our records up to date, but if we’ve got it wrong or your details have changed let us know. You also have the right to ask us to complete information you think is incomplete.

Can you delete my information?

Yes. However, please note that this right only applies in some circumstances. For example, there are some records which contain personal information that we are required to keep for other regulatory reasons, such as for finance and tax. Such records will not be deleted until seven years after the end of the contract with you.

Can you restrict the processing of my information?

This right applies only in some circumstances. When we receive a request for processing to be restricted we are permitted to store the personal data, but we cannot use it. For example, you might request your information to be restricted in order to establish, exercise or defend a legal claim or if you think we’ve unlawfully processed your data but you do not wish us to delete it.

Can I object to you processing my information?

This right applies to you if we have used your data under the lawful basis of “legitimate interests”. For example, if you are a customer and we have used your information to get in touch with you about new products, you can object to us doing so.

Can I ask you to move, copy or transfer my personal data from us to elsewhere?

This right is often referred to as “data portability”. This right applies only to personal information you have provided to us about you, for example orders you have made.

When moving, sending you a copy or transferring this data we will only do so in a secure manner using a structured, commonly used and machine readable format.

Do you use any automated decision making or profiling?


Find out more about your data rights.

Find out more about time limits for responding to data rights requests.

How long do you keep data for?

We do not store your data longer than necessary. We regularly review our records to remove or anonymise data if it should no longer be retained. The criteria we use for this is:

  • Do we still carry out the activities for the purposes the data was provided?
  • Is this information still up to date?
  • Are we required to keep this data for other regulatory purposes?
  • Are there contractual requirements?

Some records we are required to retain by law for certain lengths of time. These include for tax and employment purposes.

How is my information stored, transferred and kept secure?

To manage our business we use a number of third party services who process your data on our behalf. This is for tasks such as to operate our email, host this website, manage documents, process orders and communicate with clients.

These services cannot share your data with anyone. The website servers we use are located in the EU and USA. Where a company is not based in the UK or European Economic Area (EEA), or where data may be transferred outside the EEA, we have put in place agreements to ensure that your data is processed as per European law.

Third party processors include: AWS,, Google, Mailchimp, Tide Bank, Xero, Slack, Jira.


Wherever we can, we protect data in our systems with strong encryption, both when the data is at rest and when it is being transferred. We only allow access to our systems via strong authentication protocols, such as TLS and ssh, and administrative access is limited to key individuals. Where possible, we use two-factor authentication for all access.

We act on relevant security advisories to minimize the risk to our systems and the data they contain.

We choose system suppliers who implement appropriate technical and organisational measures that are at least as good as our own.                                                      

Legal requests

We may retain and disclose your personal information if legally required to do so. For example, if required by law or by a Court order or if we believe that action is necessary to prevent fraud or cyber-crime or to protect Lobium or the rights, property or personal safety of any person.

All such requests are assessed and we will challenge the basis of the request if it is not made by an officer with proper authority, the request lacks a proper statutory basis or appears too broad or vague as to its scope or purpose.

How to complain

If we have been unable to resolve a query relating to this privacy notice, or if you are unhappy with how we have used your data, you can also contact the UK’s Information Commissioner’s Office:

Information Commissioner’s Office

Wycliffe House

Water Lane




Helpline number: 0303 123 1113