Get FREE on our Trial Plan. Upgrade anytime to unlock advanced features. Get Started Free 🚀

Data Protection

Last Updated: 21 June 2026

This Data Protection declaration summarises how Bizlumo ERP processes personal data in compliance with applicable data-protection laws, including the EU/UK General Data Protection Regulation (GDPR). It complements our Privacy Policy and, for customers who require one, is supported by a separate Data Processing Agreement (DPA).

1. Roles of the Parties

For account, billing and website data, Bizlumo ERP acts as a data controller. For personal data contained in Customer Data that you process using the Services, you (the customer) are the controller and Bizlumo ERP acts as a processor, processing such data only on your documented instructions and as needed to provide the Services.

2. Subject Matter & Nature of Processing

We process Customer Data to provide CRM, HRM/payroll, accounting, project, POS and related functionality. The categories of data subjects and personal data are determined by you and may include your staff, customers and vendors (e.g. names, contact details, employment and financial records).

3. Sub-Processors

We engage vetted sub-processors (for example cloud hosting, payment processing, email/SMS delivery, analytics and support tooling) under written contracts imposing data-protection obligations no less protective than those we owe you. We maintain a list of sub-processors, available on request, and will give notice of intended changes so you may object on reasonable grounds.

4. Security Measures

  • Encryption of data in transit (TLS) and hashing of credentials.
  • Role-based access controls and least-privilege access.
  • Network and application protections, logging and monitoring.
  • Regular backups and tested restoration procedures.
  • Personnel bound by confidentiality and security training.

5. Confidentiality of Personnel

Our personnel authorised to process personal data are subject to appropriate confidentiality obligations.

6. International Transfers

Where personal data is transferred across borders, we rely on appropriate safeguards such as adequacy decisions or standard contractual clauses.

7. Assistance with Data-Subject Requests

Taking into account the nature of the processing, we provide reasonable assistance to help you respond to requests from data subjects to exercise their rights (access, rectification, erasure, restriction, portability and objection).

8. Personal-Data Breach Notification

We will notify you without undue delay after becoming aware of a personal-data breach affecting Customer Data, and provide information reasonably available to help you meet your notification obligations.

9. Data Protection Impact Assessments

We provide reasonable assistance with data-protection impact assessments and prior consultations with authorities where required, given the information available to us.

10. Return & Deletion

On termination of the Services, and subject to legal retention requirements, you may export Customer Data; thereafter we will delete or return Customer Data in accordance with our Terms and any DPA.

11. Audits

We will make available information reasonably necessary to demonstrate compliance and, subject to confidentiality and reasonable scheduling, allow for audits as set out in the DPA.

12. Requesting a DPA & Contact

To request a Data Processing Agreement or to contact our data-protection function, use the support options in your account dashboard.

Import & Export

BizLumo has transformed the way we manage projects and client relationships. The unified dashboard saves hours every week and keeps our team perfectly aligned.

Priya Malhotra Manager