Last Updated: 21 June 2026
This Data Protection declaration summarises how Bizlumo ERP processes personal data in compliance with applicable data-protection laws, including the EU/UK General Data Protection Regulation (GDPR). It complements our Privacy Policy and, for customers who require one, is supported by a separate Data Processing Agreement (DPA).
For account, billing and website data, Bizlumo ERP acts as a data controller. For personal data contained in Customer Data that you process using the Services, you (the customer) are the controller and Bizlumo ERP acts as a processor, processing such data only on your documented instructions and as needed to provide the Services.
We process Customer Data to provide CRM, HRM/payroll, accounting, project, POS and related functionality. The categories of data subjects and personal data are determined by you and may include your staff, customers and vendors (e.g. names, contact details, employment and financial records).
We engage vetted sub-processors (for example cloud hosting, payment processing, email/SMS delivery, analytics and support tooling) under written contracts imposing data-protection obligations no less protective than those we owe you. We maintain a list of sub-processors, available on request, and will give notice of intended changes so you may object on reasonable grounds.
Our personnel authorised to process personal data are subject to appropriate confidentiality obligations.
Where personal data is transferred across borders, we rely on appropriate safeguards such as adequacy decisions or standard contractual clauses.
Taking into account the nature of the processing, we provide reasonable assistance to help you respond to requests from data subjects to exercise their rights (access, rectification, erasure, restriction, portability and objection).
We will notify you without undue delay after becoming aware of a personal-data breach affecting Customer Data, and provide information reasonably available to help you meet your notification obligations.
We provide reasonable assistance with data-protection impact assessments and prior consultations with authorities where required, given the information available to us.
On termination of the Services, and subject to legal retention requirements, you may export Customer Data; thereafter we will delete or return Customer Data in accordance with our Terms and any DPA.
We will make available information reasonably necessary to demonstrate compliance and, subject to confidentiality and reasonable scheduling, allow for audits as set out in the DPA.
To request a Data Processing Agreement or to contact our data-protection function, use the support options in your account dashboard.
BizLumo has transformed the way we manage projects and client relationships. The unified dashboard saves hours every week and keeps our team perfectly aligned.